gosec

module
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2025 License: Apache-2.0

README

gosec

This component implements a scanner that parses sarif reports output by gosec into ocsf format.

Environment variables

The component uses environment variables for configuration.

It requires the component environment variables defined here as well as the following:

Environment Variable Type Required Default Description
GOSEC_RAW_OUT_FILE_PATH string yes - The path where to find the gosec report
GOSEC_TARGET_TYPE string false repository The type of target that was used to generate the report

How to run

Execute:

docker-compose up --build --force-recreate --remove-orphans

Then shutdown with:

docker-compose down --rmi all

Test data

The gosec.sarif file used in tests was generated with the following steps:

  • Cloning:
git clone https://github.com/TheHackerDev/damn-vulnerable-golang
  • Running gosec
docker run \
  --platform linux/amd64 \
  -v ./damn-vulnerable-golang:/go/damn-vulnerable-golang \
  -it securego/gosec:2.15.0 \
    -fmt=sarif \
    -no-fail \
    -out=./damn-vulnerable-golang/gosec.sarif \
      damn-vulnerable-golang

Directories

Path Synopsis
internal
transformer
util/ptr

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.