Manage dependencies

Use the go command to manage dependencies by initializing a module, adding packages, and syncing versions. Run go mod init to start, go get to add or update, and go mod tidy to clean up unused entries.

go mod init example.com/myproject
go get github.com/user/package@latest
go mod tidy

For vulnerability checks, use the govulncheck tool with the -version flag to verify your scanner version before scanning your module.

go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...

To control specific runtime behaviors or compatibility settings, set the GODEBUG environment variable or use //go:debug directives in your source files.

Managing dependencies in Go means telling your project which external code it needs to run. You use a simple command-line tool to download these pieces, save a list of exactly which versions you are using, and check if any of them have security holes. Think of it like a grocery list that automatically updates itself and checks for expired items before you cook.