securego/gosec (github.com/securego/gosec)
### [`v2.20.0`](https://togithub.com/securego/gosec/releases/tag/v2.20.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.19.0...v2.20.0)
#### Changelog
- [`6fbd381`](https://togithub.com/securego/gosec/commit/6fbd381) Catch os.ModePerm permissions in os.WriteFile
- [`dc5e5a9`](https://togithub.com/securego/gosec/commit/dc5e5a9) Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
- [`417a44c`](https://togithub.com/securego/gosec/commit/417a44c) Add filepath.EvalSymlinks to clean functions in rule G304
- [`d34f8b7`](https://togithub.com/securego/gosec/commit/d34f8b7) chore(deps): update all dependencies
- [`8658b8e`](https://togithub.com/securego/gosec/commit/8658b8e) Update Go to version 2.22.3 in CI and release
- [`d3b2359`](https://togithub.com/securego/gosec/commit/d3b2359) chore(deps): update module golang.org/x/text to v0.15.0
- [`cf29d54`](https://togithub.com/securego/gosec/commit/cf29d54) chore(deps): update all dependencies
- [`09d62bd`](https://togithub.com/securego/gosec/commit/09d62bd) chore(deps): update module github.com/onsi/gomega to v1.33.0
- [`3b23ec8`](https://togithub.com/securego/gosec/commit/3b23ec8) Update to go 1.22.2
- [`31009c3`](https://togithub.com/securego/gosec/commit/31009c3) chore(deps): update all dependencies
- [`daf6f67`](https://togithub.com/securego/gosec/commit/daf6f67) chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
- [`e27f442`](https://togithub.com/securego/gosec/commit/e27f442) chore(deps): update all dependencies
- [`5513615`](https://togithub.com/securego/gosec/commit/5513615) fix(helpers/goversion): get from go.mod
- [`43b8b75`](https://togithub.com/securego/gosec/commit/43b8b75) chore: fix function name
- [`accd7a1`](https://togithub.com/securego/gosec/commit/accd7a1) chore(deps): update all dependencies
- [`48aa72e`](https://togithub.com/securego/gosec/commit/48aa72e) Format the imports using the gci tool
- [`b6df69c`](https://togithub.com/securego/gosec/commit/b6df69c) Fixup: delete unused variable
- [`ccb0a08`](https://togithub.com/securego/gosec/commit/ccb0a08) Fix test: update test to comply with the spec of generated sources
- [`3a0ea51`](https://togithub.com/securego/gosec/commit/3a0ea51) Refactor: use standard function to check if a file is generated
- [`11c3252`](https://togithub.com/securego/gosec/commit/11c3252) Fix lint warnings
- [`be378e6`](https://togithub.com/securego/gosec/commit/be378e6) Add support for math/rand/v2 added in Go 1.22
- [`36878a9`](https://togithub.com/securego/gosec/commit/36878a9) Skip the G601 tests for Go version 1.22
- [`903c75b`](https://togithub.com/securego/gosec/commit/903c75b) Update go version to 1.22.1 and 1.21.8
- [`f25ccd9`](https://togithub.com/securego/gosec/commit/f25ccd9) Ignore 'implicit memory aliasing' rule for Go 1.22+
- [`582e91a`](https://togithub.com/securego/gosec/commit/582e91a) chore(deps): update all dependencies
- [`198a40c`](https://togithub.com/securego/gosec/commit/198a40c) chore(deps): update module golang.org/x/tools to v0.18.0
- [`c824a5d`](https://togithub.com/securego/gosec/commit/c824a5d) fix(hardcoded): remove duplicated `Stripe API Key`
- [`d13d7da`](https://togithub.com/securego/gosec/commit/d13d7da) Update gosec version to v2.19.0 in the Github action
### [`v2.19.0`](https://togithub.com/securego/gosec/releases/tag/v2.19.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.18.2...v2.19.0)
#### Changelog
- [`26e57d6`](https://togithub.com/securego/gosec/commit/26e57d6) Update CI to go version 1.22
- [`e60b8d8`](https://togithub.com/securego/gosec/commit/e60b8d8) chore(deps): update all dependencies
- [`1285eb7`](https://togithub.com/securego/gosec/commit/1285eb7) chore(deps): update all dependencies
- [`cf4ab3e`](https://togithub.com/securego/gosec/commit/cf4ab3e) chore(deps): update all dependencies
- [`277553c`](https://togithub.com/securego/gosec/commit/277553c) chore(deps): update all dependencies
- [`57ec76b`](https://togithub.com/securego/gosec/commit/57ec76b) chore(deps): update all dependencies
- [`8fa46c1`](https://togithub.com/securego/gosec/commit/8fa46c1) chore(deps): update dependency babel-standalone to v7.23.7
- [`53aa3f7`](https://togithub.com/securego/gosec/commit/53aa3f7) chore(deps): update module golang.org/x/crypto to v0.17.0 \[security]
- [`187adab`](https://togithub.com/securego/gosec/commit/187adab) chore(deps): update all dependencies
- [`e1f27ba`](https://togithub.com/securego/gosec/commit/e1f27ba) chore(deps): update actions/setup-go action to v5
- [`2aad3f0`](https://togithub.com/securego/gosec/commit/2aad3f0) Fix lint warnings by properly formatting the files
- [`0e2a618`](https://togithub.com/securego/gosec/commit/0e2a618) chore: Refactor Sample Code to Separate Files
- [`bc03d1c`](https://togithub.com/securego/gosec/commit/bc03d1c) Update go version to 1.21.5 and 1.20.12 ([#1084](https://togithub.com/securego/gosec/issues/1084))
- [`79a6b47`](https://togithub.com/securego/gosec/commit/79a6b47) chore(deps): update all dependencies ([#1080](https://togithub.com/securego/gosec/issues/1080))
- [`eb256a7`](https://togithub.com/securego/gosec/commit/eb256a7) Ignore the issues from generated files when using the analysis framework ([#1079](https://togithub.com/securego/gosec/issues/1079))
- [`43b7cbf`](https://togithub.com/securego/gosec/commit/43b7cbf) Update README with upload-sarif v2 ([#1078](https://togithub.com/securego/gosec/issues/1078))
- [`fece498`](https://togithub.com/securego/gosec/commit/fece498) chore(deps): update dependency babel-standalone to v7.23.4
- [`24c614b`](https://togithub.com/securego/gosec/commit/24c614b) Added ppc64le support
- [`c736581`](https://togithub.com/securego/gosec/commit/c736581) chore(deps): update all dependencies
- [`3188e3f`](https://togithub.com/securego/gosec/commit/3188e3f) Ensure ignores are handled properly for multi-line issues
- [`6d56592`](https://togithub.com/securego/gosec/commit/6d56592) Update Go to version 1.21.4 and 1.20.11
- [`870103b`](https://togithub.com/securego/gosec/commit/870103b) chore(deps): update module golang.org/x/text to v0.14.0
- [`b50e493`](https://togithub.com/securego/gosec/commit/b50e493) chore(deps): update all dependencies
- [`2f9965b`](https://togithub.com/securego/gosec/commit/2f9965b) Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
- [`fa1b74d`](https://togithub.com/securego/gosec/commit/fa1b74d) Avoid allocations with `(*regexp.Regexp).MatchString`
- [`64bbe90`](https://togithub.com/securego/gosec/commit/64bbe90) Fix some typos
- [`d9071e3`](https://togithub.com/securego/gosec/commit/d9071e3) Update local installation instructions by removing the details for Go 1.16
- [`5d837bc`](https://togithub.com/securego/gosec/commit/5d837bc) Update gosec version to 2.18.2 in the action
### [`v2.18.2`](https://togithub.com/securego/gosec/releases/tag/v2.18.2)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.18.1...v2.18.2)
#### Changelog
- [`55d7949`](https://togithub.com/securego/gosec/commit/55d7949) Disable dot-imports in revive linter
- [`4656817`](https://togithub.com/securego/gosec/commit/4656817) chore(deps): update module github.com/onsi/gomega to v1.28.1
