securego/gosec issues and pull requests

#912 - Track back when a file path was sanitized with filepath.Clean

Pull Request - State: closed - Opened by ccojocar almost 2 years ago - 1 comment

#911 - Fix the TLS config rule when parsing the settings from a variable

Pull Request - State: closed - Opened by ccojocar almost 2 years ago

#910 - Fix build after updating the dependencies

Pull Request - State: closed - Opened by ccojocar almost 2 years ago

#909 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] almost 2 years ago - 1 comment

#908 - G402 doesn't catch all cases

Issue - State: closed - Opened by leonklingele almost 2 years ago - 1 comment
Labels: bug, help wanted

#907 - Fix dependencies after renovate update

Pull Request - State: closed - Opened by ccojocar almost 2 years ago

#906 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] almost 2 years ago - 1 comment

#905 - Update slack badge and link

Pull Request - State: closed - Opened by ccojocar almost 2 years ago

#904 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] almost 2 years ago - 1 comment

#903 - Auto-detect TLS MinVersion integer base

Pull Request - State: closed - Opened by SaveTheRbtz almost 2 years ago

#902 - Adding s390x support

Pull Request - State: closed - Opened by davidhay1969 almost 2 years ago

#901 - Support for Linux on IBM Z ( s390x )

Issue - State: closed - Opened by davidhay1969 almost 2 years ago - 6 comments

#900 - unable to suppress G307 with configuration

Issue - State: closed - Opened by varkey98 almost 2 years ago - 1 comment
Labels: bug, help wanted

#899 - Cannot join Slack

Issue - State: closed - Opened by ptman almost 2 years ago - 2 comments

#898 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] almost 2 years ago - 1 comment

#897 - Additional types for bad defer check

Pull Request - State: closed - Opened by TimonOmsk almost 2 years ago - 1 comment

#896 - Adding severity

Pull Request - State: closed - Opened by mayblo almost 2 years ago

#895 - G104 now raises an issue in case of reassignment err variable without checking

Pull Request - State: closed - Opened by TimonOmsk almost 2 years ago - 2 comments

#894 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] almost 2 years ago

#893 - G304 fail to detect clean

Issue - State: closed - Opened by yuvalk about 2 years ago
Labels: bug

#892 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] about 2 years ago - 1 comment

#891 - G104 fails to catch err reassignments

Issue - State: closed - Opened by omercnet about 2 years ago - 3 comments
Labels: bug, help wanted

#890 - Should `defer resp.Body.Close()` not be marked as G307?

Issue - State: closed - Opened by 030 about 2 years ago - 3 comments
Labels: bug

#889 - Update Go version in CI scripts

Pull Request - State: closed - Opened by ccojocar about 2 years ago

#888 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] about 2 years ago

#887 - Allow to override build date with SOURCE_DATE_EPOCH

Pull Request - State: closed - Opened by bmwiedemann about 2 years ago

#886 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] about 2 years ago

#885 - No issues reported for secDevLabs (vulnerable apps)

Issue - State: closed - Opened by aleisalem about 2 years ago - 6 comments
Labels: bug, help wanted

#884 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] about 2 years ago - 1 comment

#883 - fileperms: bitwise permission comparison

Pull Request - State: closed - Opened by pro-wh about 2 years ago - 1 comment

#882 - Pin release build to Go version 1.19.2

Pull Request - State: closed - Opened by ccojocar about 2 years ago

#881 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] about 2 years ago

#880 - go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions

Pull Request - State: closed - Opened by thaJeztah about 2 years ago - 3 comments

#879 - Check if package make syscalls

Issue - State: closed - Opened by anjmao about 2 years ago - 1 comment
Labels: enhancement, help wanted

#878 - G109 is missing

Issue - State: closed - Opened by eumel8 about 2 years ago - 1 comment

#877 - Invalid sarif file produced by gosec

Issue - State: closed - Opened by davidaparicio about 2 years ago - 2 comments

#876 - Update Go version to 1.19 in the makefile

Pull Request - State: closed - Opened by ccojocar about 2 years ago

#875 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] about 2 years ago

#874 - Add CWE-676 to cwe mapping

Pull Request - State: closed - Opened by ccojocar about 2 years ago - 1 comment

#873 - Flag all xcrypto

Pull Request - State: closed - Opened by thorrsson about 2 years ago

#872 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] about 2 years ago

#871 - flag ALL use of Go xcrypto as bad in rule G506

Pull Request - State: closed - Opened by thorrsson about 2 years ago - 1 comment

#870 - Invalid sarif file produced by gosec.

