Docker Golang Tooling¶
A Docker image with Go security scanning and code quality tools pre-installed. Use it as the build stage in multi-stage Docker builds for your CI pipelines. View the repository.
Why It Exists¶
Every Go CI pipeline needs the same tools. gosec for security scanning. govulncheck for dependency vulnerabilities. golangci-lint for linting. goimports for formatting.
Installing them fresh every build wastes time and adds fragility. Package them once in a Docker image and reuse it everywhere. That's what this project does.
What's Inside¶
The image includes four essential Go tools:
- gosec: Static security analysis of Go source code
- govulncheck: Identifies known vulnerabilities in dependencies
- golangci-lint: Aggregates multiple linters for comprehensive code analysis
- goimports: Formats code and organizes import statements
The base image is golang:{go-version}-alpine. It also includes git and CA certificates for dependency fetching and TLS connections.
Available from GHCR at ghcr.io/twistingmercury/golang-tooling. Tag format is go{go-version}-alpine.
How To Use It¶
Multi-stage Docker builds separate the compilation environment from the runtime environment. The tooling image handles compilation, testing, and validation. A minimal runtime stage contains only the compiled binary.
graph LR
A[Tooling Image] --> B[Compile Source]
B --> C[Run Tests]
C --> D[Security Scans]
D --> E[Code Quality Checks]
E --> F[Runtime Image]
F --> G[Binary Only]The tooling stage does all the heavy work. The runtime stage is a clean Alpine image with just your application binary. This keeps production images small and secure.
I built this mostly by hand, but the DevOps agent from claude-code-setup helped with the GitHub Actions workflows.
License and Maturity¶
Released under the MIT License. This is an emerging project focused on a single use case: providing Go tooling for CI pipelines. Check the repository for usage examples and integration instructions.