Matthieu MOREL
d8cfcd6e76
Allow the user to enable/disable colorisation of the text report in the stdout
2021-05-10 14:18:39 +02:00
Shreyas Subhedar
a8b633f124
Adding stdout and verbose flags and refactor how the report is saved
2021-05-10 10:44:55 +02:00
Matthieu MOREL
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness
2021-05-07 16:54:34 +02:00
Matthieu MOREL
ddfa25381f
Define a report package with core and per format sub-packages
2021-05-06 09:31:51 +02:00
mrtc0
0d4f1cb2cb
Support SARIF output ( #539 )
...
* SARIF support
* add sarif option to help text
2020-11-02 09:13:53 +01:00
xpivarc
0ce48a584f
Reproducible junit report ( #529 )
...
* Fix junit format ordering
Signed-off-by: L. Pivarc <lpivarc@redhat.com>
* Make ordering stable
Signed-off-by: L. Pivarc <lpivarc@redhat.com>
* Test ordering
Signed-off-by: L. Pivarc <lpivarc@redhat.com>
2020-09-29 19:17:38 +02:00
Cosmin Cojocar
3784ffea4e
Fix panic when reading the version from debug info in Go 1.13
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 15:27:53 +02:00
Cosmin Cojocar
ad1cb7e47e
Make sure some version information is set when no version was injected into the binary
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 09:20:55 +02:00
Hiroaki Sano
af699f6a62
Exclude .git directory from scan ( #485 )
2020-06-09 15:16:27 +02:00
Cosmin Cojocar
c58f3563d3
Set the default color on only for text format
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 09:33:44 -07:00
Cosmin Cojocar
1a113d6da9
Turn the color always on when the text format is set
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 02:21:37 -07:00
Marco Antônio Singer
656691b387
feature(formatter/text): Add color option on text format ( #460 )
...
* feature(issue): Add function to return file path and line number
* docs(formatter/CreateReport): Update formats accepted
* feature(formatter): Add color output for text format
Basic color support for text format. For now, only the "Summary" title
and "Issues" section has color
* feature(formatter): Highlight issues based on severity
Given an issue, the file path is painted based on its severity.
We're using the following rules: high is red, medium is yellow and
low is simple black & white
* feature(main): Add color flag
It's only valid for text format
* refactor(formatter): Passing color flag forward
2020-04-14 09:50:02 +02:00
Cosmin Cojocar
c6e10af40f
Handle properly the gosec module version v2
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-06 09:06:23 -07:00
Sam Caccavale
7525fe4bb7
Rule for defering methods which return errors ( #441 )
2020-03-01 21:45:37 +01:00
Hiroki Suezawa
79fbf3af8d
Add golint format to output format ( #428 )
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-03 10:56:21 +01:00
Cosmin Cojocar
7851918c4f
Add support to exclude arbitrary folders from scanning ( #353 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 22:01:36 +10:00
Daniel Carlier
8932f702ce
Add flag to handle '#nosec' alternative ( #346 )
...
* Add logic to check for a #nosec alternative
* Add NoSecAlternative as a new global variable
* Add nosec-tag flag
2019-09-04 10:20:43 +02:00
Juan Antonio Osorio Robles
39f7e7b9e0
Display filtered number of issues instead of total in stats
...
This takes into account the filtered number of issues instead of
the total number. This number is more relevant to developers, as
the intention was to not take certain issues into account anyway.
2019-07-04 10:13:09 +10:00
Cosmin Cojocar
020479a832
Support multiple root paths when generating the Sonarqube report
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-24 14:35:11 +02:00
Cosmin Cojocar
46e55b908d
Fix the file path in the Sonarqube report
...
Add some test to validate the Sonarqube formatter.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-24 14:10:51 +02:00
Sandor Szücs
9d9098fa97
print version string ( #317 )
...
Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>
2019-05-17 11:33:02 +02:00
Cosmin Cojocar
ee80733faf
Add a flag to filter issues by confidence ( #316 )
...
Refactor also how the issues are filtered by severity.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-10 10:15:09 +02:00
Cosmin Cojocar
b49c9532a8
Add a flag which allows to scan also the tests files
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:55:24 +02:00
Cosmin Cojocar
f1d49a6945
Remove unused code
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:54:59 +02:00
Cosmin Cojocar
e419eb8f4e
Exclude correctly the vendor folder from the scanned packages
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
85eb8a52ab
Scan the go packages path recursively starting from a root folder
...
This is replacing the gotool.ImportPaths which seems to have some troubles with Go modules.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
ea16ff1f9e
Remove GOPATH check to allow running gosec outside of GOPATH
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
kencrawford
ddfe54d0a0
Add sonarqube output
2019-03-21 07:30:14 +10:00
JulesDT
c5e6c4aedd
fix no-fail flag logic
2019-03-19 08:11:02 +10:00
Martin Vrachev
62b5195dd9
Report for Golang errors ( #284 )
...
* Report for Golang errors
Right now if you use Gosec to scan invalid go file and if you report the result in a text, JSON, CSV or another file format you will always receive 0 issues.
The reason for that is that Gosec can't parse the AST of invalid go files and thus will not report anything.
The real problem here is that the user will never know about the issue if he generates the output in a file.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-02-27 08:24:06 +10:00
JulesDT
04ce7baf6c
add a no-fail flag
2019-01-28 09:38:18 +01:00
Cosmin Cojocar
f87af5fa72
Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration ( #274 )
...
* Define more explicit the global options in the configuration
* Detect in audit mode the unhandled errors even thought they are explicitly ignored
2019-01-14 21:37:40 +10:00
Oleksandr Redko
3116b07de4
Fix typos in comments and rulelist ( #256 )
2018-10-11 14:45:31 +02:00
Cosmin Cojocar
de10a7456f
Fix the help message
2018-07-30 09:45:29 +02:00
Cosmin Cojocar
4702cc5da7
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 09:43:41 +02:00
Cosmin Cojocar
6919d97188
Add a flag to turn on scanning on vendor folder
2018-07-30 09:11:23 +02:00
Cosmin Cojocar
f5b44b0740
Merge pull request #221 from Quasilyte/quasilyte/dupSubExpr
...
fix duplicated index issue in Less method
2018-07-30 08:44:30 +02:00
Iskander Sharipov
3c8707c6c4
fix duplicated index issue in Less method
...
Found using https://go-critic.github.io/overview#dupSubExpr-ref
2018-07-28 23:18:12 +03:00
Iskander Sharipov
2f61fad317
replace len(x)<=0 with len(x)==0
...
length can't be negative.
Found using https://go-critic.github.io/overview#sloppyLen-ref
2018-07-28 23:16:16 +03:00
Cosmin Cojocar
4c6396b7d4
Derive the package from given files
...
Move some utility functions into the helper
2018-07-23 15:16:47 +02:00
Cosmin Cojocar
893b87b343
Replace gas with gosec everywhere in the project
2018-07-19 18:42:25 +02:00