This repo is holding Semgrep patterns for finding possibly problematic code.

To run individual semgrep rule on the current Go project:

semgrep -f rule.yml .

To run all included semgrep rules on the current Go project:

semgrep -f path/to/semgrep-go/ .

To make Semgrep skip over some files (ie. go-swagger or some other auto-generated files), use either .semgrepignore or .gitignore.

• json-without-jsoniter: check for stdlib json Marshal() or Unmarshal() use without jsoniter
• err-overwrite.yml: check if err is being overwritten in Go routines without shadow declarations