Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce gosec for Static Application Security Testing (SAST) #313

Merged
merged 2 commits into from
Oct 17, 2024

Conversation

MartinWeindel
Copy link
Member

What this PR does / why we need it:
This PR introduces gosec for Static Application Security Testing at Gardener and should replace other code scanners.

It uses the default ruleset of gosec from gardener/gardener as introduced in gardener/gardener#9959.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:

`gosec` was introduced for Static Application Security Testing (SAST).

@gardener-prow gardener-prow bot added do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. labels Oct 17, 2024
@gardener-prow gardener-prow bot requested a review from RaphaelVogel October 17, 2024 08:03
@gardener-prow gardener-prow bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 17, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Oct 17, 2024
@gardener-prow gardener-prow bot added the lgtm Indicates that a PR is ready to be merged. label Oct 17, 2024
Copy link

gardener-prow bot commented Oct 17, 2024

LGTM label has been added.

Git tree hash: 3e99ed504357a6fa8265227f323140ba11609e43

Copy link

gardener-prow bot commented Oct 17, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RaphaelVogel

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 17, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Oct 17, 2024
@MartinWeindel
Copy link
Member Author

/kind task

@gardener-prow gardener-prow bot added kind/task General task and removed do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Oct 17, 2024
@gardener-prow gardener-prow bot merged commit 88b6680 into master Oct 17, 2024
10 checks passed
@MartinWeindel MartinWeindel deleted the introduce-gosec branch October 17, 2024 11:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/task General task lgtm Indicates that a PR is ready to be merged. needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants