diff --git a/README.md b/README.md index 2101e35..a9384c9 100644 --- a/README.md +++ b/README.md @@ -279,7 +279,8 @@ gosec can suggest fixes based on AI recommendation. It will call an AI API to re You can enable this feature by providing the following command line arguments: - `ai-api-provider`: the name of the AI API provider, currently only `gemini`is supported. -- `ai-api-key`: the key to access the AI API, For gemini, you can create an API key following [these instructions](https://ai.google.dev/gemini-api/docs/api-key). +- `ai-api-key` or set the environment variable `GOSEC_AI_API_KEY`: the key to access the AI API, +For gemini, you can create an API key following [these instructions](https://ai.google.dev/gemini-api/docs/api-key). - `ai-endpoint`: the endpoint of the AI provider, this is optional argument. diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go index 902e076..61cdc16 100644 --- a/cmd/gosec/main.go +++ b/cmd/gosec/main.go @@ -59,6 +59,8 @@ USAGE: $ gosec -exclude=G101 $GOPATH/src/github.com/example/project/... ` + // Environment variable for AI API key. + aiApiKeyEnv = "GOSEC_AI_API_KEY" ) type arrayFlags []string @@ -468,8 +470,12 @@ func main() { reportInfo := gosec.NewReportInfo(issues, metrics, errors).WithVersion(Version) // Call AI request to solve the issues - if *flagAiApiProvider != "" && *flagAiApiKey != "" { - err := autofix.GenerateSolution(*flagAiApiProvider, *flagAiApiKey, *flagAiEndpoint, issues) + aiApiKey := os.Getenv(aiApiKeyEnv) + if aiApiKeyEnv == "" { + aiApiKey = *flagAiApiKey + } + if *flagAiApiProvider != "" && aiApiKey != "" { + err := autofix.GenerateSolution(*flagAiApiProvider, aiApiKey, *flagAiEndpoint, issues) if err != nil { logger.Print(err) }