The CSM services/repositories are inspected for security vulnerabilities via gosec.

Every issue detected by gosec is mapped to a CWE (Common Weakness Enumeration) which describes in more generic terms the vulnerability. The exact mapping can be found at https://github.com/securego/gosec in the issue.go file. The list of rules checked by gosec can be found here.

In addition to this, there are various security checks that get executed against a branch when a pull request is created/updated. Please refer to pull request for more information.

Please report a vulnerability by opening an Issue in this repository.