{"id":27300,"date":"2022-09-27T12:51:49","date_gmt":"2022-09-27T12:51:49","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=27300"},"modified":"2022-09-27T12:51:52","modified_gmt":"2022-09-27T12:51:52","slug":"gokart","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/gokart\/","title":{"rendered":"gokart : Static Analysis Tool For Securing Go code"},"content":{"rendered":"\n<p><strong>GoKart<\/strong> is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability.<\/p>\n\n\n\n<p>GoKart also helps to power&nbsp;<strong>Chariot<\/strong>, Praetorian&#8217;s security platform that helps you find, manage, and fix vulnerabilities in your source code and cloud environments. Chariot makes it simple to run automated, continuous GoKart scans on your source code. If you want to try GoKart, you can set up a free Chariot account in minutes by clicking&nbsp;here.<\/p>\n\n\n\n<h2 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/praetorian-inc\/gokart#why-we-built-gokart\"><\/a>Why We Built GoKart<\/h2>\n\n\n\n<p>Static analysis is a powerful technique for finding vulnerabilities in source code. However, the approach has suffered from being noisy &#8211; that is, many static analysis tools find quite a few &#8220;vulnerabilities&#8221; that are not actually real. This has led to developer friction as users get tired of the tools &#8220;crying wolf&#8221; one time too many.<\/p>\n\n\n\n<p>The motivation for GoKart was to address this: could we create a scanner with significantly lower false positive rates than existing tools? Based on our experimentation the answer is yes. By leveraging source-to-sink tracing and SSA, GoKart is capable of tracking variable taint between variable assignments, significantly improving the accuracy of findings. Our focus is on usability: pragmatically, that means we have optimized our approaches to reduce false alarms.<\/p>\n\n\n\n<h2 class=\"has-light-green-cyan-background-color has-background wp-block-heading\">Install<\/h2>\n\n\n\n<p>You can install GoKart locally by using any one of the options listed below.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/praetorian-inc\/gokart#install-with-go-install\"><\/a>Install with&nbsp;<code><strong>go install<\/strong><\/code><\/h3>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>$ go install github.com\/praetorian-inc\/gokart@latest<\/strong><\/p>\n\n\n\n<h3 class=\"has-light-green-cyan-background-color has-background wp-block-heading\">Install a release binary<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Download the binary for your OS from the&nbsp;releases page.<\/li><li>(OPTIONAL) Download the&nbsp;<code><strong>checksums.txt<\/strong><\/code>&nbsp;file to verify the integrity of the archive<\/li><\/ul>\n\n\n\n<h2 class=\"has-light-green-cyan-background-color has-background wp-block-heading\">Getting Started &#8211; Scanning an Example App<\/h2>\n\n\n\n<p>You can follow the steps below to run GoKart on&nbsp;Go Test Bench, an intentionally vulnerable Go application from the Contrast Security team<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>Clone sample vulnerable application<br>git clone https:\/\/github.com\/Contrast-Security-OSS\/go-test-bench.git<br>gokart scan go-test-bench\/<\/strong><\/p>\n\n\n\n<p>Output should show some identified vulnerabilities, each with a Vulnerable Function and Source of User Input identified.<\/p>\n\n\n\n<p>To test some additional GoKart features, you can scan with the CLI flags suggested below.<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>Use verbose flag to show full traces of these vulnerabilities<br>gokart scan go-test-bench\/ -v<br>Use globalsTainted flag to ignore whitelisted Sources<br>may increase false positive results<br>gokart scan go-test-bench\/ -v -g<br>Use debug flag to display internal analysis information<br>which is useful for development and debugging<br>gokart scan go-test-bench\/ -d<br>Output results in sarif format<br>gokart scan go-test-bench\/ -s<br>Output results to file<br>gokart scan go-test-bench\/ -o gokart-go-test-bench.txt<br>Output scarif results to file<br>gokart scan go-test-bench\/ -o gokart-go-test-bench.txt -s<br>Scan remote public repository<br>Repository will be cloned locally, scanned and deleted afterwards<br>gokart scan -r https:\/\/github.com\/ShiftLeftSecurity\/shiftleft-go-demo -v<br>Specify the remote branch to scan<br>gokart scan -r https:\/\/github.com\/ShiftLeftSecurity\/shiftleft-go-demo -b actions_fix<br>Scan remote private repository via ssh<br>gokart scan -r git@github.com:Contrast-Security-OSS\/go-test-bench.git<br>Scan remote private repository and optionally specify a key for