I’ve mentioned semgrep a few times in recent articles, and I thought it would be good to introduce this new(ish) tool and demonstrate a few rules that you can use to find problems in your Go web apps.

At the end of this article you will:

• understand what semgrep is and what it can do
• have some idea of the limits of semgrep’s power
• have some rules that you can immediately apply to your own projects

Fair warning: I am not a semgrep expert by any stretch of the imagination. If you are, and you think these rules can be improved, please drop a note to brian at universalglue.dev.