Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Update go workflow that includes gosec #82

Open
wants to merge 15 commits into
base: main
Choose a base branch
from

Conversation

maiquanghiep
Copy link

No description provided.

Copy link
Member

@filippos47 filippos47 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Hiep! Some things we've also discussed offline:

  • As expected, all the service repos have a bulk of spotted gosec issues. If I'm not mistaken, babylond has the most reports (around 2k). It'd be useful if we can use the GH UI to visualize the babylond error report, if it's easy to enable.
  • Due to the volume of the reported issues, we'll allow the gosec step to fail initially. The steps to making the gosec step compulsory would be the following:
    • The service owners identify the valid reported issues and resolve them
    • The service owners identify the non-valid reported issues and in conjuction with us silence them (this will be possible through gosec flags)
    • Once the above steps are applied and the gosec tool reports no issues, we remove the "allow-to-fail" CLI flag

@maiquanghiep maiquanghiep marked this pull request as ready for review September 23, 2024 00:19
@maiquanghiep maiquanghiep requested a review from a team as a code owner September 23, 2024 00:19
@maiquanghiep maiquanghiep requested review from KonradStaniec and RafilxTenfen and removed request for a team September 23, 2024 00:19
@RafilxTenfen
Copy link
Contributor

@Lazar955
Copy link
Member

Damm, it is a lot of warnings! - https://github.com/babylonlabs-io/babylon/actions/runs/10985752891/job/30498103625?pr=82 Thanks for this @maiquanghiep

We should prob ignore .pb.go and other generated files

@maiquanghiep
Copy link
Author

Indeed when adding -exclude-generated option that:

gosec can ignore generated go files with default generated code comment.
// Code generated by some generator DO NOT EDIT.

The issues reduce significantly to less than 200
https://github.com/babylonlabs-io/babylon/actions/runs/11043951607

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants