Cosmin Cojocar

@yunwei37 Please feel free to work on this, this will be a really valuable contribution. If you have any questions, don't hesitate to raise them here. Thanks!

I would be interested to see a PR for this. I think the challenge is to have a low number of false positives. Normally people get annoyed when too many...

I think this slight overlaps with https://github.com/securego/gosec/issues/2.

@MVrachev @gcmurphy What's the current status of the documentation? Some rules seem to have some guidelines https://securego.io/docs/rules/rule-intro.html. Are you actively working on adding more docs?

It's definitely a good idea. Wondering how can we collect a decent set of URL arguments which could potentially be leaked over HTTP?

I think this slight overlaps with https://github.com/securego/gosec/issues/2.

We have some documentation on this website https://securego.io/docs/rules/rule-intro.html, which is stored in this repository https://github.com/securego/securego.github.io but the config part is not covered. Happy to accept a pull request if you...

@nanikjava You can try to add some documentation for configuration keys in https://github.com/securego/securego.github.io. These are some places to check in the code where the configuration is parsed: - https://github.com/securego/gosec/blob/fd5472caaf3f10ec3991466caf593456771cf059/cmd/gosec/main.go#L163 -...

I think there are a few more config flags. For instance each rule can be enabled/disabled. You can search trough the code to find all invocations of ``` func (c...

Yeah, some rules have specific settings (e.g. hardcoded credentials).