Issue - State: closed - Opened by cryanbrow about 2 years ago - 2 comments
Labels: bug, help wanted

#869 - Add a way to use private repositories on GitHub

Pull Request - State: closed - Opened by elgohr about 2 years ago - 2 comments

#868 - chore(deps): update all dependencies

Pull Request - State: closed - Opened by renovate[bot] about 2 years ago - 1 comment

#865 - Refactor to support duplicate imports with different aliases

Pull Request - State: closed - Opened by thaJeztah about 2 years ago - 8 comments

#850 - False alarm for G101

Issue - State: closed - Opened by samirsss over 2 years ago - 10 comments
Labels: bug, help wanted

#837 - Phase out support for Go 1.16 since is not supported anymore by Go team

Pull Request - State: closed - Opened by ccojocar over 2 years ago

#833 - RFE: flag uses of top level net/http ListenAndServe(TLS), Serve(TLS)

Issue - State: closed - Opened by scop over 2 years ago - 4 comments
Labels: enhancement, help wanted

#827 - gosec v2.12.0 gives "error obtaining VCS status: exit status 128"

Issue - State: closed - Opened by jooseppi-luna over 2 years ago - 3 comments

#821 - G304 on `os.Executable`

Issue - State: closed - Opened by asiffer over 2 years ago - 2 comments
Labels: bug, help wanted

#766 - v2.9.6 ignores all nosec annotations

Issue - State: closed - Opened by tim-lo almost 3 years ago - 6 comments
Labels: bug, help wanted

#744 - Fix #704

Pull Request - State: closed - Opened by kaiili almost 3 years ago - 1 comment

#700 - Renovate(bot) : dependency dashboard

Issue - State: open - Opened by renovate[bot] about 3 years ago

#637 - Tidy up the dependencies

Pull Request - State: closed - Opened by ccojocar over 3 years ago - 3 comments

#605 - Fix the go modules after updating to get the tests passing

Pull Request - State: closed - Opened by ccojocar over 3 years ago - 1 comment

#603 - SARIF : format's specification conformity

Issue - State: closed - Opened by mmorel-35 over 3 years ago - 6 comments
Labels: enhancement

#598 - Use multiple output formats

Issue - State: closed - Opened by ShreyasSubhedar over 3 years ago - 9 comments
Labels: enhancement, help wanted

#593 - Tidy up the go modules after update

Pull Request - State: closed - Opened by ccojocar over 3 years ago

#589 - gosec giving “could not import C (no metadata for C)” golang error

Issue - State: closed - Opened by rakeshkumarofcl over 3 years ago - 4 comments

#585 - Update all dependencies

Pull Request - State: closed - Opened by ccojocar over 3 years ago

#581 - Add support for Go 1.16 in the CI and release workflows

Pull Request - State: closed - Opened by ccojocar over 3 years ago

#579 - G307: Readonly files also a problem?

