Skip to content

Releases: securego/gosec

v2.9.6

20 Jan 16:28
@github-actions github-actions
v2.9.6
1d909e2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.9.6

Changelog

  • 1d909e2 Add db.Exec and db.Prepare to the sql rule (#763)
  • 742aa84 chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)
  • 7be6d4e Add os.Create to the readfile rule (#761)
  • 75cc7dc Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)
  • 58058af chore(deps): update dependency highlight.js to v11.4.0 (#758)
  • 9d66b0d Fix false negatives for SQL injection in multi-line queries
  • 4c1afaa Find G303 with filepath.Join'd temp dirs (#754)
  • 19bda8d Find more tempdirs
  • 827fca9 build(fmt): use [ instead of [[ (#751)
  • ad5d74d Update to ginkgo v2 (#753)
  • 72f1145 Fix #743 (#748)
  • 63a8e78 Handle nil when looking up a file by position into a package (#747)
  • 3038a30 Add in the config file settings for exclude and include options
  • bf0dd2f chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)
  • 2d1c1a6 Track both #nosec and #nosec rulelist for one violation (#741)
  • e0f354a Add the sponsors section in the README file (#740)
  • d23ab2d Remove space between // and #nosec in examples and internal use
Assets 10
Loading

v2.9.5

13 Dec 16:54
@github-actions github-actions
v2.9.5
35af340
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.9.5

Changelog

Assets 10
Loading

v2.9.4

09 Dec 11:02
@github-actions github-actions
v2.9.4
b45f95f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.9.4

Changelog

  • b45f95f Add support for suppressing the findings
  • 040327f chore(deps): update all dependencies (#734)
Assets 10
Loading

v2.9.3

24 Nov 16:18
@github-actions github-actions
v2.9.3
6a41fb9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.9.3

Changelog

6a41fb9 Fix #714 (#733)
c95e9c2 chore(deps): update all dependencies (#731)

Assets 10
Loading

v2.9.2

16 Nov 20:45
@github-actions github-actions
v2.9.2
e57efa8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.9.2

Changelog

e57efa8 Fix a panic in suproc rule when the declaration of the variable is not available in the AST (#728)
ff17c30 Use go embed for templates (#725)
3eba7b8 add openssh to docker image (#719)
55c6cea Fix crash when parsing the TLS min version value (#724)
40fa36d G303: catch with os.WriteFile, add os.Create test case (#718)
873ac24 chore(deps): update all dependencies (#722)
f1f0056 Spelling fixes (#717)
0680c75 chore(deps): update all dependencies (#716)
79c8b79 use a better naming for the variable (#715)

Assets 10
Loading

v2.9.1

15 Oct 09:02
@github-actions github-actions
v2.9.1
6921395
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.9.1

Changelog

6921395 Fix the SBOM generation step in the release action (#712)
5a3a27a Phase out support for go version 1.15 because current ginko is not backward compatible (#710)

Assets 10
Loading

v2.8.1

17 Jun 13:11
@github-actions github-actions
v2.8.1
3f800cc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.8.1

Changelog

3f800cc Fix the unit tests (#652)
df10b65 Fix gosimple lint warning (#651)
731d0d5 Results must always be present in the SARIF report (#650)
3c230ac errors.go: add Hash.Write() to the white list. (#648)
e72b1e5 Use of vars instead of func
c81cff0 Update all dependencies (#646)
3ff0a2c Fixes #644 (#645)
e3dffd6 Update renovate configuration
aa35eb5 Delete renovate.json (#642)
3b1b77e add onboarding (#640)
03360ba Update renovate configuration
8a8dbec Tidy up the dependencies (#637)
3a4d09b Update all dependencies (#635)
6cde6b3 Disable cache in golangci job (#636)
1256f16 Fix lint and fail on error in the ci build
dbb9811 Add crypto and lint to the tools modules
244adc6 Update the github ci action to use cache and matrix strategy
df1249d Update install.sh with more installation options
af27673 Update README.md

Assets 8
Loading

v2.8.0

26 May 08:03
@github-actions github-actions
v2.8.0
9fc8e20
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.8.0

Changelog

9fc8e20 Add favicon for HTML template (#628)
91dae7f Update the design of HTML report
e72f54e Fix HTML template and display the gosec version
c3f25b8 fix html report tag styling (#623)
433a674 show nosec in html report summary (#621)
d040f07 Handle gosec version in SARIF report
51f7411 Add arm64 support (#618)
e7ac882 Update go version to 1.16 (#616)
3a9a6ad Sarif provide Snippet with Issue.Code
1325319 Create dependabot.yml (#614)
d8cfcd6 Allow the user to enable/disable colorisation of the text report in the stdout
a8b633f Adding stdout and verbose flags and refactor how the report is saved
103c429 Enable golangcli and improve testing for formatters
4df7f1c Fix typos, Go Report link and Gofmt
f4ea33d Update how the test coverage is generated
c4f5932 Refactor : Replace Cwe with cwe.Weakness
ddfa253 Define a report package with core and per format sub-packages
cc83d4c Generate the SARIF types, handle taxonomies and separate responsibilities
0fa5d0b Fix the go modules after updating to get the tests passing (#605)
3763953 Migrate sonar types in a dedicated package (#604)
b519743 chore(deps): update all dependencies (#599)
569328e Fix typos (#594)
0695fa0 Add -u to local install instructions (#595)
7f2308b Tidy up the moduels after updating (#593)
f21b0b8 chore(deps): update all dependencies (#592)
148e608 Adding KICS to USERS.md (#590)

Assets 8
Loading

v2.7.0

04 Mar 09:00
@github-actions github-actions
v2.7.0
27a5ffb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.7.0

Changelog

27a5ffb Quiet warnings about integer truncation (#586)
bf2cd23 Update all dependencies (#585)
01ee764 Fix typo in USERS.md (#583)
9c047e3 Add support for Go 1.16 in the CI and release workflows (#581)
1fce461 fix: WriteParams rule to work also with golang 1.16 (#577)
dcbcc4d Use a more generic path for sonarqube import path (#573)
2777e50 Update README with a note which describes how to import a SonarQube report (#572)
897c203 Reset the state of TLS rule after each version check (#570)
6c57ae1 Fix sarif formatting issues (#565)
b6524ce Update all dependencies

Assets 6
Loading

v2.6.1

22 Jan 10:39
@github-actions github-actions
v2.6.1
00bbbd8
Compare
Choose a tag to compare
v2.6.1

Changelog

00bbbd8 Fix the release workflow to allow unsecure commands

Assets 6
Loading