Update the README with some details related to Go version used by the rules

Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
This commit is contained in:
Cosmin Cojocar 2024-05-22 10:17:50 +02:00
parent 9a036658b7
commit 1e1fc91d15

View file

@ -230,6 +230,12 @@ You can also configure the hard-coded credentials rule `G101` with additional pa
} }
``` ```
#### Go version
Some rules require a specific Go version which is retrieved from the Go module file present in the project. If this version cannot be found, it will fallback to Go runtime version.
The Go module version is parsed using the `go list` command which in some cases might lead to performance degradation. In this situation, the go module version can be easily disabled by setting the environment variable `GOSECNOMODVERSION=on`.
### Dependencies ### Dependencies
gosec will fetch automatically the dependencies of the code which is being analyzed when go module is turned on (e.g.`GO111MODULE=on`). If this is not the case, gosec will fetch automatically the dependencies of the code which is being analyzed when go module is turned on (e.g.`GO111MODULE=on`). If this is not the case,