Skip to content

Update gosec template to use golang 1.22 (and other updates)

Mstyles requested to merge gosec-golang-update into main

Update golang to version 1.22 (and other updates)

  • mwcli supports golang 1.22 and uses the gosec template [MR: repos/releng/cli!557]

  • Updates the version of gosec to the current v2.19.0.

  • Allows option (via an env var) to have root run go install if we wish to also scan dependency code.

  • Refactors the git diff command to filter on directories with changed files (--dirstat=files,0) instead of the files themselves, as gosec does not support the analysis of individual files (unfortunately, this assumption was wrongly made within this include file).

  • Removes most of the FILES_ANALYZED and FILE_LIST logic based upon the aforementioned issue.

  • Adds additional GOLANG_GOSEC_DIR_PATHS_TO_SCAN env var and supporting logic for directory-based scanning that gosec requires.

Bug: T364560

Bug: T364586

Edited by SBassett

Merge request reports

Loading