Next Generation Scanner for Golang.
As Go engineers ourselves, we’ve found that many security scanners simply report that a particular line of code has a security problem without showing the path to exploitation that an attacker would take. So, we built GoKart. Our aim is to provide a user friendly, more accurate and less noisy experience, helping developers discover and understand full attack paths for high impact issues quickly and confidently.
Reduce False Positives and False Negatives.
Software engineers can’t afford to be slowed down with the noise that comes from most of today’s open source security scanners. That’s why we built GoKart. Our aspiration is to signal only when it matters.
Built-in Taint Tracking
GoKart puts Go code into single static assignment (SSA) form, structuring every value computed by the program as an assignment to a unique variable. One of the major benefits the SSA format brings is the ability to perform taint tracking, the process of determining input sources that could be controlled by an outside source, and controlled by an outside source by tracing how input data is handled.
Read more about how GoKart works in our blog post.
Open Source Commitment
At Praetorian, we’re committed to promoting and contributing to open source security projects and radically focused on developing technologies to enhance the overall state of cybersecurity. GoKart is one example of our desire to seed the community with tools containing a set of baseline capabilities in the hope that it will spur further progression.
GoKart on Github