- [`5567ac4`](https://togithub.com/securego/gosec/commit/5567ac4) Run the gosec with data race detector active during tests
- [`a239758`](https://togithub.com/securego/gosec/commit/a239758) Fix data race in the analyzer
- [`c06903a`](https://togithub.com/securego/gosec/commit/c06903a) Fix test that checks the overriden nosec directive
- [`bde2619`](https://togithub.com/securego/gosec/commit/bde2619) Clean global state in flgs tests
- [`e108c56`](https://togithub.com/securego/gosec/commit/e108c56) Format the file
- [`e298388`](https://togithub.com/securego/gosec/commit/e298388) Update README with details which describe the current behaviour of #nosec
- [`d8a6d35`](https://togithub.com/securego/gosec/commit/d8a6d35) Ensure the ignores are parsed before analysing the package
- [`7846db0`](https://togithub.com/securego/gosec/commit/7846db0) chore(deps): update all dependencies
- [`8e0cf8c`](https://togithub.com/securego/gosec/commit/8e0cf8c) Update gosec to version 2.18.1 in the action
- [`6b12a71`](https://togithub.com/securego/gosec/commit/6b12a71) Update cosign version to v2.2.0
### [`v2.18.1`](https://togithub.com/securego/gosec/releases/tag/v2.18.1)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.18.0...v2.18.1)
#### Changelog
- [`0ec6cd9`](https://togithub.com/securego/gosec/commit/0ec6cd9) Refactor how ignored issues are tracked
- [`f338a98`](https://togithub.com/securego/gosec/commit/f338a98) Restrict the maximum depth when tracking the slice bounds
- [`7e2d8d3`](https://togithub.com/securego/gosec/commit/7e2d8d3) Handle empty ssa results
- [`074353a`](https://togithub.com/securego/gosec/commit/074353a) Handle gracefully any panic that occurs when building the SSA representation of a package
- [`ec31a3a`](https://togithub.com/securego/gosec/commit/ec31a3a) Fix typo
- [`a11eb28`](https://togithub.com/securego/gosec/commit/a11eb28) Handle new function when getting the call info in case is overriden
- [`5b7867d`](https://togithub.com/securego/gosec/commit/5b7867d) Bump golang.org/x/net from 0.16.0 to 0.17.0 ([#1037](https://togithub.com/securego/gosec/issues/1037))
- [`dd08f99`](https://togithub.com/securego/gosec/commit/dd08f99) Update to Go 1.21.3 and 1.20.10 ([#1035](https://togithub.com/securego/gosec/issues/1035))
- [`616520f`](https://togithub.com/securego/gosec/commit/616520f) Update the list of unsafe functions detected by the unsafe rule ([#1033](https://togithub.com/securego/gosec/issues/1033))
- [`3952187`](https://togithub.com/securego/gosec/commit/3952187) Update the action to use gosec version v2.18.0 ([#1029](https://togithub.com/securego/gosec/issues/1029))
- [`2b62dd1`](https://togithub.com/securego/gosec/commit/2b62dd1) Use a step ID in github release action to get the digest of the image ([#1028](https://togithub.com/securego/gosec/issues/1028))
### [`v2.18.0`](https://togithub.com/securego/gosec/releases/tag/v2.18.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.17.0...v2.18.0)
#### Changelog
- [`53fc0c3`](https://togithub.com/securego/gosec/commit/53fc0c3) Update to go version 1.21.2 and 1.20.9 ([#1027](https://togithub.com/securego/gosec/issues/1027))
- [`7f7c47f`](https://togithub.com/securego/gosec/commit/7f7c47f) chore(deps): update all dependencies ([#1026](https://togithub.com/securego/gosec/issues/1026))
- [`d864a91`](https://togithub.com/securego/gosec/commit/d864a91) Enable gochecknoinits; fix lint issues; use consts for some vars ([#1022](https://togithub.com/securego/gosec/issues/1022))
- [`09cf6ef`](https://togithub.com/securego/gosec/commit/09cf6ef) Fix typos in struct fields, comments, and docs ([#1023](https://togithub.com/securego/gosec/issues/1023))
- [`665e87b`](https://togithub.com/securego/gosec/commit/665e87b) chore(deps): update all dependencies
- [`4def3a4`](https://togithub.com/securego/gosec/commit/4def3a4) Fix lint warning
- [`0d332a1`](https://togithub.com/securego/gosec/commit/0d332a1) Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
- [`293d887`](https://togithub.com/securego/gosec/commit/293d887) Fix lint warnings
- [`ac482cb`](https://togithub.com/securego/gosec/commit/ac482cb) Update ginkgo to latest version
- [`e02e2f6`](https://togithub.com/securego/gosec/commit/e02e2f6) Redesign and reimplement the slice out of bounds check using SSA code representation
- [`e1278f9`](https://togithub.com/securego/gosec/commit/e1278f9) docs: add reMarkable to users list
- [`f6a6496`](https://togithub.com/securego/gosec/commit/f6a6496) chore(deps): update all dependencies
- [`aebe20c`](https://togithub.com/securego/gosec/commit/aebe20c) Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
- [`7a98537`](https://togithub.com/securego/gosec/commit/7a98537) Update to latest go version
- [`b192f06`](https://togithub.com/securego/gosec/commit/b192f06) chore(deps): update all dependencies ([#1011](https://togithub.com/securego/gosec/issues/1011))
- [`6c93653`](https://togithub.com/securego/gosec/commit/6c93653) Fix hardcoded_credentials rule to only match on more specific patterns ([#1009](https://togithub.com/securego/gosec/issues/1009))
- [`325eb19`](https://togithub.com/securego/gosec/commit/325eb19) chore(deps): update all dependencies ([#1008](https://togithub.com/securego/gosec/issues/1008))
- [`beef125`](https://togithub.com/securego/gosec/commit/beef125) Exclude maps from slince bounce check rule ([#1006](https://togithub.com/securego/gosec/issues/1006))
- [`21d13c9`](https://togithub.com/securego/gosec/commit/21d13c9) Ignore struct pointers in G601 ([#1003](https://togithub.com/securego/gosec/issues/1003))
- [`85005c4`](https://togithub.com/securego/gosec/commit/85005c4) Update gosec image version to 2.17.0 in the Github action ([#1002](https://togithub.com/securego/gosec/issues/1002))
- [`6a2c5e1`](https://togithub.com/securego/gosec/commit/6a2c5e1) Update cosign to version v2.1.1 ([#1000](https://togithub.com/securego/gosec/issues/1000))
### [`v2.17.0`](https://togithub.com/securego/gosec/releases/tag/v2.17.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.16.0...v2.17.0)
#### Changelog
- [`a89e9d5`](https://togithub.com/securego/gosec/commit/a89e9d5) Enable go 1.21.0 in the CI build ([#998](https://togithub.com/securego/gosec/issues/998))
- [`4b458c4`](https://togithub.com/securego/gosec/commit/4b458c4) chore(deps): update all dependencies ([#997](https://togithub.com/securego/gosec/issues/997))
- [`7d51bfe`](https://togithub.com/securego/gosec/commit/7d51bfe) Update to go version 1.20.7 and 1.19.12 ([#993](https://togithub.com/securego/gosec/issues/993))
- [`fc2f66b`](https://togithub.com/securego/gosec/commit/fc2f66b) chore(deps): update all dependencies ([#992](https://togithub.com/securego/gosec/issues/992))
- [`2cf2f96`](https://togithub.com/securego/gosec/commit/2cf2f96) chore(deps): update module github.com/onsi/gomega to v1.27.10 ([#991](https://togithub.com/securego/gosec/issues/991))
- [`bf7feda`](https://togithub.com/securego/gosec/commit/bf7feda) fix: correctly identify infixed concats as potential SQL injections ([#987](https://togithub.com/securego/gosec/issues/987))
