Skip to content
This repository was archived by the owner on Oct 10, 2023. It is now read-only.

Add gosec to build-go workflow#179

Merged
thepetk merged 7 commits intoredhat-developer:mainfrom
thepetk:add_gosec_check
Apr 17, 2023
Merged

Add gosec to build-go workflow#179
thepetk merged 7 commits intoredhat-developer:mainfrom
thepetk:add_gosec_check

Conversation

@thepetk
Copy link
Collaborator

@thepetk thepetk commented Apr 14, 2023
edited
Loading

What does this PR do?

It adds new steps inside the .github/workflows/CI.yml#build-go job. Those steps are using gosec in order to check ensure the security of the code. The part added for gosec is:

  - name: Run Gosec Security Scanner
    run: |
      export PATH=$PATH:$(go env GOPATH)/bin
      go install github.com/securego/gosec/v2/cmd/[email protected]
      ./run_gosec.sh
      if [[ $? != 0 ]]
      then
        echo "gosec scanner failed to run "
        exit 1
      fi

  - name: Upload SARIF file
    uses: github/codeql-action/upload-sarif@v2
    with:
      # Path to SARIF file relative to the root of the repository
      sarif_file: gosec.sarif

Which issue(s) this PR fixes:

This PR partially fixes: #160

@thepetk thepetk changed the title Add gosec to build-go workflow WIP: Add gosec to build-go workflow Apr 14, 2023
@thepetk thepetk changed the title WIP: Add gosec to build-go workflow Add gosec to build-go workflow Apr 14, 2023
@thepetk thepetk mentioned this pull request Apr 14, 2023
Closed
@thepetk thepetk self-assigned this Apr 14, 2023
michael-valdron
michael-valdron suggested changes Apr 14, 2023
View reviewed changes
@thepetk @michael-valdron
Update run_gosec.sh
64b5f37 
Signed-off-by: thepetk <[email protected]>

Co-authored-by: Michael Valdron <[email protected]>
@thepetk thepetk requested a review from michael-valdron April 14, 2023 16:53
michael-valdron
michael-valdron approved these changes Apr 14, 2023
View reviewed changes
Copy link
Member

@michael-valdron michael-valdron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@thepetk thepetk merged commit 27a5267 into redhat-developer:main Apr 17, 2023
thepetk added a commit to thepetk/alizer that referenced this pull request Apr 20, 2023
@thepetk @michael-valdron
Add gosec to build-go workflow (redhat-developer#179)
e694448 
* Add udi image case for mocked values of devfile types

Signed-off-by: thepetk <[email protected]>

* Add gosec as part of the build go check

Signed-off-by: thepetk <[email protected]>

* Add run_gosec script

Signed-off-by: thepetk <[email protected]>

* Fix permissions on run_gosec.sh

Signed-off-by: thepetk <[email protected]>

* Update run_gosec.sh

Signed-off-by: thepetk <[email protected]>

Co-authored-by: Michael Valdron <[email protected]>

---------

Signed-off-by: thepetk <[email protected]>
Co-authored-by: Michael Valdron <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mike-hoang mike-hoang Awaiting requested review from mike-hoang

1 more reviewer

@michael-valdron michael-valdron michael-valdron approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@thepetk thepetk

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Migrate to gosec

2 participants

@thepetk @michael-valdron