Sonar for Go alternative

https://github.com/folio-org/.github/blob/v1.5.0/README-go.md suggests:

SonarCloud recommendations can be suppressed for specific code by appending //NOSONAR at the end of that code line.

In contrast warns:

Don’t use // NOSONAR and don’t use @SuppressWarnings("all"), they suppress all current and future rules. Sonar continuously adds new rules, including security rules, that should trigger warnings.

https://docs.sonarsource.com/sonarqube/latest/user-guide/issues/managing/#suppressing also warns:

In most languages, you can use the //NOSONAR comment at the end of a line to suppress all issues on the line. This will suppress all issues - now and in the future - that might be raised on the line. 

[ALERT] Using this comment does not comply with Clean as You Code.

Sonar’s Go code analysis doesn’t support a source code directive that suppresses only a single rule. This is a significant lack because it may hide other issues on that line that are relevant.

Sonar has only 44 Go rules: https://sonarcloud.io/organizations/folio-org/quality_profiles/show?name=Sonar+way&language=go

Sonar doesn’t have security rules.

Therefore Sonar for Go is not mature.

Other tools should be considered.

Other Go code analysis tools have many more rules and support rule specific source code directives, for example

• https://github.com/securego/gosec?tab=readme-ov-file#annotating-code

• https://golangci-lint.run/usage/false-positives/#nolint-directive

• https://staticcheck.dev/docs/configuration/#ignoring-problems