Add 'gosec' to the static-checks

Run static security scanning tool 'gosec' while testing.

URL: https://github.com/securego/gosec
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos 2019-08-30 12:23:10 +02:00 committed by mergify[bot]
parent dd668e59f1
commit 8f133e03b8
3 changed files with 15 additions and 0 deletions

View File

@ -22,6 +22,7 @@ go: 1.12.x
env: env:
global: global:
- GOLANGCI_VERSION=v1.17.0 - GOLANGCI_VERSION=v1.17.0
- GOSEC_VERSION=2.0.0
- TEST_COVERAGE=stdout - TEST_COVERAGE=stdout
- GO_METALINTER_THREADS=1 - GO_METALINTER_THREADS=1
- GO_COVER_DIR=_output - GO_COVER_DIR=_output
@ -46,6 +47,10 @@ jobs:
- curl -sf - curl -sf
"https://install.goreleaser.com/github.com/golangci/golangci-lint.sh" "https://install.goreleaser.com/github.com/golangci/golangci-lint.sh"
| bash -s -- -b $GOPATH/bin "${GOLANGCI_VERSION}" | bash -s -- -b $GOPATH/bin "${GOLANGCI_VERSION}"
# install gosec
- curl -sfL
"https://raw.githubusercontent.com/securego/gosec/master/install.sh"
| sh -s -- -b $GOPATH/bin "${GOSEC_VERSION}"
# install helm for helm lint # install helm for helm lint
- curl -L https://git.io/get_helm.sh | bash - curl -L https://git.io/get_helm.sh | bash
script: script:

View File

@ -44,6 +44,7 @@ dep-check:
static-check: static-check:
./scripts/lint-go.sh ./scripts/lint-go.sh
./scripts/lint-text.sh --require-all ./scripts/lint-text.sh --require-all
./scripts/gosec.sh
func-test: func-test:
go test github.com/ceph/ceph-csi/e2e $(TESTOPTIONS) go test github.com/ceph/ceph-csi/e2e $(TESTOPTIONS)

9
scripts/gosec.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
set -o pipefail
if [[ -x "$(command -v gosec)" ]]; then
find cmd pkg -type d -print0 | xargs --null gosec
else
echo "WARNING: gosec not found, skipping security tests" >&2
fi