gosec

mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00

Author	SHA1	Message	Date
Matthieu MOREL	c4f5932ab7	Refactor : Replace Cwe with cwe.Weakness	2021-05-07 16:54:34 +02:00
Matthieu MOREL	ddfa25381f	Define a report package with core and per format sub-packages	2021-05-06 09:31:51 +02:00
Matthieu MOREL	cc83d4c922	Generate the SARIF types, handle taxonomies and separate responsibilities	2021-05-05 18:54:32 +02:00
Cosmin Cojocar	0fa5d0b2d6	Fix the go modules after updating to get the tests passing (#605 ) Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2021-05-05 16:38:35 +02:00
Matthieu MOREL	37639537ce	Migrate sonar types in a dedicated package (#604 )	2021-05-05 16:21:53 +02:00
renovate[bot]	b519743da6	chore(deps): update all dependencies (#599 ) Co-authored-by: Renovate Bot <bot@renovateapp.com>	2021-05-03 09:52:24 +02:00
Jeff Widman	569328eade	Fix typos (#594 )	2021-04-16 09:50:34 +02:00
Jeff Widman	0695fa026e	Add `-u` to local install instructions (#595 ) `-u` will ensure that users are updated the latest released version. This way bugs are less likely to be reported that are already fixed.	2021-04-16 09:50:10 +02:00
Cosmin Cojocar	7f2308bd85	Tidy up the moduels after updating (#593 ) Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2021-04-01 09:49:25 +02:00
renovate[bot]	f21b0b8dac	chore(deps): update all dependencies (#592 ) Co-authored-by: Renovate Bot <bot@renovateapp.com>	2021-04-01 09:16:31 +02:00
Rogerio Peixoto	148e608148	Adding KICS to USERS.md (#590 )	2021-03-25 14:51:59 +01:00
Chris Bandy	27a5ffb5c8	Quiet warnings about integer truncation (#586 ) Both MinVersion and MaxVersion of crypto/tls.Config are uint16, so the int16 fields of rules.insecureConfigTLS are too small. GetInt() interprets integer literals as fitting within 64-bits, so simplify things by using int64.	2021-03-03 10:05:33 +01:00
Cosmin Cojocar	bf2cd2392b	Update all dependencies (#585 )	2021-03-01 09:45:00 +01:00
Aurélien Rainone	01ee764ed8	Fix typo in USERS.md (#583 )	2021-02-27 18:54:40 +01:00
Cosmin Cojocar	9c047e32a3	Add support for Go 1.16 in the CI and release workflows (#581 ) Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2021-02-26 11:12:38 +01:00
Matouš Dzivjak	1fce46151c	fix: WriteParams rule to work also with golang 1.16 (#577 ) In go 1.16 the `ioutil` package was deprecated and the functions should be replaced by their equivalents in either `io` or `os` packages. This means, that `ioutil.WriteFile` should be replaced by `os.WriteFile` instead. To account for this change and to detect incorrect permissions also for `os.WriteFile` I changed `filePermissions` rule slightly to allows specifying multiple packages that can contain given function and that we should check. This workaround can be removed after a sufficient time has passed and after it is decided that checking `os.WriteFile` is enough. Fixes: https://github.com/securego/gosec/issues/576	2021-02-22 09:22:04 +01:00
Cosmin Cojocar	dcbcc4dd2a	Use a more generic path for sonarqube import path (#573 ) Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2021-02-11 14:19:46 +01:00
Cosmin Cojocar	2777e5065e	Update README with a note which describes how to import a SonarQube report (#572 )	2021-02-11 12:10:44 +01:00
Cosmin Cojocar	897c203e62	Reset the state of TLS rule after each version check (#570 ) Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2021-02-11 10:52:16 +01:00
Dmitry Salakhov	6c57ae1628	Fix sarif formatting issues (#565 ) * include tool version * change declared safix shema version * dedup rules, fix result locations * refactor rules collection creation	2021-02-05 10:06:04 +01:00
Renovate Bot	b6524ce487	Update all dependencies	2021-02-01 09:45:05 +01:00
Cosmin Cojocar	00bbbd8413	Fix the release workflow to allow unsecure commands Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2021-01-22 11:36:52 +01:00
Mark Wolfe	d9d75834b6	update README with instructions on how to integrate with GitHub codescanning	2021-01-22 11:31:07 +01:00
