Snyk supports testing and monitoring of Go projects that have their dependencies managed by dep, govendor and Go Modules (CLI only).
Go support is currently supported via the Snyk CLI and Git Integrations.
We scan Go projects by examining your Gopkg.lock or vendor/vendor.json files to compare the specific versions of every direct and deep dependency in your project against our Go vulnerability database.
We scan Go Modules projects by examining your go.mod file in order to create a full structured dependency tree and compare the specific versions of every direct and deep dependency in your project against our Go vulnerability database.
We scan Go Modules projects at the package level rather than on the module level since you might use a vulnerable module but not the vulnerable package. This will help with risk assessment and with the decision for the next steps.