- [`2292ed5`](https://togithub.com/securego/gosec/commit/2292ed5) chore(deps): update all dependencies ([#989](https://togithub.com/securego/gosec/issues/989))
- [`fc570b6`](https://togithub.com/securego/gosec/commit/fc570b6) Add a new flag terse to show only the results and summary ([#986](https://togithub.com/securego/gosec/issues/986))
- [`36f6933`](https://togithub.com/securego/gosec/commit/36f6933) Switch to a maintained fork of zxcvbn module ([#984](https://togithub.com/securego/gosec/issues/984))
- [`ed7b334`](https://togithub.com/securego/gosec/commit/ed7b334) Fix dependencies after bot update ([#983](https://togithub.com/securego/gosec/issues/983))
- [`e76ad70`](https://togithub.com/securego/gosec/commit/e76ad70) chore(deps): update all dependencies ([#982](https://togithub.com/securego/gosec/issues/982))
- [`3a6fd99`](https://togithub.com/securego/gosec/commit/3a6fd99) Update to Go version 1.19.11 and 1.20.6 ([#981](https://togithub.com/securego/gosec/issues/981))
- [`ea39309`](https://togithub.com/securego/gosec/commit/ea39309) Fix and tidy the dependencies ([#977](https://togithub.com/securego/gosec/issues/977))
- [`ef8f560`](https://togithub.com/securego/gosec/commit/ef8f560) chore(deps): update all dependencies ([#976](https://togithub.com/securego/gosec/issues/976))
- [`17b7d31`](https://togithub.com/securego/gosec/commit/17b7d31) Update README file with new rule ([#975](https://togithub.com/securego/gosec/issues/975))
- [`a018cf0`](https://togithub.com/securego/gosec/commit/a018cf0) Feature: G602 Slice Bound Checking ([#973](https://togithub.com/securego/gosec/issues/973))
- [`82364a7`](https://togithub.com/securego/gosec/commit/82364a7) chore(deps): update all dependencies ([#974](https://togithub.com/securego/gosec/issues/974))
- [`abeab10`](https://togithub.com/securego/gosec/commit/abeab10) Feature: G101 match variable values and names ([#971](https://togithub.com/securego/gosec/issues/971))
- [`b824c10`](https://togithub.com/securego/gosec/commit/b824c10) Update build script to go version 1.20.5
- [`022584d`](https://togithub.com/securego/gosec/commit/022584d) chore(deps): update all dependencies
- [`bd58600`](https://togithub.com/securego/gosec/commit/bd58600) Recognize struct field in G601
- [`1457921`](https://togithub.com/securego/gosec/commit/1457921) Remove the depguard from the list of enabled linters
- [`1f68996`](https://togithub.com/securego/gosec/commit/1f68996) Fix typos in comments, vars and tests
- [`e148465`](https://togithub.com/securego/gosec/commit/e148465) chore(deps): update all dependencies
- [`9120883`](https://togithub.com/securego/gosec/commit/9120883) Fix no-sec alternative tag ([#962](https://togithub.com/securego/gosec/issues/962))
- [`87cc45e`](https://togithub.com/securego/gosec/commit/87cc45e) Use image digest instead of tag when signing the released image with cosign ([#960](https://togithub.com/securego/gosec/issues/960))
- [`6df05bd`](https://togithub.com/securego/gosec/commit/6df05bd) Update gosec image version to 2.16.0 in the Github action ([#959](https://togithub.com/securego/gosec/issues/959))
### [`v2.16.0`](https://togithub.com/securego/gosec/releases/tag/v2.16.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.15.0...v2.16.0)
#### Changelog
- [`c5ea1b7`](https://togithub.com/securego/gosec/commit/c5ea1b7) Update cosign to latest version in release Github action ([#958](https://togithub.com/securego/gosec/issues/958))
- [`8632a8c`](https://togithub.com/securego/gosec/commit/8632a8c) chore(deps): update all dependencies ([#956](https://togithub.com/securego/gosec/issues/956))
- [`ae3c2f7`](https://togithub.com/securego/gosec/commit/ae3c2f7) Update go version in build and release scripts ([#957](https://togithub.com/securego/gosec/issues/957))
- [`970cc29`](https://togithub.com/securego/gosec/commit/970cc29) chore(deps): update all dependencies ([#955](https://togithub.com/securego/gosec/issues/955))
- [`47bfd4e`](https://togithub.com/securego/gosec/commit/47bfd4e) Update Go version to 1.20.3 ([#953](https://togithub.com/securego/gosec/issues/953))
- [`440141a`](https://togithub.com/securego/gosec/commit/440141a) chore(deps): update all dependencies ([#952](https://togithub.com/securego/gosec/issues/952))
- [`7df7baa`](https://togithub.com/securego/gosec/commit/7df7baa) Fix for Dockerfile smell DL3059 ([#951](https://togithub.com/securego/gosec/issues/951))
- [`2ee3213`](https://togithub.com/securego/gosec/commit/2ee3213) README: upgrade GitHub action in examples ([#950](https://togithub.com/securego/gosec/issues/950))
- [`68b5201`](https://togithub.com/securego/gosec/commit/68b5201) enable ginkgolinter linter ([#948](https://togithub.com/securego/gosec/issues/948))
- [`780ebd0`](https://togithub.com/securego/gosec/commit/780ebd0) chore(deps): update all dependencies ([#947](https://togithub.com/securego/gosec/issues/947))
- [`d6aeaad`](https://togithub.com/securego/gosec/commit/d6aeaad) correct gci linter ([#946](https://togithub.com/securego/gosec/issues/946))
- [`73f0efc`](https://togithub.com/securego/gosec/commit/73f0efc) remove deprecated linters
- [`aef69b3`](https://togithub.com/securego/gosec/commit/aef69b3) increase timeout to 5m
- [`6bad723`](https://togithub.com/securego/gosec/commit/6bad723) chore(deps): update all dependencies
- [`96bb741`](https://togithub.com/securego/gosec/commit/96bb741) Use the latest version
- [`6a73248`](https://togithub.com/securego/gosec/commit/6a73248) Fix some linting warnings
- [`83fc5e6`](https://togithub.com/securego/gosec/commit/83fc5e6) Fix lint warning
- [`8e7cf4b`](https://togithub.com/securego/gosec/commit/8e7cf4b) Bump the go versions and golanci
- [`e7bfcd1`](https://togithub.com/securego/gosec/commit/e7bfcd1) chore(deps): update all dependencies ([#942](https://togithub.com/securego/gosec/issues/942))
- [`f823a7e`](https://togithub.com/securego/gosec/commit/f823a7e) Check nil pointer when variable is declared in a different file
- [`cdd3476`](https://togithub.com/securego/gosec/commit/cdd3476) fix dead link to issue.go in README.md ([#936](https://togithub.com/securego/gosec/issues/936))
- [`d5a9c73`](https://togithub.com/securego/gosec/commit/d5a9c73) Remove rule G307 which checks when an error is not handled when a file or socket connection is closed ([#935](https://togithub.com/securego/gosec/issues/935))
- [`27bf0e4`](https://togithub.com/securego/gosec/commit/27bf0e4) Fix rule index reference into sarif report ([#934](https://togithub.com/securego/gosec/issues/934))
- [`e7b896f`](https://togithub.com/securego/gosec/commit/e7b896f) Bump golang.org/x/net from 0.6.0 to 0.7.0
- [`4340efa`](https://togithub.com/securego/gosec/commit/4340efa) Format file
- [`f850069`](https://togithub.com/securego/gosec/commit/f850069) Use the gosec issue in the go analysers
- [`b1fd948`](https://togithub.com/securego/gosec/commit/b1fd948) Fix file formatting
- [`2071786`](https://togithub.com/securego/gosec/commit/2071786) Update Go version in CI builds
- [`1915717`](https://togithub.com/securego/gosec/commit/1915717) Fix method name in the comment
- [`de2c6a3`](https://togithub.com/securego/gosec/commit/de2c6a3) Extract the issue in its own package
- [`31e6327`](https://togithub.com/securego/gosec/commit/31e6327) Add support for Go analysis framework and SSA code representation
- [`e795d75`](https://togithub.com/securego/gosec/commit/e795d75) chore(deps): update all dependencies ([#931](https://togithub.com/securego/gosec/issues/931))
- [`8aa00db`](https://togithub.com/securego/gosec/commit/8aa00db) Remove the version form ci github action
- [`392e53c`](https://togithub.com/securego/gosec/commit/392e53c) Pin github action to latest release version 2.15.0
- [`ffe254e`](https://togithub.com/securego/gosec/commit/ffe254e) Revert the image tag in github action until a working solution is found
- [`a0eddfb`](https://togithub.com/securego/gosec/commit/a0eddfb) Fix version interpolation in github action image
- [`d22a7b6`](https://togithub.com/securego/gosec/commit/d22a7b6) Add gosec version as an input parameter to GitHub action ([#927](https://togithub.com/securego/gosec/issues/927))
- [`2d6b0a5`](https://togithub.com/securego/gosec/commit/2d6b0a5) Update release build script ([#924](https://togithub.com/securego/gosec/issues/924))
### [`v2.15.0`](https://togithub.com/securego/gosec/releases/tag/v2.15.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.14.0...v2.15.0)
#### Changelog
- [`a459eb0`](https://togithub.com/securego/gosec/commit/a459eb0) Fix dependencies after renovate update
- [`54f56c7`](https://togithub.com/securego/gosec/commit/54f56c7) chore(deps): update all dependencies ([#922](https://togithub.com/securego/gosec/issues/922))
- [`df14837`](https://togithub.com/securego/gosec/commit/df14837) Update to Go 1.20 and fix unit tests ([#923](https://togithub.com/securego/gosec/issues/923))
- [`b4270dd`](https://togithub.com/securego/gosec/commit/b4270dd) Update Go to latest version ([#920](https://togithub.com/securego/gosec/issues/920))
- [`a624254`](https://togithub.com/securego/gosec/commit/a624254) Update hardcoded_credentials.go fix: adaper equal expr which const value at left ([#917](https://togithub.com/securego/gosec/issues/917))
- [`9432e67`](https://togithub.com/securego/gosec/commit/9432e67) Fix github latest URL ([#918](https://togithub.com/securego/gosec/issues/918))
- [`e85e1a7`](https://togithub.com/securego/gosec/commit/e85e1a7) Fix github release url ([#916](https://togithub.com/securego/gosec/issues/916))
- [`7dcb8c7`](https://togithub.com/securego/gosec/commit/7dcb8c7) chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 ([#914](https://togithub.com/securego/gosec/issues/914))
- [`c5d217d`](https://togithub.com/securego/gosec/commit/c5d217d) Update Go version in CI script ([#913](https://togithub.com/securego/gosec/issues/913))
- [`5874e63`](https://togithub.com/securego/gosec/commit/5874e63) Track back when a file path was sanitized with filepath.Clean ([#912](https://togithub.com/securego/gosec/issues/912))
- [`fd28036`](https://togithub.com/securego/gosec/commit/fd28036) Fix the TLS config rule when parsing the settings from a variable ([#911](https://togithub.com/securego/gosec/issues/911))
- [`a522ae6`](https://togithub.com/securego/gosec/commit/a522ae6) Fix build after updating the dependencies ([#910](https://togithub.com/securego/gosec/issues/910))
- [`4cc97ad`](https://togithub.com/securego/gosec/commit/4cc97ad) chore(deps): update all dependencies ([#909](https://togithub.com/securego/gosec/issues/909))
- [`05a7bc5`](https://togithub.com/securego/gosec/commit/05a7bc5) Fix dependencies after renovate update ([#907](https://togithub.com/securego/gosec/issues/907))
- [`11898d5`](https://togithub.com/securego/gosec/commit/11898d5) chore(deps): update all dependencies ([#906](https://togithub.com/securego/gosec/issues/906))
- [`f9a8bf0`](https://togithub.com/securego/gosec/commit/f9a8bf0) Update slack badge and link ([#905](https://togithub.com/securego/gosec/issues/905))
- [`dabc7dc`](https://togithub.com/securego/gosec/commit/dabc7dc) Auto-detect TLS MinVersion integer base ([#903](https://togithub.com/securego/gosec/issues/903))
- [`c39bcdb`](https://togithub.com/securego/gosec/commit/c39bcdb) Adding s390x support ([#902](https://togithub.com/securego/gosec/issues/902))
- [`e06bbf9`](https://togithub.com/securego/gosec/commit/e06bbf9) chore(deps): update all dependencies ([#904](https://togithub.com/securego/gosec/issues/904))
- [`f79c584`](https://togithub.com/securego/gosec/commit/f79c584) chore(deps): update all dependencies ([#898](https://togithub.com/securego/gosec/issues/898))
- [`44f484f`](https://togithub.com/securego/gosec/commit/44f484f) Additional types for bad defer check ([#897](https://togithub.com/securego/gosec/issues/897))
- [`2fe6c5b`](https://togithub.com/securego/gosec/commit/2fe6c5b) chore(deps): update all dependencies ([#894](https://togithub.com/securego/gosec/issues/894))
- [`a0b7ebb`](https://togithub.com/securego/gosec/commit/a0b7ebb) chore(deps): update all dependencies ([#892](https://togithub.com/securego/gosec/issues/892))
- [`0acfbb4`](https://togithub.com/securego/gosec/commit/0acfbb4) Update Go version in CI scripts ([#889](https://togithub.com/securego/gosec/issues/889))
- [`6a964b2`](https://togithub.com/securego/gosec/commit/6a964b2) chore(deps): update all dependencies ([#888](https://togithub.com/securego/gosec/issues/888))
- [`a7ad827`](https://togithub.com/securego/gosec/commit/a7ad827) Allow to override build date with SOURCE_DATE_EPOCH ([#887](https://togithub.com/securego/gosec/issues/887))
- [`26f0389`](https://togithub.com/securego/gosec/commit/26f0389) chore(deps): update all dependencies ([#886](https://togithub.com/securego/gosec/issues/886))
- [`7f91d85`](https://togithub.com/securego/gosec/commit/7f91d85) chore(deps): update all dependencies ([#884](https://togithub.com/securego/gosec/issues/884))
- [`cf63541`](https://togithub.com/securego/gosec/commit/cf63541) fileperms: bitwise permission comparison ([#883](https://togithub.com/securego/gosec/issues/883))
### [`v2.14.0`](https://togithub.com/securego/gosec/releases/tag/v2.14.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.13.1...v2.14.0)
#### Changelog
- [`1af1d5b`](https://togithub.com/securego/gosec/commit/1af1d5b) Pin release build to Go version 1.19.2 ([#882](https://togithub.com/securego/gosec/issues/882))
- [`0ae0174`](https://togithub.com/securego/gosec/commit/0ae0174) Refactor to support duplicate imports with different aliases ([#865](https://togithub.com/securego/gosec/issues/865))
- [`a2719d3`](https://togithub.com/securego/gosec/commit/a2719d3) chore(deps): update all dependencies ([#881](https://togithub.com/securego/gosec/issues/881))
- [`ed38681`](https://togithub.com/securego/gosec/commit/ed38681) go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions ([#880](https://togithub.com/securego/gosec/issues/880))
- [`8466173`](https://togithub.com/securego/gosec/commit/8466173) Update Go version to 1.19 in the makefile ([#876](https://togithub.com/securego/gosec/issues/876))
- [`f9ad0d8`](https://togithub.com/securego/gosec/commit/f9ad0d8) chore(deps): update all dependencies ([#875](https://togithub.com/securego/gosec/issues/875))
