Tools for writing secure Go code

#​530 — November 5, 2024

Unsub  |  Web Version

Go Weekly

Writing Secure Go Code — A handy article rounding up a variety of resources and techniques to keep in mind in order to write more robust and secure Go apps, including staying up to date with your Go version, leaning on Go’s tools like go vet, and scanning your code for known vulnerabilities.

Jakub Jarosz

🗣️ This post also led to an extensive discussion on Hacker News.

How to Compare Postgres EXPLAIN Plans & Tune Slow Queries — Are slow Postgres queries impacting your Go app performance? Join this webinar to learn how to diagnose and tune them effectively. We'll use pganalyze to walk through how to compare plans & debug common scenarios like inefficient nested loops & missing indexes.

pganalyze sponsor

Checking the Top 10 Million Web Sites with Go — Actually titled ‘27.6% of the Top 10 Million Sites are Dead’, I felt this is really more a look into using Go to do basic scraping at scale. Redis was coupled with Go (along with a lot of hardware) to perform the task in just ten minutes (~17k requests per second). The source has been made public.

Tony Wang

Ranging Over Functions in Go 1.23 — This post discusses several examples of using the new range-over functionality in 1.23, including simple linear iterators, recursive iterators, and a brief word on push vs pull iteration.

Eli Bendersky

▶  The Business of Go — I often skip high level talks to focus on technical ones, but Matt Boyle encouraged me to watch this, and it’s an interesting look at the processes of the Go team and how Go gets treated as a product, rather than just a language. Cameron demonstrates why Go continues to grow and thrive in a space where it’s easy for technologies to go stale.

Cameron Balahan (Google)

Creating a Full-Stack App with Go and React — A look at bringing together the best of the front end and back end into a single app, a contrived ‘Go Eats’ food ordering service.

Mukul Mantosh (JetBrains)

Constraints in Go — John has finished his 4-part series on generics (which started here) with a look at placing constraints on types.

John Arundel

Building Thread-Safe Abstractions in Java vs Go — A look at translating pieces of the SimpleDB implementation from Java into Go, and differences between the concurrency and synchronization primitives the languages provide.

Chris Rybicki

The First Newsletter Dedicated to Product Engineers — Learn the skills and strategies the new generation of product engineers need to succeed.

PostHog sponsor

📄 Writing Integration Tests for a Go CLI App – A look at Luca’s reasonably simple approach involving make, golden files and table driven tests. Luca Pette

📄 How to Build Smaller Container Images: Docker Multi-Stage Builds – Including “How NOT to organize a Go application’s Dockerfile”. Ivan Velichko

📄 Why is Go's Compilation Speed So Fast? Wild Thorn

🛠 Code & Tools

vgt: The 'Missing Tool' for Visualizing Go Tests? — A browser-based tool for visualizing Go test results – described as being helpful for understanding the parallelism of tests along with identifying slow ones.

Robert Laszczak

jsony: A 'Blazing Fast', Safe JSON Serialization Library — Pure Go, reflection free, and faster than the stdlib approach, but you do have to lay everything out just right.

Orsinium Labs

pg_flo: Stream, Transform, and Route Postgres Data in Real-time — Offers a set of filters and transformations that can make moving data between, say, production and staging databases simple using one of two modes: copy-and-stream or stream-only. Uses NATS and Postgres’s replication.

Shayon Mukherjee

Neotest: A Framework for Interacting with Tests from NeoVim — If you’re a NeoVim user, this is for you. It’s written in Lua but neotest-golang extends it to support working with Go-based tests.

Rónán Carrigan et al.

📰 Classifieds

Open Source Authorization: Zanzibar-inspired permissions, built for Go.

How Google handles authorization at scale. A technical comparison of Google's Relationship-based authz system and Oso's Authz as a Service.

🪝Hookdeck: The Amazon EventBridge Alternative. Receive, authenticate, transform, filter, route, and send messages across your EDAs.

  • ☸︎ Watermill 1.4 – Library for building message/event-driven apps: "Think of it like an HTTP router but for messages."

  • 💋 Charm Lip Gloss 1.0 – Style definitions for nice terminal layouts. An 'honorary' 1.0 release indicating the project is now stable.

  • 🤖 Gobot 2.4 – The robotics / drones / IoT framework. Now supporting newer versions of Go.

  • sqlrange 1.0 – Use Go 1.23's range functions with database/sql.

  • Slack Dumper 2.6 – Generate Slack exports without admin privileges.

  • Asynq 0.25 – Reliable, efficient Redis-backed distributed task queue.

Created 2mo | Nov 5, 2024, 7:10:06 PM


Login to add comment