Issue - State: closed - Opened by tehsphinx over 3 years ago - 2 comments
Labels: enhancement, help wanted

#573 - Use a more generic path for sonarqube import path

Pull Request - State: closed - Opened by ccojocar almost 4 years ago

#572 - Update README with a note which describes how to import a SonarQube report

Pull Request - State: closed - Opened by ccojocar almost 4 years ago

#570 - Reset the state of TLS rule after each version check

Pull Request - State: closed - Opened by ccojocar almost 4 years ago

#564 - gosec G101 false positive

Issue - State: closed - Opened by mrvik almost 4 years ago - 2 comments
Labels: enhancement, help wanted

#555 - Clean up the go module dependncies

Pull Request - State: closed - Opened by ccojocar almost 4 years ago - 1 comment

#552 - Add a rule which warns when xml encoding is used without sanitisation

Issue - State: closed - Opened by ccojocar almost 4 years ago - 1 comment
Labels: help wanted, rule

#537 - Could not find the documentation on "How to write the config file"

Issue - State: closed - Opened by NishikaDeSilva about 4 years ago - 8 comments
Labels: help wanted, documentation

#525 - Add a rule to check if Content-Type is not explicitly set using Header().Set()

Issue - State: closed - Opened by sanAnand about 4 years ago - 3 comments
Labels: help wanted, rule

#524 - Update the tls configuration generate to handle also the NSS alternative names

Pull Request - State: closed - Opened by ccojocar about 4 years ago - 1 comment

#521 - Update README file with some more details required to run successfully a scan with the docker image

Pull Request - State: closed - Opened by ccojocar about 4 years ago - 1 comment

#520 - Add Go 1.15 to the supported version and phase out the Go 1.12

Pull Request - State: closed - Opened by ccojocar about 4 years ago - 1 comment

#519 - Fix typo in README file

Pull Request - State: closed - Opened by ccojocar about 4 years ago - 1 comment

#514 - Write the logs to stdout instead the stderr

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 3 comments

#513 - Fix the rule G304 to handle the case when the input is cleaned as a variable assignment

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 2 comments

#508 - Add io.CopyBuffer function to rule G110

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 2 comments

#505 - set exclude-dir in a config file

Issue - State: closed - Opened by Creator1024 over 4 years ago - 1 comment

#501 - hitting error (invalid package name: "") on repo have multiple go.mod

Issue - State: closed - Opened by WLun001 over 4 years ago - 5 comments

#499 - Rename file for consistency

Pull Request - State: closed - Opened by ccojocar over 4 years ago

#496 - Add a rule to catch the usage of insecure template.HTML/CSS...

Issue - State: closed - Opened by ccojocar over 4 years ago - 3 comments
Labels: help wanted, rule

#495 - Fix panic when reading the version from debug info in Go 1.13

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 1 comment

#493 - Improve the TLS version checking

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 1 comment

#491 - Make sure some version information is set when no version was injected into the binary

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 1 comment

#489 - Extend the rule G304 with os.OpenFile and add a test to cover it

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 1 comment

#487 - Extend the insecure random rule with more insecure random functions

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 1 comment

#481 - Bug fix 393 - BuildTags are propagated

Pull Request - State: closed - Opened by lukasaron over 4 years ago - 1 comment

#480 - Make sure all rules are mapped to CWE numbers

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 1 comment

#479 - Various improvements in the SQL rules

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 2 comments

#478 - BugFix-393 Build tags are propagated

Pull Request - State: closed - Opened by lukasaron over 4 years ago - 5 comments

#472 - Set up a gosec's users list

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 2 comments

#464 - Fix the configuration parsing for hardcoded credentials

Pull Request - State: closed - Opened by ccojocar over 4 years ago

#463 - Set the default color on only for text format

Pull Request - State: closed - Opened by ccojocar over 4 years ago

#455 - Handle properly the gosec module version v2

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 1 comment

#452 - Migrate the build to GitHub Actions

Pull Request - State: closed - Opened by ccojocar over 4 years ago

#450 - Fix the call list info to handle selector expressions

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 1 comment

#449 - Improve the subproc rule to handle CommandContext, syscall.ForkExec and syscall.StartProces

Pull Request - State: closed - Opened by ccojocar over 4 years ago - 1 comment

#439 - G304: false positive with filepath.Join

Issue - State: closed - Opened by ldez almost 5 years ago - 4 comments
Labels: bug, help wanted

#435 - Fix the errors rule whitelist to work on types methods

Pull Request - State: closed - Opened by ccojocar almost 5 years ago - 1 comment

GitHub / securego/gosec issues and pull requests