Inspects source code for security problems by scanning the Go AST.
1.3.0
https://github.com/securego/gosec
gosec:
Patterns to include in execution and reports.
Patterns to exclude from execution and reports.
N/A
Alias of -conf
option.
cpu:
Amount of CPU. The default machine has 0.75
CPU with 2880 MiB
RAM.
Below is the list of options that are supported:
-conf string
Path to optional config file
-exclude string
Comma separated list of rules IDs to exclude. (see rule list)
-include string
Comma separated list of rules IDs to include. (see rule list)
-nosec
Ignores #nosec comments when set
-quiet
Only show output when errors are found
-severity string
Fail the scanning for issues with the given or higher severity. Valid options are: low, medium, high (default "low")
-tags string
Comma separated list of build tags
-vendor
Scan the vendor folder
In addition to general severity levels, the following tool specific severity levels can be specified:
HIGH
(equivalent to general severity level error
)MEDIUM
(equivalent to general severity level warning
)LOW
(equivalent to general severity level info
)N/A
Note: The incremental analysis cannot be supported for gosec. This is because gosec processes valid go packages rather than individual files and the results on unchanged files can be affected by changed files.
With default options:
inspecode:
gosec: default
With custom machine:
inspecode:
gosec:
machine:
cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
With custom options:
inspecode:
gosec:
options:
-include: [G101, G203, G401]
-exclude: [G303]
With a configuration file:
inspecode:
gosec:
config-file: ./my-gosec.json
The above configuration is equivalent to:
inspecode:
gosec:
options:
-conf: ./my-gosec.json