What Go Developers Really Think About Generics, Security, and Tooling in the 2022 Q2 Survey

Main Findings

Generics are quickly adopted. About 25% of respondents have used Go 1.18 generics in code, with many praising the feature while noting design limitations.

Fuzzing remains unfamiliar. Built‑in fuzz testing has low awareness and respondents are unsure when to use it.

Third‑party dependencies are the top security issue. Developers struggle to avoid vulnerable dependencies, and security work often lacks planning and clear ROI.

Feature announcements need better channels. Those who follow the Go blog are aware of changes, but many sampled developers are not.

Error handling is still a challenge. With generics released, error handling has become the biggest difficulty.

Survey Interpretation

The report uses charts where the question text forms the title and, unless noted, questions are single‑choice. Sub‑titles indicate multi‑choice or open‑ended questions.

Generics

86% of respondents know Go 1.18 introduced generics; 26% have used them, and 14% in production. 30% cite limitations (e.g., lack of parameterized methods, type inference) and 26% note missing support in dependencies such as linters. 12% avoid generics due to a steep learning curve or insufficient documentation. Users who tried generics report a 10% reduction in code duplication and overall positive sentiment.

These results guide the Go team on whether to relax generic constraints.

Security

Following high‑profile incidents like SolarWinds, security tooling is a priority. 65% use static analysis, but only 35% find vulnerabilities with it. Security tools run mainly in CI/CD (84%); only 22% run them during development.

Vulnerability discovery: 25% found issues in third‑party dependencies, yet only a third actually use scanning tools. When vulnerabilities are found, 67% upgrade the affected dependency, and 85% of scanner users do so.

Fuzz testing is underused: only 12% have tried it, and 5% use the built‑in Go fuzzing tool. Main barriers are lack of knowledge (23%), time constraints (22%), and difficulty integrating it into workflows (14%).

Tool Experience

VS Code remains the most popular Go editor, rising from 42% to 45% of respondents. GoLand is similarly popular across company sizes. Only 2% disable the gopls language server, and the rate is lower (1%) for VS Code users.

Workspaces are less known: 53% of random respondents and 33% of self‑selected respondents had never heard of Go workspaces. Among those who tried workspaces, the top barrier (21%) is poor documentation for the go work command, followed by the need to refactor existing repositories (13%).

Survey Participants

53% of respondents have two or more years of Go experience; the rest are newcomers. One‑third work at small companies (<100 employees), another third at medium (100‑1,000), and the remaining third at large (>1,000).

How Respondents Use Go

The most common use cases remain building API/RPC services (73%) and writing CLI tools (60%). Newer developers (<1 year) lean toward GUI, IoT, game, ML/AI, and mobile projects, while experienced developers focus less on those areas.

Development platforms: Linux (59%) and macOS (52%); deployment targets are overwhelmingly Linux (93%). 13% develop on Windows Subsystem for Linux.

Feelings and Challenges

93% of respondents are satisfied or very satisfied with Go, matching the previous survey. While generics have eased some pain points, error handling remains a major challenge, intertwined with library maturity, learning curve, and lack of best‑practice guidance.

Summary

The survey shows steady adoption of Go 1.18 generics, limited uptake of fuzz testing and workspaces, and persistent security concerns around third‑party dependencies. These insights will shape the Go team's priorities for future language and tooling improvements.