ssh authentication<br>gokart scan -r git@github.com:Contrast-Security-OSS\/go-test-bench.git -k \/home\/gokart\/.ssh\/github_rsa_key<br>Use remote scan and output flags together for seamless security reviews<br>gokart scan -r https:\/\/github.com\/ShiftLeftSecurity\/shiftleft-go-demo -o gokart-shiftleft-go-demo.txt -v<br>Use remote scan, output and sarif flags for frictionless integration into CI\/CD<br>gokart scan -r https:\/\/github.com\/ShiftLeftSecurity\/shiftleft-go-demo -o gokart-shiftleft-go-demo.txt -s<\/strong><\/p>\n\n\n\n<p>To test out the extensibility of GoKart, you can modify the configuration file that GoKart uses to introduce a new vulnerable sink into analysis. There is a Test Sink analyzer defined in the included default config file at&nbsp;<code><strong>util\/analyzers.yml<\/strong><\/code>. Modify&nbsp;<code><strong>util\/analyzers.yml<\/strong><\/code>&nbsp;to remove the comments on the Test Sink analyzer and then direct GoKart to use the modified config file with the&nbsp;<code><strong>-i<\/strong><\/code>&nbsp;flag.<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>Scan using modified analyzers.yml file and output full traces<br>gokart scan go-test-bench\/ -v -i \/util\/analyzers.yml<\/strong><\/p>\n\n\n\n<p>Output should now contain additional vulnerabilities, including new &#8220;Test Sink reachable by user input&#8221; vulnerabilities.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/praetorian-inc\/gokart#install\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":27310,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[4191,4193,3244],"class_list":["post-27300","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-gokart","tag-securing-go-code","tag-static-analysis"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>gokart : Static Analysis Tool For Securing Go code Kali Linux<\/title>\n<meta name=\"description\" content=\"GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA form of Go source code. It is capable of tracing the source.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/gokart\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"gokart : Static Analysis Tool For Securing Go code Kali Linux\" \/>\n<meta property=\"og:description\" content=\"GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA form of Go source code. It is capable of tracing the source.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/gokart\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-27T12:51:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-27T12:51:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/gokart\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gokart\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"gokart : Static Analysis Tool For Securing Go code\",\"datePublished\":\"2022-09-27T12:51:49+00:00\",\"dateModified\":\"2022-09-27T12:51:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gokart\/\"},\"wordCount\":704,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gokart\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png\",\"keywords\":[\"Gokart\",\"Securing Go Code\",\"Static Analysis\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/gokart\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/gokart\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/gokart\/\",\"name\":\"gokart : Static Analysis Tool For Securing Go code Kali Linux\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gokart\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gokart\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png\",\"datePublished\":\"2022-09-27T12:51:49+00:00\",\"dateModified\":\"2022-09-27T12:51:52+00:00\",\"description\":\"GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA form of Go source code. It is capable of tracing the source.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/gokart\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/gokart\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png\",\"width\":\"728\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"gokart : Static Analysis Tool For Securing Go code Kali Linux","description":"GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA form of Go source code. It is capable of tracing the source.