Go in the Nix ecosystem: vulnerability scanning and experiments towards a next-gen builder

Day 1 | 13:15 | 00:20 | K.3.601 | Paul Meyer


Note: I'm reworking this at the moment, some things won't work.

The stream isn't available yet! Check back at 13:15.
Get involved in the conversation!Join the chat

After looking at the current way Go code is packaged in nixpkgs using buildGoModule, disadvantages are pointed out with a focus on security (backed by data from govulncheck-nixpkgs project) and performance. Out-of-tree alternatives are presented with a focus on the new and promising approach of gobuild.nix, which implements a hook-based builder with module-level caching.