Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add github action to run gosec static analysis #398

Merged
merged 2 commits into from
Apr 3, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions .github/workflows/presubmit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,13 @@ jobs:
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run `govulncheck`
run: ~/go/bin/govulncheck ./...
static-security-analysis:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: -exclude-dir test -exclude-generated -severity medium -exclude=G108,G114 ./...

1 change: 1 addition & 0 deletions pkg/k8s/pod/converter.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ func (c *PodConverter) ConvertList(originalList interface{}) (convertedList inte
},
}
for _, pod := range podList.Items {
pod := pod // Fix gosec G601, so we can use &node
sushrk marked this conversation as resolved.
Show resolved Hide resolved
strippedPod := c.StripDownPod(&pod)
strippedPodList.Items = append(strippedPodList.Items, *strippedPod)
}
Expand Down
1 change: 1 addition & 0 deletions pkg/provider/branch/trunk/trunk.go
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,7 @@ func (t *trunkENI) InitTrunk(instance ec2.EC2Instance, podList []v1.Pod) error {

// From the list of pods on the given node, and the branch ENIs from EC2 API call rebuild the internal cache
for _, pod := range podList {
pod := pod // Fix gosec G601, so we can use &node
eniListFromPod := t.getBranchInterfacesUsedByPod(&pod)
if len(eniListFromPod) == 0 {
continue
Expand Down
1 change: 1 addition & 0 deletions pkg/utils/events.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ func SendNodeEventWithNodeObject(client k8s.K8sWrapper, node *v1.Node, reason, m
func SendBroadcastNodeEvent(client k8s.K8sWrapper, reason, msg, eventType string, logger logr.Logger) {
if nodeList, err := client.ListNodes(); err == nil {
for _, node := range nodeList.Items {
node := node // Fix gosec G601, so we can use &node
client.BroadcastEvent(&node, reason, msg, eventType)
}
} else {
Expand Down