Security of Go Modules and Vulnerability Scanning in GoCenter and VSCode

Go 1.13 introduced important security features to Go Modules including a checksumdb. Deep Datta from JFrog will explain how this works and provide info on other tools that keep modules secure. He will review GoCenter’s vulnerability scanning capabilities so developers can check for security issues or known vulnerabilities.

As background, when a developer creates a new module or a new version of an existing module in Go 1.13, a go.sum file included in the module creates a list of SHA-256 hashes that are unique to that module version. That go.sum file is then sent to Google’s official checksum database where it is stored and used to verify that modules haven’t been tampered with when accessed later by a GOPROXY. This helps keep the integrity of packages intact. In this talk, Deep will go over the behavior of the checksum database, how it protects Go modules, and how JFrog is building new tools to keep modules safe in VSCode.

Deep Datta Bio: https://sessionize.com/deep-datta/

Lightning Talk: "Technical Recruiters: Choosing one that’s worth your time" by Ari Waller: https://sessionize.com/s/ariwaller/technical_recruiters_choosing_one_t/31932

Schedule:
6:30 - Introduction and announcements
6:35 - Lighting Talk
6:45 - Main Presentation