Download
Capslock is a command-line tool for analyzing the capabilities of Go packages to reveal what privileged operations their code and dependencies can perform. Rather than detecting vulnerabilities, Capslock focuses on identifying capabilities — permissions implied by calls to sensitive or privileged standard library functions, such as file system access, networking, or process control. By following transitive call graphs, it classifies which security-sensitive operations each package can reach, giving developers visibility into what their dependencies are capable of doing. This helps apply the Principle of Least Privilege to Go software, guiding audits, supply chain reviews, and trust assessments. Capslock aims to make security posture analysis more proactive by surfacing capability-based risk signals before malicious or overly powerful code is introduced into production.
Features
- Analyzes Go packages and their transitive dependencies for privileged operations
- Classifies capabilities such as file access, networking, or system execution
- Complements traditional vulnerability scanning with permission-based insights
- Supports auditing and prioritizing high-privilege code for review
- Useful for enforcing least-privilege principles in Go software supply chains
- Provides easy integration via a simple CLI for Go projects
Project Samples
