mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Replace gas with gosec in the README file
This commit is contained in:
parent
893b87b343
commit
e6641c6265
1 changed files with 23 additions and 26 deletions
49
README.md
49
README.md
|
@ -1,6 +1,6 @@
|
|||
|
||||
|
||||
## GAS - Go Application Security
|
||||
## gosec -Golang Security Checker
|
||||
|
||||
Inspects source code for security problems by scanning the Go AST.
|
||||
|
||||
|
@ -12,26 +12,23 @@ You may obtain a copy of the License [here](http://www.apache.org/licenses/LICEN
|
|||
|
||||
### Project status
|
||||
|
||||
[![Build Status](https://travis-ci.org/securego/gas.svg?branch=master)](https://travis-ci.org/securego/gas)
|
||||
[![GoDoc](https://godoc.org/github.com/securego/gas?status.svg)](https://godoc.org/github.com/securego/gas)
|
||||
|
||||
Gas is still in alpha and accepting feedback from early adopters. We do
|
||||
not consider it production ready at this time.
|
||||
[![Build Status](https://travis-ci.org/securego/gosec.svg?branch=master)](https://travis-ci.org/securego/gosec)
|
||||
[![GoDoc](https://godoc.org/github.com/securego/gosec?status.svg)](https://godoc.org/github.com/securego/gosec)
|
||||
|
||||
### Install
|
||||
|
||||
`$ go get github.com/securego/gas/cmd/gas/...`
|
||||
`$ go get github.com/securego/gosec/cmd/gosec/...`
|
||||
|
||||
### Usage
|
||||
|
||||
Gas can be configured to only run a subset of rules, to exclude certain file
|
||||
Gosec can be configured to only run a subset of rules, to exclude certain file
|
||||
paths, and produce reports in different formats. By default all rules will be
|
||||
run against the supplied input files. To recursively scan from the current
|
||||
directory you can supply './...' as the input argument.
|
||||
|
||||
#### Selecting rules
|
||||
|
||||
By default Gas will run all rules against the supplied file paths. It is however possible to select a subset of rules to run via the '-include=' flag,
|
||||
By default gosec will run all rules against the supplied file paths. It is however possible to select a subset of rules to run via the '-include=' flag,
|
||||
or to specify a set of rules to explicitly exclude using the '-exclude=' flag.
|
||||
|
||||
##### Available rules
|
||||
|
@ -63,22 +60,22 @@ or to specify a set of rules to explicitly exclude using the '-exclude=' flag.
|
|||
|
||||
```
|
||||
# Run a specific set of rules
|
||||
$ gas -include=G101,G203,G401 ./...
|
||||
$ gosec -include=G101,G203,G401 ./...
|
||||
|
||||
# Run everything except for rule G303
|
||||
$ gas -exclude=G303 ./...
|
||||
$ gosec -exclude=G303 ./...
|
||||
```
|
||||
|
||||
#### Excluding files:
|
||||
|
||||
Gas will ignore dependencies in your vendor directory any files
|
||||
gosec will ignore dependencies in your vendor directory any files
|
||||
that are not considered build artifacts by the compiler (so test files).
|
||||
|
||||
#### Annotating code
|
||||
|
||||
As with all automated detection tools there will be cases of false positives. In cases where Gas reports a failure that has been manually verified as being safe it is possible to annotate the code with a '#nosec' comment.
|
||||
As with all automated detection tools there will be cases of false positives. In cases where gosec reports a failure that has been manually verified as being safe it is possible to annotate the code with a '#nosec' comment.
|
||||
|
||||
The annotation causes Gas to stop processing any further nodes within the
|
||||
The annotation causes gosec to stop processing any further nodes within the
|
||||
AST so can apply to a whole block or more granularly to a single expression.
|
||||
|
||||
```go
|
||||
|
@ -102,26 +99,26 @@ have been used. To run the scanner and ignore any #nosec annotations you
|
|||
can do the following:
|
||||
|
||||
```
|
||||
$ gas -nosec=true ./...
|
||||
$ gosec -nosec=true ./...
|
||||
```
|
||||
#### Build tags
|
||||
|
||||
Gas is able to pass your [Go build tags](https://golang.org/pkg/go/build/) to the analyzer.
|
||||
gosec is able to pass your [Go build tags](https://golang.org/pkg/go/build/) to the analyzer.
|
||||
They can be provided as a comma separated list as follows:
|
||||
|
||||
```
|
||||
$ gas -tag debug,ignore ./...
|
||||
$ gosec -tag debug,ignore ./...
|
||||
```
|
||||
|
||||
### Output formats
|
||||
|
||||
Gas currently supports text, json, yaml, csv and JUnit XML output formats. By default
|
||||
gosec currently supports text, json, yaml, csv and JUnit XML output formats. By default
|
||||
results will be reported to stdout, but can also be written to an output
|
||||
file. The output format is controlled by the '-fmt' flag, and the output file is controlled by the '-out' flag as follows:
|
||||
|
||||
```
|
||||
# Write output in json format to results.json
|
||||
$ gas -fmt=json -out=results.json *.go
|
||||
$ gosec -fmt=json -out=results.json *.go
|
||||
```
|
||||
### Development
|
||||
|
||||
|
@ -144,7 +141,7 @@ make test
|
|||
|
||||
#### Release Build
|
||||
|
||||
Gas can be released as follows:
|
||||
gosec can be released as follows:
|
||||
|
||||
```bash
|
||||
make release VERSION=2.0.0
|
||||
|
@ -153,11 +150,11 @@ make release VERSION=2.0.0
|
|||
The released version of the tool is available in the `build` folder. The build information should be displayed in the usage text.
|
||||
|
||||
```
|
||||
./build/gas-2.0.0-linux-amd64 -h
|
||||
./build/gosec-2.0.0-linux-amd64 -h
|
||||
|
||||
GAS - Go AST Scanner
|
||||
gosec - Golang security checker
|
||||
|
||||
Gas analyzes Go source code to look for common programming mistakes that
|
||||
gosec analyzes Go source code to look for common programming mistakes that
|
||||
can lead to security problems.
|
||||
|
||||
VERSION: 2.0.0
|
||||
|
@ -174,10 +171,10 @@ You can execute a release and build the docker image as follows:
|
|||
make image VERSION=2.0.0
|
||||
```
|
||||
|
||||
Now you can run the gas tool in a container against your local workspace:
|
||||
Now you can run the gosec tool in a container against your local workspace:
|
||||
|
||||
```
|
||||
docker run -it -v <YOUR LOCAL WORKSPACE>:/workspace gas /workspace
|
||||
docker run -it -v <YOUR LOCAL WORKSPACE>:/workspace gosec /workspace
|
||||
```
|
||||
|
||||
#### Generate TLS rule
|
||||
|
@ -188,7 +185,7 @@ The configuration of TLS rule can be generated from [Mozilla's TLS ciphers recom
|
|||
First you need to install the generator tool:
|
||||
|
||||
```
|
||||
go get github.com/securego/gas/cmd/tlsconfig/...
|
||||
go get github.com/securego/gosec/cmd/tlsconfig/...
|
||||
```
|
||||
|
||||
You can invoke now the `go generate` in the root of the project:
|
||||
|
|
Loading…
Reference in a new issue