127 Commits

Author	SHA1	Message	Date
wei dong	b6eea26df8	chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437) ... Signed-off-by: weidongkl <weidong@uniontech.com>	2025-12-10 10:02:30 +01:00
Sebastian Rühl	a58917f611	fix: correct schema with temporary placeholder (#1418)	2025-11-11 10:24:32 +01:00
Sebastian Rühl	8a5d01aca5	test: add sarif validation (#1417)	2025-11-10 10:12:07 +01:00
Sebastian Rühl	bb08aa3188	fix: text must be supplied when markdown is used ... https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790720 Fixes https://github.com/securego/gosec/issues/1393	2025-10-01 08:08:21 +00:00
renovate[bot]	4be6b11bbc	chore(deps): update all dependencies	2025-09-08 11:06:08 +00:00
renovate[bot]	287b46c018	chore(deps): update all dependencies	2025-08-18 07:59:10 +00:00
renovate[bot]	ba592afef6	chore(deps): update all dependencies	2025-07-28 09:33:21 +00:00
renovate[bot]	59ae7e9e27	chore(deps): update all dependencies	2025-07-14 08:59:55 +00:00
renovate[bot]	e7abd9e348	chore(deps): update all dependencies	2025-07-07 10:04:42 +02:00
renovate[bot]	35e7bc1a94	chore(deps): update all dependencies	2025-06-30 10:33:36 +02:00
renovate[bot]	2d1ed95a0b	chore(deps): update all dependencies	2025-06-23 11:35:00 +02:00
renovate[bot]	d514c42671	chore(deps): update all dependencies (#1333) ... * chore(deps): update all dependencies * Fix all lint warnings after upgrading golangci-lint action Change-Id: I7b4162307ae0d6a1c9ec00b7127469c64ed93f64 Signed-off-by: Cosmin Cojocar <ccojocar@google.com> * Remove the backup file Signed-off-by: Cosmin Cojocar <ccojocar@google.com> --------- Signed-off-by: Cosmin Cojocar <ccojocar@google.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Cosmin Cojocar <ccojocar@google.com>	2025-04-07 13:12:14 +02:00
Brandon Annin	1336dc6820	remove G113. It only affects old/unsupported versions of Go (#1328) ... * don't warn on G113 (big.Rat SetString) if on an unaffected version of Go Newer versions of go (>=1.16.14, >=1.17.7, 1.18+) are not affected by this. Don't warn at all on those newer versions. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23772 * alert on all known versions Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com> * remove G113 CVE-2022-23772 which only affects old/unsupport Go versions * Retire rule * gofmt --------- Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>	2025-04-03 16:44:20 +02:00
renovate[bot]	6141d100df	chore(deps): update all dependencies (#1319) ... Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-19 09:17:29 +01:00
Cosmin Cojocar	9452efe4ad	Update the integrity sha for babel dependency in html report (#1316) ... Signed-off-by: Cosmin Cojocar <ccojocar@google.com>	2025-03-10 11:07:47 +01:00
renovate[bot]	eb95db1c76	chore(deps): update all dependencies (#1280) ... Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-12-30 15:47:51 +01:00
renovate[bot]	1bd92a8e30	chore(deps): update all dependencies (#1268) ... Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-12-16 10:34:38 +01:00
renovate[bot]	08beb25d41	chore(deps): update all dependencies (#1261) ... Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-12-09 10:42:25 +01:00
renovate[bot]	1fb6a46eed	chore(deps): update all dependencies	2024-11-04 10:11:47 +01:00
renovate[bot]	d2c92ed7b3	chore(deps): update all dependencies	2024-10-28 09:23:35 +01:00
renovate[bot]	7d33bc1991	chore(deps): update all dependencies	2024-10-14 08:52:45 +02:00
Cosmin Cojocar	be8bd6e40b	Populate the fixes only when autofix is not empty (#1226) ... Change-Id: If4de66d1ea0fd5a179808d023fdac677437c6d5a Signed-off-by: Cosmin Cojocar <ccojocar@google.com>	2024-09-18 13:43:01 +02:00
Cosmin Cojocar	abfe8cfd6d	Update the SARIF schema URL (#1217) ... Change-Id: I4a19f289ed6c4da8277bcc30be7c905ca13b6898 Signed-off-by: Cosmin Cojocar <ccojocar@google.com>	2024-09-09 15:36:18 +02:00