- [`6cd9e62`](https://togithub.com/securego/gosec/commit/6cd9e62) Add CWE-676 to cwe mapping ([#874](https://togithub.com/securego/gosec/issues/874))
- [`bb4a1e3`](https://togithub.com/securego/gosec/commit/bb4a1e3) chore(deps): update all dependencies ([#872](https://togithub.com/securego/gosec/issues/872))
- [`7ea37bb`](https://togithub.com/securego/gosec/commit/7ea37bb) Add a way to use private repositories on GitHub ([#869](https://togithub.com/securego/gosec/issues/869))
- [`e244c81`](https://togithub.com/securego/gosec/commit/e244c81) chore(deps): update all dependencies ([#868](https://togithub.com/securego/gosec/issues/868))
- [`e9b2781`](https://togithub.com/securego/gosec/commit/e9b2781) Check go version when installing govulncheck
- [`88c23de`](https://togithub.com/securego/gosec/commit/88c23de) Check go version when running govulncheck
- [`84f6424`](https://togithub.com/securego/gosec/commit/84f6424) Add vulncheck to the test steps
- [`180fc23`](https://togithub.com/securego/gosec/commit/180fc23) chore(deps): update all dependencies
- [`dfde579`](https://togithub.com/securego/gosec/commit/dfde579) Fix false positives for G404 with aliased packages
- [`aaaf80c`](https://togithub.com/securego/gosec/commit/aaaf80c) chore(deps): update all dependencies
- [`ae58325`](https://togithub.com/securego/gosec/commit/ae58325) chore(deps): update all dependencies
- [`a892be9`](https://togithub.com/securego/gosec/commit/a892be9) fix: add a CWE ID mapping to rule G114
- [`a319b66`](https://togithub.com/securego/gosec/commit/a319b66) chore(deps): update golang.org/x/crypto digest to [`bc19a97`](https://togithub.com/securego/gosec/commit/bc19a97)
### [`v2.13.1`](https://togithub.com/securego/gosec/releases/tag/v2.13.1)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.13.0...v2.13.1)
#### Changelog
- [`19fa856`](https://togithub.com/securego/gosec/commit/19fa856) fix: make sure that nil Cwe pointer is handled when getting the CWE ID
- [`62fa4b4`](https://togithub.com/securego/gosec/commit/62fa4b4) test: remove white spaces from template
- [`074dc71`](https://togithub.com/securego/gosec/commit/074dc71) fix: handle nil CWE pointer in text template
### [`v2.13.0`](https://togithub.com/securego/gosec/releases/tag/v2.13.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.12.0...v2.13.0)
#### Changelog
- [`79a5b13`](https://togithub.com/securego/gosec/commit/79a5b13) chore(deps): update dependency babel-standalone to v7
- [`97f03d9`](https://togithub.com/securego/gosec/commit/97f03d9) chore: update module go to 1.19
- [`0ba05e1`](https://togithub.com/securego/gosec/commit/0ba05e1) chore: fix lint warnings
- [`d3933f9`](https://togithub.com/securego/gosec/commit/d3933f9) chore: add support for Go 1.19
- [`4e68fb5`](https://togithub.com/securego/gosec/commit/4e68fb5) fix: parsing of the Go version ([#844](https://togithub.com/securego/gosec/issues/844))
- [`0c8e63e`](https://togithub.com/securego/gosec/commit/0c8e63e) Detect use of net/http functions that have no support for setting timeouts ([#842](https://togithub.com/securego/gosec/issues/842))
- [`6a26c23`](https://togithub.com/securego/gosec/commit/6a26c23) Refactor SQL rules for better extensibility ([#841](https://togithub.com/securego/gosec/issues/841))
- [`1b0873a`](https://togithub.com/securego/gosec/commit/1b0873a) chore(deps): update module golang.org/x/tools to v0.1.12 ([#840](https://togithub.com/securego/gosec/issues/840))
- [`845483e`](https://togithub.com/securego/gosec/commit/845483e) Fix lint warning
- [`45bf9a6`](https://togithub.com/securego/gosec/commit/45bf9a6) Check the suppressed issues when generating the exit code
- [`a5982fb`](https://togithub.com/securego/gosec/commit/a5982fb) Fix for G402. Check package path instead of package name ([#838](https://togithub.com/securego/gosec/issues/838))
- [`ea6d49d`](https://togithub.com/securego/gosec/commit/ea6d49d) fix G204 bugs ([#835](https://togithub.com/securego/gosec/issues/835))
- [`21fcd2f`](https://togithub.com/securego/gosec/commit/21fcd2f) Phase out support for Go 1.16 since is not supported anymore by Go team ([#837](https://togithub.com/securego/gosec/issues/837))
- [`3cda47a`](https://togithub.com/securego/gosec/commit/3cda47a) chore(deps): update all dependencies ([#836](https://togithub.com/securego/gosec/issues/836))
- [`0212c83`](https://togithub.com/securego/gosec/commit/0212c83) chore(deps): update dependency highlight.js to v11.6.0 ([#830](https://togithub.com/securego/gosec/issues/830))
- [`9a25f4e`](https://togithub.com/securego/gosec/commit/9a25f4e) fix: filepaths with git anywhere in them being erroneously excluded ([#828](https://togithub.com/securego/gosec/issues/828))
- [`602ced7`](https://togithub.com/securego/gosec/commit/602ced7) Fix wrong location for G109 ([#829](https://togithub.com/securego/gosec/issues/829))
- [`7dd9ddd`](https://togithub.com/securego/gosec/commit/7dd9ddd) chore(deps): update golang.org/x/crypto digest to [`0559593`](https://togithub.com/securego/gosec/commit/0559593) ([#826](https://togithub.com/securego/gosec/issues/826))
- [`b0f3e78`](https://togithub.com/securego/gosec/commit/b0f3e78) fix ReadTimeout for G112 rule
- [`05f3ca8`](https://togithub.com/securego/gosec/commit/05f3ca8) Pin cosign-installer to `v2` ([#824](https://togithub.com/securego/gosec/issues/824))
### [`v2.12.0`](https://togithub.com/securego/gosec/releases/tag/v2.12.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.11.0...v2.12.0)
#### Changelog
- [`a9b0ef0`](https://togithub.com/securego/gosec/commit/a9b0ef0) chore(deps): update all dependencies ([#822](https://togithub.com/securego/gosec/issues/822))
- [`9c19cb6`](https://togithub.com/securego/gosec/commit/9c19cb6) Add check for usage of Rat.SetString in math/big with an overflow error ([#819](https://togithub.com/securego/gosec/issues/819))
- [`fb587c1`](https://togithub.com/securego/gosec/commit/fb587c1) Remove additional `--update` for apk in Dockerfile ([#818](https://togithub.com/securego/gosec/issues/818))
- [`c3ede62`](https://togithub.com/securego/gosec/commit/c3ede62) Update x/tools to pick up fix for [golang/go#51629](https://togithub.com/golang/go/issues/51629) ([#817](https://togithub.com/securego/gosec/issues/817))
- [`0a929c7`](https://togithub.com/securego/gosec/commit/0a929c7) chore(deps): update all dependencies ([#816](https://togithub.com/securego/gosec/issues/816))
- [`12be148`](https://togithub.com/securego/gosec/commit/12be148) chore(deps): update all dependencies ([#812](https://togithub.com/securego/gosec/issues/812))
- [`0dcc336`](https://togithub.com/securego/gosec/commit/0dcc336) chore(deps): update all dependencies ([#811](https://togithub.com/securego/gosec/issues/811))
- [`34d144b`](https://togithub.com/securego/gosec/commit/34d144b) Add new rule for Slowloris Attack
- [`a64cde5`](https://togithub.com/securego/gosec/commit/a64cde5) Fix the dependencies after renovate upate ([#806](https://togithub.com/securego/gosec/issues/806))
- [`b69c3d4`](https://togithub.com/securego/gosec/commit/b69c3d4) chore(deps): update all dependencies ([#805](https://togithub.com/securego/gosec/issues/805))
