Question 1

How do I ignore a false positive in sqlvet?

Accepted Answer

Add a 'sqlvet: ignore' comment on the line with the SQL query, as shown in the README. This tells the tool to skip analysis for that specific instance, useful for edge cases.

Question 2

Sqlvet vs sqlc: which is better for Go SQL?

Accepted Answer

Sqlvet focuses on static analysis of raw SQL in code for errors and security, while sqlc generates type-safe Go from SQL schemas. Use sqlvet for linting existing code and sqlc for code generation from SQL.

Question 3

Does sqlvet support MySQL databases?

Accepted Answer

Currently, sqlvet does not fully support MySQL syntax, as noted in the TODO list. It's primarily geared towards PostgreSQL or similar dialects until MySQL support is added.

Question 4

How to configure sqlvet for a custom SQL library?

Accepted Answer

Create a sqlvet.toml file and define sqlfunc_matchers with pkg_path and rules for query argument names or positions, as detailed in the README's configuration examples.

Question 5

What's the performance impact of sqlvet on build time?

Accepted Answer

Sqlvet adds minimal overhead during builds since it statically analyzes only SQL queries, but for large codebases, it might slightly increase compilation time depending on query count.

Question 6

Can sqlvet detect all SQL injection vulnerabilities?

Accepted Answer

While sqlvet flags unsafe queries like direct string concatenation, it's not comprehensive; manual review and other security tools are still recommended for critical applications.

sqlvet

What is sqlvet?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions