Gosec Versions Save

Go security checker

v2.12.0

1 year ago

Changelog

  • a9b0ef0 chore(deps): update all dependencies (#822)
  • 9c19cb6 Add check for usage of Rat.SetString in math/big with an overflow error (#819)
  • fb587c1 Remove additional --update for apk in Dockerfile (#818)
  • c3ede62 Update x/tools to pick up fix for golang/go#51629 (#817)
  • 0a929c7 chore(deps): update all dependencies (#816)
  • 12be148 chore(deps): update all dependencies (#812)
  • 0dcc336 chore(deps): update all dependencies (#811)
  • 34d144b Add new rule for Slowloris Attack
  • a64cde5 Fix the dependencies after renovate upate (#806)
  • b69c3d4 chore(deps): update all dependencies (#805)
  • 89dfdc0 Update the description message of template rule (#803)
  • 0791d31 Fix typo in ReadMe (#802)
  • 2ef1d9a Fix build after renovate update (#800)
  • afc9903 Fix use rule IDs to retrieve the rule config
  • 82eaa12 chore(deps): update all dependencies (#796)

v2.11.0

2 years ago

Changelog

  • 607d607 Enable Go 1.18 in the ci and release workflows
  • b99b5f7 Fix the lint action after upgrade (#790)
  • 8af0af7 chore(deps): update all dependencies (#789)
  • ea5d31f Add a recursive flag -r to skip specifying ./... path
  • 48bbf96 Adds directory traversal for Http.Dir("/")

v2.10.0

2 years ago

Changelog

  • 26f10e0 Extend the release action to sign the docker image and binary files with cosign (#781)
  • 7d539ed feat: add concurrency option to parallelize package loading (#778)
  • 43577ce chore(deps): update all dependencies
  • c0680bb Process the code snippet before adding it to the SARIF report
  • db8d98b Updated sponsor link in README.md
  • 507f847 chore(deps): update golang.org/x/crypto commit hash to 30dcbda
  • 853e1d5 chore(deps): update all dependencies
  • 09a2941 Use the CWE name as a name in the SARIF report
  • 9399e7b chore(deps): update all dependencies (#771)
  • 2fad8a4 Resolve the TLS min version when is declarted in the same package but in a different file
  • 1fbcf10 Add a test for tls min version defined in a different file
  • b12c0f6 chore(deps): update all dependencies (#765)

v2.9.6

2 years ago

Changelog

  • 1d909e2 Add db.Exec and db.Prepare to the sql rule (#763)
  • 742aa84 chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)
  • 7be6d4e Add os.Create to the readfile rule (#761)
  • 75cc7dc Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)
  • 58058af chore(deps): update dependency highlight.js to v11.4.0 (#758)
  • 9d66b0d Fix false negatives for SQL injection in multi-line queries
  • 4c1afaa Find G303 with filepath.Join'd temp dirs (#754)
  • 19bda8d Find more tempdirs
  • 827fca9 build(fmt): use [ instead of [[ (#751)
  • ad5d74d Update to ginkgo v2 (#753)
  • 72f1145 Fix #743 (#748)
  • 63a8e78 Handle nil when looking up a file by position into a package (#747)
  • 3038a30 Add in the config file settings for exclude and include options
  • bf0dd2f chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)
  • 2d1c1a6 Track both #nosec and #nosec rulelist for one violation (#741)
  • e0f354a Add the sponsors section in the README file (#740)
  • d23ab2d Remove space between // and #nosec in examples and internal use

v2.9.5

2 years ago

Changelog

  • 35af340 Fix #736 (#738)
  • 6c0b344 chore(deps): update golang.org/x/crypto commit hash to 4570a08 (#737)

v2.9.4

2 years ago

Changelog

  • b45f95f Add support for suppressing the findings
  • 040327f chore(deps): update all dependencies (#734)

v2.9.3

2 years ago

Changelog

6a41fb9 Fix https://github.com/securego/gosec/issues/714 (#733) c95e9c2 chore(deps): update all dependencies (#731)

v2.9.2

2 years ago

Changelog

e57efa8 Fix a panic in suproc rule when the declaration of the variable is not available in the AST (#728) ff17c30 Use go embed for templates (#725) 3eba7b8 add openssh to docker image (#719) 55c6cea Fix crash when parsing the TLS min version value (#724) 40fa36d G303: catch with os.WriteFile, add os.Create test case (#718) 873ac24 chore(deps): update all dependencies (#722) f1f0056 Spelling fixes (#717) 0680c75 chore(deps): update all dependencies (#716) 79c8b79 use a better naming for the variable (#715)

v2.9.1

2 years ago

Changelog

6921395 Fix the SBOM generation step in the release action (#712) 5a3a27a Phase out support for go version 1.15 because current ginko is not backward compatible (#710)

v2.8.1

2 years ago

Changelog

3f800cc Fix the unit tests (#652) df10b65 Fix gosimple lint warning (#651) 731d0d5 Results must always be present in the SARIF report (#650) 3c230ac errors.go: add Hash.Write() to the white list. (#648) e72b1e5 Use of vars instead of func c81cff0 Update all dependencies (#646) 3ff0a2c Fixes #644 (#645) e3dffd6 Update renovate configuration aa35eb5 Delete renovate.json (#642) 3b1b77e add onboarding (#640) 03360ba Update renovate configuration 8a8dbec Tidy up the dependencies (#637) 3a4d09b Update all dependencies (#635) 6cde6b3 Disable cache in golangci job (#636) 1256f16 Fix lint and fail on error in the ci build dbb9811 Add crypto and lint to the tools modules 244adc6 Update the github ci action to use cache and matrix strategy df1249d Update install.sh with more installation options af27673 Update README.md