authn-server icon indicating copy to clipboard operation
authn-server copied to clipboard

Published 20 hours ago verified publisher icon keratin

Include gosec check in CI

Open mohammed90 opened this issue 6 years ago • 1 comments

The gosec project scans Go project for insecure code. Given the nature of this project, I think it'd beneficial to include such check and including it is trivial.

I did a trial run locally and the reports, so far, seem to be of low-severity (e.g. ignored errors in some writes.). I can work on this, if accepted, after the gRPC work.

mohammed90 avatar May 17 '19 17:05 mohammed90

Sounds good to me. I expect the noise rate to be somewhat high, but worth sorting through.

cainlevy avatar May 18 '19 16:05 cainlevy

@cainlevy opened a PR to get started with this. There was some noise with default linters so I just added gosec but I think that will be a good start - easy to add in one at a time from there fixing issues as added.

Once we have a strategy we like could add to CI etc but just having the tooling locally seems good for now.

AlexCuse avatar Jun 30 '23 12:06 AlexCuse