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/gokart\/","og_locale":"en_US","og_type":"article","og_title":"gokart : Static Analysis Tool For Securing Go code Kali Linux","og_description":"GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA form of Go source code. It is capable of tracing the source.","og_url":"https:\/\/kalilinuxtutorials.com\/gokart\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2022-09-27T12:51:49+00:00","article_modified_time":"2022-09-27T12:51:52+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/gokart\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/gokart\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"gokart : Static Analysis Tool For Securing Go code","datePublished":"2022-09-27T12:51:49+00:00","dateModified":"2022-09-27T12:51:52+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/gokart\/"},"wordCount":704,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/gokart\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png","keywords":["Gokart","Securing Go Code","Static Analysis"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/gokart\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/gokart\/","url":"https:\/\/kalilinuxtutorials.com\/gokart\/","name":"gokart : Static Analysis Tool For Securing Go code Kali Linux","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/gokart\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/gokart\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png","datePublished":"2022-09-27T12:51:49+00:00","dateModified":"2022-09-27T12:51:52+00:00","description":"GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA form of Go source code. It is capable of tracing the source.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/gokart\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/gokart\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png","width":"728","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHUbvHh1yPgVsBaE5lk1ij4wHvTFErIz7Ef8cou2WcSC_000yXZPwF2aq2zeGvMOxYaUnGapCNsmwYwX6R_MeslXtpxaEKYRoP3MUqteffIk-DXq3D3wKWamsMda4wUBms0fvn9B8EH7JINVkHxFQgXztRzDemnrkeOZyBfko2762nZ6yJ7ZQqJ-g9\/s728\/logo%20(2)%20(1).png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":18360,"url":"https:\/\/kalilinuxtutorials.com\/gokart-a-static-analysis-tool-for-securing-go-code\/","url_meta":{"origin":27300,"position":0},"title":"Gokart : A Static Analysis Tool For Securing Go Code","author":"R K","date":"September 26, 2021","format":false,"excerpt":"GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-EvPQFFpVV-A\/YUNb4P2dQ4I\/AAAAAAAAK3A\/gqt4xPSPzwgDY2AE-h4NKmJJp-IE49QygCLcBGAsYHQ\/s527\/go%2B%25281%2529.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-EvPQFFpVV-A\/YUNb4P2dQ4I\/AAAAAAAAK3A\/gqt4xPSPzwgDY2AE-h4NKmJJp-IE49QygCLcBGAsYHQ\/s527\/go%2B%25281%2529.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-EvPQFFpVV-A\/YUNb4P2dQ4I\/AAAAAAAAK3A\/gqt4xPSPzwgDY2AE-h4NKmJJp-IE49QygCLcBGAsYHQ\/s527\/go%2B%25281%2529.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":32288,"url":"https:\/\/kalilinuxtutorials.com\/android-security-awesome\/","url_meta":{"origin":27300,"position":1},"title":"Android Security Awesome : Securing the Android Ecosystem &#8211; A Comprehensive Resource Guide","author":"Varshini","date":"March 12, 2024","format":false,"excerpt":"In the ever-evolving landscape of mobile technology, Android security remains a paramount concern for developers, researchers, and users alike. 'Android Security Awesome' is a comprehensive guide that aggregates an array of tools, academic resources, publications, and insights into exploits, vulnerabilities, and bugs within the Android ecosystem. This collection aims to\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEglosJOinQNBiPwfkA1zF2yze2WRUcQdBZE0QrLklZ_TfqPXO7XbVeDeyzFPdXZfhsOgHOqMAddvdH4M9faZEJ38nMhfQioDNHVOfhiPkq-q0Ixx8TL5Reaf0WR4W8upr_qxH4x-NnZ9BWf6cKeebhyNh5xNzEMfeNGrARz_6kS4cL1jBAym2C6pnSwmfsR\/s16000\/Android%20Security%20Awesome.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEglosJOinQNBiPwfkA1zF2yze2WRUcQdBZE0QrLklZ_TfqPXO7XbVeDeyzFPdXZfhsOgHOqMAddvdH4M9faZEJ38nMhfQioDNHVOfhiPkq-q0Ixx8TL5Reaf0WR4W8upr_qxH4x-NnZ9BWf6cKeebhyNh5xNzEMfeNGrARz_6kS4cL1jBAym2C6pnSwmfsR\/s16000\/Android%20Security%20Awesome.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEglosJOinQNBiPwfkA1zF2yze2WRUcQdBZE0QrLklZ_TfqPXO7XbVeDeyzFPdXZfhsOgHOqMAddvdH4M9faZEJ38nMhfQioDNHVOfhiPkq-q0Ixx8TL5Reaf0WR4W8upr_qxH4x-NnZ9BWf6cKeebhyNh5xNzEMfeNGrARz_6kS4cL1jBAym2C6pnSwmfsR\/s16000\/Android%20Security%20Awesome.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEglosJOinQNBiPwfkA1zF2yze2WRUcQdBZE0QrLklZ_TfqPXO7XbVeDeyzFPdXZfhsOgHOqMAddvdH4M9faZEJ38nMhfQioDNHVOfhiPkq-q0Ixx8TL5Reaf0WR4W8upr_qxH4x-NnZ9BWf6cKeebhyNh5xNzEMfeNGrARz_6kS4cL1jBAym2C6pnSwmfsR\/s16000\/Android%20Security%20Awesome.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEglosJOinQNBiPwfkA1zF2yze2WRUcQdBZE0QrLklZ_TfqPXO7XbVeDeyzFPdXZfhsOgHOqMAddvdH4M9faZEJ38nMhfQioDNHVOfhiPkq-q0Ixx8TL5Reaf0WR4W8upr_qxH4x-NnZ9BWf6cKeebhyNh5xNzEMfeNGrARz_6kS4cL1jBAym2C6pnSwmfsR\/s16000\/Android%20Security%20Awesome.