golang-security-action is nothing more than a github action letting you run gosec:
- when you want (on push, pull_request, etc...)
- where you want (by specifying the input
CODE_PATH) - How you want (by specifying your gosec json config file, through the
CONF_PATHinput)
Here is the inputs that can be added on your workflow file
| Input name | Required | Default value | Description |
|---|---|---|---|
| CODE_PATH | true | "." | used to specify "where" gosec will look at |
| CONF_PATH | false | No default value | referring to the path of the gosec config file |
If CONF_PATH is not specified, the action will just run gosec with the path provided. (see entrypoint.sh )
name: Sample workflow using golang-security-action
on: [push, pull_request]
jobs:
golang-security-action:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: ynniss/golang-security-action@master
with:
CODE_PATH: "./src/"Any PR will be appreciated :) !
This project is using MIT License.
golang-security-action is using gosec, which is licensed under Apache License 2.0