- [`89dfdc0`](https://togithub.com/securego/gosec/commit/89dfdc0) Update the description message of template rule ([#803](https://togithub.com/securego/gosec/issues/803))
- [`0791d31`](https://togithub.com/securego/gosec/commit/0791d31) Fix typo in ReadMe ([#802](https://togithub.com/securego/gosec/issues/802))
- [`2ef1d9a`](https://togithub.com/securego/gosec/commit/2ef1d9a) Fix build after renovate update ([#800](https://togithub.com/securego/gosec/issues/800))
- [`afc9903`](https://togithub.com/securego/gosec/commit/afc9903) Fix use rule IDs to retrieve the rule config
- [`82eaa12`](https://togithub.com/securego/gosec/commit/82eaa12) chore(deps): update all dependencies ([#796](https://togithub.com/securego/gosec/issues/796))
### [`v2.11.0`](https://togithub.com/securego/gosec/releases/tag/v2.11.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.10.0...v2.11.0)
#### Changelog
- [`607d607`](https://togithub.com/securego/gosec/commit/607d607) Enable Go 1.18 in the ci and release workflows
- [`b99b5f7`](https://togithub.com/securego/gosec/commit/b99b5f7) Fix the lint action after upgrade ([#790](https://togithub.com/securego/gosec/issues/790))
- [`8af0af7`](https://togithub.com/securego/gosec/commit/8af0af7) chore(deps): update all dependencies ([#789](https://togithub.com/securego/gosec/issues/789))
- [`ea5d31f`](https://togithub.com/securego/gosec/commit/ea5d31f) Add a recursive flag -r to skip specifying ./... path
- [`48bbf96`](https://togithub.com/securego/gosec/commit/48bbf96) Adds directory traversal for Http.Dir("/")
### [`v2.10.0`](https://togithub.com/securego/gosec/releases/tag/v2.10.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.9.6...v2.10.0)
#### Changelog
- [`26f10e0`](https://togithub.com/securego/gosec/commit/26f10e0) Extend the release action to sign the docker image and binary files with cosign ([#781](https://togithub.com/securego/gosec/issues/781))
- [`7d539ed`](https://togithub.com/securego/gosec/commit/7d539ed) feat: add concurrency option to parallelize package loading ([#778](https://togithub.com/securego/gosec/issues/778))
- [`43577ce`](https://togithub.com/securego/gosec/commit/43577ce) chore(deps): update all dependencies
- [`c0680bb`](https://togithub.com/securego/gosec/commit/c0680bb) Process the code snippet before adding it to the SARIF report
- [`db8d98b`](https://togithub.com/securego/gosec/commit/db8d98b) Updated sponsor link in README.md
- [`507f847`](https://togithub.com/securego/gosec/commit/507f847) chore(deps): update golang.org/x/crypto commit hash to [`30dcbda`](https://togithub.com/securego/gosec/commit/30dcbda)
- [`853e1d5`](https://togithub.com/securego/gosec/commit/853e1d5) chore(deps): update all dependencies
- [`09a2941`](https://togithub.com/securego/gosec/commit/09a2941) Use the CWE name as a name in the SARIF report
- [`9399e7b`](https://togithub.com/securego/gosec/commit/9399e7b) chore(deps): update all dependencies ([#771](https://togithub.com/securego/gosec/issues/771))
- [`2fad8a4`](https://togithub.com/securego/gosec/commit/2fad8a4) Resolve the TLS min version when is declarted in the same package but in a different file
- [`1fbcf10`](https://togithub.com/securego/gosec/commit/1fbcf10) Add a test for tls min version defined in a different file
- [`b12c0f6`](https://togithub.com/securego/gosec/commit/b12c0f6) chore(deps): update all dependencies ([#765](https://togithub.com/securego/gosec/issues/765))
### [`v2.9.6`](https://togithub.com/securego/gosec/releases/tag/v2.9.6)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.9.5...v2.9.6)
#### Changelog
- [`1d909e2`](https://togithub.com/securego/gosec/commit/1d909e2) Add db.Exec and db.Prepare to the sql rule ([#763](https://togithub.com/securego/gosec/issues/763))
- [`742aa84`](https://togithub.com/securego/gosec/commit/742aa84) chore(deps): update golang.org/x/crypto commit hash to [`5e0467b`](https://togithub.com/securego/gosec/commit/5e0467b) ([#764](https://togithub.com/securego/gosec/issues/764))
- [`7be6d4e`](https://togithub.com/securego/gosec/commit/7be6d4e) Add os.Create to the readfile rule ([#761](https://togithub.com/securego/gosec/issues/761))
- [`75cc7dc`](https://togithub.com/securego/gosec/commit/75cc7dc) Fix false negative for SQL injection when using DB.QueryRow.Scan() ([#759](https://togithub.com/securego/gosec/issues/759))
- [`58058af`](https://togithub.com/securego/gosec/commit/58058af) chore(deps): update dependency highlight.js to v11.4.0 ([#758](https://togithub.com/securego/gosec/issues/758))
- [`9d66b0d`](https://togithub.com/securego/gosec/commit/9d66b0d) Fix false negatives for SQL injection in multi-line queries
- [`4c1afaa`](https://togithub.com/securego/gosec/commit/4c1afaa) Find G303 with filepath.Join'd temp dirs ([#754](https://togithub.com/securego/gosec/issues/754))
- [`19bda8d`](https://togithub.com/securego/gosec/commit/19bda8d) Find more tempdirs
- [`827fca9`](https://togithub.com/securego/gosec/commit/827fca9) build(fmt): use `[` instead of `[[` ([#751](https://togithub.com/securego/gosec/issues/751))
- [`ad5d74d`](https://togithub.com/securego/gosec/commit/ad5d74d) Update to ginkgo v2 ([#753](https://togithub.com/securego/gosec/issues/753))
- [`72f1145`](https://togithub.com/securego/gosec/commit/72f1145) Fix [#743](https://togithub.com/securego/gosec/issues/743) ([#748](https://togithub.com/securego/gosec/issues/748))
- [`63a8e78`](https://togithub.com/securego/gosec/commit/63a8e78) Handle nil when looking up a file by position into a package ([#747](https://togithub.com/securego/gosec/issues/747))
- [`3038a30`](https://togithub.com/securego/gosec/commit/3038a30) Add in the config file settings for exclude and include options
- [`bf0dd2f`](https://togithub.com/securego/gosec/commit/bf0dd2f) chore(deps): update golang.org/x/crypto commit hash to [`e495a2d`](https://togithub.com/securego/gosec/commit/e495a2d) ([#745](https://togithub.com/securego/gosec/issues/745))
- [`2d1c1a6`](https://togithub.com/securego/gosec/commit/2d1c1a6) Track both #nosec and #nosec rulelist for one violation ([#741](https://togithub.com/securego/gosec/issues/741))
- [`e0f354a`](https://togithub.com/securego/gosec/commit/e0f354a) Add the sponsors section in the README file ([#740](https://togithub.com/securego/gosec/issues/740))
- [`d23ab2d`](https://togithub.com/securego/gosec/commit/d23ab2d) Remove space between `//` and `#nosec` in examples and internal use
### [`v2.9.5`](https://togithub.com/securego/gosec/releases/tag/v2.9.5)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.9.4...v2.9.5)
#### Changelog
- [`35af340`](https://togithub.com/securego/gosec/commit/35af340) Fix [#736](https://togithub.com/securego/gosec/issues/736) ([#738](https://togithub.com/securego/gosec/issues/738))
- [`6c0b344`](https://togithub.com/securego/gosec/commit/6c0b344) chore(deps): update golang.org/x/crypto commit hash to [`4570a08`](https://togithub.com/securego/gosec/commit/4570a08) ([#737](https://togithub.com/securego/gosec/issues/737))
### [`v2.9.4`](https://togithub.com/securego/gosec/releases/tag/v2.9.4)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.9.3...v2.9.4)
#### Changelog
- [`b45f95f`](https://togithub.com/securego/gosec/commit/b45f95f) Add support for suppressing the findings
