Go - Slow Scan Command in Containers
- Marc Amouyal
Analytics
Problem
When running the Golang agent scan command on your Go-based project in a containerized environment without a local cache, the Go toolchain must repeatedly download all module dependencies from the internet, which can significantly slow down builds. This also leads to increased CPU usage and memory consumption during repeated dependency downloads.
Cause
As part of its instrumentation step in the scan command, the go agent does a full compilation and therefore has to resolve all the project dependencies before it. The lack of a build cache means that each new container running the scan command starts from scratch, fetching all necessary modules.
This process repeats for every build without caching, causing heavy network usage and long compile times.
Solution
Pre-Fetch Dependencies
Run go mod download (or go get -d ./... in older versions) to download and cache all dependencies ahead of time. This surfaces any network or dependency issues sooner and streamlines subsequent steps.
Use a Shared Cache
Mount a volume inside your container to store the module downloads and build artifacts. By preserving this directory across builds, you no longer need to re-download dependencies every time.
The mounted directory will contain pre-fetched Go modules (e.g., from
go mod download) and any build artifacts (e.g., fromgo build).Configure Go’s environment variables
GOMODCACHE(module cache) andGOCACHE(build cache) to set where to store these caches in the container context. For example:FROM golang:1.20 AS builder ENV GOMODCACHE=/cache/go-mod ENV GOCACHE=/cache/go-build WORKDIR /app COPY go.mod go.sum ./ RUN go mod download COPY . . #Download and execute Golang agent commandsIn the above, any dependencies downloaded by
go mod downloadand build artifacts generated bygo buildare stored in/cache, which you can persist by mounting it as a volume.
By combining pre-fetching with a shared cache, you drastically reduce both build times and network overhead, keeping container builds faster, more consistent, and less dependent on external network availability.