* Refactor rules to utilize callListRule base structure
- Introduced a new base structure `callListRule` in `rules/base.go` to standardize the implementation of rules that check for specific function calls.
- Updated existing rules to inherit from `callListRule`, simplifying their structure and removing redundant ID methods.
- Modified the `MetaData` field to use `RuleID` instead of `ID` for consistency across rules.
- Removed the `weakcryptohash.go` and `weakdepricatedcryptohash.go` files as their functionality has been integrated into the new structure.
* fix(tlsconfig): correct MetaData field name in generated TLS check
* refactor: standardize rule metadata and call list initialization
* feat(ai): add OpenAI and custom API provider support
- Expand AI provider support to include OpenAI (gpt-4o, gpt-4o-mini) and custom OpenAI-compatible APIs
- Add support for configuring AI API base URL and skipping SSL verification
- Update documentation to list all supported AI providers and clarify configuration options with examples
- Refactor AI client initialization to fallback on OpenAI-compatible API for unknown models
- Add OpenAI client implementation using openai-go library
- Update tests to validate OpenAI-compatible fallback behavior
- Add openai-go dependency to go.mod
Signed-off-by: appleboy <appleboy.tw@gmail.com>
* Fix info message after merge
Change-Id: I1cb556a42e2bd9e9b2051d6db99889c6c9f7ccdb
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
* Fix lint warning
Change-Id: I3689b96205f494920dbbd03344e8f132a30f40b3
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
---------
Signed-off-by: appleboy <appleboy.tw@gmail.com>
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: Cosmin Cojocar <cosmin@cojocar.ch>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
* This change does not exclude analyzers for inline comment
* Changed the expected issues count for G103, G109 samples for test. Previously G115 has been included in the issue count
* Show analyzers IDs(G115, G602) in gosec usage help
* See #1175
This feature adds support to generate auto fixes for Go scanning findings using LLM (AI). In a first instance, it relies on Gemini API to get a suggestion for a solution. This can be later extended, to integrate also other AI providers.
---------
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
Track ignored issues using file location instead of a AST node. There are issues linked to a different AST node than the original node used to start the scan.
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
The new flag '-terse' will only show the results and summary ignoring any logs occured during a scan.
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
* feat: add concurrency option to parallelize package loading
* refactor: move wg.add inside the for loop
* fix: gracefully stop the workers on error
* test: add test for concurrent scan
