Skip to content

Support official Go directive comments for rule suppression #1311

New issue
New issue
Closed
#1314
Closed
Support official Go directive comments for rule suppression#1311
#1314
Labels
enhancementhelp wanted
@frozenbonito

Description

@frozenbonito
frozenbonito
opened on Mar 3, 2025
Contributor

Currently, gosec supports the #nosec annotation comment, but in Go, comments in the form of //toolname:directive are officially recognized as directive comments.

A directive comment is a line matching the regular expression //(line |extern |export |[a-z0-9]+:[a-z0-9]). Tools that define their own directives should use the form //toolname:directive.

https://tip.golang.org/doc/comment#syntax

Tools like gofmt and pkgsite (godoc) recognize directive comments in this format.
By supporting officially formatted directive comments, gosec can also benefit from this standardized approach.

For example:

//gosec:disable G402

Activity

ccojocar

ccojocar commented on Mar 4, 2025

@ccojocar
ccojocar
on Mar 4, 2025
Member

Thanks for bringing this up. This is useful feature for compatibility starting with Go 1.24.

ccojocar
added
enhancement
help wanted
on Mar 4, 2025
frozenbonito
mentioned this on Mar 8, 2025
frozenbonito

frozenbonito commented on Mar 8, 2025

@frozenbonito
frozenbonito
on Mar 8, 2025
ContributorAuthor

I've created a pull request.
#1314

ccojocar
closed this as completedin #1314on Mar 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementhelp wanted

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @ccojocar@frozenbonito

      Issue actions
        Support official Go directive comments for rule suppression · Issue #1311 · securego/gosec