Cosmin Cojocar	0ce4453ddd	Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#1210) ... Change-Id: If3500ec2c522339ca0a4e6c1f58574ce3cc870a9 Signed-off-by: Cosmin Cojocar <ccojocar@google.com>	2024-09-04 16:56:15 +02:00
renovate[bot]	655527dfb4	chore(deps): update all dependencies	2024-09-02 09:46:29 +02:00
Dimitar Banchev	0eb8143c23	Added new rule G407(hardcoded IV/nonce) ... The rule is supposed to detect for the usage of hardcoded or static nonce/Iv in many encryption algorithms: * The different modes of AES (mainly tested here) * It should be able to work with ascon Currently the rules doesn't check when constant variables are used. TODO: Improve the rule, to detected for constatant variable usage	2024-08-30 19:35:07 +02:00
renovate[bot]	aec45b0b7d	chore(deps): update all dependencies	2024-08-26 16:47:36 +02:00
Tran The Lam	56f943b802	Add support to generate auto fixes using LLM (AI) (#1177) ... This feature adds support to generate auto fixes for Go scanning findings using LLM (AI). In a first instance, it relies on Gemini API to get a suggestion for a solution. This can be later extended, to integrate also other AI providers. --------- Signed-off-by: Cosmin Cojocar <ccojocar@google.com> Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com> Co-authored-by: Cosmin Cojocar <ccojocar@google.com>	2024-08-12 12:52:41 +02:00
renovate[bot]	55a47f3774	chore(deps): update all dependencies	2024-08-05 17:38:32 +02:00
renovate[bot]	a5d9ef67e2	chore(deps): update all dependencies	2024-07-29 10:58:28 +02:00
renovate[bot]	68424445af	chore(deps): update dependency babel-standalone to v7.24.10	2024-07-23 11:43:16 +02:00
renovate[bot]	4487a0c5a2	chore(deps): update dependency babel-standalone to v7.24.8	2024-07-15 09:13:59 +02:00
renovate[bot]	466992feca	chore(deps): update all dependencies	2024-07-08 15:49:41 +02:00
Dimitar Banchev	9a4a741e6b	Added more rules ... * Rule G406 responsible for the usage of deprecated MD4 and RIPEMD160 added. * Rules G506, G507 responsible for tracking the usage of the already mentioned libraries added. * Slight changes in the Makefile(`make clean` wasn't removing all expected files) * Added license to `analyzer_test.go`	2024-06-25 13:18:27 +02:00
Dimitar Banchev	58e4fccc13	Split the G401 rule into two separate ones ... Now the G401 rule is split into hashing and encryption algorithms. G401 is responsible for checking the usage of MD5 and SHA1, with corresponding CWE of 328. And G405(New rule) is responsible for checking the usege of DES and RC4, with corresponding CWE of 327.	2024-06-24 15:25:54 +02:00
renovate[bot]	30a8a9c8c3	chore(deps): update all dependencies	2024-06-11 21:31:12 +02:00
renovate[bot]	45fbb27d87	chore(deps): update all dependencies	2024-05-27 13:03:14 +02:00
renovate[bot]	cf29d543e2	chore(deps): update all dependencies	2024-05-02 10:27:10 +02:00
renovate[bot]	31009c3db8	chore(deps): update all dependencies	2024-04-08 11:41:11 +02:00
renovate[bot]	e27f442499	chore(deps): update all dependencies	2024-03-25 11:02:28 +01:00
renovate[bot]	582e91af06	chore(deps): update all dependencies	2024-03-04 10:10:31 +01:00
renovate[bot]	1285eb7300	chore(deps): update all dependencies	2024-02-05 09:59:32 +01:00
renovate[bot]	cf4ab3ea7c	chore(deps): update all dependencies	2024-01-29 09:48:13 +01:00
renovate[bot]	57ec76b97b	chore(deps): update all dependencies	2024-01-15 09:52:33 +01:00
renovate[bot]	8fa46c1e3e	chore(deps): update dependency babel-standalone to v7.23.7	2024-01-03 09:54:15 +01:00
renovate[bot]	187adabe34	chore(deps): update all dependencies	2023-12-18 10:42:31 +01:00
renovate[bot]	79a6b475f0	chore(deps): update all dependencies (#1080) ... Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-04 10:06:03 +01:00
renovate[bot]	fece49805b	chore(deps): update dependency babel-standalone to v7.23.4	2023-11-27 09:30:11 +01:00
renovate[bot]	c736581f85	chore(deps): update all dependencies	2023-11-13 09:45:27 +01:00
renovate[bot]	7846db034c	chore(deps): update all dependencies	2023-10-16 09:29:43 +02:00