You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are encountering a recurring GitHub Go security issue flagged as G402, which we previously addressed by using the #nosec directive in the previous version of gosec. However, the issue has resurfaced. Now the pipeline is upgraded with latest version gosec 2.20.0 and we started seeing the issue again, is there any way to resolve the issue?
`func HttpClient() (*http.Client, error) {
// InSecureSkipVerify here is being used by K8s API for only internal communications
// over K8s network only and hence does not pose security risk
// The certificate check is being skipped deliberately as the K8s certificate is not required
// and is documented as "acceptable" under GNC-5621
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
We are encountering a recurring GitHub Go security issue flagged as G402, which we previously addressed by using the #nosec directive in the previous version of gosec. However, the issue has resurfaced. Now the pipeline is upgraded with latest version gosec 2.20.0 and we started seeing the issue again, is there any way to resolve the issue?
`func HttpClient() (*http.Client, error) {
// InSecureSkipVerify here is being used by K8s API for only internal communications
// over K8s network only and hence does not pose security risk
// The certificate check is being skipped deliberately as the K8s certificate is not required
// and is documented as "acceptable" under GNC-5621
}`
Beta Was this translation helpful? Give feedback.
All reactions