image
Inspects source code for security problems by scanning the Go AST. Install CI Installation # binary will be $GOPATH/bin/gosec curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s — -b $GOPATH/bin vX.Y.Z # or install it into ./bin/ curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s vX.Y.Z # In alpine linux (as it does not come with curl by default) wget -O – -q https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s vX.Y.Z # If you want to use the checksums provided on the "Releases" page # then you will have to download a tar.gz file for your operating system instead of a binary file wget https://github.com/securego/gosec/releases/download/vX.Y.Z/gosec_vX.Y.Z_OS.tar.gz # The file will be in the current folder where you run the command # and you can check the checksum like this echo "<check sum from the check sum file> gosec_vX.Y.Z_OS.tar.gz" | sha256sum -c – gosec –help Local Installation go get github.com/securego/gosec/cmd/gosec Usage Gosec can be configured to only run a subset of rules, to exclude certain file paths, and produce reports in different formats. By default all rules will be run against the supplied input files. To recursively scan from the current directory you can supply ‘./…' as the input argument. Available rules G101: Look for hard coded credentials G102: Bind to all interfaces G103: Audit the use of unsafe block G104: Audit…