Skip to content

machineash/go-secure-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

Go Secure API Demo

A minimal REST API written in Go to demonstrate secure development practices and static analysis with gosec.

Features

  • Single /health endpoint.
  • Input validation and explicit content-type handling.
  • Configurable port via environment variable.
  • Automatic static analysis with GitHub Actions.

Security Learnings

  • Avoid hard-coded secrets.
  • Validate all inputs and methods.
  • Use logging cautiously to prevent data leaks.
  • CI integration makes security part of the developer workflow.
  • Security scan (gosec) initially flagged missing error handling and server timeouts, which were remediated. Current scan reports zero issues.
  • Added Trivy dependency scanning alongside static analysis to simulate supply-chain and SCA checks in CI.

Next Steps

  • Add JMT auth example.
  • Integrate Vault for secret injection.
  • Add Dockerfile and container scan.

About

Go microservice secured with automated GoSec and Trivy scans in GitHub Actions.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages