Set up Reachability Analysis for Go
Learn how to set up Reachability Analysis for Go.
Reachability Analysis is supported for all Go projects. You need the compiled code and the libraries used by your Go project to enable Reachability Analysis.
You need to generate a call graph to enable Reachability Analysis for Go. To generate a call graph, add the Debricked CLI callgraph command to your integration before running a Debricked scan. To find out more about the command and the various available flags, run:
The success of CLI call graph generation depends on the complexity of the application being analyzed. If an application contains a language feature that is not supported by the algorithm, the callgraph command fails and you cannot set up Reachability Analysis for that application.
When successful, the callgraph command generates a debricked-call-graph file. This file is automatically sent to Debricked with the dependency files for analysis, when running the debricked scan command.
How to set up call graph generation in your pipeline
For many projects, running the callgraph command with the default configuration might be enough to run the preparation steps. In this case, before running the debricked scan, to add the command to run debricked callgraph in your configuration to ensure that the scan has access to the generated call graph file.
For GitHub Action integrations, we must also add Actions set up that can be found in our GitHub Actions repository.
Example: Building the project during thecallgraph command
callgraph commandIn this example, the callgraph command is run with default configuration to build the project and prepare the necessary files automatically before generating the call graph.
Last updated
