mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Add a flag to specify the severity for which the scanning will be failed
This commit is contained in:
parent
c0db486820
commit
4702cc5da7
1 changed files with 36 additions and 6 deletions
|
@ -91,8 +91,12 @@ var (
|
|||
// go build tags
|
||||
flagBuildTags = flag.String("tags", "", "Comma separated list of build tags")
|
||||
|
||||
// scan the vendor folder
|
||||
flagScanVendor = flag.Bool("vendor", false, "Scan the vendor folder")
|
||||
|
||||
// fail by severity
|
||||
flagSeverity = flag.String("severity", "low", "Fail the build for issues with the given or higher severity. Valid options are: low, medium, high")
|
||||
|
||||
logger *log.Logger
|
||||
)
|
||||
|
||||
|
@ -224,6 +228,20 @@ func resolvePackage(pkg string, searchPaths []string) string {
|
|||
return pkg
|
||||
}
|
||||
|
||||
func convertToScore(severity string) (gosec.Score, error) {
|
||||
severity = strings.ToLower(severity)
|
||||
switch severity {
|
||||
case "low":
|
||||
return gosec.Low, nil
|
||||
case "medium":
|
||||
return gosec.Medium, nil
|
||||
case "high":
|
||||
return gosec.High, nil
|
||||
default:
|
||||
return gosec.Low, fmt.Errorf("provided severity '%s' not valid. Valid options: low, medium, high", severity)
|
||||
}
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
||||
// Setup usage description
|
||||
|
@ -256,6 +274,11 @@ func main() {
|
|||
logger = log.New(logWriter, "[gosec] ", log.LstdFlags)
|
||||
}
|
||||
|
||||
failSeverity, err := convertToScore(*flagSeverity)
|
||||
if err != nil {
|
||||
logger.Fatal(err)
|
||||
}
|
||||
|
||||
// Load config
|
||||
config, err := loadConfig(*flagConfig)
|
||||
if err != nil {
|
||||
|
@ -299,17 +322,24 @@ func main() {
|
|||
// Collect the results
|
||||
issues, metrics := analyzer.Report()
|
||||
|
||||
issuesFound := len(issues) > 0
|
||||
// Exit quietly if nothing was found
|
||||
if !issuesFound && *flagQuiet {
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
// Sort the issue by severity
|
||||
if *flagSortIssues {
|
||||
sortIssues(issues)
|
||||
}
|
||||
|
||||
issuesFound := false
|
||||
for _, issue := range issues {
|
||||
if issue.Severity >= failSeverity {
|
||||
issuesFound = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// Exit quietly if nothing was found
|
||||
if !issuesFound && *flagQuiet {
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
// Create output report
|
||||
if err := saveOutput(*flagOutput, *flagFormat, issues, metrics); err != nil {
|
||||
logger.Fatal(err)
|
||||
|
|
Loading…
Reference in a new issue