Scan kics with Gosec in build

[miguelfreitas93]

Is your feature request related to a problem? Please describe.
Improve security of kics source code

Describe the solution you'd like
Add a step to perform Gosec scan in the build pipeline to get better secure code
https://github.com/securego/gosec

[ruigomescx]

Thanks for the suggestion @miguelfreitas93!

[rogeriopeixotocx]

Issue opened by @felipe-avelar got solved and the PR merged but since then they haven't released a new version yet so we can't move this forward unless we build gosec and run it without using the GH action securego/gosec#565

[miguelfreitas93]

@rogeriopeixotocx you can run an action of a specific commit or version or branch:
https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
steps:

  # Reference a specific commit
  - uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
  # Reference the major version of a release
  - uses: actions/setup-node@v1
  # Reference a minor version of a release
  - uses: actions/setup-node@v1.2
  # Reference a branch
  - uses: actions/setup-node@main

For the moment we can use a specific branch, but once it is released you can change it to a specific version

[rogeriopeixotocx]

@miguelfreitas93 Yes, that's true.. the issue is that their GH action uses the latest docker image published and they only publish a docker image whenever there's a new release. So we're stuck the same unless we check out the project, build it, and run the binary.. which is not very difficult but we're short on time, feel free to contribute if you can. Checkout this PR branch #1835 and you can follow our unit test build steps as guidance. Examples for setup and go modules vendor's download and build

[rogeriopeixotocx]

@miguelfreitas93 better yet check their dockerfile and makefile for instructions on how to build it