v2.11.0

Changelog

• 607d607 Enable Go 1.18 in the ci and release workflows
• b99b5f7 Fix the lint action after upgrade (#790)
• 8af0af7 chore(deps): update all dependencies (#789)
• ea5d31f Add a recursive flag -r to skip specifying ./... path
• 48bbf96 Adds directory traversal for Http.Dir("/")

v2.10.0

Changelog

• 26f10e0 Extend the release action to sign the docker image and binary files with cosign (#781)
• 7d539ed feat: add concurrency option to parallelize package loading (#778)
• 43577ce chore(deps): update all dependencies
• c0680bb Process the code snippet before adding it to the SARIF report
• db8d98b Updated sponsor link in README.md
• 507f847 chore(deps): update golang.org/x/crypto commit hash to 30dcbda
• 853e1d5 chore(deps): update all dependencies
• 09a2941 Use the CWE name as a name in the SARIF report
• 9399e7b chore(deps): update all dependencies (#771)
• 2fad8a4 Resolve the TLS min version when is declarted in the same package but in a different file
• 1fbcf10 Add a test for tls min version defined in a different file
• b12c0f6 chore(deps): update all dependencies (#765)

v2.9.6

Changelog

• 1d909e2 Add db.Exec and db.Prepare to the sql rule (#763)
• 742aa84 chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)
• 7be6d4e Add os.Create to the readfile rule (#761)
• 75cc7dc Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)
• 58058af chore(deps): update dependency highlight.js to v11.4.0 (#758)
• 9d66b0d Fix false negatives for SQL injection in multi-line queries
• 4c1afaa Find G303 with filepath.Join'd temp dirs (#754)
• 19bda8d Find more tempdirs
• 827fca9 build(fmt): use [ instead of [[ (#751)
• ad5d74d Update to ginkgo v2 (#753)
• 72f1145 Fix #743 (#748)
• 63a8e78 Handle nil when looking up a file by position into a package (#747)
• 3038a30 Add in the config file settings for exclude and include options
• bf0dd2f chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)
• 2d1c1a6 Track both #nosec and #nosec rulelist for one violation (#741)
• e0f354a Add the sponsors section in the README file (#740)
• d23ab2d Remove space between // and #nosec in examples and internal use

v2.9.5

Changelog

• 35af340 Fix #736 (#738)
• 6c0b344 chore(deps): update golang.org/x/crypto commit hash to 4570a08 (#737)

v2.9.4

Changelog

• b45f95f Add support for suppressing the findings
• 040327f chore(deps): update all dependencies (#734)

v2.9.3

Changelog

6a41fb9 Fix #714 (#733)
c95e9c2 chore(deps): update all dependencies (#731)

v2.9.2

Changelog

e57efa8 Fix a panic in suproc rule when the declaration of the variable is not available in the AST (#728)
ff17c30 Use go embed for templates (#725)
3eba7b8 add openssh to docker image (#719)
55c6cea Fix crash when parsing the TLS min version value (#724)
40fa36d G303: catch with os.WriteFile, add os.Create test case (#718)
873ac24 chore(deps): update all dependencies (#722)
f1f0056 Spelling fixes (#717)
0680c75 chore(deps): update all dependencies (#716)
79c8b79 use a better naming for the variable (#715)

v2.9.1

Changelog

6921395 Fix the SBOM generation step in the release action (#712)
5a3a27a Phase out support for go version 1.15 because current ginko is not backward compatible (#710)

v2.8.1

Changelog

3f800cc Fix the unit tests (#652)
df10b65 Fix gosimple lint warning (#651)
731d0d5 Results must always be present in the SARIF report (#650)
3c230ac errors.go: add Hash.Write() to the white list. (#648)
e72b1e5 Use of vars instead of func
c81cff0 Update all dependencies (#646)
3ff0a2c Fixes #644 (#645)
e3dffd6 Update renovate configuration
aa35eb5 Delete renovate.json (#642)
3b1b77e add onboarding (#640)
03360ba Update renovate configuration
8a8dbec Tidy up the dependencies (#637)
3a4d09b Update all dependencies (#635)
6cde6b3 Disable cache in golangci job (#636)
1256f16 Fix lint and fail on error in the ci build
dbb9811 Add crypto and lint to the tools modules
244adc6 Update the github ci action to use cache and matrix strategy
df1249d Update install.sh with more installation options
af27673 Update README.md

v2.8.0

Changelog

9fc8e20 Add favicon for HTML template (#628)
91dae7f Update the design of HTML report
e72f54e Fix HTML template and display the gosec version
c3f25b8 fix html report tag styling (#623)
433a674 show nosec in html report summary (#621)
d040f07 Handle gosec version in SARIF report
51f7411 Add arm64 support (#618)
e7ac882 Update go version to 1.16 (#616)
3a9a6ad Sarif provide Snippet with Issue.Code
1325319 Create dependabot.yml (#614)
d8cfcd6 Allow the user to enable/disable colorisation of the text report in the stdout
a8b633f Adding stdout and verbose flags and refactor how the report is saved
103c429 Enable golangcli and improve testing for formatters
4df7f1c Fix typos, Go Report link and Gofmt
f4ea33d Update how the test coverage is generated
c4f5932 Refactor : Replace Cwe with cwe.Weakness
ddfa253 Define a report package with core and per format sub-packages
cc83d4c Generate the SARIF types, handle taxonomies and separate responsibilities
0fa5d0b Fix the go modules after updating to get the tests passing (#605)
3763953 Migrate sonar types in a dedicated package (#604)
b519743 chore(deps): update all dependencies (#599)
569328e Fix typos (#594)
0695fa0 Add -u to local install instructions (#595)
7f2308b Tidy up the moduels after updating (#593)
f21b0b8 chore(deps): update all dependencies (#592)
148e608 Adding KICS to USERS.md (#590)