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEglosJOinQNBiPwfkA1zF2yze2WRUcQdBZE0QrLklZ_TfqPXO7XbVeDeyzFPdXZfhsOgHOqMAddvdH4M9faZEJ38nMhfQioDNHVOfhiPkq-q0Ixx8TL5Reaf0WR4W8upr_qxH4x-NnZ9BWf6cKeebhyNh5xNzEMfeNGrARz_6kS4cL1jBAym2C6pnSwmfsR\/s16000\/Android%20Security%20Awesome.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":11749,"url":"https:\/\/kalilinuxtutorials.com\/awesome-android-security\/","url_meta":{"origin":27300,"position":2},"title":"Awesome Android Security","author":"R K","date":"November 4, 2020","format":false,"excerpt":"A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG - Android application penetration testing guideTikTok: three persistent arbitrary code executions and one theft of arbitrary filesPersistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913Android: Access\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6841,"url":"https:\/\/kalilinuxtutorials.com\/tarnish-chrome-extension-static-analysis\/","url_meta":{"origin":27300,"position":3},"title":"Tarnish : A Chrome Extension Static Analysis Tool","author":"R K","date":"October 11, 2019","format":false,"excerpt":"Tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the research blog post which can be found here. If you don't want to go through the\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27984,"url":"https:\/\/kalilinuxtutorials.com\/next-generation-security\/","url_meta":{"origin":27300,"position":4},"title":"4 Next-Generation Security Technologies: SCA, XDR, SAST, and eBPF","author":"Kaladmin","date":"December 10, 2022","format":false,"excerpt":"What Are Next-Gen Security Technologies? As businesses increasingly rely on remote access and distributed computing resources, their threat landscape grows. Advances in technology introduce new threats and vulnerabilities that are often invisible to traditional cybersecurity tools. In addition, traditional security tools often generate a large number of alerts, many of\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"Next-Generation Security Technologies","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgbkai0mT7SS8VzNF-figntgt8d5BrLIiUEZ35R-ipA42tReI2ZKdbGHZbyvBOBRoWyMOY3pdZIVjZtwhcovLbYhvfUuE7R67E2fyzkk1QkvZ99sQgOowMK6-oBMRNM_iAAKDmLQTKncao_TlB_BLf-C9L0r4g3qDUiJWw_LyrMcl0M_Ex04oAtp0tJug\/s16000\/Next-Generation-Security-Technologies.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgbkai0mT7SS8VzNF-figntgt8d5BrLIiUEZ35R-ipA42tReI2ZKdbGHZbyvBOBRoWyMOY3pdZIVjZtwhcovLbYhvfUuE7R67E2fyzkk1QkvZ99sQgOowMK6-oBMRNM_iAAKDmLQTKncao_TlB_BLf-C9L0r4g3qDUiJWw_LyrMcl0M_Ex04oAtp0tJug\/s16000\/Next-Generation-Security-Technologies.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgbkai0mT7SS8VzNF-figntgt8d5BrLIiUEZ35R-ipA42tReI2ZKdbGHZbyvBOBRoWyMOY3pdZIVjZtwhcovLbYhvfUuE7R67E2fyzkk1QkvZ99sQgOowMK6-oBMRNM_iAAKDmLQTKncao_TlB_BLf-C9L0r4g3qDUiJWw_LyrMcl0M_Ex04oAtp0tJug\/s16000\/Next-Generation-Security-Technologies.webp?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":8848,"url":"https:\/\/kalilinuxtutorials.com\/risk-assessment-framework-static-application-security-testing\/","url_meta":{"origin":27300,"position":5},"title":"Risk Assessment Framework : Static Application Security Testing","author":"R K","date":"February 6, 2020","format":false,"excerpt":"The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environment setup process is complex. By using OWASP Risk Assessment Framework's Static Application Security Testing tool Testers will be able to\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-W64mUKfuKzY\/Xjtg2hxaNWI\/AAAAAAAAEuc\/u8Qb1EF84CAtxqTOlSSZCeXH1ZlnmqIQACLcBGAsYHQ\/s1600\/RiskAssessmentFramework_10.gif?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-W64mUKfuKzY\/Xjtg2hxaNWI\/AAAAAAAAEuc\/u8Qb1EF84CAtxqTOlSSZCeXH1ZlnmqIQACLcBGAsYHQ\/s1600\/RiskAssessmentFramework_10.gif?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-W64mUKfuKzY\/Xjtg2hxaNWI\/AAAAAAAAEuc\/u8Qb1EF84CAtxqTOlSSZCeXH1ZlnmqIQACLcBGAsYHQ\/s1600\/RiskAssessmentFramework_10.gif?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/27300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=27300"}],"version-history":[{"count":10,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/27300\/revisions"}],"predecessor-version":[{"id":27329,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/27300\/revisions\/27329"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/27310"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=27300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=27300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=27300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}