Cosmin Cojocar
fd280360cd
Fix the TLS config rule when parsing the settings from a variable ( #911 )
2023-01-09 15:10:44 +01:00
Dmitry Golushko
44f484fdc7
Additional types for bad defer check ( #897 )
...
* Additional types for bad defer check
* Ignore new check in tlsconfig.go
2022-11-30 09:38:46 +01:00
Cosmin Cojocar
0ba05e160a
chore: fix lint warnings
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-08-08 10:56:19 +02:00
Ludovic Fernandez
4e68fb5b15
fix: parsing of the Go version ( #844 )
...
* fix: parsing of the Go version
* fix: convert pseudo directive to comment
2022-08-08 09:28:41 +02:00
Cosmin Cojocar
845483e0b1
Fix lint warning
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-07-28 11:10:00 +02:00
Cosmin Cojocar
45bf9a6095
Check the suppressed issues when generating the exit code
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-07-28 11:10:00 +02:00
Tim Costa
9a25f4ed2d
fix: filepaths with git anywhere in them being erroneously excluded ( #828 )
...
Co-authored-by: Tim Costa <timcosta@amazon.com>
2022-07-06 06:46:49 +02:00
Cosmin Cojocar
607d607b51
Enable Go 1.18 in the ci and release workflows
...
* Enable Go 1.18 in the ci and release workflows
* Fix lint warning
* Add golangci as a make target
2022-03-21 16:53:22 +01:00
Per Arn
ea5d31f7f5
Add a recursive flag -r to skip specifying ./... path
...
* added recursive flag to skip specifying ./... path
* refactored to remove code duplication
2022-03-07 10:31:22 +01:00
kruskal
7d539ed494
feat: add concurrency option to parallelize package loading ( #778 )
...
* feat: add concurrency option to parallelize package loading
* refactor: move wg.add inside the for loop
* fix: gracefully stop the workers on error
* test: add test for concurrent scan
2022-02-16 18:23:37 +01:00
Cosmin Cojocar
7be6d4efb5
Add os.Create to the readfile rule ( #761 )
2022-01-12 19:33:17 +01:00
kaiili
9d66b0d346
Fix false negatives for SQL injection in multi-line queries
2022-01-05 12:05:53 +01:00
Cosmin Cojocar
ad5d74d5a1
Update to ginkgo v2 ( #753 )
2022-01-03 18:11:35 +01:00
kaiili
3038a30e3c
Add in the config file settings for exclude and include options
...
Co-authored-by: kaiili <kaii@openingsource.org>
2021-12-20 23:43:50 +01:00
Ville Skyttä
d23ab2d997
Remove space between //
and #nosec
in examples and internal use
...
Comments intended for machines to read do not have the space by
convention.
2021-12-15 19:31:14 +01:00
Yiwei Ding
b45f95f6ad
Add support for suppressing the findings
2021-12-09 11:53:36 +01:00
Ville Skyttä
f1f0056a90
Spelling fixes ( #717 )
2021-11-09 21:02:24 +01:00
Ryan Leung
79c8b79263
use a better naming for the variable ( #715 )
...
Signed-off-by: Ryan Leung <rleungx@gmail.com>
2021-10-19 11:54:51 +02:00
Matthieu MOREL
bfb0f422fe
chore(lint): enable errorlint and gci ( #698 )
2021-09-13 09:40:10 +02:00
Nanik
efbefc6930
fix: create a separate type for flag that has validation ( #692 )
2021-09-02 14:44:20 +02:00
Cosmin Cojocar
f285d612b5
Fix formatting issues with gofumpt ( #685 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-08-18 13:16:21 +02:00
Marc Brugger
ba23b5e49a
Add possibility to list waived (nosec) marked issues but not count them as such
2021-08-18 13:00:38 +02:00
Marc Brugger
62db81342e
Allow excluding generated files
2021-08-04 17:33:20 +02:00
Matthieu MOREL
3ff0a2cc36
Fixes #644 ( #645 )
2021-06-13 13:28:53 +02:00
Matthieu MOREL
1256f16f33
Fix lint and fail on error in the ci build
2021-05-31 10:44:12 +02:00
Matthieu MOREL
d040f0725f
Handle gosec version in SARIF report
2021-05-20 10:16:42 +02:00
Matthieu MOREL
d8cfcd6e76
Allow the user to enable/disable colorisation of the text report in the stdout
2021-05-10 14:18:39 +02:00
Shreyas Subhedar
a8b633f124
Adding stdout and verbose flags and refactor how the report is saved
2021-05-10 10:44:55 +02:00
Matthieu MOREL
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness
2021-05-07 16:54:34 +02:00
Matthieu MOREL
ddfa25381f
Define a report package with core and per format sub-packages
2021-05-06 09:31:51 +02:00
mrtc0
0d4f1cb2cb
Support SARIF output ( #539 )
...
