Update module github.com/securego/gosec to v2 #861
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![grafanarenovatebot[bot]](https://avatars.githubusercontent.com/u/7195757?s=60&v=4){kind=small}
ℹ Artifact update noticeFile name: scripts/go/go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
grafanarenovatebot
bot
force-pushed
the
grafanarenovatebot/github.com-securego-gosec-2.x
branch
from
2576b52 to
576cec6
Compare
mem
approved these changes
Aug 30, 2024
ka3de
added a commit
that referenced
this pull request
Sep 2, 2024
* k6runner: always log error code and string to user's logger * Update module golang.org/x/sync to v0.8.0 (#812) * Update module golang.org/x/net to v0.28.0 (#813) * Build(deps): Bump the prometheus-go group across 1 directory with 2 updates (#827) * Update ghcr.io/grafana/grafana-build-tools Docker tag to v0.22.0 (#817) * Update module go.k6.io/k6 to v0.53.0 (#823) * Update dependency grafana/k6 to v0.53.0 * Update module github.com/miekg/dns to v1.1.62 * Update github.com/grafana/loki/pkg/push digest to 9315b3d * Update golang.org/x/exp digest to 9b4947d * Update github.com/securego/gosec/v2 digest to ab3f6c1 * Update github.com/grafana/loki/pkg/push digest to 246a1df * Update ghcr.io/grafana/grafana-build-tools Docker tag to v0.23.0 * Build(deps): Bump github.com/prometheus/client_golang * Update module github.com/securego/gosec to v2 * renovate: fix grafana-build-tools dependency regex * Update ghcr.io/grafana/grafana-build-tools Docker tag to v0.23.0 * drone: regenerate pipelines * Add with-browser Docker image (#829) * Update module github.com/prometheus/prometheus to v0.54.1 (#843) * Update module github.com/prometheus/common to v0.56.0 (#849) * Build(deps): Bump google.golang.org/grpc from 1.65.0 to 1.66.0 * Build(deps): Bump github.com/prometheus/common * renovate: group prometheus-go updates * renovate: enable default managers * renovate: add `dependencies` label to PRs * dependabot: remove * Update renovatebot/github-action action to v40.2.7 (#859) * go: upgrade to 1.23 (#838) * Update module github.com/golangci/golangci-lint to v1.60.0 (#825) * Update alpine Docker tag to v3.20 (#858) * Update actions/checkout action to v4.1.7 (#857) * Dockerfile: pin hash of debian:stable-slim image (#828) * Update module github.com/mccutchen/go-httpbin/v2 to v2.14.1 (#860) * Update module github.com/securego/gosec to v2 (#861) * feat: Validate browser capability (#809) Signed-off-by: ka3de <danijs12@hotmail.com>
Merged
ka3de
added a commit
that referenced
this pull request
Sep 2, 2024
* k6runner: always log error code and string to user's logger * Update module golang.org/x/sync to v0.8.0 (#812) * Update module golang.org/x/net to v0.28.0 (#813) * Build(deps): Bump the prometheus-go group across 1 directory with 2 updates (#827) * Update ghcr.io/grafana/grafana-build-tools Docker tag to v0.22.0 (#817) * Update module go.k6.io/k6 to v0.53.0 (#823) * Update dependency grafana/k6 to v0.53.0 * Update module github.com/miekg/dns to v1.1.62 * Update github.com/grafana/loki/pkg/push digest to 9315b3d * Update golang.org/x/exp digest to 9b4947d * Update github.com/securego/gosec/v2 digest to ab3f6c1 * Update github.com/grafana/loki/pkg/push digest to 246a1df * Update ghcr.io/grafana/grafana-build-tools Docker tag to v0.23.0 * Build(deps): Bump github.com/prometheus/client_golang * Update module github.com/securego/gosec to v2 * renovate: fix grafana-build-tools dependency regex * Update ghcr.io/grafana/grafana-build-tools Docker tag to v0.23.0 * drone: regenerate pipelines * Add with-browser Docker image (#829) * Update module github.com/prometheus/prometheus to v0.54.1 (#843) * Update module github.com/prometheus/common to v0.56.0 (#849) * Build(deps): Bump google.golang.org/grpc from 1.65.0 to 1.66.0 * Build(deps): Bump github.com/prometheus/common * renovate: group prometheus-go