Releases: securego/gosec
Releases · securego/gosec
v2.17.0
Changelog
- a89e9d5 Enable go 1.21.0 in the CI build (#998)
- 4b458c4 chore(deps): update all dependencies (#997)
- 7d51bfe Update to go version 1.20.7 and 1.19.12 (#993)
- fc2f66b chore(deps): update all dependencies (#992)
- 2cf2f96 chore(deps): update module github.com/onsi/gomega to v1.27.10 (#991)
- bf7feda fix: correctly identify infixed concats as potential SQL injections (#987)
- 2292ed5 chore(deps): update all dependencies (#989)
- fc570b6 Add a new flag terse to show only the results and summary (#986)
- 36f6933 Switch to a maintained fork of zxcvbn module (#984)
- ed7b334 Fix dependencies after bot update (#983)
- e76ad70 chore(deps): update all dependencies (#982)
- 3a6fd99 Update to Go version 1.19.11 and 1.20.6 (#981)
- ea39309 Fix and tidy the dependencies (#977)
- ef8f560 chore(deps): update all dependencies (#976)
- 17b7d31 Update README file with new rule (#975)
- a018cf0 Feature: G602 Slice Bound Checking (#973)
- 82364a7 chore(deps): update all dependencies (#974)
- abeab10 Feature: G101 match variable values and names (#971)
- b824c10 Update build script to go version 1.20.5
- 022584d chore(deps): update all dependencies
- bd58600 Recognize struct field in G601
- 1457921 Remove the depguard from the list of enabled linters
- 1f68996 Fix typos in comments, vars and tests
- e148465 chore(deps): update all dependencies
- 9120883 Fix no-sec alternative tag (#962)
- 87cc45e Use image digest instead of tag when signing the released image with cosign (#960)
- 6df05bd Update gosec image version to 2.16.0 in the Github action (#959)
v2.16.0
Changelog
- c5ea1b7 Update cosign to latest version in release Github action (#958)
- 8632a8c chore(deps): update all dependencies (#956)
- ae3c2f7 Update go version in build and release scripts (#957)
- 970cc29 chore(deps): update all dependencies (#955)
- 47bfd4e Update Go version to 1.20.3 (#953)
- 440141a chore(deps): update all dependencies (#952)
- 7df7baa Fix for Dockerfile smell DL3059 (#951)
- 2ee3213 README: upgrade GitHub action in examples (#950)
- 68b5201 enable ginkgolinter linter (#948)
- 780ebd0 chore(deps): update all dependencies (#947)
- d6aeaad correct gci linter (#946)
- 73f0efc remove deprecated linters
- aef69b3 increase timeout to 5m
- 6bad723 chore(deps): update all dependencies
- 96bb741 Use the latest version
- 6a73248 Fix some linting warnings
- 83fc5e6 Fix lint warning
- 8e7cf4b Bump the go versions and golanci
- e7bfcd1 chore(deps): update all dependencies (#942)
- f823a7e Check nil pointer when variable is declared in a different file
- cdd3476 fix dead link to issue.go in README.md (#936)
- d5a9c73 Remove rule G307 which checks when an error is not handled when a file or socket connection is closed (#935)
- 27bf0e4 Fix rule index reference into sarif report (#934)
- e7b896f Bump golang.org/x/net from 0.6.0 to 0.7.0
- 4340efa Format file
- f850069 Use the gosec issue in the go analysers
- b1fd948 Fix file formatting
- 2071786 Update Go version in CI builds
- 1915717 Fix method name in the comment
- de2c6a3 Extract the issue in its own package
- 31e6327 Add support for Go analysis framework and SSA code representation
- e795d75 chore(deps): update all dependencies (#931)
- 8aa00db Remove the version form ci github action
- 392e53c Pin github action to latest release version 2.15.0
- ffe254e Revert the image tag in github action until a working solution is found
- a0eddfb Fix version interpolation in github action image
- d22a7b6 Add gosec version as an input parameter to GitHub action (#927)
- 2d6b0a5 Update release build script (#924)
v2.15.0
Changelog
- a459eb0 Fix dependencies after renovate update
- 54f56c7 chore(deps): update all dependencies (#922)
- df14837 Update to Go 1.20 and fix unit tests (#923)
- b4270dd Update Go to latest version (#920)
- a624254 Update hardcoded_credentials.go fix: adaper equal expr which const value at left (#917)
- 9432e67 Fix github latest URL (#918)
- e85e1a7 Fix github release url (#916)
- 7dcb8c7 chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 (#914)
- c5d217d Update Go version in CI script (#913)
- 5874e63 Track back when a file path was sanitized with filepath.Clean (#912)
- fd28036 Fix the TLS config rule when parsing the settings from a variable (#911)
- a522ae6 Fix build after updating the dependencies (#910)
- 4cc97ad chore(deps): update all dependencies (#909)
- 05a7bc5 Fix dependencies after renovate update (#907)
- 11898d5 chore(deps): update all dependencies (#906)
- f9a8bf0 Update slack badge and link (#905)
- dabc7dc Auto-detect TLS MinVersion integer base (#903)
- c39bcdb Adding s390x support (#902)
- e06bbf9 chore(deps): update all dependencies (#904)
- f79c584 chore(deps): update all dependencies (#898)
- 44f484f Additional types for bad defer check (#897)
- 2fe6c5b chore(deps): update all dependencies (#894)
- a0b7ebb chore(deps): update all dependencies (#892)
- 0acfbb4 Update Go version in CI scripts (#889)
- 6a964b2 chore(deps): update all dependencies (#888)
- a7ad827 Allow to override build date with SOURCE_DATE_EPOCH (#887)
