Issues
- 3
G201/G202 only works with the stdlib sql pkg
#1237 opened by adrianlungu - 6
Panic in gosec 2.21.3 conversion overflow analyzer
#1229 opened by gmwiz - 5
- 0
standalone run, can't run a single rule ?
#1230 opened by ldemailly - 2
Sonar format reports deprecated fields
#1206 opened by CameronGo - 16
G115 is reporting false positives (a summary)
#1212 opened by czechbol - 4
Invalid SARIF format reported by CodeQL upload-sarif
#1224 opened by komish - 2
G110 False Positive?
#1222 opened by geofffranks - 3
Updated Gosec is throwing this error - Error: Unable to upload "results.sarif" as it is not valid SARIF
#1220 opened by Revanthathreya - 5
GitHub action `v2.21.2` uses ` securego/gosec:2.21.1`docker image with broken SARIF output
#1219 opened by nickeskov - 0
- 16
G407: Incorrect detection of fixed iv
#1211 opened by imirkin - 6
G407: requires unique nonce for Open?
#1209 opened by imirkin - 2
Create a taint analysis engine
#1160 opened by ccojocar - 5
Go version issues when running in CI (Github Actions)
#1166 opened by saurori - 2
G115: False positive int->uint16 with guard
#1204 opened by stephenc - 1
G115: false positive for uintptr -> unsafe.Pointer
#1202 opened by abemedia - 7
G115 ignores bounds checks
#1187 opened by rittneje - 0
- 1
Results always empty
#1205 opened by antoninoLorenzo - 0
Gosec does not detect hard-coded nonces/initialization vectors for multiple encryption algorithms
#1196 opened by expp121 - 0
G204: False positive when variable is a value from a hard-coded locally-scoped map
#1199 opened by mholt - 1
- 1
G115 should be architecture-agnostic for int and uint
#1195 opened by rittneje - 21
G115: integer overflow conversion uint8 -> int64
#1185 opened by ldemailly - 1
GoSec pulling the image before docker hub login
#1184 opened by majidlun3x - 2
- 0
Gosec does not detect G204 if user input is from a function parameter
#1174 opened by BinaryFissionGames - 2
can we get a patch release out to support go 1.22 fixes?
#1173 opened by omercnet - 0
Add rules for deprecated hashing algorithms
#1162 opened by expp121 - 0
Rule G401 covers multiple different CWEs.
#1158 opened by expp121 - 1
possible regression on first g104 sample
#1157 opened by kristovatlas - 1
- 1
Setting the Gosec Confidence level to Medium.
#1150 opened by Revanthathreya - 1
Add detection of overflow during integer conversion
#1130 opened by findmyhappy - 1
criteria for adding new secret patterns versus relying on high entropy detection
#1146 opened by cduggn - 4
Add an option to set the Go version
#1143 opened by ldez - 2
Gosec Configuration file to integrate with GitHub ( as a workflow file)
#1141 opened by Revanthathreya - 2
'go install' doesn't work
#1140 opened by alekseyvit - 0
G306 can be easily bypassed with `os.ModePerm`
#1126 opened by seiyab - 0
- 1
Regarding customizing a configuration file to load G101 rules, where keywords with "-" cannot be matched
#1133 opened by kb-at-zero - 1
- 1
no cache usage on 18.2 and 19.0
#1129 opened by csepulveda - 2
G101: False positive of HIGH Severity on constant
#1122 opened by gusandrioli - 1
Is it possible to integrate with VS Code?
#1121 opened by penguinpowernz - 8
- 1
G601 does not catch all cases
#1115 opened by dennisvanderweide - 4
Support the `math/rand/v2` added in Go 1.22
#1109 opened by hyorimitsu - 7
QA: wrap gosec to golangci-lint speed up to 10x
#1110 opened by alexpts