updates * renovate: enable default managers * renovate: add `dependencies` label to PRs * dependabot: remove * Update renovatebot/github-action action to v40.2.7 (#859) * go: upgrade to 1.23 (#838) * Update module github.com/golangci/golangci-lint to v1.60.0 (#825) * Update alpine Docker tag to v3.20 (#858) * Update actions/checkout action to v4.1.7 (#857) * Dockerfile: pin hash of debian:stable-slim image (#828) * Update module github.com/mccutchen/go-httpbin/v2 to v2.14.1 (#860) * Update module github.com/securego/gosec to v2 (#861) * feat: Validate browser capability (#809) Signed-off-by: ka3de <danijs12@hotmail.com>
ka3de
added a commit
that referenced
this pull request
Sep 2, 2024
* k6runner: always log error code and string to user's logger * Update module golang.org/x/sync to v0.8.0 (#812) * Update module golang.org/x/net to v0.28.0 (#813) * Build(deps): Bump the prometheus-go group across 1 directory with 2 updates (#827) * Update ghcr.io/grafana/grafana-build-tools Docker tag to v0.22.0 (#817) * Update module go.k6.io/k6 to v0.53.0 (#823) * Update dependency grafana/k6 to v0.53.0 * Update module github.com/miekg/dns to v1.1.62 * Update github.com/grafana/loki/pkg/push digest to 9315b3d * Update golang.org/x/exp digest to 9b4947d * Update github.com/securego/gosec/v2 digest to ab3f6c1 * Update github.com/grafana/loki/pkg/push digest to 246a1df * Update ghcr.io/grafana/grafana-build-tools Docker tag to v0.23.0 * Build(deps): Bump github.com/prometheus/client_golang * Update module github.com/securego/gosec to v2 * renovate: fix grafana-build-tools dependency regex * Update ghcr.io/grafana/grafana-build-tools Docker tag to v0.23.0 * drone: regenerate pipelines * Add with-browser Docker image (#829) * Update module github.com/prometheus/prometheus to v0.54.1 (#843) * Update module github.com/prometheus/common to v0.56.0 (#849) * Build(deps): Bump google.golang.org/grpc from 1.65.0 to 1.66.0 * Build(deps): Bump github.com/prometheus/common * renovate: group prometheus-go updates * renovate: enable default managers * renovate: add `dependencies` label to PRs * dependabot: remove * Update renovatebot/github-action action to v40.2.7 (#859) * go: upgrade to 1.23 (#838) * Update module github.com/golangci/golangci-lint to v1.60.0 (#825) * Update alpine Docker tag to v3.20 (#858) * Update actions/checkout action to v4.1.7 (#857) * Dockerfile: pin hash of debian:stable-slim image (#828) * Update module github.com/mccutchen/go-httpbin/v2 to v2.14.1 (#860) * Update module github.com/securego/gosec to v2 (#861) * feat: Validate browser capability (#809) Signed-off-by: ka3de <danijs12@hotmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.0.0-20200401082031-e946c8c39989->v2.20.0Release Notes
securego/gosec (github.com/securego/gosec)
v2.20.0Compare Source
Changelog
6fbd381Catch os.ModePerm permissions in os.WriteFiledc5e5a9Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions417a44cAdd filepath.EvalSymlinks to clean functions in rule G304d34f8b7chore(deps): update all dependencies8658b8eUpdate Go to version 2.22.3 in CI and released3b2359chore(deps): update module golang.org/x/text to v0.15.0cf29d54chore(deps): update all dependencies09d62bdchore(deps): update module github.com/onsi/gomega to v1.33.03b23ec8Update to go 1.22.231009c3chore(deps): update all dependenciesdaf6f67chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1e27f442chore(deps): update all dependencies5513615fix(helpers/goversion): get from go.mod43b8b75chore: fix function nameaccd7a1chore(deps): update all dependencies48aa72eFormat the imports using the gci toolb6df69cFixup: delete unused variableccb0a08Fix test: update test to comply with the spec of generated sources3a0ea51Refactor: use standard function to check if a file is generated11c3252Fix lint warningsbe378e6Add support for math/rand/v2 added in Go 1.2236878a9Skip the G601 tests for Go version 1.22903c75bUpdate go version to 1.22.1 and 1.21.8f25ccd9Ignore 'implicit memory aliasing' rule for Go 1.22+582e91achore(deps): update all dependencies198a40cchore(deps): update module golang.org/x/tools to v0.18.0c824a5dfix(hardcoded): remove duplicatedStripe API Keyd13d7daUpdate gosec version to v2.19.0 in the Github actionv2.19.0Compare Source
