Conversation
| - name: Install gosec | ||
| run: go install github.com/securego/gosec/v2/cmd/gosec@latest | ||
| - name: gosec | ||
| run: gosec ./... |
There was a problem hiding this comment.
make tools gosec are also available. gosec task could be changed in Makefile to fit new needs
There was a problem hiding this comment.
I like this idea. changed Makefile handling for gosec and using make gosec in action.
There was a problem hiding this comment.
so since gosec has found 30 errors, maybe we want to do something about it before merging to main? some failures are in internal testutils, maybe we could ignore some of them?
There was a problem hiding this comment.
These gosec findings have to be evaluated. But I don't think this should happen in this PR. Best for the moment would be to create a ticket. What you think?
There was a problem hiding this comment.
this should happen in this PR
I agree, but on the other hand, merging a PR with the failing pipeline is also not great. These failures could be fixed first, then once gosec is cool with the fixes we could merge this PR. wdyt?
There was a problem hiding this comment.
These failures could be fixed first
what I meant, failures can be fixes in a separate PR, not this one.
There was a problem hiding this comment.
Decided to resolved gosec issues also in this PR. This way its visible that the issues are resolved.
2 participants
No description provided.