mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Replace gas with gosec in the README file
This commit is contained in:
parent
893b87b343
commit
e6641c6265
1 changed files with 23 additions and 26 deletions
49
README.md
49
README.md
|
@ -1,6 +1,6 @@
|
||||||
|
|
||||||
|
|
||||||
## GAS - Go Application Security
|
## gosec -Golang Security Checker
|
||||||
|
|
||||||
Inspects source code for security problems by scanning the Go AST.
|
Inspects source code for security problems by scanning the Go AST.
|
||||||
|
|
||||||
|
@ -12,26 +12,23 @@ You may obtain a copy of the License [here](http://www.apache.org/licenses/LICEN
|
||||||
|
|
||||||
### Project status
|
### Project status
|
||||||
|
|
||||||
[![Build Status](https://travis-ci.org/securego/gas.svg?branch=master)](https://travis-ci.org/securego/gas)
|
[![Build Status](https://travis-ci.org/securego/gosec.svg?branch=master)](https://travis-ci.org/securego/gosec)
|
||||||
[![GoDoc](https://godoc.org/github.com/securego/gas?status.svg)](https://godoc.org/github.com/securego/gas)
|
[![GoDoc](https://godoc.org/github.com/securego/gosec?status.svg)](https://godoc.org/github.com/securego/gosec)
|
||||||
|
|
||||||
Gas is still in alpha and accepting feedback from early adopters. We do
|
|
||||||
not consider it production ready at this time.
|
|
||||||
|
|
||||||
### Install
|
### Install
|
||||||
|
|
||||||
`$ go get github.com/securego/gas/cmd/gas/...`
|
`$ go get github.com/securego/gosec/cmd/gosec/...`
|
||||||
|
|
||||||
### Usage
|
### Usage
|
||||||
|
|
||||||
Gas can be configured to only run a subset of rules, to exclude certain file
|
Gosec can be configured to only run a subset of rules, to exclude certain file
|
||||||
paths, and produce reports in different formats. By default all rules will be
|
paths, and produce reports in different formats. By default all rules will be
|
||||||
run against the supplied input files. To recursively scan from the current
|
run against the supplied input files. To recursively scan from the current
|
||||||
directory you can supply './...' as the input argument.
|
directory you can supply './...' as the input argument.
|
||||||
|
|
||||||
#### Selecting rules
|
#### Selecting rules
|
||||||
|
|
||||||
By default Gas will run all rules against the supplied file paths. It is however possible to select a subset of rules to run via the '-include=' flag,
|
By default gosec will run all rules against the supplied file paths. It is however possible to select a subset of rules to run via the '-include=' flag,
|
||||||
or to specify a set of rules to explicitly exclude using the '-exclude=' flag.
|
or to specify a set of rules to explicitly exclude using the '-exclude=' flag.
|
||||||
|
|
||||||
##### Available rules
|
##### Available rules
|
||||||
|
@ -63,22 +60,22 @@ or to specify a set of rules to explicitly exclude using the '-exclude=' flag.
|
||||||
|
|
||||||
```
|
```
|
||||||
# Run a specific set of rules
|
# Run a specific set of rules
|
||||||
$ gas -include=G101,G203,G401 ./...
|
$ gosec -include=G101,G203,G401 ./...
|
||||||
|
|
||||||
# Run everything except for rule G303
|
# Run everything except for rule G303
|
||||||
$ gas -exclude=G303 ./...
|
$ gosec -exclude=G303 ./...
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Excluding files:
|
#### Excluding files:
|
||||||
|
|
||||||
Gas will ignore dependencies in your vendor directory any files
|
gosec will ignore dependencies in your vendor directory any files
|
||||||
that are not considered build artifacts by the compiler (so test files).
|
that are not considered build artifacts by the compiler (so test files).
|
||||||
|
|
||||||
#### Annotating code
|
#### Annotating code
|
||||||
|
|
||||||
As with all automated detection tools there will be cases of false positives. In cases where Gas reports a failure that has been manually verified as being safe it is possible to annotate the code with a '#nosec' comment.
|
As with all automated detection tools there will be cases of false positives. In cases where gosec reports a failure that has been manually verified as being safe it is possible to annotate the code with a '#nosec' comment.
|
||||||
|
|
||||||
The annotation causes Gas to stop processing any further nodes within the
|
The annotation causes gosec to stop processing any further nodes within the
|
||||||
AST so can apply to a whole block or more granularly to a single expression.