Changelog
26e57d6Update CI to go version 1.22e60b8d8chore(deps): update all dependencies1285eb7chore(deps): update all dependenciescf4ab3echore(deps): update all dependencies277553cchore(deps): update all dependencies57ec76bchore(deps): update all dependencies8fa46c1chore(deps): update dependency babel-standalone to v7.23.753aa3f7chore(deps): update module golang.org/x/crypto to v0.17.0 [security]187adabchore(deps): update all dependenciese1f27bachore(deps): update actions/setup-go action to v52aad3f0Fix lint warnings by properly formatting the files0e2a618chore: Refactor Sample Code to Separate Filesbc03d1cUpdate go version to 1.21.5 and 1.20.12 (#1084)79a6b47chore(deps): update all dependencies (#1080)eb256a7Ignore the issues from generated files when using the analysis framework (#1079)43b7cbfUpdate README with upload-sarif v2 (#1078)fece498chore(deps): update dependency babel-standalone to v7.23.424c614bAdded ppc64le supportc736581chore(deps): update all dependencies3188e3fEnsure ignores are handled properly for multi-line issues6d56592Update Go to version 1.21.4 and 1.20.11870103bchore(deps): update module golang.org/x/text to v0.14.0b50e493chore(deps): update all dependencies2f9965bRemove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARMfa1b74dAvoid allocations with(*regexp.Regexp).MatchString64bbe90Fix some typosd9071e3Update local installation instructions by removing the details for Go 1.165d837bcUpdate gosec version to 2.18.2 in the actionv2.18.2Compare Source
Changelog
55d7949Disable dot-imports in revive linter4656817chore(deps): update module github.com/onsi/gomega to v1.28.15567ac4Run the gosec with data race detector active during testsa239758Fix data race in the analyzerc06903aFix test that checks the overriden nosec directivebde2619Clean global state in flgs testse108c56Format the filee298388Update README with details which describe the current behaviour of #nosecd8a6d35Ensure the ignores are parsed before analysing the package7846db0chore(deps): update all dependencies8e0cf8cUpdate gosec to version 2.18.1 in the action6b12a71Update cosign version to v2.2.0v2.18.1Compare Source
Changelog
0ec6cd9Refactor how ignored issues are trackedf338a98Restrict the maximum depth when tracking the slice bounds7e2d8d3Handle empty ssa results074353aHandle gracefully any panic that occurs when building the SSA representation of a packageec31a3aFix typoa11eb28Handle new function when getting the call info in case is overriden5b7867dBump golang.org/x/net from 0.16.0 to 0.17.0 (#1037)dd08f99Update to Go 1.21.3 and 1.20.10 (#1035)616520fUpdate the list of unsafe functions detected by the unsafe rule (#1033)3952187Update the action to use gosec version v2.18.0 (#1029)2b62dd1Use a step ID in github release action to get the digest of the image (#1028)v2.18.0Compare Source
Changelog
53fc0c3Update to go version 1.21.2 and 1.20.9 (#1027)7f7c47fchore(deps): update all dependencies (#1026)d864a91Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)09cf6efFix typos in struct fields, comments, and docs (#1023)665e87bchore(deps): update all dependencies4def3a4Fix lint warning0d332a1Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666293d887Fix lint warningsac482cbUpdate ginkgo to latest versione02e2f6Redesign and reimplement the slice out of bounds check using SSA code representatione1278f9docs: add reMarkable to users listf6a6496chore(deps): update all dependenciesaebe20cDrop support for go 1.19.x since go team doesn't ship anymore security fixes for it7a98537Update to latest go versionb192f06chore(deps): update all dependencies (#1011)6c93653Fix hardcoded_credentials rule to only match on more specific patterns (#1009)325eb19chore(deps): update all dependencies (#1008)beef125Exclude maps from slince bounce check rule (#1006)21d13c9Ignore struct pointers in G601 (#1003)85005c4Update gosec image version to 2.17.0 in the Github action (#1002)6a2c5e1Update cosign to version v2.1.1 (#1000)v2.17.0Compare Source
