Comment by tbiehn

Semgrep is another great option to get value out of static analysis checks against both the language and a few common frameworks. It remains a popular choice for security folks writing static detection rules (and contributing them to the commons).

You can check the open rules here; https://github.com/semgrep/semgrep-rules/tree/develop/go