mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Update the README with an example to configure the hard-coded credentials rule
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
802292c54f
commit
a2a40de847
1 changed files with 14 additions and 0 deletions
14
README.md
14
README.md
|
@ -171,6 +171,20 @@ of functions which will be skipped when auditing the not checked errors:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
You can also configure the hard-coded credentials rule `G101` with additional patters, or adjust the entropy threshold:
|
||||||
|
|
||||||
|
```JSON
|
||||||
|
{
|
||||||
|
"G101": {
|
||||||
|
"pattern": "(?i)passwd|pass|password|pwd|secret|private_key|token",
|
||||||
|
"ingnore_entropy": false,
|
||||||
|
"entropy_threshold": "80.0",
|
||||||
|
"per_char_threshold": "3.0",
|
||||||
|
"trucate": "32"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
### Dependencies
|
### Dependencies
|
||||||
|
|
||||||
gosec will fetch automatically the dependencies of the code which is being analyzed when go module is turned on (e.g.` GO111MODULE=on`). If this is not the case,
|
gosec will fetch automatically the dependencies of the code which is being analyzed when go module is turned on (e.g.` GO111MODULE=on`). If this is not the case,
|
||||||
|
|
Loading…
Reference in a new issue