Software Architecture in Golang: Security - Dependencies

Welcome to another Software Architecture in Go/Golang video, in today's episode I'm discussing Security, specifically in the context of Dependencies, this is narrowed down to Standard Library Packages and Third Party Packages.

In future episodes will cover code-related considerations we have to take when writing software in Go/Golang.

I discuss tools like:
dependabot to handle automatic updates when used packages have new versions,
gosec linter to detect security issues in the code,
Snyk service to find issues regarding vulnerabilities, CVEs and issues related not only to Go/Golang, but also Docker and hardcoded credentials.
CodeQL to analyze our code for matching it to existing/known bugs, and finally
versions, a tool I wrote to determine the Go/Golang versions used by multiple projects.

---

RELEVANT LINKS

Dependabot Configuration: https://docs.github.com/en/code-secur...
gosec linter when using golangci-lint: https://golangci-lint.run/usage/linte...
versions project to determine Go/Golang versions used in multiple packages: https://github.com/MarioCarrion/versions
Snyk Vulnerabilities Database: https://snyk.io/vuln/?type=golang
CodeQL Github Integration: https://codeql.github.com/
Go/Golang Release policy: https://golang.org/doc/devel/release#...

Previous Episode: "Software Architecture in Golang: Caching Pattern: Write-Through for Scalability":    • Software Architecture in Golang: Caching P...  

Playlist "Software Architecture in Go":    • Software Architecture and System Design in...  
Playlist "Learning Go":    • Learning Go/Golang  
Playlist "Learning Go/Golang Concurrency Patterns"    • Learning Go/Golang Concurrency Patterns  
Playlist "Building Microservices in Go":    • Building Microservices in Golang/Go  
Playlist "GoTools and Packages":    • Golang/Go Tools and Packages  
Playlist "Testing in Go":    • Testing in Golang/Go  

00:00 Start
00:12 Security Considerations when dealing with dependencies in Go/Golang
03:06 Configuring Dependabot for Go/Golang projects
05:27 Configuring gosec for Go/Golang projects
06:41 Configuring snyk for Go/Golang projects
12:47 Configuring codeql for Go/Golang projects
14:48 Configuring versions for Go/Golang projects
17:39 Conclusions regarding Security considerations when dealing with dependencies in Go/Golang

---

Who am I:

Hello👋🏼! I'm Mario, a Hands-on Software Architect and Lead Backend Engineer with more than 16 years of professional experience building all kinds of software including on-premise Industrial Automation Systems, Linux Accessibility Desktop and Browser Components as well as Distributed Advertising Microservices.

Every week I will share with you different topics I've learned while working for small startups and large companies including the processes I've followed over the years for successfully delivering complex enterprise systems from start to end.

Subscribe if you like Software Development, Software Architecture and Systems Design!

Keep it up. Don't give up!

#golang #microservices #softwarearchitecture

--- Our affiliate links below

Shop our Amazon favorites → https://www.amazon.com/shop/rubycarrion
Shop my IG feed on my LIKEtoKNOWit (LTK) page → https://www.liketoknow.it/RubyCarrion
Shop Top Deals and Featured Offers at Best Buy → https://bestbuy.7tiv.net/c/2558226/68...
Get a 30 day FREE Trial of Epidemic Sound → https://www.epidemicsound.com/referra...
Try Amazon Prime 30-day FREE Trial → https://amzn.to/3yf9a0f
I love getting Cash Back and think you will too! Join for FREE and get $30 when you spend $30 → https://www.rakuten.com/r/RUBYRA132?e...

--- Our Vlog Channel

   / rubycarrion