Merge pull request #2506 from JAORMX/add-gosec

Introduce gosec for security checks
openshift · Oct 29, 2019 · a9d7335 · a9d7335
2 parents 3a12c82 + 0a854cd
commit a9d7335
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/hack/go-sec.sh b/hack/go-sec.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Example:  ./hack/gosec.sh
+set -x
+
+if [ "$IS_CONTAINER" != "" ]; then
+  if [ ! "$(command -v gosec >/dev/null)" ]; then
+      go get github.com/securego/gosec/cmd/gosec
+  fi
+  gosec -severity high -confidence high -exclude G304 ./cmd/... ./data/... ./pkg/... "${@}"
+else
+  podman run --rm \
+    --env IS_CONTAINER=TRUE \
+    --volume "${PWD}:/go/src/github.com/openshift/installer:z" \
+    --workdir /go/src/github.com/openshift/installer \
+    docker.io/openshift/origin-release:golang-1.12 \
+    ./hack/go-sec.sh "${@}"
+fi