1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-30 21:19:46 +02:00
Commit Graph

19 Commits

Author SHA1 Message Date
Giovanni Rosa
7df7baa3f0
Fix for Dockerfile smell DL3059 (#951)
Signed-off-by: Giovanni Rosa <g.rosa1@studenti.unimol.it>
2023-04-14 13:46:24 +02:00
Peter Dave Hello
fb587c1d10
Remove additional --update for apk in Dockerfile (#818)
There is no need to use --update with --no-cache when using apk on
Alpine Linux, as using --no-cache will fetch the index every time and
leave no local cache, so the index will always be the latest without
temporary files remain in the image.
2022-05-31 15:06:52 +02:00
Matthew Jaffee
3eba7b8a3e
add openssh to docker image (#719)
I'm trying to scan a project which has dependencies which are private projects. When Go tries to fetch the dependencies it normally uses HTTPS, but that doesn't work if they're private (terminal prompts disabled, can't enter username/password). So you do this little trick with git configuration to get Go to fetch dependencies over ssh: `GIT_CONFIG_PARAMETERS=url.ssh://git@github.com/.insteadOf=https://github.com/`
unfortunately the docker image doesn't have ssh installed so this doesn't work :)
2021-11-10 21:13:20 +01:00
Cosmin Cojocar
37d1af0af3 Expand the arguments to a list of strings when they are provided as a single string
The GitHub action provide the arguments as a single string to the docker container,
so we need to expand them in order for gosec to properly interpret them.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-07-06 19:38:49 +02:00
Cosmin Cojocar
51e4317f09 Automate the release process using a GitHub workflow
The release will trigger when a new tag is pushed.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 00:41:56 -07:00
Grant Murphy
5d613739e1 fix(docker) gcc and libc-dev required bindings
The docker image doesn't include the necessary packages to build / analyze
some packages. Adding gcc and libc-dev to addess this.
2019-12-20 08:45:01 +10:00
Cosmin Cojocar
ea9faae22d
Update the Go version to 1.13 in the Dockerfile (#403)
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-08 09:44:34 +02:00
Cosmin Cojocar
7935fd85b9 Rework the Dockerfile for Go modules
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:40 +02:00
Cosmin Cojocar
8b27d1c091 Update go version to 1.11.5 in the docker file 2019-03-06 17:18:50 +10:00
Andrew Hsu
1ecd47e007 bump Dockerfile golang from 1.10 to 1.11
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2018-10-03 00:28:39 +00:00
Andrew Hsu
5f98926a7b Refactor Dockerfile (#245)
* ignore the temporary image file used for builds

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* no need for GOPATH in the Dockerfile

It is already set in the golang:1.10.3-alpine3.8 image.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* no need for GOROOT in Dockerfile

The correct value is embedded in the go tool.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* bump Dockerfile golang to 1.10.4

The latest golang version thus far.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* replace docker-entrypoint.sh with the gosec binary

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* git ignore gosec binary

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* refactor Dockerfile into multi-stage

First stage does the build in a pristine alpine environment. Second
stage is a minimal image with just the necessary stuff to run the
compiled binary. Also added packages for gcc and musl-dev so cgo can do
its thang.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* fix the image execution example in README.md

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2018-09-26 08:09:20 +03:00
Cosmin Cojocar
ec0f8ec9d6 Set the GOROOT and GOPATH env variables in Dockerfile 2018-08-21 11:15:14 +02:00
Cosmin Cojocar
247828cfa5 Update docker base image to 1.10.3-alpine3.8 2018-08-21 11:15:14 +02:00
Cosmin Cojocar
dbd0f8f511 Use the make build goal when creeating the docker image 2018-08-15 09:45:37 +02:00
Cosmin Cojocar
2a6e887167 Use the goreleaser tool to perform releases 2018-07-27 14:42:00 +02:00
Cosmin Cojocar
893b87b343 Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
cosmincojocar
e809226800 Build improvments (#179)
* Add a semantic version to the usage text

* Add a comment to the version function

* Inject the version, git tag and build date as build variables

* Update README

* Fix lint warnings

* Update README

* Manage dependencies with dep tool instead of godep

* Add a Makefile for common build tasks

* Update the build file to use the make tool

* Update Dockerfile

* Add docker entry point in to make the passing of arguments easy

* Update README

* Add missing tools to the build

* Drop 1.7 support and add 1.10

* Fix Go 1.10 according with the travis guidelines

https://docs.travis-ci.com/user/languages/go/

* Update the tls-observatory package

* Fix lint warnings

* Change the output of the tests to be more verbose

* Check if the are build errors before executing the rule test
2018-03-13 08:57:10 +10:00
Amber Wiens
b120a3ec3f Updating Dockerfile with requested changes 2017-08-09 13:00:19 -06:00
Amber Wiens
5f0f8f89a6 Adding Docker container and changing README 2017-08-03 11:50:58 -06:00