ManjunathMS35
ManjunathMS35
GoSec can be enabled from CI yaml files like from CircleCI's .golangci.yaml file and these needs to be checked for the GoLang projects. Sample - https://github.com/OmegaRogue/eliteJournal/blob/be279b9ac9e122f0b6890a4381f4bbbb3a92939d/.golangci.yaml#L124 Tings to do: -...
The advices shown should be actionable and related to the rating requested project. The current implementation shows the advices independent of the programming languages used in a project due to...
After the introduction of Snyk score, the DependencyScanScore "okay" range lies in the "very good" range, which can be confirmed from the test vector here https://github.com/SAP/fosstars-rating-core/blob/02f66d6569bf2664a9091e5ca932102cad842eba/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependencyScanScoreTestVectors.yml#L106 Issue cause: Having GitHub...
Securecookie encodes and decodes authenticated and optionally encrypted cookie values. Secure cookies can't be forged, because their values are validated using HMAC. When encrypted, the content is also inaccessible to...
gorilla/csrf provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Things to do: Check if information can be extracted from GitHub, if gorilla/csrf is used in...
Bodyclose is a static analysis tool which checks whether res.Body is correctly closed. Things to do: Check if information can be extracted from GitHub, if Bodyclose is used in the...
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. Things to do: Check if information can be...
safehtml provides immutable string-like types that wrap web types such as HTML, JavaScript and CSS. These wrappers are safe by construction against XSS and similar web vulnerabilities, and they can...
Secure is an HTTP middleware for Go that facilitates some quick security wins Things to do: Check if information can be extracted from GitHub, if Secure is used in the...
Nosurf is an HTTP package for Go that helps you prevent Cross-Site Request Forgery attacks. It acts like a middleware and therefore is compatible with basically any Go HTTP application....