gosec

mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00

Author	SHA1	Message	Date
Cosmin Cojocar	fc570b6f1a	Add a new flag terse to show only the results and summary (#986 ) The new flag '-terse' will only show the results and summary ignoring any logs occured during a scan. Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>	2023-07-18 16:21:22 +02:00
Oleksandr Redko	1f689968ec	Fix typos in comments, vars and tests	2023-05-30 08:26:41 +02:00
Matthieu MOREL	d6aeaad931	correct gci linter (#946 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2023-03-30 09:31:24 +02:00
Cosmin Cojocar	de2c6a36fa	Extract the issue in its own package	2023-02-16 09:45:28 +01:00
Cosmin Cojocar	0ba05e160a	chore: fix lint warnings Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>	2022-08-08 10:56:19 +02:00
Ludovic Fernandez	4e68fb5b15	fix: parsing of the Go version (#844 ) * fix: parsing of the Go version * fix: convert pseudo directive to comment	2022-08-08 09:28:41 +02:00
Cosmin Cojocar	845483e0b1	Fix lint warning Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>	2022-07-28 11:10:00 +02:00
Cosmin Cojocar	45bf9a6095	Check the suppressed issues when generating the exit code Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>	2022-07-28 11:10:00 +02:00
Tim Costa	9a25f4ed2d	fix: filepaths with git anywhere in them being erroneously excluded (#828 ) Co-authored-by: Tim Costa <timcosta@amazon.com>	2022-07-06 06:46:49 +02:00
Per Arn	ea5d31f7f5	Add a recursive flag -r to skip specifying ./... path * added recursive flag to skip specifying ./... path * refactored to remove code duplication	2022-03-07 10:31:22 +01:00
kruskal	7d539ed494	feat: add concurrency option to parallelize package loading (#778 ) * feat: add concurrency option to parallelize package loading * refactor: move wg.add inside the for loop * fix: gracefully stop the workers on error * test: add test for concurrent scan	2022-02-16 18:23:37 +01:00
Cosmin Cojocar	7be6d4efb5	Add os.Create to the readfile rule (#761 )	2022-01-12 19:33:17 +01:00
kaiili	9d66b0d346	Fix false negatives for SQL injection in multi-line queries	2022-01-05 12:05:53 +01:00
Cosmin Cojocar	ad5d74d5a1	Update to ginkgo v2 (#753 )	2022-01-03 18:11:35 +01:00
kaiili	3038a30e3c	Add in the config file settings for exclude and include options Co-authored-by: kaiili <kaii@openingsource.org>	2021-12-20 23:43:50 +01:00
Ville Skyttä	d23ab2d997	Remove space between `//` and `#nosec` in examples and internal use Comments intended for machines to read do not have the space by convention.	2021-12-15 19:31:14 +01:00
Yiwei Ding	b45f95f6ad	Add support for suppressing the findings	2021-12-09 11:53:36 +01:00
Ville Skyttä	f1f0056a90	Spelling fixes (#717 )	2021-11-09 21:02:24 +01:00
Ryan Leung	79c8b79263	use a better naming for the variable (#715 ) Signed-off-by: Ryan Leung <rleungx@gmail.com>	2021-10-19 11:54:51 +02:00
Matthieu MOREL	bfb0f422fe	chore(lint): enable errorlint and gci (#698 )	2021-09-13 09:40:10 +02:00
Nanik	efbefc6930	fix: create a separate type for flag that has validation (#692 )	2021-09-02 14:44:20 +02:00
Marc Brugger	ba23b5e49a	Add possibility to list waived (nosec) marked issues but not count them as such	2021-08-18 13:00:38 +02:00
Marc Brugger	62db81342e	Allow excluding generated files	2021-08-04 17:33:20 +02:00
Matthieu MOREL	3ff0a2cc36	Fixes #644 (#645 )	2021-06-13 13:28:53 +02:00
Matthieu MOREL	1256f16f33	Fix lint and fail on error in the ci build	2021-05-31 10:44:12 +02:00
Matthieu MOREL	d040f0725f	Handle gosec version in SARIF report	2021-05-20 10:16:42 +02:00
Matthieu MOREL	d8cfcd6e76	Allow the user to enable/disable colorisation of the text report in the stdout	2021-05-10 14:18:39 +02:00
Shreyas Subhedar	a8b633f124	Adding stdout and verbose flags and refactor how the report is saved	2021-05-10 10:44:55 +02:00
Matthieu MOREL	c4f5932ab7	Refactor : Replace Cwe with cwe.Weakness	2021-05-07 16:54:34 +02:00
Matthieu MOREL	ddfa25381f	Define a report package with core and per format sub-packages	2021-05-06 09:31:51 +02:00
