Inspects source code for security problems by scanning the Go AST.
Patterns to include in execution and reports.
Patterns to exclude from execution and reports.
Amount of CPU. The default machine has
0.75 CPU with
2880 MiB RAM.
Below is the list of options that are supported:
-conf string Path to optional config file -exclude string Comma separated list of rules IDs to exclude. (see rule list) -include string Comma separated list of rules IDs to include. (see rule list) -nosec Ignores #nosec comments when set -quiet Only show output when errors are found -skip value File pattern to exclude from scan. Uses simple * globs and requires full match (default *_test.go)
In addition to general severity levels, the following tool specific severity levels can be specified:
HIGH(equivalent to general severity level
MEDIUM(equivalent to general severity level
LOW(equivalent to general severity level
Note: The incremental analysis cannot be supported for GAS. This is because GAS processes valid go packages rather than individual files and the results on unchanged files can be affected by changed files.
With default options:
inspecode: gas: default
With custom machine:
inspecode: gas: machine: cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
With custom options:
inspecode: gas: options: -include: [G101, G203, G401] -exclude: [G303]
With a configuration file:
inspecode: gas: config-file: ./my-gas.json
The above configuration is equivalent to:
inspecode: gas: options: -conf: ./my-gas.json