gosec

rpm/gosec

SHA256

Fork 0

forked from pool/gosec

Commit Graph

Author	SHA256	Message	Date
Jeff Kowalczyk	68e7081560	- Update to version 2.21.2: * Update the github action to v2.21.2 (#1218) * Update the SARIF schema URL (#1217) * Update go version to 1.23.1 and 1.22.7 (#1216) * chore(deps): update all dependencies (#1215) * Update gosec version to v2.21.1 in github action (#1213) * Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#1210) * Update gosec in github action to v2.21.0 (#1208) * Update cosign version to v2.4.0 in release github workflow (#1207) * Improvement the int conversion overflow logic to handle bound checks (#1194) * fix: G602 support for nested conditionals with bounds check (#1201) * Update go.mod to sue go 1.22.0 toolchain * chore(deps): update all dependencies * Make variable name more clear * Make variable names more explicity and reduce duplications * Fix formatting * Refactor to reduce some fuctions and variable names * Pass the value argument directly since is an interface * Added suggested changes * Added another test case in order to increase code coverage * Removed function parameter which is always the same * Formatting problems(CI was not passing) * Updated analyzer to use new way of initialization * Migrated the rule to the analyzers folder * Refractored code a little bit * Added new rule G407(hardcoded IV/nonce) * Fix conversion overflow false positive when using ParseUint * Add a build step to measure the scan perfomance * Fix conversion overflow false positives when they are checked or pre-determined * Update go.mod * chore(deps): update all dependencies * Fix false positive in conversion overflow check from uint8/int8 type * Disable staticcheck SA1019 rule * Update the golangci linters * Add more test to cover more use cases for G115 rule * Allow excluding analyzers globally (#1180) * Update to Go 1.23.0 (#1183) * chore(deps): update all dependencies (#1182) * Read the AI API key also from an environment variable (#1181) * Add support to generate auto fixes using LLM (AI) (#1177) * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update dependency babel-standalone to v7.24.10 * Resolve underlying type to detect overflows in type aliases * chore(deps): update dependency babel-standalone to v7.24.8 * Fix multifile ignores * Add -enable-audit cli flag * Update to go 1.22.5 and 1.21.12 * chore(deps): update all dependencies * Added more rules * Fixed coverage workflow * Fixed CI workflow * Minor changes * Split the G401 rule into two separate ones * Updated G401 corresponding CWE * chore(deps): update docker/build-push-action action to v6 * Update to go versions to 1.21.11 and 1.22.4 * chore(deps): update all dependencies * Fix nosec when applied to a block * Add more types to templates rule * Map the G115 rule to an CWE ID * chore(deps): update all dependencies * Update README with G115 rule description * Remove deprecated megacheck linter from golangci * Format imports * Update .gitignore * Add a new rule to detect integer overflow on integer types conversion * feat: add env var to override the Go version detection * Use the proper logic when disabling the go module version * Update the README with some details related to Go version used by the rules * Add an environment varialbe which disables the parsing of Go version from module file * chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3 OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/gosec?expand=0&rev=33	2024-09-10 08:03:04 +00:00

Author

SHA256

Message

Date

Jeff Kowalczyk

68e7081560

- Update to version 2.21.2:

* Update the github action to v2.21.2 (#1218)
  * Update the SARIF schema URL (#1217)
  * Update go version to 1.23.1 and 1.22.7 (#1216)
  * chore(deps): update all dependencies (#1215)
  * Update gosec version to v2.21.1 in github action (#1213)
  * Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#1210)
  * Update gosec in github action to v2.21.0 (#1208)
  * Update cosign version to v2.4.0 in release github workflow (#1207)
  * Improvement the int conversion overflow logic to handle bound checks (#1194)
  * fix: G602 support for nested conditionals with bounds check (#1201)
  * Update go.mod to sue go 1.22.0 toolchain
  * chore(deps): update all dependencies
  * Make variable name more clear
  * Make variable names more explicity and reduce duplications
  * Fix formatting
  * Refactor to reduce some fuctions and variable names
  * Pass the value argument directly since is an interface
  * Added suggested changes
  * Added another test case in order to increase code coverage
  * Removed function parameter which is always the same
  * Formatting problems(CI was not passing)
  * Updated analyzer to use new way of initialization
  * Migrated the rule to the analyzers folder
  * Refractored code a little bit
  * Added new rule G407(hardcoded IV/nonce)
  * Fix conversion overflow false positive when using ParseUint
  * Add a build step to measure the scan perfomance
  * Fix conversion overflow false positives when they are checked or pre-determined
  * Update go.mod
  * chore(deps): update all dependencies
  * Fix false positive in conversion overflow check from uint8/int8 type
  * Disable staticcheck SA1019 rule
  * Update the golangci linters
  * Add more test to cover more use cases for G115 rule
  * Allow excluding analyzers globally (#1180)
  * Update to Go 1.23.0 (#1183)
  * chore(deps): update all dependencies (#1182)
  * Read the AI API key also from an environment variable (#1181)
  * Add support to generate auto fixes using LLM (AI) (#1177)
  * chore(deps): update all dependencies
  * chore(deps): update all dependencies
  * chore(deps): update all dependencies
  * chore(deps): update dependency babel-standalone to v7.24.10
  * Resolve underlying type to detect overflows in type aliases
  * chore(deps): update dependency babel-standalone to v7.24.8
  * Fix multifile ignores
  * Add -enable-audit cli flag
  * Update to go 1.22.5 and 1.21.12
  * chore(deps): update all dependencies
  * Added more rules
  * Fixed coverage workflow
  * Fixed CI workflow
  * Minor changes
  * Split the G401 rule into two separate ones
  * Updated G401 corresponding CWE
  * chore(deps): update docker/build-push-action action to v6
  * Update to go versions to 1.21.11 and 1.22.4
  * chore(deps): update all dependencies
  * Fix nosec when applied to a block
  * Add more types to templates rule
  * Map the G115 rule to an CWE ID
  * chore(deps): update all dependencies
  * Update README with G115 rule description
  * Remove deprecated megacheck linter from golangci
  * Format imports
  * Update .gitignore
  * Add a new rule to detect integer overflow on integer types conversion
  * feat: add env var to override the Go version detection
  * Use the proper logic when disabling the go module version
  * Update the README with some details related to Go version used by the rules
  * Add an environment varialbe which disables the parsing of Go version from module file
  * chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3

OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/gosec?expand=0&rev=33

2024-09-10 08:03:04 +00:00

1 Commits