request to add Dep (Golang) support to Dependency Scanning

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

⚠️ Request by prospective customer, need to have more customers upvote 👍 or comment if this is desired

Problem to solve

Currently GitLab Dependency Scanning does not support Dep but do support Go Modules. Some customers don't use go modules.

Intended users

User experience goal

Proposal

Implement a lock file parser that extracts dependency names from Gopkg.lock, as well as dependency versions when available. See lock file parser for go.sum.

Further details

Dependencies listed Gopkg.lock always have a revision (VCS-specific commit ID) but might not have a version. See version information.

Permissions and Security

N/A

Documentation

To be documented as a supported package manager.

Availability & Testing

Add a specific test project using Dep
Add a QA job for this test project, in the CI configuration of gemnasium

What does success look like, and how can we measure that?

Dependency Scanning reports vulnerabilities for Go projects using Dep.

What is the type of buyer?

GitLab Ultimate

Is this a cross-stage feature?

No.

Links / references

/cc @NicoleSchwartz @Steevo

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