Image for post
Image for post

With a near-endless list of Go Modules, it can be overwhelming trying to decide which is best for your Go build. For new Go developers, it can be difficult to pick a winner for your specific use case.

This phenomenon is nothing new. In fact, it’s one of the reasons why open-source is such a godsend to developers. Oftentimes, when a module is published by a developer, it was likely developed to solve a specific problem that they are facing. If another developer were to use their module to solve the same problem, there may be some performance criteria needed within that module that the current version does not meet. …


You probably already had to develop a project where you needed to exchange information between processes or even across different machines with different processor architectures. One well-known technique in this scenario is serialization, which is summarized in the translation of data structures or object state into a format that can be stored and retrieved by both sides.

In this blog post, we will discuss the Protobuf (Protocol Buffers), a project that can extend more than a simple library for serialization. The entire example presented here is available on Github.

What is Protobuf?

Protocol Buffers is an open-source project under the BSD 3-Clause license, a popular one developed by Google, to provide a language-neutral, platform-neutral and extensible mechanism for serializing structured data. It supports many popular languages such as C++, C#, Dart, Go, Java and Python. Although there are still other not official add-ons, that support other languages, such as C. You can find the source code on Github, where its popularity reaches almost 32K stars! …


As developers, we all have faced the pain of introducing graphical interfaces to our programs. Traditional GUI libraries add a degree of complexity which you may not want if you are making tools that are intended for debugging. Here we present a library that makes it possible to create loggers, profilers, debuggers or even an entire game making editor quickly and easily. The entire example presented here is available on Github.

Dear ImGui?

Dear ImGui is an amazing C++ GUI library mainly used in game development. The project is open-source software, licensed under MIT license. …


What are deterministic builds?

A deterministic build is a process of building the same source code with the same build environment and build instructions producing the same binary in two builds, even if they are made on different machines, build directories and with different names. They are also sometimes called reproducible or hermetic builds if it is guaranteed to produce the same binaries even compiling from different folders.

Deterministic builds are not something that happens naturally. Normal projects do not produce deterministic builds and the reasons that they are not produced can be different for each operating system and compiler.

Deterministic builds should be guaranteed for a given build environment. That means that certain variables such as the operating system, build system versions and target architecture are assumed to remain the same between different builds. …


Image for post
Image for post

Go Module vulnerabilities frustrate the lives of many Go developers and can turn a simple project into a battle of endurance between the dev and their patience. With the process of CI/CD shifting left more and more, it’s becoming even more pertinent for developers to be able to track and report vulnerabilities as early as possible. GoCenter can help track and mitigate these vulnerabilities and make the lives of Go developers easier.

Reporting Vulnerabilities

Vulnerabilities are monitored consistently throughout the development lifecycle of any system/application and should be reported by anyone who finds the issue so that it’s remediation can be tracked and shared among common organizations. Known vulnerabilities are tracked and classified using the Common Vulnerability and Exposures (CVE) — a list of publicly disclosed information security vulnerabilities and exposures.


Image for post
Image for post

Starting with Go 1.13, Go modules are the standard package manager in Golang, automatically enabled on installation along with a default GOPROXY.

But with other GOPROXY options like JFrog GoCenter, as well as your own Go module packages you need to keep secure from public view, what kind of configuration should you choose? How can you keep your public and private Golang resources from becoming a tangled knot?

Let’s take a look at what a GOPROXY is for, and some of the ways you can set one up for a system that is fast, reliable, and secure.

What Is a GOPROXY?

A GOPROXY controls the source of your Go module downloads and can help assure builds are deterministic and secure. …


Image for post
Image for post

Go modules have helped bring order to Go development, but there’s been some disorder lurking. Managing module pseudo-versions can be difficult, especially with some of the latest changes to Go.

JFrog GoCenter, the free repository of versioned Go modules, now includes some important updates that can help you stay on course. Let’s take a look at how pseudo-versions work, and what you can expect from those changes. We also offer some guidance on keeping your Go builds working as you upgrade to Go 1.13 and later.

Go Module Versioning

The ability to version Go modules is a key feature, providing developers a way to make sure their applications use the dependencies they intend. When modules are versioned, an app can specify the use of a module version they know will be compatible with the rest of their runtime. …

About

JFrog Community

JFrog team committed to giving back. Some of our offerings: conan.io, gocenter.io, conan.io/center/, chartcenter.io

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store