From eeda19449ed77be42f73091324abb3366dc6545e Mon Sep 17 00:00:00 2001
From: Teo Voinea <58236992+tevoinea@users.noreply.github.com>
Date: Tue, 21 Dec 2021 15:24:23 -0500
Subject: [PATCH 1/2] Update go.md

---
 docs/detectors/go.md | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/docs/detectors/go.md b/docs/detectors/go.md
index 51b710e07..0ae39bbe2 100644
--- a/docs/detectors/go.md
+++ b/docs/detectors/go.md
@@ -4,31 +4,35 @@
 
 Go detection depends on the following to successfully run:
 
-- Go v1.11+.
+- `go.mod` or `go.sum` files
 
 ## Detection strategy
 
-Go detection is performed by parsing output from executing `go mod graph`.
-Full dependency graph generation is supported if Go v1.11+ is present on the build agent.
-If no Go v1.11+ is present, a fallback detection strategy is performed, dependent on:
-
-- One or more `go.mod` or `go.sum` files.
-
-For the fallback strategy:
-
 Go detection is performed by parsing any `go.mod` or `go.sum` found under the scan directory.
 
 Only root dependency information is generated instead of full graph.
 I.e. tags the top level component or explicit dependency a given transitive dependency was brought by.
 Given a dependency tree A -> B -> C, C's root dependency is A.
 
+### Improved detection accuracy via opt-in
+
+**To enable improved detection accuracy, create an environment variable named `EnableGoCliScan` with any value.**
+
+Improved go detection depends on the following to successfully run:
+
+- Go v1.11+.
+
+Go detection is performed by parsing output from executing `go mod graph`.
+Full dependency graph generation is supported if Go v1.11+ is present on the build agent.
+If no Go v1.11+ is present, to the default detection strategy.
+
+As we validate this opt-in behavior, we will eventually graduate it to the default detection strategy.
+
 ## Known limitations
 
 Dev dependency tagging is not supported.
 
 Go detection will fallback if no Go v1.11+ is present.
-If executing `go mod graph` takes too long (currently if it takes more than 10 seconds), go detection will fall back.
-This can happen if modules are not restored before the scan.
 
 Due to the nature of `go.sum` containing references for all dependencies, including historical, no-longer-needed dependencies; the fallback strategy can result in over detection.
 Executing `go mod tidy` before detection via fallback is encouraged.

From f13f48bf1a2f1ddcf4519b6f97b190896386e5d8 Mon Sep 17 00:00:00 2001
From: Teo Voinea <58236992+tevoinea@users.noreply.github.com>
Date: Tue, 21 Dec 2021 12:39:38 -0800
Subject: [PATCH 2/2] Update docs/detectors/go.md

Co-authored-by: Greg Villicana <58237075+grvillic@users.noreply.github.com>
---
 docs/detectors/go.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/detectors/go.md b/docs/detectors/go.md
index 0ae39bbe2..6f48d9b70 100644
--- a/docs/detectors/go.md
+++ b/docs/detectors/go.md
@@ -24,7 +24,7 @@ Improved go detection depends on the following to successfully run:
 
 Go detection is performed by parsing output from executing `go mod graph`.
 Full dependency graph generation is supported if Go v1.11+ is present on the build agent.
-If no Go v1.11+ is present, to the default detection strategy.
+If no Go v1.11+ is present, fallback detection strategy is performed.
 
 As we validate this opt-in behavior, we will eventually graduate it to the default detection strategy.