New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃尡 Gosec: Run submodules separately #1362
馃尡 Gosec: Run submodules separately #1362
Conversation
Gosec is otherwise using the root go.mod instead of what is in the submodule.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Good catch!
# It seems like gosec does not handle submodules well. Therefore we skip them and run separately. | ||
gosec -severity medium --confidence medium -quiet -exclude-dir=apis -exclude-dir=hack/tools ./... | ||
(cd apis && gosec -severity medium --confidence medium -quiet ./...) | ||
(cd hack/tools && gosec -severity medium --confidence medium -quiet ./...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shall we remove the quite flag to see what files are being tested? Doesn't change anything but better for logging, currently its difficult to see what actually got tested.
Not聽a blocker for this to merge though and good finding
/approve
/hold
Feel free to unhold if quiet is preferable.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kashifest, Rozzii The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test-ubuntu-integration-main Let's discuss the |
Manual cherry-pick of metal3-io#1474. It also backports metal3-io#1362 that makes gosec.sh actually do something for non-root modules. Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
Manual cherry-pick of metal3-io#1474. It also backports metal3-io#1362 that makes gosec.sh actually do something for non-root modules. Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
What this PR does / why we need it:
Run gosec for each submodule separately.
Gosec is otherwise using the root go.mod instead of what is in the submodule.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #