Go AST Scanner (GAS)

Inspects source code for security problems by scanning the Go AST.

Version

72caf3de416fbfdc5fb4ce694a84f04a02d4fd33

Runtime

Go Versions

Supported Languages

Go

Official Documentation

https://github.com/GoASTScanner/gas

YAML Configuration

gas:

  • input:

    Patterns to include in execution and reports.

  • ignore:

    Patterns to exclude from execution and reports.

  • auto-fix:

    N/A

  • config-file:

    Alias of -conf option.

  • machine:

    • cpu:

      Amount of CPU. The default machine has 0.75 CPU with 2880 MiB RAM.

  • options:

    Below is the list of options that are supported:

    -conf string
            Path to optional config file
    -exclude string
            Comma separated list of rules IDs to exclude. (see rule list)
    -include string
            Comma separated list of rules IDs to include. (see rule list)
    -nosec
            Ignores #nosec comments when set
    -quiet
            Only show output when errors are found
    -skip value
            File pattern to exclude from scan. Uses simple * globs and requires full match (default *_test.go)
  • thresholds:

    • num-issues:

      In addition to general severity levels, the following tool specific severity levels can be specified:

      • HIGH (equivalent to general severity level error)
      • MEDIUM (equivalent to general severity level warning)
      • LOW (equivalent to general severity level info)
  • experimental:

    • incremental:

      N/A

      Note: The incremental analysis cannot be supported for GAS. This is because GAS processes valid go packages rather than individual files and the results on unchanged files can be affected by changed files.

YAML Examples

  • With default options:

    inspecode:
      gas: default
  • With custom machine:

    inspecode:
      gas:
        machine:
          cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
  • With custom options:

    inspecode:
      gas:
        options:
          -include: [G101, G203, G401]
          -exclude: [G303]
  • With a configuration file:

    inspecode:
      gas:
        config-file: ./my-gas.json

    The above configuration is equivalent to:

    inspecode:
      gas:
        options:
          -conf: ./my-gas.json

results matching ""

    No results matching ""