As of now, OWASP does not provide any specific source code analysis toolkits or static analysis tools specifically tailored for Golang-based web frameworks. However, there are general-purpose static analysis tools available that can be used for Golang source code analysis.
Here are a few popular static analysis tools for Golang that can assist with source code analysis:
1. Gosec: Gosec is a Golang security checker that scans Go source code for common security issues and vulnerabilities. It performs static analysis and identifies potential problems related to security, such as insecure use of cryptography, code injection, and more.
2. GoSecurify: GoSecurify is another static analysis tool for Golang that focuses on security vulnerabilities. It scans Go code to detect security issues and provides actionable reports to help developers address the identified problems.
3. Go Meta Linter: Go Meta Linter is a tool that aggregates various static analysis tools for Golang into a single framework. It allows you to run multiple linters simultaneously, including security-focused linters like Gosec, to analyze your Go source code and identify potential issues.
4. SonarQube: SonarQube is a widely used static code analysis platform that supports multiple programming languages, including Golang. It offers various analyzers and rulesets that can help detect code quality issues, security vulnerabilities, and bugs in your Golang projects.
While these tools may not be OWASP-specific, they can still be valuable for Golang developers to perform source code analysis and identify potential security weaknesses. It’s important to regularly check OWASP resources and the Golang community for any updates on specific security tools and initiatives related to Golang.