securego/gosec: Golang security checker

6444
STARS
90
WATCHERS
504
FORKS
28
ISSUES

gosec's Language Statistics

Star history of gosec
Issue history of gosec

gosec Recent Issues

Issue Title State Comments Created Date Updated Date Closed Date
G304 fail to detect clean open 0 2022-11-16 2022-11-20 -
G104 fails to catch err reassignments open 2 2022-11-13 2022-11-20 -
Should `defer resp.Body.Close()` not be marked as G307? open 1 2022-11-09 2022-11-20 -
No issues reported for secDevLabs (vulnerable apps) open 1 2022-10-26 2022-11-20 -
Check if package make syscalls open 1 2022-10-14 2022-11-20 -
Invalid sarif file produced by gosec closed 2 2022-10-10 2022-11-20 2022-10-10
Invalid sarif file produced by gosec. closed 2 2022-09-28 2022-11-20 2022-10-06
False positive for G404 if both math/rand and crypto/rand are imported closed 1 2022-09-04 2022-11-20 2022-09-05
Gosec Docker Action run completed with exit code 1 closed 4 2022-08-31 2022-11-20 2022-09-01
G114 is not in CWE map closed 0 2022-08-22 2022-11-20 2022-08-22
G307 is not a valid rule for most OSes closed 2 2022-08-21 2022-11-20 2022-08-22
Panic (SIGSEGV) when generating SARIF output with v2.13.0 closed 0 2022-08-19 2022-11-20 2022-08-20
error calling SprintID: runtime error: invalid memory address or nil pointer dereference with v2.13.0 closed 1 2022-08-19 2022-11-20 2022-08-20
Github Action cannot pull private Go modules closed 1 2022-08-16 2022-11-20 2022-08-17
False alarm for G101 open 2 2022-08-15 2022-11-20 -
Unexpected package creation during export data loading closed 1 2022-08-13 2022-11-20 2022-08-15
Pointer not declared by package atomic closed 1 2022-08-13 2022-11-20 2022-08-15
new(big.Rat).SetString("") causes panic: runtime error: index out of range [2] with length 2 closed 0 2022-08-05 2022-11-20 2022-08-08
RFE: flag uses of top level net/http ListenAndServe(TLS), Serve(TLS) closed 0 2022-07-21 2022-11-20 2022-08-02
Gosec is returning a non zero exit status when --track-suppressions is used closed 1 2022-07-19 2022-11-20 2022-07-28
gosec v2.12.0 gives "error obtaining VCS status: exit status 128" closed 1 2022-06-27 2022-11-20 2022-07-06
G112 is invalid if ReadTimeout is set closed 2 2022-06-16 2022-11-30 2022-06-23
G304 on `os.Executable` open 1 2022-06-08 2022-11-20 -
gosec does not respect the go package import alias closed 2 2022-06-02 2022-11-20 2022-07-28
Unexpected package creation during export data loading closed 2 2022-05-18 2022-11-20 2022-05-29
G203 this method will not auto-escape HTML. Verify data is well formed. closed 1 2022-05-09 2022-11-20 2022-05-09
Add a rule for Slowloris Attack closed 1 2022-04-25 2022-11-28 2022-04-30
Failing to run if code uses github.com/samber/lo Map closed 2 2022-04-05 2022-11-20 2022-04-07
G203 `Cross-site Scripting` Explanation SARIF Report Issue closed 1 2022-04-04 2022-11-20 2022-04-05
internal error: package "<...>" without types was imported from "command-line-arguments" closed 7 2022-03-28 2022-11-20 2022-03-29
NewDirectoryTraversal reads wrong config closed 0 2022-03-27 2022-11-11 2022-03-28
Docker image with Go 1.18 closed 0 2022-03-21 2022-11-25 2022-03-21
Gosec integrated in Scanmycode CE (Community Edition) closed 1 2022-03-05 2022-11-26 2022-03-06
No Documentation Explaining the no-fail flag being used closed 4 2022-02-28 2022-11-02 2022-04-08
G404: math/rand backed by crypto/rand closed 2 2022-02-26 2022-10-07 2022-03-06
Build tags not respected across packages closed 1 2022-02-23 2022-10-26 2022-03-06
How can I suppress "TLS InsecureSkipVerify may be true" error in one specific line? closed 2 2022-02-17 2022-11-30 2022-02-17
gosec as gtihub action: cannot find GOROOT directory: closed 5 2022-02-07 2022-11-17 2022-02-09
Sarif Snippet contains line number prefixes + additional parts instead only relevant closed 5 2022-02-01 2022-11-17 2022-02-09
GoSec Sarif output name attribute contains description but not name closed 9 2022-01-26 2022-10-03 2022-01-27
tls config MinVersion panic closed 1 2022-01-25 2022-11-26 2022-01-26
v2.9.6 ignores all nosec annotations open 4 2022-01-24 2022-09-29 -
nosec exceptions not caught with multiple comments closed 3 2022-01-13 2022-10-24 2022-01-14
Question: Shouldn't check for potential file inclusion via variable for os.Create? closed 2 2022-01-12 2022-10-12 2022-01-12
Query string building via concatenation (G202) should apply to Exec and Prepare closed 0 2022-01-06 2022-11-29 2022-01-17
As a DevOps, I want to have a robust CI pipeline to test all the features of gosec on every commit to master. closed 1 2021-12-27 2022-11-03 2022-01-03
Path installation is incorrect for v2 closed 3 2021-12-23 2022-11-05 2022-01-03
gosec panics while scannig the project with nil pointer dereference closed 1 2021-12-22 2022-10-27 2021-12-22
nosec comment below another comment breaks the nosec annotation closed 3 2021-12-17 2022-11-26 2022-01-03
G109 tells the location at strconv.Atoi instead of strconv.Atoi result conversion to int16/32 closed 0 2021-12-17 2022-11-26 2022-07-06