Add Govulncheck as a new securityTest #546

fguisso · 2022-10-03T15:13:58Z

Motivation

Golang Security team has developed a new tool to detect vulnerable packages in Golang code and it will be a great addition to huskyCI analysis.

We have all the necessary code to run this scan!

A working container of Govulncheck that outputs a JSON after running the analysis in a particular folder. Similar to this to be uploaded to Docker Hub as huskyci/govulncheck:latest.
Add into config.yaml commands needed to run inside the securityTest container.
Adjust context.go to have the new Govulncheck securityTest configs.
Add new error messages related to Govulncheck in messagecodes.go.
Add a new file into securitytest package and adjust its logic to now handle Govulncheck output.
Add new code into client analysis package to print to STDOUT Govulncheck results.

Search how a particular securityTest work and apply the same logic (Ctrl + F + "bandit" will do 🙃).

The text was updated successfully, but these errors were encountered:

vitorduarte · 2022-10-04T23:24:17Z

config.yaml file doesn't seem to be available

fguisso · 2023-10-17T03:15:01Z

We are testing a more complete solution for SCA, probably we will drop this issue beside the implement anti on of osvscanner + cdxgen

fguisso added the hacktoberfest2022 https://opensource.globo.com/hacktoberfest label Oct 3, 2022