diff options
| author |  RENAN.BASTOS <renanbastos.tec@gmail.com>
| 2020-02-28 17:03:48 -0300 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2020-02-28 21:03:48 +0100 |
| commit | 695f713fcf594b33fd8c126cfa8dc9f119d4391b (patch) | |
| tree | 805d39603c15969c17b9a059814b89a221f840d3 /.github | |
| parent | Run tests on 1.14 (diff) | |
| download | fasthttp-695f713fcf594b33fd8c126cfa8dc9f119d4391b.tar.gz fasthttp-695f713fcf594b33fd8c126cfa8dc9f119d4391b.tar.bz2 fasthttp-695f713fcf594b33fd8c126cfa8dc9f119d4391b.zip | |
feat: workflow to verify security using GoSec (#747)
* feat: workflow to valid security using GoSec
* Update security.yml
* Fix gosec problems
These are all either false positives or os.Open operations done on
filenames supplied by the fasthttp user which we have to assume is safe.
* Just ignore some rules globally
* Fix more warnings
* No more warnings
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/security.yml | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000..4a485e0 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,18 @@ +on: [push, pull_request] +name: Security +jobs: + test: + strategy: + matrix: + go-version: [1.13.x, 1.14.x] + platform: [ubuntu-latest] + runs-on: ${{ matrix.platform }} + steps: + - name: Install Go + uses: actions/setup-go@v1 + with: + go-version: ${{ matrix.go-version }} + - name: Checkout code + uses: actions/checkout@v2 + - name: Security + run: go get github.com/securego/gosec/cmd/gosec; `go env GOPATH`/bin/gosec -exclude=G104,G304 ./... |