Changelog
a89e9d5Enable go 1.21.0 in the CI build (#998)4b458c4chore(deps): update all dependencies (#997)7d51bfeUpdate to go version 1.20.7 and 1.19.12 (#993)fc2f66bchore(deps): update all dependencies (#992)2cf2f96chore(deps): update module github.com/onsi/gomega to v1.27.10 (#991)bf7fedafix: correctly identify infixed concats as potential SQL injections (#987)2292ed5chore(deps): update all dependencies (#989)fc570b6Add a new flag terse to show only the results and summary (#986)36f6933Switch to a maintained fork of zxcvbn module (#984)ed7b334Fix dependencies after bot update (#983)e76ad70chore(deps): update all dependencies (#982)3a6fd99Update to Go version 1.19.11 and 1.20.6 (#981)ea39309Fix and tidy the dependencies (#977)ef8f560chore(deps): update all dependencies (#976)17b7d31Update README file with new rule (#975)a018cf0Feature: G602 Slice Bound Checking (#973)82364a7chore(deps): update all dependencies (#974)abeab10Feature: G101 match variable values and names (#971)b824c10Update build script to go version 1.20.5022584dchore(deps): update all dependenciesbd58600Recognize struct field in G6011457921Remove the depguard from the list of enabled linters1f68996Fix typos in comments, vars and testse148465chore(deps): update all dependencies9120883Fix no-sec alternative tag (#962)87cc45eUse image digest instead of tag when signing the released image with cosign (#960)6df05bdUpdate gosec image version to 2.16.0 in the Github action (#959)v2.16.0Compare Source
Changelog
c5ea1b7Update cosign to latest version in release Github action (#958)8632a8cchore(deps): update all dependencies (#956)ae3c2f7Update go version in build and release scripts (#957)970cc29chore(deps): update all dependencies (#955)47bfd4eUpdate Go version to 1.20.3 (#953)440141achore(deps): update all dependencies (#952)7df7baaFix for Dockerfile smell DL3059 (#951)2ee3213README: upgrade GitHub action in examples (#950)68b5201enable ginkgolinter linter (#948)780ebd0chore(deps): update all dependencies (#947)d6aeaadcorrect gci linter (#946)73f0efcremove deprecated lintersaef69b3increase timeout to 5m6bad723chore(deps): update all dependencies96bb741Use the latest version6a73248Fix some linting warnings83fc5e6Fix lint warning8e7cf4bBump the go versions and golancie7bfcd1chore(deps): update all dependencies (#942)f823a7eCheck nil pointer when variable is declared in a different filecdd3476fix dead link to issue.go in README.md (#936)d5a9c73Remove rule G307 which checks when an error is not handled when a file or socket connection is closed (#935)27bf0e4Fix rule index reference into sarif report (#934)e7b896fBump golang.org/x/net from 0.6.0 to 0.7.04340efaFormat filef850069Use the gosec issue in the go analysersb1fd948Fix file formatting2071786Update Go version in CI builds1915717Fix method name in the commentde2c6a3Extract the issue in its own package31e6327Add support for Go analysis framework and SSA code representatione795d75chore(deps): update all dependencies (#931)8aa00dbRemove the version form ci github action392e53cPin github action to latest release version 2.15.0ffe254eRevert the image tag in github action until a working solution is founda0eddfbFix version interpolation in github action imaged22a7b6Add gosec version as an input parameter to GitHub action (#927)2d6b0a5Update release build script (#924)v2.15.0Compare Source
Changelog