- [`040327f`](https://togithub.com/securego/gosec/commit/040327f) chore(deps): update all dependencies ([#734](https://togithub.com/securego/gosec/issues/734))
### [`v2.9.3`](https://togithub.com/securego/gosec/releases/tag/v2.9.3)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.9.2...v2.9.3)
#### Changelog
[`6a41fb9`](https://togithub.com/securego/gosec/commit/6a41fb9) Fix [https://github.com/securego/gosec/issues/714](https://togithub.com/securego/gosec/issues/714) ([#733](https://togithub.com/securego/gosec/issues/733))
[`c95e9c2`](https://togithub.com/securego/gosec/commit/c95e9c2) chore(deps): update all dependencies ([#731](https://togithub.com/securego/gosec/issues/731))
### [`v2.9.2`](https://togithub.com/securego/gosec/releases/tag/v2.9.2)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.9.1...v2.9.2)
#### Changelog
[`e57efa8`](https://togithub.com/securego/gosec/commit/e57efa8) Fix a panic in suproc rule when the declaration of the variable is not available in the AST ([#728](https://togithub.com/securego/gosec/issues/728))
[`ff17c30`](https://togithub.com/securego/gosec/commit/ff17c30) Use go embed for templates ([#725](https://togithub.com/securego/gosec/issues/725))
[`3eba7b8`](https://togithub.com/securego/gosec/commit/3eba7b8) add openssh to docker image ([#719](https://togithub.com/securego/gosec/issues/719))
[`55c6cea`](https://togithub.com/securego/gosec/commit/55c6cea) Fix crash when parsing the TLS min version value ([#724](https://togithub.com/securego/gosec/issues/724))
[`40fa36d`](https://togithub.com/securego/gosec/commit/40fa36d) G303: catch with os.WriteFile, add os.Create test case ([#718](https://togithub.com/securego/gosec/issues/718))
[`873ac24`](https://togithub.com/securego/gosec/commit/873ac24) chore(deps): update all dependencies ([#722](https://togithub.com/securego/gosec/issues/722))
[`f1f0056`](https://togithub.com/securego/gosec/commit/f1f0056) Spelling fixes ([#717](https://togithub.com/securego/gosec/issues/717))
[`0680c75`](https://togithub.com/securego/gosec/commit/0680c75) chore(deps): update all dependencies ([#716](https://togithub.com/securego/gosec/issues/716))
[`79c8b79`](https://togithub.com/securego/gosec/commit/79c8b79) use a better naming for the variable ([#715](https://togithub.com/securego/gosec/issues/715))
### [`v2.9.1`](https://togithub.com/securego/gosec/releases/tag/v2.9.1)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.9.0...v2.9.1)
#### Changelog
[`6921395`](https://togithub.com/securego/gosec/commit/6921395) Fix the SBOM generation step in the release action ([#712](https://togithub.com/securego/gosec/issues/712))
[`5a3a27a`](https://togithub.com/securego/gosec/commit/5a3a27a) Phase out support for go version 1.15 because current ginko is not backward compatible ([#710](https://togithub.com/securego/gosec/issues/710))
### [`v2.9.0`](https://togithub.com/securego/gosec/compare/v2.8.1...v2.9.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.8.1...v2.9.0)
### [`v2.8.1`](https://togithub.com/securego/gosec/releases/tag/v2.8.1)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.8.0...v2.8.1)
#### Changelog
[`3f800cc`](https://togithub.com/securego/gosec/commit/3f800cc) Fix the unit tests ([#652](https://togithub.com/securego/gosec/issues/652))
[`df10b65`](https://togithub.com/securego/gosec/commit/df10b65) Fix gosimple lint warning ([#651](https://togithub.com/securego/gosec/issues/651))
[`731d0d5`](https://togithub.com/securego/gosec/commit/731d0d5) Results must always be present in the SARIF report ([#650](https://togithub.com/securego/gosec/issues/650))
[`3c230ac`](https://togithub.com/securego/gosec/commit/3c230ac) errors.go: add Hash.Write() to the white list. ([#648](https://togithub.com/securego/gosec/issues/648))
[`e72b1e5`](https://togithub.com/securego/gosec/commit/e72b1e5) Use of vars instead of func
[`c81cff0`](https://togithub.com/securego/gosec/commit/c81cff0) Update all dependencies ([#646](https://togithub.com/securego/gosec/issues/646))
[`3ff0a2c`](https://togithub.com/securego/gosec/commit/3ff0a2c) Fixes [#644](https://togithub.com/securego/gosec/issues/644) ([#645](https://togithub.com/securego/gosec/issues/645))
[`e3dffd6`](https://togithub.com/securego/gosec/commit/e3dffd6) Update renovate configuration
[`aa35eb5`](https://togithub.com/securego/gosec/commit/aa35eb5) Delete renovate.json ([#642](https://togithub.com/securego/gosec/issues/642))
[`3b1b77e`](https://togithub.com/securego/gosec/commit/3b1b77e) add onboarding ([#640](https://togithub.com/securego/gosec/issues/640))
[`03360ba`](https://togithub.com/securego/gosec/commit/03360ba) Update renovate configuration
[`8a8dbec`](https://togithub.com/securego/gosec/commit/8a8dbec) Tidy up the dependencies ([#637](https://togithub.com/securego/gosec/issues/637))
[`3a4d09b`](https://togithub.com/securego/gosec/commit/3a4d09b) Update all dependencies ([#635](https://togithub.com/securego/gosec/issues/635))
[`6cde6b3`](https://togithub.com/securego/gosec/commit/6cde6b3) Disable cache in golangci job ([#636](https://togithub.com/securego/gosec/issues/636))
[`1256f16`](https://togithub.com/securego/gosec/commit/1256f16) Fix lint and fail on error in the ci build
[`dbb9811`](https://togithub.com/securego/gosec/commit/dbb9811) Add crypto and lint to the tools modules
[`244adc6`](https://togithub.com/securego/gosec/commit/244adc6) Update the github ci action to use cache and matrix strategy
[`df1249d`](https://togithub.com/securego/gosec/commit/df1249d) Update install.sh with more installation options
[`af27673`](https://togithub.com/securego/gosec/commit/af27673) Update README.md
### [`v2.8.0`](https://togithub.com/securego/gosec/releases/tag/v2.8.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.7.0...v2.8.0)
#### Changelog
[`9fc8e20`](https://togithub.com/securego/gosec/commit/9fc8e20) Add favicon for HTML template ([#628](https://togithub.com/securego/gosec/issues/628))
[`91dae7f`](https://togithub.com/securego/gosec/commit/91dae7f) Update the design of HTML report
[`e72f54e`](https://togithub.com/securego/gosec/commit/e72f54e) Fix HTML template and display the gosec version
[`c3f25b8`](https://togithub.com/securego/gosec/commit/c3f25b8) fix html report tag styling ([#623](https://togithub.com/securego/gosec/issues/623))
[`433a674`](https://togithub.com/securego/gosec/commit/433a674) show nosec in html report summary ([#621](https://togithub.com/securego/gosec/issues/621))
[`d040f07`](https://togithub.com/securego/gosec/commit/d040f07) Handle gosec version in SARIF report
[`51f7411`](https://togithub.com/securego/gosec/commit/51f7411) Add arm64 support ([#618](https://togithub.com/securego/gosec/issues/618))
[`e7ac882`](https://togithub.com/securego/gosec/commit/e7ac882) Update go version to 1.16 ([#616](https://togithub.com/securego/gosec/issues/616))
[`3a9a6ad`](https://togithub.com/securego/gosec/commit/3a9a6ad) Sarif provide Snippet with Issue.Code
[`1325319`](https://togithub.com/securego/gosec/commit/1325319) Create dependabot.yml ([#614](https://togithub.com/securego/gosec/issues/614))
