vet

Scan the current directory

$ vet scan [[-D|--directory]] .

$ vet scan [[-M|--manifests]] [path/to/manifest_file]

$ vet scan [[-D|--directory]] [path/to/directory] --filter 'vulns.critical.exists(p, true)' --filter-fail

$ vet inspect malware --purl [package_url]

$ vet server mcp

go vet [flags] [packages/files]

packages/files
    
Specifies the Go packages or individual source files to be vetted. For example, . for the current package, ./... for all subpackages, or a specific file like main.go.

-n
    
Print the commands that would be executed by go vet to standard output, but do not run them. Useful for debugging or understanding the execution flow.

-x
    
Print the commands as they are executed. This option is similar to -n but actually runs the commands, showing the underlying operations.

-vettool prog
    
Specify an alternate vetting tool to use instead of the default go tool vet. This allows users to substitute a custom static analysis tool or a different version of vet.

The command vet is not a standard standalone Linux utility found in most distributions. When referred to in a Linux context, it most commonly alludes to go vet, a powerful static analysis tool for the Go programming language.

go vet systematically examines Go source code for constructs that are syntactically correct but are likely to be errors or suspicious. It catches issues that the Go compiler might miss, such as mismatches between printf format strings and arguments, incorrect method signatures, unreachable code, or potential locking issues.

By identifying these patterns early in the development cycle, go vet significantly contributes to improving code quality, reliability, and maintainability. It's an essential tool for Go developers, often integrated into Continuous Integration (CI) pipelines to ensure code adheres to best practices and avoids common pitfalls. While it aims to catch common errors, it's not exhaustive and may occasionally produce false positives or miss complex issues.

The command vet is not a general-purpose Linux command. Its functionality is entirely dependent on the Go programming language toolchain. It requires Go to be installed and correctly configured on the system. While powerful, go vet provides static analysis and may not catch all runtime bugs; it can also sometimes produce 'false positives' that require manual inspection.

It's crucial to understand that 'vet' is not a standard, universally available Linux command like ls or grep. This analysis specifically pertains to go vet, the static analysis tool for the Go programming language, which is the most prominent tool using 'vet' in its name within the Linux environment. If you encountered 'vet' in another context, it might be a custom script or an alias unique to that environment.

While go vet itself has a few flags, the vast majority of its powerful checks (such as for printf format string mismatches, shadowed variables, unreachable code, or checking composite literals) are actually configured via flags passed to the underlying go tool vet utility. These are not directly exposed by go vet but are implicitly used or can be controlled when using -vettool with specific arguments.

The vet tool has a long history within the Go ecosystem. It originated as a standalone command (simply vet) provided by the Go team, designed to catch common programming errors. Over time, it was integrated more closely into the Go toolchain, becoming go tool vet, which is a sub-command accessed via go tool. Eventually, for user convenience, the go vet wrapper command was introduced, making it easier to invoke. Its set of checks has expanded and evolved with the Go language itself, continuously improving its ability to detect potential issues.

go build(1), go test(1), gofmt(1), golint(1)