a459eb0Fix dependencies after renovate update54f56c7chore(deps): update all dependencies (#922)df14837Update to Go 1.20 and fix unit tests (#923)b4270ddUpdate Go to latest version (#920)a624254Update hardcoded_credentials.go fix: adaper equal expr which const value at left (#917)9432e67Fix github latest URL (#918)e85e1a7Fix github release url (#916)7dcb8c7chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 (#914)c5d217dUpdate Go version in CI script (#913)5874e63Track back when a file path was sanitized with filepath.Clean (#912)fd28036Fix the TLS config rule when parsing the settings from a variable (#911)a522ae6Fix build after updating the dependencies (#910)4cc97adchore(deps): update all dependencies (#909)05a7bc5Fix dependencies after renovate update (#907)11898d5chore(deps): update all dependencies (#906)f9a8bf0Update slack badge and link (#905)dabc7dcAuto-detect TLS MinVersion integer base (#903)c39bcdbAdding s390x support (#902)e06bbf9chore(deps): update all dependencies (#904)f79c584chore(deps): update all dependencies (#898)44f484fAdditional types for bad defer check (#897)2fe6c5bchore(deps): update all dependencies (#894)a0b7ebbchore(deps): update all dependencies (#892)0acfbb4Update Go version in CI scripts (#889)6a964b2chore(deps): update all dependencies (#888)a7ad827Allow to override build date with SOURCE_DATE_EPOCH (#887)26f0389chore(deps): update all dependencies (#886)7f91d85chore(deps): update all dependencies (#884)cf63541fileperms: bitwise permission comparison (#883)v2.14.0Compare Source
Changelog
1af1d5bPin release build to Go version 1.19.2 (#882)0ae0174Refactor to support duplicate imports with different aliases (#865)a2719d3chore(deps): update all dependencies (#881)ed38681go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)8466173Update Go version to 1.19 in the makefile (#876)f9ad0d8chore(deps): update all dependencies (#875)6cd9e62Add CWE-676 to cwe mapping (#874)bb4a1e3chore(deps): update all dependencies (#872)7ea37bbAdd a way to use private repositories on GitHub (#869)e244c81chore(deps): update all dependencies (#868)e9b2781Check go version when installing govulncheck88c23deCheck go version when running govulncheck84f6424Add vulncheck to the test steps180fc23chore(deps): update all dependenciesdfde579Fix false positives for G404 with aliased packagesaaaf80cchore(deps): update all dependenciesae58325chore(deps): update all dependenciesa892be9fix: add a CWE ID mapping to rule G114a319b66chore(deps): update golang.org/x/crypto digest tobc19a97v2.13.1Compare Source
Changelog
19fa856fix: make sure that nil Cwe pointer is handled when getting the CWE ID62fa4b4test: remove white spaces from template074dc71fix: handle nil CWE pointer in text templatev2.13.0Compare Source
Changelog
79a5b13chore(deps): update dependency babel-standalone to v797f03d9chore: update module go to 1.190ba05e1chore: fix lint warningsd3933f9chore: add support for Go 1.194e68fb5fix: parsing of the Go version (#844)0c8e63eDetect use of net/http functions that have no support for setting timeouts (#842)6a26c23Refactor SQL rules for better extensibility (#841)1b0873achore(deps): update module golang.org/x/tools to v0.1.12 (#840)845483eFix lint warning45bf9a6Check the suppressed issues when generating the exit codea5982fbFix for G402. Check package path instead of package name (#838)ea6d49dfix G204 bugs (#835)21fcd2fPhase out support for Go 1.16 since is not supported anymore by Go team (#837)3cda47achore(deps): update all dependencies (#836)0212c83chore(deps): update dependency highlight.js to v11.6.0 (#830)9a25f4efix: filepaths with git anywhere in them being erroneously excluded (#828)602ced7Fix wrong location for G109 (#829)7dd9dddchore(deps): update golang.org/x/crypto digest to0559593(#826)b0f3e78fix ReadTimeout for G112 rule05f3ca8Pin cosign-installer tov2(#824)v2.12.0Compare Source
Changelog
