there are several posts regarding this issue, but I see no news about it so far, so I create a new post.
I think maybe now it’s time to add some vulnerabilities rules related to Go.
It’s true that one can import external scanner results, it’s true that one can define custom rules, but I hope that a best of breed solution such as SonarQube could have its own Go vulnerabilities coverage.
All the best,
This is something we’re already listing as under consideration on our roadmap. It would be great for you to add your voice there: https://portal.productboard.com/sonarsource/3-sonarqube/c/215-sast-for-go
I’ve already added my voice there, probably twice (by mistake), I am one of the 13 who expressed interest in the feature, unfortunately I see no progress and didn’t get any update.