Posts on the tooling that catches problems before they reach production — static analysis, testing frameworks, code-metric analyzers, and the release plumbing that gates all of it. Some of it is Go-specific (Ginkgo, golangci-lint, kyber, TDD-shape). Some of it isn’t (nasm-lint for NASM assembly, semantic-release as a language-agnostic contract). The common thread is: the quality gate should live in the loop where the code is written, not in a review that happens after the fact.

Static analysis for Go: what golangci-lint catches, and why it belongs in CI
Code review catches the bugs a human happens to notice. Static analysis catches the bugs a specific, well-defined check is built to notice — every time, on every line, before anyone opens the diff. Those are different guarantees, and the difference matters most for the bug classes reviewers are worst at: an HTTP response body that never gets closed three call sites deep, an error return silently discarded in a one-line change, a security-sensitive value generated with the wrong random source. None of these look wrong at a glance. All of them are mechanically detectable. ...



