Commit graph

112 commits

Author SHA1 Message Date
Cosmin Cojocar
5adb600ca6
Fix lint warning
Change-Id: Icd3eb8a029764db76596c3e171275c03a23f8cef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-18 15:52:30 +00:00
Cosmin Cojocar
dd5e3ffc41
Read the AI API key also from an environment variable
Change-Id: If18fd025ab2ef68a3690f8a69d1c8894e44a87ef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-18 15:45:55 +00:00
Tran The Lam
56f943b802
Add support to generate auto fixes using LLM (AI) (#1177)
This feature adds support to generate auto fixes for Go scanning findings using LLM (AI). In a first instance, it relies on Gemini API to get a suggestion for a solution. This can be later extended, to integrate also other AI providers.

---------

Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-12 12:52:41 +02:00
Alex Gartner
2f1b81b889 Add -enable-audit cli flag 2024-07-13 11:25:25 +02:00
Cosmin Cojocar
0ec6cd95d7 Refactor how ignored issues are tracked
Track ignored issues using file location instead of a AST node. There are issues linked to a different AST node than the original node used to start the scan.

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-13 14:11:08 +02:00
Oleksandr Redko
09cf6efb3e
Fix typos in struct fields, comments, and docs (#1023) 2023-10-05 12:59:17 +02:00
Cosmin Cojocar
fc570b6f1a
Add a new flag terse to show only the results and summary (#986)
The new flag '-terse' will only show the results and summary ignoring any logs occured during a scan.

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-07-18 16:21:22 +02:00
Oleksandr Redko
1f689968ec Fix typos in comments, vars and tests 2023-05-30 08:26:41 +02:00
Matthieu MOREL
d6aeaad931
correct gci linter (#946)
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
2023-03-30 09:31:24 +02:00
Cosmin Cojocar
de2c6a36fa Extract the issue in its own package 2023-02-16 09:45:28 +01:00
Cosmin Cojocar
fd280360cd
Fix the TLS config rule when parsing the settings from a variable (#911) 2023-01-09 15:10:44 +01:00
Dmitry Golushko
44f484fdc7
Additional types for bad defer check (#897)
* Additional types for bad defer check

* Ignore new check in tlsconfig.go
2022-11-30 09:38:46 +01:00
Cosmin Cojocar
0ba05e160a chore: fix lint warnings
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-08-08 10:56:19 +02:00
Ludovic Fernandez
4e68fb5b15
fix: parsing of the Go version (#844)
* fix: parsing of the Go version

* fix: convert pseudo directive to comment
2022-08-08 09:28:41 +02:00
Cosmin Cojocar
845483e0b1 Fix lint warning
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-07-28 11:10:00 +02:00
Cosmin Cojocar
45bf9a6095 Check the suppressed issues when generating the exit code
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-07-28 11:10:00 +02:00
Tim Costa
9a25f4ed2d
fix: filepaths with git anywhere in them being erroneously excluded (#828)
Co-authored-by: Tim Costa <timcosta@amazon.com>
2022-07-06 06:46:49 +02:00
Cosmin Cojocar
607d607b51
Enable Go 1.18 in the ci and release workflows
* Enable Go 1.18 in the ci and release workflows

* Fix lint warning

* Add golangci as a make target
2022-03-21 16:53:22 +01:00
Per Arn
ea5d31f7f5
Add a recursive flag -r to skip specifying ./... path
* added recursive flag to skip specifying ./... path

* refactored to remove code duplication
2022-03-07 10:31:22 +01:00
kruskal
7d539ed494
feat: add concurrency option to parallelize package loading (#778)
* feat: add concurrency option to parallelize package loading

