cc83d4c922
Generate the SARIF types, handle taxonomies and separate responsibilities
2021-05-05 18:54:32 +02:00
0fa5d0b2d6
Fix the go modules after updating to get the tests passing ( #605 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2021-05-05 16:38:35 +02:00
37639537ce
Migrate sonar types in a dedicated package ( #604 )
2021-05-05 16:21:53 +02:00
b519743da6
chore(deps): update all dependencies ( #599 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com >
2021-05-03 09:52:24 +02:00
569328eade
Fix typos ( #594 )
2021-04-16 09:50:34 +02:00
0695fa026e
Add -u to local install instructions ( #595 )
...
`-u` will ensure that users are updated the latest released version.
This way bugs are less likely to be reported that are already fixed.
2021-04-16 09:50:10 +02:00
7f2308bd85
Tidy up the moduels after updating ( #593 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2021-04-01 09:49:25 +02:00
f21b0b8dac
chore(deps): update all dependencies ( #592 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com >
2021-04-01 09:16:31 +02:00
148e608148
Adding KICS to USERS.md ( #590 )
2021-03-25 14:51:59 +01:00
27a5ffb5c8
Quiet warnings about integer truncation ( #586 )
...
Both MinVersion and MaxVersion of crypto/tls.Config are uint16, so the
int16 fields of rules.insecureConfigTLS are too small. GetInt()
interprets integer literals as fitting within 64-bits, so simplify
things by using int64.
2021-03-03 10:05:33 +01:00
bf2cd2392b
Update all dependencies ( #585 )
2021-03-01 09:45:00 +01:00
01ee764ed8
Fix typo in USERS.md ( #583 )
2021-02-27 18:54:40 +01:00
9c047e32a3
Add support for Go 1.16 in the CI and release workflows ( #581 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2021-02-26 11:12:38 +01:00
1fce46151c
fix: WriteParams rule to work also with golang 1.16 ( #577 )
...
In go 1.16 the `ioutil` package was deprecated and
the functions should be replaced by their equivalents
in either `io` or `os` packages. This means,
that `ioutil.WriteFile` should be replaced by
`os.WriteFile` instead. To account for this change
and to detect incorrect permissions also for `os.WriteFile`
I changed `filePermissions` rule slightly to allows
specifying multiple packages that can contain given
function and that we should check. This workaround
can be removed after a sufficient time has passed
and after it is decided that checking `os.WriteFile`
is enough.
Fixes: https://github.com/securego/gosec/issues/576
2021-02-22 09:22:04 +01:00
dcbcc4dd2a
Use a more generic path for sonarqube import path ( #573 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2021-02-11 14:19:46 +01:00
2777e5065e
Update README with a note which describes how to import a SonarQube report ( #572 )
2021-02-11 12:10:44 +01:00
897c203e62
Reset the state of TLS rule after each version check ( #570 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2021-02-11 10:52:16 +01:00
6c57ae1628
Fix sarif formatting issues ( #565 )
...
* include tool version
* change declared safix shema version
* dedup rules, fix result locations
* refactor rules collection creation
2021-02-05 10:06:04 +01:00
b6524ce487
Update all dependencies
2021-02-01 09:45:05 +01:00
00bbbd8413
Fix the release workflow to allow unsecure commands
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2021-01-22 11:36:52 +01:00
d9d75834b6
update README with instructions on how to integrate with GitHub codescanning
2021-01-22 11:31:07 +01:00
3ed39fe612
fix sarif add default configuration set to correct level
2021-01-22 10:26:59 +01:00
732f759e4f
fix for sarif which maps level from issue severity
2021-01-21 18:26:43 +01:00
327b2a0841
ensure the sarif results are an empty array if nothing is reported
2021-01-21 11:03:13 +01:00
41ea431779
Fix for SARIF output when Issue.Line contains a range
2021-01-05 08:38:25 +01:00
a5911ad7bb
Fix compilation errors in the test samples
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2021-01-04 09:28:00 +01:00
23ef7009f9
Fix some typos in rules tests
2021-01-04 09:28:00 +01:00
e100f6b862
Assert that sample code compiles
2021-01-04 09:28:00 +01:00
bcfb27955e
Clean up the go module dependncies ( #555 )
...
* Clean up the dependencies
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
* Add pq package to dependencies
2021-01-04 08:41:45 +01:00
e4d0e9f5be
Update all dependencies ( #553 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com >
2021-01-04 08:03:52 +01:00
9fe0b2e21a
Fix typo ( #547 )
2020-12-11 09:34:38 +01:00
d8fa95aad8
Update all dependencies ( #544 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com >
2020-12-01 09:29:25 +01:00
984c1d39a0
fix typo in ContainsPkgCallExpr comment ( #545 )
2020-12-01 09:28:38 +01:00
208b73eec4
Update all dependencies ( #538 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com >
2020-11-02 09:15:56 +01:00
0d4f1cb2cb
Support SARIF output ( #539 )
...
* SARIF support
* add sarif option to help text
2020-11-02 09:13:53 +01:00
a4746e18e3
Update all dependencies ( #533 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com >
2020-10-07 20:32:18 +02:00
6bd6e4ba2c
Use $(go env GOPATH) that works even when GOPATH is not set
2020-10-01 04:17:43 +10:00
aef335a98e
Fix typo in README.md
...
s/trucate/truncate for G101 configuration
2020-10-01 04:17:00 +10:00
0ce48a584f
Reproducible junit report ( #529 )
...
* Fix junit format ordering
Signed-off-by: L. Pivarc <lpivarc@redhat.com >
* Make ordering stable
Signed-off-by: L. Pivarc <lpivarc@redhat.com >
* Test ordering
Signed-off-by: L. Pivarc <lpivarc@redhat.com >
2020-09-29 19:17:38 +02:00
868556b846
Update README with the correct path to tlsconfig command
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2020-09-03 10:54:08 +02:00
13519fda59
Update the tls configuration generate to handle also the NSS alternative names
...
Regenerate the configuration of TLS rule.
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2020-09-03 10:54:08 +02:00
e351067255
Update all dependencies
2020-09-01 08:58:31 +02:00
166e4f5f45
Update README file with some more details required to run successfully a scan with the docker image
...
The current working directory needs to be specified in the docker run option in order for gosec
to download the dependencies defined in the go module file.
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2020-09-01 08:57:52 +02:00
f5cc32a320
Update the Go version to 1.15 in the Makefile
...
This is only used when building locally the docker image.
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2020-09-01 08:57:52 +02:00
ea0fa28b7f
Update the Github go action version to 1.6.0
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2020-08-31 10:27:23 +02:00
feea8bb243
Fix the action tag
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2020-08-31 10:27:23 +02:00
6688a97661
Fix the github action for Go 1.15
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2020-08-31 10:27:23 +02:00
7234349e33
Add Go 1.15 to the supported version and phase out the Go 1.12
...
Also updated the release automation to release gosec with use Go 1.15
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2020-08-31 10:27:23 +02:00
a3895d5c55
Fix typo in README file
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com >
2020-08-31 10:27:02 +02:00
17c955519e
Incorrect local installation instructions for v2
2020-08-21 11:23:36 +02:00