* SARIF support
* add sarif option to help text
2020-11-02 09:13:53 +01:00
xpivarc
0ce48a584f
Reproducible junit report ( #529 )
...
* Fix junit format ordering
Signed-off-by: L. Pivarc <lpivarc@redhat.com>
* Make ordering stable
Signed-off-by: L. Pivarc <lpivarc@redhat.com>
* Test ordering
Signed-off-by: L. Pivarc <lpivarc@redhat.com>
2020-09-29 19:17:38 +02:00
Cosmin Cojocar
13519fda59
Update the tls configuration generate to handle also the NSS alternative names
...
Regenerate the configuration of TLS rule.
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-09-03 10:54:08 +02:00
Cosmin Cojocar
3784ffea4e
Fix panic when reading the version from debug info in Go 1.13
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 15:27:53 +02:00
Cosmin Cojocar
ad1cb7e47e
Make sure some version information is set when no version was injected into the binary
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 09:20:55 +02:00
Hiroaki Sano
af699f6a62
Exclude .git directory from scan ( #485 )
2020-06-09 15:16:27 +02:00
Cosmin Cojocar
c58f3563d3
Set the default color on only for text format
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 09:33:44 -07:00
Cosmin Cojocar
1a113d6da9
Turn the color always on when the text format is set
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 02:21:37 -07:00
Marco Antônio Singer
656691b387
feature(formatter/text): Add color option on text format ( #460 )
...
* feature(issue): Add function to return file path and line number
* docs(formatter/CreateReport): Update formats accepted
* feature(formatter): Add color output for text format
Basic color support for text format. For now, only the "Summary" title
and "Issues" section has color
* feature(formatter): Highlight issues based on severity
Given an issue, the file path is painted based on its severity.
We're using the following rules: high is red, medium is yellow and
low is simple black & white
* feature(main): Add color flag
It's only valid for text format
* refactor(formatter): Passing color flag forward
2020-04-14 09:50:02 +02:00
Cosmin Cojocar
c6e10af40f
Handle properly the gosec module version v2
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-06 09:06:23 -07:00
Sam Caccavale
7525fe4bb7
Rule for defering methods which return errors ( #441 )
2020-03-01 21:45:37 +01:00
Sam Caccavale
a305f10eb9
Fileperms ( #442 )
2020-02-28 12:48:18 +01:00
Lars Lehtonen
00363edac5
remove support for go 1.11 ( #444 )
2020-02-28 12:47:01 +01:00
Hiroki Suezawa
79fbf3af8d
Add golint format to output format ( #428 )
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-03 10:56:21 +01:00
Lars Lehtonen
df484bfa9e
cmd/tlsconfig: remove support for deprecated tls.VersionSSL30 ( #412 )
...
* cmd/tlsconfig: build tags to deprecate tls.VersionSSL30 from go1.14
* cmd/tlsconfig: build tags to turn off TLSv1.3 in go1.11
2019-11-19 11:41:25 +01:00
Cosmin Cojocar
43e3664713
Build the tls config generator only with Go versions compatible with Go 1.12
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:57:18 +10:00
Cosmin Cojocar
76ce9f0147
Update to config struct to unmarshal the mozilla server-side TLS conf version 5
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:57:18 +10:00
Cosmin Cojocar
e050355b4b
Update the TLS config generator to handle TLS version 1.3
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:57:18 +10:00
Cosmin Cojocar
7851918c4f
Add support to exclude arbitrary folders from scanning ( #353 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 22:01:36 +10:00
Daniel Carlier
8932f702ce
Add flag to handle '#nosec' alternative ( #346 )
...
* Add logic to check for a #nosec alternative
* Add NoSecAlternative as a new global variable
* Add nosec-tag flag
2019-09-04 10:20:43 +02:00