Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add gosec for golang security scanning #4468

Open
wants to merge 1 commit into
base: devel
Choose a base branch
from
Open

ci: add gosec for golang security scanning #4468

wants to merge 1 commit into from

Conversation

Madhu-1
Copy link
Collaborator

@Madhu-1 Madhu-1 commented Mar 1, 2024

Adding gosec security scanning as a CI job to run on each PR to ensure we are good with security problems.

More details at https://github.com/securego/gosec

@nixpanic @Rakshith-R @yati1998 @iPraveenParihar Do you guys prefer to run it on each PR or as a cronjob?

Note:-
Based on above response need to modify mergify rules

@Madhu-1
ci: add gosec for golang security scanning
c821aea 
Adding gosec security scanning as a CI job
to run on each PR to ensure we are good with
security problems.

More details at https://github.com/securego/gosec

Signed-off-by: Madhu Rajanna <[email protected]>
@Madhu-1 Madhu-1 added ci/skip/e2e skip running e2e CI jobs ci/skip/multi-arch-build skip building on multiple architectures labels Mar 1, 2024
@mergify mergify bot added the component/testing Additional test cases or CI work label Mar 1, 2024
@Madhu-1 Madhu-1 added the WIP This PR still in work-in-progress label Mar 1, 2024
@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Mar 1, 2024

Marking as WIP to analyse the CI issues

@nixpanic
Copy link
Member

nixpanic commented Mar 1, 2024

This is integrated in golangci-lint, maybe make sure it is enabled there?

https://golangci-lint.run/usage/linters/#gosec

@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Mar 1, 2024

This is integrated in golangci-lint, maybe make sure it is enabled there?

https://golangci-lint.run/usage/linters/#gosec

Yes i missed that, let me check on that 👍🏻

@github-actions GitHub Actions
Copy link

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Mar 31, 2024
@nixpanic
Copy link
Member

@Madhu-1 did #4539 replace this?

@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Apr 11, 2024

@Madhu-1 did #4539 replace this?

Not yet, will give a try and see if that's enough

@github-actions github-actions bot removed the stale label Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ci/skip/e2e skip running e2e CI jobs ci/skip/multi-arch-build skip building on multiple architectures component/testing Additional test cases or CI work WIP This PR still in work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Madhu-1 @nixpanic