Go Security

Overview

This page provides information on writing secure and reliable software in Go.

Go Security

Go Security Policy

An explanation of how to report security issues in the Go standard library and sub-repositories to the Go team.

Go Security Releases

Release notes for past security problems. Per the release policy, the two most recent major Go releases are supported.

Go Vulnerability Management

This project is a work in progress.

Go Vulnerability Management

The main documentation page for the Go vulnerability management system.

Go Vulnerability Database

A list of vulnerabilities in the Go vulnerability database can be found at vuln.go.dev/index.json. See protocol documentation for more information.

Vulnerability Detection For Go

An overview of the Go vulnerability detection package, golang.org/x/vuln/vulncheck, which enables Go developers to scan dependencies in their Go projects for public vulnerabilities.

Go Fuzzing

Go Fuzzing

The main documentation page for Go native fuzzing.

Tutorial: Getting started with fuzzing

Tutorial introducing the basics of fuzzing in Go.

Integrating with OSS-Fuzz

Documentation on running native Go fuzz tests with OSS-Fuzz.

Go Cryptography

Cryptography libraries

The Go cryptography libraries are the crypto/… and golang.org/x/crypto/… packages in the Go standard library and subrepos.

Cryptography Principles

Goals and principles for the Go cryptography libraries.