Audun
Audun
@gruebel yeah ideally I'd like it to run on change to the source code, as any time a dev is making changes there I'd like to surface the previously skipped...
Would really like to able to ingest pre-created SBOMs. Any chance of getting this supported? Edit: nvm, that is supported!
Might be that some of these apps from secDevLabs could be good to benchmark the performance of gosec?
I have a hypothesis of why this is happening, will try to implement a fix. Specifically, I think the issue is that gosec looks for uses of string formatting calls,...
So I've been looking a bit at why `gosec` doesn't flag the SQL injections in secDevLabs. The hypothesis I've been working from is that the failure arises because of how...
Just saw that the SQL in test is borked.. Disregard that 😅. Bug is still there though
Fixing this issue will require creating a new SQL injection rule, and following the current scheme it should be numbered as G205. It's a bit awkward to add one that's...
@alphadev4 is it something that's planned for release within q1 of 2024?
I'd love to take a crack at it. Thanks @willmurphyscode
By-the-by, I've begun work on this over here: https://github.com/audunmo/syft/tree/feat/catalog-vcpkg