mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 02:50:30 +00:00
Add 'gosec' to the static-checks
Run static security scanning tool 'gosec' while testing. URL: https://github.com/securego/gosec Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
dd668e59f1
commit
8f133e03b8
@ -22,6 +22,7 @@ go: 1.12.x
|
||||
env:
|
||||
global:
|
||||
- GOLANGCI_VERSION=v1.17.0
|
||||
- GOSEC_VERSION=2.0.0
|
||||
- TEST_COVERAGE=stdout
|
||||
- GO_METALINTER_THREADS=1
|
||||
- GO_COVER_DIR=_output
|
||||
@ -46,6 +47,10 @@ jobs:
|
||||
- curl -sf
|
||||
"https://install.goreleaser.com/github.com/golangci/golangci-lint.sh"
|
||||
| bash -s -- -b $GOPATH/bin "${GOLANGCI_VERSION}"
|
||||
# install gosec
|
||||
- curl -sfL
|
||||
"https://raw.githubusercontent.com/securego/gosec/master/install.sh"
|
||||
| sh -s -- -b $GOPATH/bin "${GOSEC_VERSION}"
|
||||
# install helm for helm lint
|
||||
- curl -L https://git.io/get_helm.sh | bash
|
||||
script:
|
||||
|
1
Makefile
1
Makefile
@ -44,6 +44,7 @@ dep-check:
|
||||
static-check:
|
||||
./scripts/lint-go.sh
|
||||
./scripts/lint-text.sh --require-all
|
||||
./scripts/gosec.sh
|
||||
|
||||
func-test:
|
||||
go test github.com/ceph/ceph-csi/e2e $(TESTOPTIONS)
|
||||
|
9
scripts/gosec.sh
Executable file
9
scripts/gosec.sh
Executable file
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -o pipefail
|
||||
|
||||
if [[ -x "$(command -v gosec)" ]]; then
|
||||
find cmd pkg -type d -print0 | xargs --null gosec
|
||||
else
|
||||
echo "WARNING: gosec not found, skipping security tests" >&2
|
||||
fi
|
Loading…
Reference in New Issue
Block a user