Getting Started GitHub Organization Pull Request Review Configuration Supported Tools Artistic Style Brakeman CPD CSSLint CSScomb Checkstyle ClangFormat Cppcheck ESLint Eastwood FOSSology Flake8 Flow Fortify HTMLHint Infer JSHint PHPLint PHPMD PHP_CodeSniffer PHP-CS-Fixer PMD Prettier Prospector Pyflakes Pylint Reek RuboCop SCSS-Lint Sass Lint Scalafmt Scalastyle ShellCheck SpotBugs StyleCop SwiftLint TSLint Tailor Tidy Uncrustify Understand Unused YAPF autopep8 bundler-audit cpplint cljfmt detekt errcheck go test go tool vet gofmt goimports golint gosec grep ineffassign jscpd kibit ktlint lein test markdownlint misspell nose2 npm audit npm test pycodestyle pytest rails_best_practices scan-build staticcheck stylelint Runtime Versions Repository Settings API Security FAQ FAQ Grant Organization Contact Us

gosec - Golang Security Checker

Inspects source code for security problems by scanning the Go AST.

Version

2.1.0

Runtime

Go Versions

Supported Languages

Go

Official Documentation

https://github.com/securego/gosec

YAML Configuration

gosec:

  • input:

    Patterns to include in execution and reports.

  • ignore:

    Patterns to exclude from execution and reports.

  • auto-fix:

    N/A

  • config-file:

    Alias of -conf option.

  • machine:

    • cpu:

      Amount of CPU. The default machine has 0.75 CPU with 2880 MiB RAM.

  • options:

    Below is the list of options that are supported:

    -conf string
   Path to optional config file
-confidence string
   Filter out the issues with a lower confidence than the given value. Valid options are: low, medium, high (default "low")
-exclude string
   Comma separated list of rules IDs to exclude. (see rule list)
-exclude-dir value
   Exclude folder from scan (can be specified multiple times)
-include string
   Comma separated list of rules IDs to include. (see rule list)
-nosec
   Ignores #nosec comments when set
-nosec-tag string
   Set an alternative string for #nosec. Some examples: #dontanalyze, #falsepositive
-quiet
   Only show output when errors are found
-severity string
   Filter out the issues with a lower severity than the given value. Valid options are: low, medium, high (default "low")
-tags string
   Comma separated list of build tags
-tests
   Scan tests files

  • thresholds:

    • num-issues:

      In addition to general severity levels, the following tool specific severity levels can be specified:

      • HIGH (equivalent to general severity level error)
      • MEDIUM (equivalent to general severity level warning)
      • LOW (equivalent to general severity level info)

  • incremental:

    N/A

    Note: The incremental analysis cannot be supported for gosec. This is because gosec processes valid go packages rather than individual files and the results on unchanged files can be affected by changed files.

  • experimental:

    No tool specific experimental options are available.

YAML Examples

  • With default options:

    inspecode:
  tools:
    gosec: default

  • With custom machine:

    inspecode:
  tools:
    gosec:
      machine:
        cpu: 1.5 # 1.5 CPU, 5760 MiB RAM

  • With custom options:

    inspecode:
  tools:
    gosec:
      options:
        -include: [G101, G203, G401]
        -exclude: [G303]

  • With a configuration file:

    inspecode:
  tools:
    gosec:
      config-file: ./my-gosec.json

    The above configuration is equivalent to:

    inspecode:
  tools:
    gosec:
      options:
        -conf: ./my-gosec.json

results matching ""

    No results matching ""