Suggestion: Integrate gosec
gosec is a tool that reads Go source files and generates a report of any possible security errors that it finds. It doesn't replace paying attention to how you write your code, but serves as a nice supplement to it.
As an example, I ran gosec on my local copy of Commento, which has changes not yet merged upstream. Attached is the report. There are a lot of "Errors unhandled" items, but there are a few others - especially toward the top of the list.