|
AST so can apply to a whole block or more granularly to a single expression.
|
||||||
|
|
||||||
```go
|
```go
|
||||||
|
@ -102,26 +99,26 @@ have been used. To run the scanner and ignore any #nosec annotations you
|
||||||
can do the following:
|
can do the following:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ gas -nosec=true ./...
|
$ gosec -nosec=true ./...
|
||||||
```
|
```
|
||||||
#### Build tags
|
#### Build tags
|
||||||
|
|
||||||
Gas is able to pass your [Go build tags](https://golang.org/pkg/go/build/) to the analyzer.
|
gosec is able to pass your [Go build tags](https://golang.org/pkg/go/build/) to the analyzer.
|
||||||
They can be provided as a comma separated list as follows:
|
They can be provided as a comma separated list as follows:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ gas -tag debug,ignore ./...
|
$ gosec -tag debug,ignore ./...
|
||||||
```
|
```
|
||||||
|
|
||||||
### Output formats
|
### Output formats
|
||||||
|
|
||||||
Gas currently supports text, json, yaml, csv and JUnit XML output formats. By default
|
gosec currently supports text, json, yaml, csv and JUnit XML output formats. By default
|
||||||
results will be reported to stdout, but can also be written to an output
|
results will be reported to stdout, but can also be written to an output
|
||||||
file. The output format is controlled by the '-fmt' flag, and the output file is controlled by the '-out' flag as follows:
|
file. The output format is controlled by the '-fmt' flag, and the output file is controlled by the '-out' flag as follows:
|
||||||
|
|
||||||
```
|
```
|
||||||
# Write output in json format to results.json
|
# Write output in json format to results.json
|
||||||
$ gas -fmt=json -out=results.json *.go
|
$ gosec -fmt=json -out=results.json *.go
|
||||||
```
|
```
|
||||||
### Development
|
### Development
|
||||||
|
|
||||||
|
@ -144,7 +141,7 @@ make test
|
||||||
|
|
||||||
#### Release Build
|
#### Release Build
|
||||||
|
|
||||||
Gas can be released as follows:
|
gosec can be released as follows:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
make release VERSION=2.0.0
|
make release VERSION=2.0.0
|
||||||
|
@ -153,11 +150,11 @@ make release VERSION=2.0.0
|
||||||
The released version of the tool is available in the `build` folder. The build information should be displayed in the usage text.
|
The released version of the tool is available in the `build` folder. The build information should be displayed in the usage text.
|
||||||
|
|
||||||
```
|
```
|
||||||
./build/gas-2.0.0-linux-amd64 -h
|
./build/gosec-2.0.0-linux-amd64 -h
|
||||||
|
|
||||||
GAS - Go AST Scanner
|
gosec - Golang security checker
|
||||||
|
|
||||||
Gas analyzes Go source code to look for common programming mistakes that
|
gosec analyzes Go source code to look for common programming mistakes that
|
||||||
can lead to security problems.
|
can lead to security problems.
|
||||||
|
|
||||||
VERSION: 2.0.0
|
VERSION: 2.0.0
|
||||||
|
@ -174,10 +171,10 @@ You can execute a release and build the docker image as follows:
|
||||||
make image VERSION=2.0.0
|
make image VERSION=2.0.0
|
||||||
```
|
```
|
||||||
|
|
||||||
Now you can run the gas tool in a container against your local workspace:
|
Now you can run the gosec tool in a container against your local workspace:
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run -it -v <YOUR LOCAL WORKSPACE>:/workspace gas /workspace
|
docker run -it -v <YOUR LOCAL WORKSPACE>:/workspace gosec /workspace
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Generate TLS rule
|
#### Generate TLS rule
|
||||||
|
@ -188,7 +185,7 @@ The configuration of TLS rule can be generated from [Mozilla's TLS ciphers recom
|
||||||
First you need to install the generator tool:
|
First you need to install the generator tool:
|
||||||
|
|
||||||
```
|
```
|
||||||
go get github.com/securego/gas/cmd/tlsconfig/...
|
go get github.com/securego/gosec/cmd/tlsconfig/...
|
||||||
```
|
```
|
||||||
|
|
||||||
You can invoke now the `go generate` in the root of the project:
|
You can invoke now the `go generate` in the root of the project:
|
||||||
|
|
Loading…
Reference in a new issue