a9b0ef0chore(deps): update all dependencies (#822)9c19cb6Add check for usage of Rat.SetString in math/big with an overflow error (#819)fb587c1Remove additional--updatefor apk in Dockerfile (#818)c3ede62Update x/tools to pick up fix for golang/go#51629 (#817)0a929c7chore(deps): update all dependencies (#816)12be148chore(deps): update all dependencies (#812)0dcc336chore(deps): update all dependencies (#811)34d144bAdd new rule for Slowloris Attacka64cde5Fix the dependencies after renovate upate (#806)b69c3d4chore(deps): update all dependencies (#805)89dfdc0Update the description message of template rule (#803)0791d31Fix typo in ReadMe (#802)2ef1d9aFix build after renovate update (#800)afc9903Fix use rule IDs to retrieve the rule config82eaa12chore(deps): update all dependencies (#796)v2.11.0Compare Source
Changelog
607d607Enable Go 1.18 in the ci and release workflowsb99b5f7Fix the lint action after upgrade (#790)8af0af7chore(deps): update all dependencies (#789)ea5d31fAdd a recursive flag -r to skip specifying ./... path48bbf96Adds directory traversal for Http.Dir("/")v2.10.0Compare Source
Changelog
26f10e0Extend the release action to sign the docker image and binary files with cosign (#781)7d539edfeat: add concurrency option to parallelize package loading (#778)43577cechore(deps): update all dependenciesc0680bbProcess the code snippet before adding it to the SARIF reportdb8d98bUpdated sponsor link in README.md507f847chore(deps): update golang.org/x/crypto commit hash to30dcbda853e1d5chore(deps): update all dependencies09a2941Use the CWE name as a name in the SARIF report9399e7bchore(deps): update all dependencies (#771)2fad8a4Resolve the TLS min version when is declarted in the same package but in a different file1fbcf10Add a test for tls min version defined in a different fileb12c0f6chore(deps): update all dependencies (#765)v2.9.6Compare Source
Changelog
1d909e2Add db.Exec and db.Prepare to the sql rule (#763)742aa84chore(deps): update golang.org/x/crypto commit hash to5e0467b(#764)7be6d4eAdd os.Create to the readfile rule (#761)75cc7dcFix false negative for SQL injection when using DB.QueryRow.Scan() (#759)58058afchore(deps): update dependency highlight.js to v11.4.0 (#758)9d66b0dFix false negatives for SQL injection in multi-line queries4c1afaaFind G303 with filepath.Join'd temp dirs (#754)19bda8dFind more tempdirs827fca9build(fmt): use[instead of[[(#751)ad5d74dUpdate to ginkgo v2 (#753)72f1145Fix #743 (#748)63a8e78Handle nil when looking up a file by position into a package (#747)3038a30Add in the config file settings for exclude and include optionsbf0dd2fchore(deps): update golang.org/x/crypto commit hash toe495a2d(#745)2d1c1a6Track both #nosec and #nosec rulelist for one violation (#741)e0f354aAdd the sponsors section in the README file (#740)d23ab2dRemove space between//and#nosecin examples and internal usev2.9.5Compare Source
Changelog
35af340Fix #736 (#738)6c0b344chore(deps): update golang.org/x/crypto commit hash to4570a08(#737)v2.9.4Compare Source
Changelog
b45f95fAdd support for suppressing the findings040327fchore(deps): update all dependencies (#734)v2.9.3Compare Source
Changelog
6a41fb9Fix https://github.com/securego/gosec/issues/714 (#733)c95e9c2chore(deps): update all dependencies (#731)v2.9.2Compare Source
Changelog
e57efa8Fix a panic in suproc rule when the declaration of the variable is not available in the AST (#728)ff17c30Use go embed for templates (#725)3eba7b8add openssh to docker image (#719)55c6ceaFix crash when parsing the TLS min version value (#724)40fa36dG303: catch with os.WriteFile, add os.Create test case (#718)873ac24chore(deps): update all dependencies (#722)f1f0056Spelling fixes (#717)0680c75chore(deps): update all dependencies (#716)79c8b79use a better naming for the variable (#715)v2.9.1Compare Source
Changelog