* refactor: move wg.add inside the for loop

* fix: gracefully stop the workers on error

* test: add test for concurrent scan
2022-02-16 18:23:37 +01:00
Cosmin Cojocar
7be6d4efb5
Add os.Create to the readfile rule (#761) 2022-01-12 19:33:17 +01:00
kaiili
9d66b0d346
Fix false negatives for SQL injection in multi-line queries 2022-01-05 12:05:53 +01:00
Cosmin Cojocar
ad5d74d5a1
Update to ginkgo v2 (#753) 2022-01-03 18:11:35 +01:00
kaiili
3038a30e3c
Add in the config file settings for exclude and include options
Co-authored-by: kaiili <kaii@openingsource.org>
2021-12-20 23:43:50 +01:00
Ville Skyttä
d23ab2d997
Remove space between // and #nosec in examples and internal use
Comments intended for machines to read do not have the space by
convention.
2021-12-15 19:31:14 +01:00
Yiwei Ding
b45f95f6ad
Add support for suppressing the findings 2021-12-09 11:53:36 +01:00
Ville Skyttä
f1f0056a90
Spelling fixes (#717) 2021-11-09 21:02:24 +01:00
Ryan Leung
79c8b79263
use a better naming for the variable (#715)
Signed-off-by: Ryan Leung <rleungx@gmail.com>
2021-10-19 11:54:51 +02:00
Matthieu MOREL
bfb0f422fe
chore(lint): enable errorlint and gci (#698) 2021-09-13 09:40:10 +02:00
Nanik
efbefc6930
fix: create a separate type for flag that has validation (#692) 2021-09-02 14:44:20 +02:00
Cosmin Cojocar
f285d612b5
Fix formatting issues with gofumpt (#685)
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-08-18 13:16:21 +02:00
Marc Brugger
ba23b5e49a
Add possibility to list waived (nosec) marked issues but not count them as such 2021-08-18 13:00:38 +02:00
Marc Brugger
62db81342e
Allow excluding generated files 2021-08-04 17:33:20 +02:00
Matthieu MOREL
3ff0a2cc36
Fixes #644 (#645) 2021-06-13 13:28:53 +02:00
Matthieu MOREL
1256f16f33
Fix lint and fail on error in the ci build 2021-05-31 10:44:12 +02:00
Matthieu MOREL
d040f0725f
Handle gosec version in SARIF report 2021-05-20 10:16:42 +02:00
Matthieu MOREL
d8cfcd6e76
Allow the user to enable/disable colorisation of the text report in the stdout 2021-05-10 14:18:39 +02:00
Shreyas Subhedar
a8b633f124
Adding stdout and verbose flags and refactor how the report is saved 2021-05-10 10:44:55 +02:00
Matthieu MOREL
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness 2021-05-07 16:54:34 +02:00
Matthieu MOREL
ddfa25381f
Define a report package with core and per format sub-packages 2021-05-06 09:31:51 +02:00
mrtc0
0d4f1cb2cb
Support SARIF output (#539)
* SARIF support

* add sarif option to help text
2020-11-02 09:13:53 +01:00
xpivarc
0ce48a584f
Reproducible junit report (#529)
* Fix junit format ordering

Signed-off-by: L. Pivarc <lpivarc@redhat.com>

* Make ordering stable

Signed-off-by: L. Pivarc <lpivarc@redhat.com>

* Test ordering

Signed-off-by: L. Pivarc <lpivarc@redhat.com>
2020-09-29 19:17:38 +02:00
Cosmin Cojocar
13519fda59 Update the tls configuration generate to handle also the NSS alternative names
Regenerate the configuration of TLS rule.

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-09-03 10:54:08 +02:00
Cosmin Cojocar
3784ffea4e Fix panic when reading the version from debug info in Go 1.13
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 15:27:53 +02:00
Cosmin Cojocar
ad1cb7e47e Make sure some version information is set when no version was injected into the binary
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 09:20:55 +02:00
Hiroaki Sano
af699f6a62
Exclude .git directory from scan (#485) 2020-06-09 15:16:27 +02:00
Cosmin Cojocar
c58f3563d3 Set the default color on only for text format
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 09:33:44 -07:00
Cosmin Cojocar
1a113d6da9 Turn the color always on when the text format is set
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 02:21:37 -07:00
Marco Antônio Singer
656691b387
feature(formatter/text): Add color option on text format (#460)
* feature(issue): Add function to return file path and line number

* docs(formatter/CreateReport): Update formats accepted

* feature(formatter): Add color output for text format

Basic color support for text format. For now, only the "Summary" title
and "Issues" section has color

* feature(formatter): Highlight issues based on severity

Given an issue, the file path is painted based on its severity.
We're using the following rules: high is red, medium is yellow and
low is simple black & white

* feature(main): Add color flag

It's only valid for text format

* refactor(formatter): Passing color flag forward
2020-04-14 09:50:02 +02:00
Cosmin Cojocar
c6e10af40f Handle properly the gosec module version v2
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-06 09:06:23 -07:00