Inspects source code for security problems by scanning the Go AST.
Patterns to include in execution and reports.
Patterns to exclude from execution and reports.
Amount of CPU. The default machine has
0.75 CPU with
2880 MiB RAM.
Below is the list of options that are supported:
-conf string Path to optional config file -exclude string Comma separated list of rules IDs to exclude. (see rule list) -include string Comma separated list of rules IDs to include. (see rule list) -nosec Ignores #nosec comments when set -quiet Only show output when errors are found -severity string Fail the scanning for issues with the given or higher severity. Valid options are: low, medium, high (default "low") -tags string Comma separated list of build tags -vendor Scan the vendor folder
In addition to general severity levels, the following tool specific severity levels can be specified:
HIGH(equivalent to general severity level
MEDIUM(equivalent to general severity level
LOW(equivalent to general severity level
Note: The incremental analysis cannot be supported for gosec. This is because gosec processes valid go packages rather than individual files and the results on unchanged files can be affected by changed files.
With default options:
inspecode: gosec: default
With custom machine:
inspecode: gosec: machine: cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
With custom options:
inspecode: gosec: options: -include: [G101, G203, G401] -exclude: [G303]
With a configuration file:
inspecode: gosec: config-file: ./my-gosec.json
The above configuration is equivalent to:
inspecode: gosec: options: -conf: ./my-gosec.json