- 26f0389 chore(deps): update all dependencies (#886)
- 7f91d85 chore(deps): update all dependencies (#884)
- cf63541 fileperms: bitwise permission comparison (#883)
v2.14.0
Changelog
- 1af1d5b Pin release build to Go version 1.19.2 (#882)
- 0ae0174 Refactor to support duplicate imports with different aliases (#865)
- a2719d3 chore(deps): update all dependencies (#881)
- ed38681 go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)
- 8466173 Update Go version to 1.19 in the makefile (#876)
- f9ad0d8 chore(deps): update all dependencies (#875)
- 6cd9e62 Add CWE-676 to cwe mapping (#874)
- bb4a1e3 chore(deps): update all dependencies (#872)
- 7ea37bb Add a way to use private repositories on GitHub (#869)
- e244c81 chore(deps): update all dependencies (#868)
- e9b2781 Check go version when installing govulncheck
- 88c23de Check go version when running govulncheck
- 84f6424 Add vulncheck to the test steps
- 180fc23 chore(deps): update all dependencies
- dfde579 Fix false positives for G404 with aliased packages
- aaaf80c chore(deps): update all dependencies
- ae58325 chore(deps): update all dependencies
- a892be9 fix: add a CWE ID mapping to rule G114
- a319b66 chore(deps): update golang.org/x/crypto digest to bc19a97
v2.13.1
v2.13.0
Changelog
- 79a5b13 chore(deps): update dependency babel-standalone to v7
- 97f03d9 chore: update module go to 1.19
- 0ba05e1 chore: fix lint warnings
- d3933f9 chore: add support for Go 1.19
- 4e68fb5 fix: parsing of the Go version (#844)
- 0c8e63e Detect use of net/http functions that have no support for setting timeouts (#842)
- 6a26c23 Refactor SQL rules for better extensibility (#841)
- 1b0873a chore(deps): update module golang.org/x/tools to v0.1.12 (#840)
- 845483e Fix lint warning
- 45bf9a6 Check the suppressed issues when generating the exit code
- a5982fb Fix for G402. Check package path instead of package name (#838)
- ea6d49d fix G204 bugs (#835)
- 21fcd2f Phase out support for Go 1.16 since is not supported anymore by Go team (#837)
- 3cda47a chore(deps): update all dependencies (#836)
- 0212c83 chore(deps): update dependency highlight.js to v11.6.0 (#830)
- 9a25f4e fix: filepaths with git anywhere in them being erroneously excluded (#828)
- 602ced7 Fix wrong location for G109 (#829)
- 7dd9ddd chore(deps): update golang.org/x/crypto digest to 0559593 (#826)
- b0f3e78 fix ReadTimeout for G112 rule
- 05f3ca8 Pin cosign-installer to
v2(#824)
v2.12.0
Changelog
- a9b0ef0 chore(deps): update all dependencies (#822)
- 9c19cb6 Add check for usage of Rat.SetString in math/big with an overflow error (#819)
- fb587c1 Remove additional
--updatefor apk in Dockerfile (#818) - c3ede62 Update x/tools to pick up fix for golang/go#51629 (#817)
- 0a929c7 chore(deps): update all dependencies (#816)
- 12be148 chore(deps): update all dependencies (#812)
- 0dcc336 chore(deps): update all dependencies (#811)
- 34d144b Add new rule for Slowloris Attack
- a64cde5 Fix the dependencies after renovate upate (#806)
- b69c3d4 chore(deps): update all dependencies (#805)
- 89dfdc0 Update the description message of template rule (#803)
- 0791d31 Fix typo in ReadMe (#802)
- 2ef1d9a Fix build after renovate update (#800)
- afc9903 Fix use rule IDs to retrieve the rule config
- 82eaa12 chore(deps): update all dependencies (#796)
v2.11.0
v2.10.0
Changelog
- 26f10e0 Extend the release action to sign the docker image and binary files with cosign (#781)
- 7d539ed feat: add concurrency option to parallelize package loading (#778)
- 43577ce chore(deps): update all dependencies
- c0680bb Process the code snippet before adding it to the SARIF report
- db8d98b Updated sponsor link in README.md
- 507f847 chore(deps): update golang.org/x/crypto commit hash to 30dcbda
- 853e1d5 chore(deps): update all dependencies
- 09a2941 Use the CWE name as a name in the SARIF report
- 9399e7b chore(deps): update all dependencies (#771)
- 2fad8a4 Resolve the TLS min version when is declarted in the same package but in a different file
- 1fbcf10 Add a test for tls min version defined in a different file
- b12c0f6 chore(deps): update all dependencies (#765)
v2.9.6
Changelog
- 1d909e2 Add db.Exec and db.Prepare to the sql rule (#763)
- 742aa84 chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)
- 7be6d4e Add os.Create to the readfile rule (#761)
- 75cc7dc Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)
- 58058af chore(deps): update dependency highlight.js to v11.4.0 (#758)
- 9d66b0d Fix false negatives for SQL injection in multi-line queries
- 4c1afaa Find G303 with filepath.Join'd temp dirs (#754)
- 19bda8d Find more tempdirs
- 827fca9 build(fmt): use
[instead of[[(#751) - ad5d74d Update to ginkgo v2 (#753)
- 72f1145 Fix #743 (#748)
- 63a8e78 Handle nil when looking up a file by position into a package (#747)
- 3038a30 Add in the config file settings for exclude and include options
- bf0dd2f chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)
- 2d1c1a6 Track both #nosec and #nosec rulelist for one violation (#741)
- e0f354a Add the sponsors section in the README file (#740)
- d23ab2d Remove space between
//and#nosecin examples and internal use