6921395Fix the SBOM generation step in the release action (#712)5a3a27aPhase out support for go version 1.15 because current ginko is not backward compatible (#710)v2.9.0Compare Source
v2.8.1Compare Source
Changelog
3f800ccFix the unit tests (#652)df10b65Fix gosimple lint warning (#651)731d0d5Results must always be present in the SARIF report (#650)3c230acerrors.go: add Hash.Write() to the white list. (#648)e72b1e5Use of vars instead of funcc81cff0Update all dependencies (#646)3ff0a2cFixes #644 (#645)e3dffd6Update renovate configurationaa35eb5Delete renovate.json (#642)3b1b77eadd onboarding (#640)03360baUpdate renovate configuration8a8dbecTidy up the dependencies (#637)3a4d09bUpdate all dependencies (#635)6cde6b3Disable cache in golangci job (#636)1256f16Fix lint and fail on error in the ci builddbb9811Add crypto and lint to the tools modules244adc6Update the github ci action to use cache and matrix strategydf1249dUpdate install.sh with more installation optionsaf27673Update README.mdv2.8.0Compare Source
Changelog
9fc8e20Add favicon for HTML template (#628)91dae7fUpdate the design of HTML reporte72f54eFix HTML template and display the gosec versionc3f25b8fix html report tag styling (#623)433a674show nosec in html report summary (#621)d040f07Handle gosec version in SARIF report51f7411Add arm64 support (#618)e7ac882Update go version to 1.16 (#616)3a9a6adSarif provide Snippet with Issue.Code1325319Create dependabot.yml (#614)d8cfcd6Allow the user to enable/disable colorisation of the text report in the stdouta8b633fAdding stdout and verbose flags and refactor how the report is saved103c429Enable golangcli and improve testing for formatters4df7f1cFix typos, Go Report link and Gofmtf4ea33dUpdate how the test coverage is generatedc4f5932Refactor : Replace Cwe with cwe.Weaknessddfa253Define a report package with core and per format sub-packagescc83d4cGenerate the SARIF types, handle taxonomies and separate responsibilities0fa5d0bFix the go modules after updating to get the tests passing (#605)3763953Migrate sonar types in a dedicated package (#604)b519743chore(deps): update all dependencies (#599)569328eFix typos (#594)0695fa0Add-uto local install instructions (#595)7f2308bTidy up the moduels after updating (#593)f21b0b8chore(deps): update all dependencies (#592)148e608Adding KICS to USERS.md (#590)v2.7.0Compare Source
Changelog
27a5ffbQuiet warnings about integer truncation (#586)bf2cd23Update all dependencies (#585)01ee764Fix typo in USERS.md (#583)9c047e3Add support for Go 1.16 in the CI and release workflows (#581)1fce461fix: WriteParams rule to work also with golang 1.16 (#577)dcbcc4dUse a more generic path for sonarqube import path (#573)2777e50Update README with a note which describes how to import a SonarQube report (#572)897c203Reset the state of TLS rule after each version check (#570)6c57ae1Fix sarif formatting issues (#565)b6524ceUpdate all dependenciesv2.6.1Compare Source
Changelog
00bbbd8Fix the release workflow to allow unsecure commandsv2.6.0Compare Source
v2.5.0Compare Source
Changelog
a4746e1Update all dependencies (#533)6bd6e4bUse $(go env GOPATH) that works even when GOPATH is not setaef335aFix typo in README.md0ce48a5Reproducible junit report (#529)868556bUpdate README with the correct path to tlsconfig command13519fdUpdate the tls configuration generate to handle also the NSS alternative namese351067Update all dependencies166e4f5Update README file with some more details required to run successfully a scan with the docker imagef5cc32aUpdate the Go version to 1.15 in the Makefileea0fa28Update the Github go action version to 1.6.0feea8bbFix the action tag6688a97Fix the github action for Go 1.157234349Add Go 1.15 to the supported version and phase out the Go 1.12a3895d5Fix typo in README file17c9555Incorrect local installation instructions for v2f13b8bcAdd also filepath.Rel as a sanitization method for input argConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.