mrtc0	0d4f1cb2cb	Support SARIF output (#539 ) * SARIF support * add sarif option to help text	2020-11-02 09:13:53 +01:00
xpivarc	0ce48a584f	Reproducible junit report (#529 ) * Fix junit format ordering Signed-off-by: L. Pivarc <lpivarc@redhat.com> * Make ordering stable Signed-off-by: L. Pivarc <lpivarc@redhat.com> * Test ordering Signed-off-by: L. Pivarc <lpivarc@redhat.com>	2020-09-29 19:17:38 +02:00
Cosmin Cojocar	3784ffea4e	Fix panic when reading the version from debug info in Go 1.13 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-25 15:27:53 +02:00
Cosmin Cojocar	ad1cb7e47e	Make sure some version information is set when no version was injected into the binary Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-25 09:20:55 +02:00
Hiroaki Sano	af699f6a62	Exclude .git directory from scan (#485 )	2020-06-09 15:16:27 +02:00
Cosmin Cojocar	c58f3563d3	Set the default color on only for text format Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-14 09:33:44 -07:00
Cosmin Cojocar	1a113d6da9	Turn the color always on when the text format is set Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-14 02:21:37 -07:00
Marco Antônio Singer	656691b387	feature(formatter/text): Add color option on text format (#460 ) * feature(issue): Add function to return file path and line number * docs(formatter/CreateReport): Update formats accepted * feature(formatter): Add color output for text format Basic color support for text format. For now, only the "Summary" title and "Issues" section has color * feature(formatter): Highlight issues based on severity Given an issue, the file path is painted based on its severity. We're using the following rules: high is red, medium is yellow and low is simple black & white * feature(main): Add color flag It's only valid for text format * refactor(formatter): Passing color flag forward	2020-04-14 09:50:02 +02:00
Cosmin Cojocar	c6e10af40f	Handle properly the gosec module version v2 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-06 09:06:23 -07:00
Sam Caccavale	7525fe4bb7	Rule for defering methods which return errors (#441 )	2020-03-01 21:45:37 +01:00
Hiroki Suezawa	79fbf3af8d	Add golint format to output format (#428 ) Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2020-01-03 10:56:21 +01:00
Cosmin Cojocar	7851918c4f	Add support to exclude arbitrary folders from scanning (#353 ) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-09 22:01:36 +10:00
Daniel Carlier	8932f702ce	Add flag to handle '#nosec' alternative (#346 ) * Add logic to check for a #nosec alternative * Add NoSecAlternative as a new global variable * Add nosec-tag flag	2019-09-04 10:20:43 +02:00
Juan Antonio Osorio Robles	39f7e7b9e0	Display filtered number of issues instead of total in stats This takes into account the filtered number of issues instead of the total number. This number is more relevant to developers, as the intention was to not take certain issues into account anyway.	2019-07-04 10:13:09 +10:00
Cosmin Cojocar	020479a832	Support multiple root paths when generating the Sonarqube report Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-06-24 14:35:11 +02:00
Cosmin Cojocar	46e55b908d	Fix the file path in the Sonarqube report Add some test to validate the Sonarqube formatter. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-06-24 14:10:51 +02:00
Sandor Szücs	9d9098fa97	print version string (#317 ) Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>	2019-05-17 11:33:02 +02:00
Cosmin Cojocar	ee80733faf	Add a flag to filter issues by confidence (#316 ) Refactor also how the issues are filtered by severity. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-10 10:15:09 +02:00
Cosmin Cojocar	b49c9532a8	Add a flag which allows to scan also the tests files Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 06:55:24 +02:00
Cosmin Cojocar	f1d49a6945	Remove unused code Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 06:54:59 +02:00

1 2

67 commits