weave-gitops icon indicating copy to clipboard operation
weave-gitops copied to clipboard

Published 20 hours ago verified publisher icon weaveworks

Enable gosec linter

Open opudrovs opened this issue 2 years ago • 5 comments
trafficstars

Followup to #3282

Steps before refinement:

More info on the gosec linter: https://golangci-lint.run/usage/linters/#gosec

  • Discuss which gosec rules to enable (all rules are enabled by default, but some of them are very opinionated and might require re-writing considerable portions of code).

opudrovs avatar Mar 16 '23 13:03 opudrovs

All other linters were enabled in previous issues. Enabling gosec was moved to the current issue because it is more opinionated and will require re-writing larger portions of code.

@bigkevmcd could you please confirm that all gosec linter rules should be enabled (the default setting) or if any rules should be excluded? https://golangci-lint.run/usage/linters/#gosec

opudrovs avatar Mar 20 '23 10:03 opudrovs

My view is that we should see what it spits out, and discuss as a group what it means.

bigkevmcd avatar Mar 27 '23 14:03 bigkevmcd

Did a group discussion take place? Still something we want to do? If yes, what would be the next step for this?

lasomethingsomething avatar Aug 10 '23 15:08 lasomethingsomething

I will add this to the agenda for next x-team alignment meeting.

yiannistri avatar Aug 16 '23 10:08 yiannistri

Thanks @yiannistri for bringing the topic to X-team catchup.

In the context of alternatives, we could also consider whether github codeql could provide us any value https://codeql.github.com/docs/

It also have support for github actions https://github.com/github/codeql-action

enekofb avatar Aug 16 '23 14:08 enekofb