Commit graph

993 commits

Author SHA1 Message Date
Matthieu MOREL
dbb9811e62
Add crypto and lint to the tools modules 2021-05-31 10:41:57 +02:00
Matthieu MOREL
244adc6bdc
Update the github ci action to use cache and matrix strategy 2021-05-31 10:40:47 +02:00
Matthieu MOREL
df1249d9b2
Update install.sh with more installation options 2021-05-31 10:39:11 +02:00
Matthieu MOREL
af27673a87
Update README.md 2021-05-28 09:19:31 +02:00
Matthieu MOREL
9fc8e20889
Add favicon for HTML template (#628)
* Add favicon for template

* Update template.go
2021-05-26 09:51:10 +02:00
Matthieu MOREL
91dae7fdce
Update the design of HTML report 2021-05-25 10:10:42 +02:00
Matthieu MOREL
e72f54ed40
Fix HTML template and display the gosec version 2021-05-21 11:14:43 +02:00
Marc Brugger
c3f25b8ab3
fix html report tag styling (#623) 2021-05-21 08:13:20 +02:00
Marc Brugger
433a67483a
show nosec in html report summary (#621) 2021-05-20 11:34:52 +02:00
Matthieu MOREL
d040f0725f
Handle gosec version in SARIF report 2021-05-20 10:16:42 +02:00
Matthieu MOREL
51f7411573
Add arm64 support (#618) 2021-05-18 22:48:59 +02:00
Matthieu MOREL
e7ac8829ba
Update go version to 1.16 (#616) 2021-05-17 09:52:14 +02:00
Matthieu MOREL
3a9a6ad8b3
Sarif provide Snippet with Issue.Code
* Provide Snippet with Issue.Code

* Fix documentation
2021-05-13 16:02:28 +02:00
Matthieu MOREL
1325319325
Create dependabot.yml (#614) 2021-05-13 16:01:22 +02:00
Matthieu MOREL
d8cfcd6e76
Allow the user to enable/disable colorisation of the text report in the stdout 2021-05-10 14:18:39 +02:00
Shreyas Subhedar
a8b633f124
Adding stdout and verbose flags and refactor how the report is saved 2021-05-10 10:44:55 +02:00
Matthieu MOREL
103c429df5
Enable golangcli and improve testing for formatters 2021-05-10 10:08:04 +02:00
Matthieu MOREL
4df7f1c3e9
Fix typos, Go Report link and Gofmt 2021-05-07 18:04:01 +02:00
Matthieu MOREL
f4ea33d5f8
Update how the test coverage is generated 2021-05-07 17:01:09 +02:00
Matthieu MOREL
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness 2021-05-07 16:54:34 +02:00
Matthieu MOREL
ddfa25381f
Define a report package with core and per format sub-packages 2021-05-06 09:31:51 +02:00
Matthieu MOREL
cc83d4c922
Generate the SARIF types, handle taxonomies and separate responsibilities 2021-05-05 18:54:32 +02:00
Cosmin Cojocar
0fa5d0b2d6
Fix the go modules after updating to get the tests passing (#605)
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-05-05 16:38:35 +02:00
Matthieu MOREL
37639537ce
Migrate sonar types in a dedicated package (#604) 2021-05-05 16:21:53 +02:00
renovate[bot]
b519743da6
chore(deps): update all dependencies (#599)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-05-03 09:52:24 +02:00
Jeff Widman
569328eade
Fix typos (#594) 2021-04-16 09:50:34 +02:00
Jeff Widman
0695fa026e
Add -u to local install instructions (#595)
`-u` will ensure that users are updated the latest released version.

This way bugs are less likely to be reported that are already fixed.
2021-04-16 09:50:10 +02:00
Cosmin Cojocar
7f2308bd85
Tidy up the moduels after updating (#593)
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-04-01 09:49:25 +02:00
renovate[bot]
f21b0b8dac
chore(deps): update all dependencies (#592)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-01 09:16:31 +02:00
Rogerio Peixoto
148e608148
Adding KICS to USERS.md (#590) 2021-03-25 14:51:59 +01:00
Chris Bandy
27a5ffb5c8
Quiet warnings about integer truncation (#586)
Both MinVersion and MaxVersion of crypto/tls.Config are uint16, so the
int16 fields of rules.insecureConfigTLS are too small. GetInt()
interprets integer literals as fitting within 64-bits, so simplify
things by using int64.
2021-03-03 10:05:33 +01:00
Cosmin Cojocar
bf2cd2392b
Update all dependencies (#585) 2021-03-01 09:45:00 +01:00
Aurélien Rainone
01ee764ed8
Fix typo in USERS.md (#583) 2021-02-27 18:54:40 +01:00
Cosmin Cojocar
9c047e32a3
Add support for Go 1.16 in the CI and release workflows (#581)
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-02-26 11:12:38 +01:00
Matouš Dzivjak
1fce46151c
fix: WriteParams rule to work also with golang 1.16 (#577)
In go 1.16 the `ioutil` package was deprecated and
the functions should be replaced by their equivalents
in either `io` or `os` packages. This means,
that `ioutil.WriteFile` should be replaced by
`os.WriteFile` instead. To account for this change
and to detect incorrect permissions also for `os.WriteFile`
I changed `filePermissions` rule slightly to allows
specifying multiple packages that can contain given
function and that we should check. This workaround
can be removed after a sufficient time has passed
and after it is decided that checking `os.WriteFile`
is enough.

Fixes: https://github.com/securego/gosec/issues/576
2021-02-22 09:22:04 +01:00
Cosmin Cojocar
dcbcc4dd2a
Use a more generic path for sonarqube import path (#573)
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-02-11 14:19:46 +01:00
Cosmin Cojocar
2777e5065e
Update README with a note which describes how to import a SonarQube report (#572) 2021-02-11 12:10:44 +01:00
Cosmin Cojocar
897c203e62
Reset the state of TLS rule after each version check (#570)
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-02-11 10:52:16 +01:00
Dmitry Salakhov
6c57ae1628
Fix sarif formatting issues (#565)
* include tool version

* change declared safix shema version

* dedup rules, fix result locations

* refactor rules collection creation
2021-02-05 10:06:04 +01:00
Renovate Bot
b6524ce487 Update all dependencies 2021-02-01 09:45:05 +01:00
Cosmin Cojocar
00bbbd8413
Fix the release workflow to allow unsecure commands
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-01-22 11:36:52 +01:00
Mark Wolfe
d9d75834b6 update README with instructions on how to integrate with GitHub codescanning 2021-01-22 11:31:07 +01:00
Mark Wolfe
3ed39fe612 fix sarif add default configuration set to correct level 2021-01-22 10:26:59 +01:00
Mark Wolfe
732f759e4f fix for sarif which maps level from issue severity 2021-01-21 18:26:43 +01:00
Mark Wolfe
327b2a0841 ensure the sarif results are an empty array if nothing is reported 2021-01-21 11:03:13 +01:00
K
41ea431779 Fix for SARIF output when Issue.Line contains a range 2021-01-05 08:38:25 +01:00
Cosmin Cojocar
a5911ad7bb Fix compilation errors in the test samples
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-01-04 09:28:00 +01:00
Chris Bandy
23ef7009f9 Fix some typos in rules tests 2021-01-04 09:28:00 +01:00
Chris Bandy
e100f6b862 Assert that sample code compiles 2021-01-04 09:28:00 +01:00
Cosmin Cojocar
bcfb27955e
Clean up the go module dependncies (#555)
* Clean up the dependencies

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>

* Add pq package to dependencies
2021-01-04 08:41:45 +01:00