workflows: add Gosec workflow #138
Conversation
Signed-off-by: AdamKorcz <adam@adalogics.com>
AdamKorcz
requested review from
gokarnm,
JeyJeyGao,
justincormack,
NiazFK,
patrickzheng200,
priteshbandi,
rgnote,
shizhMSFT and
SteveLasker
as code owners
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -100,7 +100,7 @@ | |||
|
|
|||
| // This will be flagged by the static code analyzer as 'Use of a weak cryptographic key' but its intentional | |||
| // and is used only for testing. | |||
| k, _ := rsa.GenerateKey(rand.Reader, 1024) | |||
| k, _ := rsa.GenerateKey(rand.Reader, 1024) // #nosec | |||
Check failure
Code scanning / CodeQL
Use of a weak cryptographic key
Co-authored-by: Pritesh Bandi <priteshbandi@gmail.com> Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Codecov Report
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. @@ Coverage Diff @@
## main #138 +/- ##
==========================================
- Coverage 90.32% 89.13% -1.20%
==========================================
Files 16 21 +5
Lines 1457 1693 +236
==========================================
+ Hits 1316 1509 +193
- Misses 110 149 +39
- Partials 31 35 +4
... and 6 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
| - name: Checkout Source | ||
| uses: actions/checkout@v3 | ||
| - name: Run Gosec Security Scanner | ||
| uses: securego/gosec@master |
There was a problem hiding this comment.
Can we use a fixed version?
|
This PR is stale because it has been opened for 45 days with no activity. Remove stale label or comment. Otherwise, it will be closed in 30 days. |
|
PR closed due to no activity in the past 30 days. |
Adds a workflow for the Gosec static analysis tool and ignores false positive findings.