This commit is contained in:
parent
022612414d
commit
8c76e44d10
GPG key ID:
E46B5FEA35B22FF9
6 changed files with 25 additions and 11 deletions
|
|
@ -13,8 +13,7 @@ jobs:
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
- uses: actions/setup-go@v5
|
- uses: actions/setup-go@v5
|
||||||
with:
|
with:
|
||||||
go-version: '1.21'
|
go-version: '1.22'
|
||||||
- run: go mod download && go install github.com/a-h/templ/cmd/templ@latest
|
- run: go mod download
|
||||||
- run: templ generate
|
|
||||||
- name: Run Gosec Security Scanner
|
- name: Run Gosec Security Scanner
|
||||||
uses: actions/goscan@main
|
uses: actions/goscan@main
|
||||||
|
|
@ -8,7 +8,7 @@ RUN CGO_ENABLED=0 go build -ldflags="-s -w" -trimpath -o build/goscan
|
||||||
|
|
||||||
FROM alpine:3.20
|
FROM alpine:3.20
|
||||||
|
|
||||||
RUN apk --no-cache update && apk --no-cache upgrade && apk --no-cache add curl
|
RUN apk --no-cache update && apk --no-cache upgrade && apk add curl
|
||||||
|
|
||||||
COPY --from=builder /app/build/goscan /goscan
|
COPY --from=builder /app/build/goscan /goscan
|
||||||
COPY ./entrypoint.sh /entrypoint.sh
|
COPY ./entrypoint.sh /entrypoint.sh
|
||||||
|
|
|
||||||
21
cmd/root.go
21
cmd/root.go
|
|
@ -7,8 +7,8 @@ package cmd
|
||||||
import (
|
import (
|
||||||
"codeberg.org/mvdkleijn/forgejo-sdk/forgejo"
|
"codeberg.org/mvdkleijn/forgejo-sdk/forgejo"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"git.eggactyl.cloud/Eggactyl/shell/linux"
|
||||||
"github.com/go-git/go-git/v5"
|
"github.com/go-git/go-git/v5"
|
||||||
"github.com/kr/pretty"
|
|
||||||
"github.com/nao1215/markdown"
|
"github.com/nao1215/markdown"
|
||||||
"github.com/owenrumney/go-sarif/sarif"
|
"github.com/owenrumney/go-sarif/sarif"
|
||||||
"github.com/sethvargo/go-githubactions"
|
"github.com/sethvargo/go-githubactions"
|
||||||
|
|
@ -36,8 +36,6 @@ var rootCmd = &cobra.Command{
|
||||||
log.Fatalln(err)
|
log.Fatalln(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
pretty.Logln(cwd)
|
|
||||||
|
|
||||||
repo, err := git.PlainOpen(cwd)
|
repo, err := git.PlainOpen(cwd)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalln(err)
|
log.Fatalln(err)
|
||||||
|
|
@ -48,8 +46,21 @@ var rootCmd = &cobra.Command{
|
||||||
log.Fatalln(err)
|
log.Fatalln(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
pretty.Logln(ref.Name().Short())
|
gosecCmd, err := linux.NewCommand(linux.CommandOptions{
|
||||||
pretty.Logln(ref.Hash().String())
|
Cwd: cwd,
|
||||||
|
Shell: "/bin/sh",
|
||||||
|
Command: "gosec",
|
||||||
|
Args: []string{
|
||||||
|
"-r", "-no-fail", "-fmt", "sarif", "-out", "output.sarif", "./...",
|
||||||
|
},
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalln(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := gosecCmd.Run(); err != nil {
|
||||||
|
log.Fatalln(err)
|
||||||
|
}
|
||||||
|
|
||||||
report, err := sarif.Open("output.sarif")
|
report, err := sarif.Open("output.sarif")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/local/bin
|
curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/local/bin
|
||||||
gosec -r -no-fail -fmt sarif -out output.sarif "$PWD"
|
# gosec -r -no-fail -fmt sarif -out output.sarif "$PWD"
|
||||||
/goscan --is-action
|
/goscan --is-action
|
||||||
3
go.mod
3
go.mod
|
|
@ -13,6 +13,7 @@ require (
|
||||||
require (
|
require (
|
||||||
codeberg.org/mvdkleijn/forgejo-sdk/forgejo v1.1.1 // indirect
|
codeberg.org/mvdkleijn/forgejo-sdk/forgejo v1.1.1 // indirect
|
||||||
dario.cat/mergo v1.0.0 // indirect
|
dario.cat/mergo v1.0.0 // indirect
|
||||||
|
git.eggactyl.cloud/Eggactyl/shell v0.0.0-20240824225129-2ced31effd66 // indirect
|
||||||
github.com/Microsoft/go-winio v0.6.1 // indirect
|
github.com/Microsoft/go-winio v0.6.1 // indirect
|
||||||
github.com/ProtonMail/go-crypto v1.0.0 // indirect
|
github.com/ProtonMail/go-crypto v1.0.0 // indirect
|
||||||
github.com/cloudflare/circl v1.3.7 // indirect
|
github.com/cloudflare/circl v1.3.7 // indirect
|
||||||
|
|
@ -58,7 +59,7 @@ require (
|
||||||
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
|
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
|
||||||
golang.org/x/mod v0.12.0 // indirect
|
golang.org/x/mod v0.12.0 // indirect
|
||||||
golang.org/x/net v0.23.0 // indirect
|
golang.org/x/net v0.23.0 // indirect
|
||||||
golang.org/x/sys v0.19.0 // indirect
|
golang.org/x/sys v0.22.0 // indirect
|
||||||
golang.org/x/text v0.14.0 // indirect
|
golang.org/x/text v0.14.0 // indirect
|
||||||
golang.org/x/tools v0.13.0 // indirect
|
golang.org/x/tools v0.13.0 // indirect
|
||||||
gopkg.in/ini.v1 v1.67.0 // indirect
|
gopkg.in/ini.v1 v1.67.0 // indirect
|
||||||
|
|
|
||||||
3
go.sum
3
go.sum
|
|
@ -2,6 +2,8 @@ codeberg.org/mvdkleijn/forgejo-sdk/forgejo v1.1.1 h1:WEI3FZdoQjaiaR15TRmyGfY091R
|
||||||
codeberg.org/mvdkleijn/forgejo-sdk/forgejo v1.1.1/go.mod h1:09wAYX9H0+wBo1baX9DdSqdfreZc6ji5aELsnu9m14M=
|
codeberg.org/mvdkleijn/forgejo-sdk/forgejo v1.1.1/go.mod h1:09wAYX9H0+wBo1baX9DdSqdfreZc6ji5aELsnu9m14M=
|
||||||
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
|
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
|
||||||
dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
|
dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
|
||||||
|
git.eggactyl.cloud/Eggactyl/shell v0.0.0-20240824225129-2ced31effd66 h1:nKQ5M7/Ugn536WbH07f6NZGKy+4z04i7KoAwUU8Ibaw=
|
||||||
|
git.eggactyl.cloud/Eggactyl/shell v0.0.0-20240824225129-2ced31effd66/go.mod h1:/QCc50YmA6jiIzIafuDiRJXhZyNu0wKLlgeUMPv5S68=
|
||||||
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
|
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
|
||||||
github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
|
github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
|
||||||
github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
|
github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
|
||||||
|
|
@ -180,6 +182,7 @@ golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
|
||||||
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||||
golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
|
golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
|
||||||
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||||
|
golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||||
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
|
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue