alpTom/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2026-01-15 09:53:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,236 Commits 8 Branches 53 Tags
8a5404eabf56aa8ca2fb9e4e8eb526da0a5a8c48
Commit Graph

1236 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
oittaa
8a5404eabf feat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#1452) 
* feat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr

* golangci-lint
 2026-01-04 17:22:20 +02:00
oittaa
0f6f21cb3f feat: add secrets serialization G117 (#1451) 
* Rule to detect secrets serialization

* Add G117 to rules_test.go

* Fix false positives

* Map to CWE 499, update README
 2026-01-04 17:21:22 +02:00
oittaa
717706e815 feat(rules): add support for detecting high entropy strings in composite literals (#1447) 2026-01-02 09:58:08 +02:00
oittaa
082deb6cee whitelist crypto/rand Read from error checks (#1446) 2025-12-31 18:57:36 +02:00
renovate[bot]
095d529a90 chore(deps): update all dependencies (#1443) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-30 10:18:39 +02:00
Cosmin Cojocar
c073629009 Improve slice bound check (#1442) 
Improve slice bound check to habdle bounded values and properly parse
the address index only from references

Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
 2025-12-28 19:39:40 +02:00
Ranyodh Singh
538a05cc5d docs: add documentation for using gosec with private modules (#1441) 
* docs: add documentation for using gosec with private modules

Add a new section in the GitHub Action documentation explaining
how to configure gosec to work with projects that import private
Go modules.
This includes setting `GOPRIVATE` and `GITHUB_AUTHENTICATION_TOKEN`
environment variables.

* Update README.md
 2025-12-19 09:41:56 +01:00
renovate[bot]
25804378cd chore(deps): update all dependencies (#1440) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-16 09:22:49 +01:00
kfess
872b33106c docs: add G116 rule description to README (#1439) 2025-12-16 09:22:27 +01:00
Cosmin Cojocar
dcf93a8b8b Update GitHub action to gosec 2.22.11 (#1438) 
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-12-11 15:27:06 +01:00
kfess
424fc4cd9c feature: add rule for trojan source (#1431) 
* feature: add rule for trojan source

* use bufio.Scanner for memory efficiency

* Fix lint warnings

Change-Id: Ic1df6704ba5ab8b1834d7765abd49494a98835f8
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

---------

Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
v2.22.11 		2025-12-11 10:14:29 +01:00
Bo-Yi Wu
aa2e2fb1bd feat(ai): add OpenAI and custom API provider support (#1424) 
* feat(ai): add OpenAI and custom API provider support

- Expand AI provider support to include OpenAI (gpt-4o, gpt-4o-mini) and custom OpenAI-compatible APIs
- Add support for configuring AI API base URL and skipping SSL verification
- Update documentation to list all supported AI providers and clarify configuration options with examples
- Refactor AI client initialization to fallback on OpenAI-compatible API for unknown models
- Add OpenAI client implementation using openai-go library
- Update tests to validate OpenAI-compatible fallback behavior
- Add openai-go dependency to go.mod

Signed-off-by: appleboy <appleboy.tw@gmail.com>

* Fix info message after merge

Change-Id: I1cb556a42e2bd9e9b2051d6db99889c6c9f7ccdb
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

* Fix lint warning

Change-Id: I3689b96205f494920dbbd03344e8f132a30f40b3
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

---------

Signed-off-by: appleboy <appleboy.tw@gmail.com>
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: Cosmin Cojocar <cosmin@cojocar.ch>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
 2025-12-11 09:53:19 +01:00
wei dong
b6eea26df8 chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437) 
Signed-off-by: weidongkl <weidong@uniontech.com>
 2025-12-10 10:02:30 +01:00
renovate[bot]
41f28e209a chore(deps): update module google.golang.org/genai to v1.37.0 (#1435) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-08 10:25:31 +01:00
wei dong
daccba6b93 refactor: simplify report functions in main.go (#1434) 
- Remove redundant error handling patterns in printReport and saveReport
- Directly return report.CreateReport results instead of if-else blocks
- Maintain functionality while improving code readability

Signed-off-by: weidongkl <weidong@uniontech.com>
 2025-12-04 10:11:13 +01:00
Cosmin Cojocar
d4be2876cf Update go to 1.25.5 and 1.24.11 in CI (#1433) 
* Update go version to 1.25.5 and 1.24.11 in CI


Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

* Update the buildSSA to use the new tools package

Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

* Remove the type allignment check

Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

---------

Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-12-03 13:57:07 +01:00
renovate[bot]
fde7515239 chore(deps): update all dependencies (#1425) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-02 09:31:48 +01:00
Bo-Yi Wu
20c9506c19 feat(ai): add support for latest Claude models and update provider flags (#1423) 
- Add support for "claude-sonnet-4-5" and "claude-haiku-4-5" models
- Update provider flag help to include new Claude model options

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-11-24 16:09:07 +01:00
dependabot[bot]
bd9e372f20 Bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#1427) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.43.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-24 16:04:08 +01:00
renovate[bot]
7aa7e93872 chore(deps): update module golang.org/x/crypto to v0.45.0 [security] (#1428) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-11-24 16:02:08 +01:00
Sebastian Rühl
a58917f611 fix: correct schema with temporary placeholder (#1418) 2025-11-11 10:24:32 +01:00
Ian
8b0d0b8871 perf: skip SSA analysis if no analyzers are loaded (#1419) 2025-11-10 10:28:13 +01:00
Sebastian Rühl
8a5d01aca5 test: add sarif validation (#1417) 2025-11-10 10:12:07 +01:00
renovate[bot]
a8fefd17f7 chore(deps): update all dependencies (#1421) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-11-10 10:10:57 +01:00
Cosmin Cojocar
c34cbbf565 Update go to version 1.25.4 and 1.24.10 in CI (#1415) 
fixes #1404

Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-11-06 17:09:17 +01:00
Matthew Hartstonge
10cf58a4a4 fix: build tag parsing. (#1413) 
* fix: build tag parsing.

* chore: lint fixes.
 2025-11-05 10:46:27 +01:00
renovate[bot]
d2d734859c chore(deps): update all dependencies (#1411) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-11-03 10:03:44 +01:00
renovate[bot]
afa853e9eb chore(deps): update all dependencies (#1409) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-10-27 13:59:17 +01:00
renovate[bot]
6b2e6e45a6 chore(deps): update all dependencies (#1408) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-10-20 14:51:49 +02:00
Cosmin Cojocar
0adab9d9be Update gosec to version v2.22.10 in the github action (#1405) 
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-15 10:18:27 +02:00
Cosmin Cojocar
6be2b51fd7 Update go to version 1.25.3 and 1.24.9 in CI (#1404) 
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
v2.22.10 		2025-10-14 14:54:01 +02:00
renovate[bot]
fddb9427b8 chore(deps): update all dependencies (#1402) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-10-13 09:54:49 +02:00
Cosmin Cojocar
f6760311e8 Update go to version 1.25.2 and 2.24.8 in CI (#1401) 
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-08 12:55:04 +02:00
renovate[bot]
35f7ec2ca2 chore(deps): update all dependencies (#1399) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-10-06 10:06:01 +02:00
kondratev
01029f0a74 check nil slices, partially check bounds (#1396) 
* check nil slices, partially check bounds

* add tests, cleanup, add fixed array

* cleanup

* lint

* looks like go bug, add second check

* ohh

* check instruction position

---------

Co-authored-by: Kondratev Pavel <kondratev_pa@magnit.ru>
 2025-10-03 10:41:33 +02:00
Cosmin Cojocar
34db3de0ee Remove unused target from the makefile 
Change-Id: Ic663c249a5529114d386e59f522386f132e13879
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-02 10:35:04 +00:00
Cosmin Cojocar
f5a3b7ab78 Use the ginkgo command install by the dependencies 
Change-Id: Ia8a28cd79a61fc8a95ac9a7700ad1a436874da6f
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-02 10:35:04 +00:00
Cosmin Cojocar
761fcbc36c Keep the go module at 1.24 version for compatibility reasons 
Change-Id: I4a572ee651896232fe4b5d51b9ee9b4896ee0f50
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-02 10:35:04 +00:00
Cosmin Cojocar
2238079261 Remove manual test deps 
It is not required anymore to install the test dependencies seprately.
They are now managed by the go module file.

Change-Id: I67bb8ca4619e36477a62b24692b795e16c89397b
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-02 10:35:04 +00:00
Sebastian Rühl
bb08aa3188 fix: text must be supplied when markdown is used 
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790720

Fixes https://github.com/securego/gosec/issues/1393
 2025-10-01 08:08:21 +00:00
Sebastian Rühl
23597d2569 fix: improve error message of CheckAnalyzers 2025-09-29 15:45:53 +00:00
Sebastian Rühl
8d7e9d598b fix: log panic on SSA 2025-09-29 15:45:53 +00:00
renovate[bot]
0d8255e75e chore(deps): update all dependencies 2025-09-29 07:58:47 +00:00
Cosmin Cojocar
f9c52aac4b Update gosec to version v.22.9 in the github action 
Change-Id: Ib3a1fa4255b4fdff577cc97492bf4696553a4a43
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-09-22 09:18:06 +00:00
Cosmin Cojocar
15d5c61e86 Update cosign to v2.6.0 and go in the CI to latest version 
Change-Id: I1754871a875f82fa1177793e74a41cc88ef4059f
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
v2.22.9 		2025-09-22 08:42:03 +00:00
Matteo Calabrò
7b8713e2c9 fix(autofix): unnecessary conversion 2025-09-22 08:24:39 +00:00
Matteo Calabrò
64ebfc0106 feat(autofix): update gemini sdk and add anthropic claude 
* upgrade gemini sdk to google.golang.org/genai v1.25.0
* support newer gemini models
* add anthropic claude
 2025-09-22 08:24:39 +00:00
Eshani Parulekar
506407e7df feat(G304): add os.Root remediation hint (Autofix) when Go >= 1.24 2025-09-16 14:37:06 +00:00
renovate[bot]
3ead143f0a chore(deps): update all dependencies 2025-09-15 07:25:27 +00:00
Eshani Parulekar
e81fba3c3a refactor(G304): remove unused trackJoin helper; no functional change 2025-09-12 13:52:23 +00:00