| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Update to version 2.17.0: * Update cosign to version v2.1.1 (#1000) * Enable go 1.21.0 in the CI build (#998) * chore(deps): update all dependencies (#997) * Update to go version 1.20.7 and 1.19.12 (#993) * chore(deps): update all dependencies (#992) * chore(deps): update module github.com/onsi/gomega to v1.27.10 (#991) * fix: correctly identify infixed concats as potential SQL injections (#987) * chore(deps): update all dependencies (#989) * Add a new flag terse to show only the results and summary (#986) * Switch to a maintained fork of zxcvbn module (#984)
- Require go 1.20
- Update to version 2.16.0 * Update cosign to latest version in release Github action * chore(deps): update all dependencies * Update go version in build and release scripts * chore(deps): update all dependencies * Update Go version to 1.20.3 * chore(deps): update all dependencies * Fix for Dockerfile smell DL3059 * README: upgrade GitHub action in examples * enable ginkgolinter linter * chore(deps): update all dependencies * correct gci linter * remove deprecated linters * increase timeout to 5m * chore(deps): update all dependencies * Use the latest version * Fix some linting warnings * Fix lint warning * Bump the go versions and golanci * chore(deps): update all dependencies * Check nil pointer when variable is declared in a different file * fix dead link to issue.go in README.md * Remove rule G307 which checks when an error is not handled when a file or socket connection is closed * Fix rule index reference into sarif report * Bump golang.org/x/net from 0.6.0 to 0.7.0 * Format file * Use the gosec issue in the go analysers * Fix file formatting * Update Go version in CI builds * Fix method name in the comment * Extract the issue in its own package * Add support for Go analysis framework and SSA code representation * chore(deps): update all dependencies * Remove the version form ci github action * Pin github action to latest release version 2.15.0 * Revert the image tag in github action until a working solution is found * Fix version interpolation in github action image * Add gosec version as an input parameter to GitHub action * Update release build script
* Update to version 2.15.0 - Fix dependencies after renovate update - chore(deps): update all dependencies (#922) - Update to Go 1.20 and fix unit tests (#923) - Update Go to latest version (#920) - Update hardcoded_credentials.go fix: adaper equal expr which const value at left (#917) - Fix github latest URL (#918) - Fix github release url (#916) - chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 (#914) - Update Go version in CI script (#913) - Track back when a file path was sanitized with filepath.Clean (#912) - Fix the TLS config rule when parsing the settings from a variable (#911) - Fix build after updating the dependencies (#910) - chore(deps): update all dependencies (#909) - Fix dependencies after renovate update (#907) - chore(deps): update all dependencies (#906) - Update slack badge and link (#905) - Auto-detect TLS MinVersion integer base (#903) - Adding s390x support (#902) - chore(deps): update all dependencies (#904) - chore(deps): update all dependencies (#898) - Additional types for bad defer check (#897) - chore(deps): update all dependencies (#894) - chore(deps): update all dependencies (#892) - Update Go version in CI scripts (#889) - chore(deps): update all dependencies (#888) - Allow to override build date with SOURCE_DATE_EPOCH (#887) - chore(deps): update all dependencies (#886) - chore(deps): update all dependencies (#884) - fileperms: bitwise permission comparison (#883)
- Switch OBS source service from tar_scm to obs_scm.
* Embed version info with go build arg GIT_TAG="v%{version}"
* _service obs_scm switch from tar_scm
* _service obs_scm switch param revision (branch) to version (tag)
* _service tar set to buildtime
* _service recompress set to buildtime
* _service recompress change tar compression from gz to xz
* Update to versin 2.14.0 - Pin release build to Go version 1.19.2 (#882) - Refactor to support duplicate imports with different aliases (#865) - chore(deps): update all dependencies (#881) - go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880) - Update Go version to 1.19 in the makefile (#876) - chore(deps): update all dependencies (#875) - Add CWE-676 to cwe mapping (#874) - chore(deps): update all dependencies (#872) - Add a way to use private repositories on GitHub (#869) - chore(deps): update all dependencies (#868) - Check go version when installing govulncheck - Check go version when running govulncheck - Add vulncheck to the test steps - chore(deps): update all dependencies - Fix false positives for G404 with aliased packages - chore(deps): update all dependencies - chore(deps): update all dependencies - fix: add a CWE ID mapping to rule G114 - chore(deps): update golang.org/x/crypto digest to bc19a97
* Update to version 2.13.1 - fix: make sure that nil Cwe pointer is handled when getting the CWE ID - test: remove white spaces from template - fix: handle nil CWE pointer in text template * Update to version 2.13.0 - chore(deps): update dependency babel-standalone to v7 - chore: update module go to 1.19 - chore: fix lint warnings - chore: add support for Go 1.19 - fix: parsing of the Go version (#844) - Detect use of net/http functions that have no support for setting timeouts (#842) - Refactor SQL rules for better extensibility (#841) - chore(deps): update module golang.org/x/tools to v0.1.12 (#840) - Fix lint warning - Check the suppressed issues when generating the exit code - Fix for G402. Check package path instead of package name (#838) - fix G204 bugs (#835) - Phase out support for Go 1.16 since is not supported anymore by Go team (#837) - chore(deps): update all dependencies (#836) - chore(deps): update dependency highlight.js to v11.6.0 (#830) - fix: filepaths with git anywhere in them being erroneously excluded (#828) - Fix wrong location for G109 (#829) - chore(deps): update golang.org/x/crypto digest to 0559593 (#826) - fix ReadTimeout for G112 rule - Pin cosign-installer to v2 (#824) * Update to version 2.12.0 - chore(deps): update all dependencies (#822) - Add check for usage of Rat.SetString in math/big with an overflow error (#819) - Remove additional --update for apk in Dockerfile (#818) - Update x/tools to pick up fix for golang/go#51629 (#817) - chore(deps): update all dependencies (#816) - chore(deps): update all dependencies (#812) - chore(deps): update all dependencies (#811) - Add new rule for Slowloris Attack - Fix the dependencies after renovate upate (#806) - chore(deps): update all dependencies (#805) - Update the description message of template rule (#803) - Fix typo in ReadMe (#802) - Fix build after renovate update (#800) - Fix use rule IDs to retrieve the rule config - chore(deps): update all dependencies (#796)
* Update to version 2.11.0
- Enable Go 1.18 in the ci and release workflows
- Fix the lint action after upgrade (#790)
- chore(deps): update all dependencies (#789)
- Add a recursive flag -r to skip specifying ./... path
- Adds directory traversal for Http.Dir("/")
* Update to version 2.10.0: - Extend the release action to sign the docker image and binary files with cosign (#781) - feat: add concurrency option to parallelize package loading (#778) - chore(deps): update all dependencies - Process the code snippet before adding it to the SARIF report - Updated sponsor link in README.md - chore(deps): update golang.org/x/crypto commit hash to 30dcbda - chore(deps): update all dependencies - Use the CWE name as a name in the SARIF report - chore(deps): update all dependencies (#771) - Resolve the TLS min version when is declarted in the same package but in a different file - Add a test for tls min version defined in a different file - chore(deps): update all dependencies (#765)