Mark Wolfe	3ed39fe612	fix sarif add default configuration set to correct level	2021-01-22 10:26:59 +01:00
Mark Wolfe	732f759e4f	fix for sarif which maps level from issue severity	2021-01-21 18:26:43 +01:00
Mark Wolfe	327b2a0841	ensure the sarif results are an empty array if nothing is reported	2021-01-21 11:03:13 +01:00
K	41ea431779	Fix for SARIF output when Issue.Line contains a range	2021-01-05 08:38:25 +01:00
Cosmin Cojocar	a5911ad7bb	Fix compilation errors in the test samples Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2021-01-04 09:28:00 +01:00
Chris Bandy	23ef7009f9	Fix some typos in rules tests	2021-01-04 09:28:00 +01:00
Chris Bandy	e100f6b862	Assert that sample code compiles	2021-01-04 09:28:00 +01:00
Cosmin Cojocar	bcfb27955e	Clean up the go module dependncies (#555 ) * Clean up the dependencies Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com> * Add pq package to dependencies	2021-01-04 08:41:45 +01:00
renovate[bot]	e4d0e9f5be	Update all dependencies (#553 ) Co-authored-by: Renovate Bot <bot@renovateapp.com>	2021-01-04 08:03:52 +01:00
Jeff Widman	9fe0b2e21a	Fix typo (#547 )	2020-12-11 09:34:38 +01:00
renovate[bot]	d8fa95aad8	Update all dependencies (#544 ) Co-authored-by: Renovate Bot <bot@renovateapp.com>	2020-12-01 09:29:25 +01:00
Ethan Buchman	984c1d39a0	fix typo in ContainsPkgCallExpr comment (#545 )	2020-12-01 09:28:38 +01:00
renovate[bot]	208b73eec4	Update all dependencies (#538 ) Co-authored-by: Renovate Bot <bot@renovateapp.com>	2020-11-02 09:15:56 +01:00
mrtc0	0d4f1cb2cb	Support SARIF output (#539 ) * SARIF support * add sarif option to help text	2020-11-02 09:13:53 +01:00
renovate[bot]	a4746e18e3	Update all dependencies (#533 ) Co-authored-by: Renovate Bot <bot@renovateapp.com>	2020-10-07 20:32:18 +02:00
Miki Tebeka	6bd6e4ba2c	Use $(go env GOPATH) that works even when GOPATH is not set	2020-10-01 04:17:43 +10:00
Lucas Charles	aef335a98e	Fix typo in README.md s/trucate/truncate for G101 configuration	2020-10-01 04:17:00 +10:00
xpivarc	0ce48a584f	Reproducible junit report (#529 ) * Fix junit format ordering Signed-off-by: L. Pivarc <lpivarc@redhat.com> * Make ordering stable Signed-off-by: L. Pivarc <lpivarc@redhat.com> * Test ordering Signed-off-by: L. Pivarc <lpivarc@redhat.com>	2020-09-29 19:17:38 +02:00
Cosmin Cojocar	868556b846	Update README with the correct path to tlsconfig command Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-09-03 10:54:08 +02:00
Cosmin Cojocar	13519fda59	Update the tls configuration generate to handle also the NSS alternative names Regenerate the configuration of TLS rule. Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-09-03 10:54:08 +02:00
Renovate Bot	e351067255	Update all dependencies	2020-09-01 08:58:31 +02:00
Cosmin Cojocar	166e4f5f45	Update README file with some more details required to run successfully a scan with the docker image The current working directory needs to be specified in the docker run option in order for gosec to download the dependencies defined in the go module file. Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-09-01 08:57:52 +02:00
Cosmin Cojocar	f5cc32a320	Update the Go version to 1.15 in the Makefile This is only used when building locally the docker image. Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-09-01 08:57:52 +02:00
Cosmin Cojocar	ea0fa28b7f	Update the Github go action version to 1.6.0 Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-31 10:27:23 +02:00
Cosmin Cojocar	feea8bb243	Fix the action tag Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-31 10:27:23 +02:00
Cosmin Cojocar	6688a97661	Fix the github action for Go 1.15 Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-31 10:27:23 +02:00
Cosmin Cojocar	7234349e33	Add Go 1.15 to the supported version and phase out the Go 1.12 Also updated the release automation to release gosec with use Go 1.15 Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-31 10:27:23 +02:00

1 2 3 4 5 ...

674 commits