go-dependency-audit

What problem does it solve?

Auditing and maintaining Go module dependencies is time-consuming and error-prone, and missing vulnerabilities or stale modules can introduce security and reliability risks into production systems. This Skill provides a structured checklist and practical commands to detect vulnerabilities, identify unused or redundant modules, and evaluate dependency quality so teams can make safe upgrade decisions.

Core Features & Use Cases

• Vulnerability scanning: Guidance to run govulncheck and complementary scanners to surface only vulnerabilities that affect your code paths.
• Go module hygiene: Recommendations to enforce go mod tidy, verify checksums, and avoid committed replace directives.
• Version and transitive analysis: Steps to list current modules, detect available updates, analyze why transitive deps are present, and visualize dependency graphs.
• Use cases: Run in CI to block commits with stale or vulnerable deps, perform a security review before releases, or evaluate third-party libraries for inclusion.

Quick Start

Audit the repository's modules for vulnerabilities, unused dependencies, and available updates and produce a concise dependency audit report with recommended upgrades.