actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-12-26 12:35:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
452 commits 2 branches 41 tags 20 MiB
Commit graph

23 commits

Author SHA1 Message Date
Cosmin Cojocar
7851918c4f Add support to exclude arbitrary folders from scanning (#353) 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-09-09 22:01:36 +10:00
Daniel Carlier
8932f702ce Add flag to handle '#nosec' alternative (#346) 
* Add logic to check for a #nosec alternative

* Add NoSecAlternative as a new global variable

* Add nosec-tag flag
 2019-09-04 10:20:43 +02:00
Juan Antonio Osorio Robles
39f7e7b9e0 Display filtered number of issues instead of total in stats 
This takes into account the filtered number of issues instead of
the total number. This number is more relevant to developers, as
the intention was to not take certain issues into account anyway.
 2019-07-04 10:13:09 +10:00
Cosmin Cojocar
020479a832 Support multiple root paths when generating the Sonarqube report 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-06-24 14:35:11 +02:00
Cosmin Cojocar
46e55b908d Fix the file path in the Sonarqube report 
Add some test to validate the Sonarqube formatter.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-06-24 14:10:51 +02:00
Sandor Szücs
9d9098fa97 print version string (#317) 
Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>
 2019-05-17 11:33:02 +02:00
Cosmin Cojocar
ee80733faf
Add a flag to filter issues by confidence (#316) 
Refactor also how the issues are filtered by severity.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-05-10 10:15:09 +02:00
Cosmin Cojocar
b49c9532a8 Add a flag which allows to scan also the tests files 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-04-29 06:55:24 +02:00
Cosmin Cojocar
e419eb8f4e Exclude correctly the vendor folder from the scanned packages 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-04-27 14:02:43 -07:00
Cosmin Cojocar
85eb8a52ab Scan the go packages path recursively starting from a root folder 
This is replacing the gotool.ImportPaths which seems to have some troubles with Go modules.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-04-27 14:02:43 -07:00
Cosmin Cojocar
ea16ff1f9e Remove GOPATH check to allow running gosec outside of GOPATH 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-04-27 14:02:43 -07:00
kencrawford
ddfe54d0a0 Add sonarqube output 2019-03-21 07:30:14 +10:00
JulesDT
c5e6c4aedd fix no-fail flag logic 2019-03-19 08:11:02 +10:00
Martin Vrachev
62b5195dd9 Report for Golang errors (#284) 
* Report for Golang errors

Right now if you use Gosec to scan invalid go file and if you report the result in a text, JSON, CSV or another file format you will always receive 0 issues.
The reason for that is that Gosec can't parse the AST of invalid go files and thus will not report anything.

The real problem here is that the user will never know about the issue if he generates the output in a file.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2019-02-27 08:24:06 +10:00
JulesDT
04ce7baf6c add a no-fail flag 2019-01-28 09:38:18 +01:00
Cosmin Cojocar
f87af5fa72 Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274) 
* Define more explicit the global options in the configuration

* Detect in audit mode the unhandled errors even thought they are explicitly ignored
 2019-01-14 21:37:40 +10:00
Oleksandr Redko
3116b07de4 Fix typos in comments and rulelist (#256) 2018-10-11 14:45:31 +02:00
Cosmin Cojocar
de10a7456f Fix the help message 2018-07-30 09:45:29 +02:00
Cosmin Cojocar
4702cc5da7 Add a flag to specify the severity for which the scanning will be failed 2018-07-30 09:43:41 +02:00
Cosmin Cojocar
6919d97188 Add a flag to turn on scanning on vendor folder 2018-07-30 09:11:23 +02:00
Iskander Sharipov
2f61fad317 replace len(x)<=0 with len(x)==0 
length can't be negative.

Found using https://go-critic.github.io/overview#sloppyLen-ref
 2018-07-28 23:16:16 +03:00
Cosmin Cojocar
4c6396b7d4 Derive the package from given files 
Move some utility functions into the helper
 2018-07-23 15:16:47 +02:00
Cosmin Cojocar
893b87b343 Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
Renamed from cmd/gas/main.go (Browse further)