Both static and dynamically linked Go applications are supported, with the following limitations.
- Go 1.20 or later is required for runtime SCA/runtime security
- Older versions of Go are supported by Deepfactor’s artifact scanner
- Dynamically linked Go applications built on Alpine (musl libc) using the Go internal linker are not supported due to an incompatibility between musl libc initialization and the Go runtime
- Use -linkmode=external when building your application to resolve this incompatibility
- For more information on this incompatibility, see the following Golang issue
- Certain runtime security alerts are not supported for Go applications
- Process alerts when environment variable content is changed during runtime
- Network alerts relating to DNS lookups