[`d8cfcd6`](https://togithub.com/securego/gosec/commit/d8cfcd6) Allow the user to enable/disable colorisation of the text report in the stdout
[`a8b633f`](https://togithub.com/securego/gosec/commit/a8b633f) Adding stdout and verbose flags and refactor how the report is saved
[`103c429`](https://togithub.com/securego/gosec/commit/103c429) Enable golangcli and improve testing for formatters
[`4df7f1c`](https://togithub.com/securego/gosec/commit/4df7f1c) Fix typos, Go Report link and Gofmt
[`f4ea33d`](https://togithub.com/securego/gosec/commit/f4ea33d) Update how the test coverage is generated
[`c4f5932`](https://togithub.com/securego/gosec/commit/c4f5932) Refactor : Replace Cwe with cwe.Weakness
[`ddfa253`](https://togithub.com/securego/gosec/commit/ddfa253) Define a report package with core and per format sub-packages
[`cc83d4c`](https://togithub.com/securego/gosec/commit/cc83d4c) Generate the SARIF types, handle taxonomies and separate responsibilities
[`0fa5d0b`](https://togithub.com/securego/gosec/commit/0fa5d0b) Fix the go modules after updating to get the tests passing ([#605](https://togithub.com/securego/gosec/issues/605))
[`3763953`](https://togithub.com/securego/gosec/commit/3763953) Migrate sonar types in a dedicated package ([#604](https://togithub.com/securego/gosec/issues/604))
[`b519743`](https://togithub.com/securego/gosec/commit/b519743) chore(deps): update all dependencies ([#599](https://togithub.com/securego/gosec/issues/599))
[`569328e`](https://togithub.com/securego/gosec/commit/569328e) Fix typos ([#594](https://togithub.com/securego/gosec/issues/594))
[`0695fa0`](https://togithub.com/securego/gosec/commit/0695fa0) Add `-u` to local install instructions ([#595](https://togithub.com/securego/gosec/issues/595))
[`7f2308b`](https://togithub.com/securego/gosec/commit/7f2308b) Tidy up the moduels after updating ([#593](https://togithub.com/securego/gosec/issues/593))
[`f21b0b8`](https://togithub.com/securego/gosec/commit/f21b0b8) chore(deps): update all dependencies ([#592](https://togithub.com/securego/gosec/issues/592))
[`148e608`](https://togithub.com/securego/gosec/commit/148e608) Adding KICS to USERS.md ([#590](https://togithub.com/securego/gosec/issues/590))
### [`v2.7.0`](https://togithub.com/securego/gosec/releases/tag/v2.7.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.6.1...v2.7.0)
#### Changelog
[`27a5ffb`](https://togithub.com/securego/gosec/commit/27a5ffb) Quiet warnings about integer truncation ([#586](https://togithub.com/securego/gosec/issues/586))
[`bf2cd23`](https://togithub.com/securego/gosec/commit/bf2cd23) Update all dependencies ([#585](https://togithub.com/securego/gosec/issues/585))
[`01ee764`](https://togithub.com/securego/gosec/commit/01ee764) Fix typo in USERS.md ([#583](https://togithub.com/securego/gosec/issues/583))
[`9c047e3`](https://togithub.com/securego/gosec/commit/9c047e3) Add support for Go 1.16 in the CI and release workflows ([#581](https://togithub.com/securego/gosec/issues/581))
[`1fce461`](https://togithub.com/securego/gosec/commit/1fce461) fix: WriteParams rule to work also with golang 1.16 ([#577](https://togithub.com/securego/gosec/issues/577))
[`dcbcc4d`](https://togithub.com/securego/gosec/commit/dcbcc4d) Use a more generic path for sonarqube import path ([#573](https://togithub.com/securego/gosec/issues/573))
[`2777e50`](https://togithub.com/securego/gosec/commit/2777e50) Update README with a note which describes how to import a SonarQube report ([#572](https://togithub.com/securego/gosec/issues/572))
[`897c203`](https://togithub.com/securego/gosec/commit/897c203) Reset the state of TLS rule after each version check ([#570](https://togithub.com/securego/gosec/issues/570))
[`6c57ae1`](https://togithub.com/securego/gosec/commit/6c57ae1) Fix sarif formatting issues ([#565](https://togithub.com/securego/gosec/issues/565))
[`b6524ce`](https://togithub.com/securego/gosec/commit/b6524ce) Update all dependencies
### [`v2.6.1`](https://togithub.com/securego/gosec/releases/tag/v2.6.1)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.6.0...v2.6.1)
#### Changelog
[`00bbbd8`](https://togithub.com/securego/gosec/commit/00bbbd8) Fix the release workflow to allow unsecure commands
### [`v2.6.0`](https://togithub.com/securego/gosec/compare/v2.5.0...v2.6.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.5.0...v2.6.0)
### [`v2.5.0`](https://togithub.com/securego/gosec/releases/tag/v2.5.0)
[Compare Source](https://togithub.com/securego/gosec/compare/v2.4.0...v2.5.0)
#### Changelog
[`a4746e1`](https://togithub.com/securego/gosec/commit/a4746e1) Update all dependencies ([#533](https://togithub.com/securego/gosec/issues/533))
[`6bd6e4b`](https://togithub.com/securego/gosec/commit/6bd6e4b) Use $(go env GOPATH) that works even when GOPATH is not set
[`aef335a`](https://togithub.com/securego/gosec/commit/aef335a) Fix typo in README.md
[`0ce48a5`](https://togithub.com/securego/gosec/commit/0ce48a5) Reproducible junit report ([#529](https://togithub.com/securego/gosec/issues/529))
[`868556b`](https://togithub.com/securego/gosec/commit/868556b) Update README with the correct path to tlsconfig command
[`13519fd`](https://togithub.com/securego/gosec/commit/13519fd) Update the tls configuration generate to handle also the NSS alternative names
[`e351067`](https://togithub.com/securego/gosec/commit/e351067) Update all dependencies
[`166e4f5`](https://togithub.com/securego/gosec/commit/166e4f5) Update README file with some more details required to run successfully a scan with the docker image
[`f5cc32a`](https://togithub.com/securego/gosec/commit/f5cc32a) Update the Go version to 1.15 in the Makefile
[`ea0fa28`](https://togithub.com/securego/gosec/commit/ea0fa28) Update the Github go action version to 1.6.0
[`feea8bb`](https://togithub.com/securego/gosec/commit/feea8bb) Fix the action tag
[`6688a97`](https://togithub.com/securego/gosec/commit/6688a97) Fix the github action for Go 1.15
[`7234349`](https://togithub.com/securego/gosec/commit/7234349) Add Go 1.15 to the supported version and phase out the Go 1.12
[`a3895d5`](https://togithub.com/securego/gosec/commit/a3895d5) Fix typo in README file
[`17c9555`](https://togithub.com/securego/gosec/commit/17c9555) Incorrect local installation instructions for v2
[`f13b8bc`](https://togithub.com/securego/gosec/commit/f13b8bc) Add also filepath.Rel as a sanitization method for input argument in the G304 ru
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v0.0.0-20200401082031-e946c8c39989
->v2.20.0
Release Notes
securego/gosec (github.com/securego/gosec)
### [`v2.20.0`](https://togithub.com/securego/gosec/releases/tag/v2.20.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.19.0...v2.20.0) #### Changelog - [`6fbd381`](https://togithub.com/securego/gosec/commit/6fbd381) Catch os.ModePerm permissions in os.WriteFile - [`dc5e5a9`](https://togithub.com/securego/gosec/commit/dc5e5a9) Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions - [`417a44c`](https://togithub.com/securego/gosec/commit/417a44c) Add filepath.EvalSymlinks to clean functions in rule G304 - [`d34f8b7`](https://togithub.com/securego/gosec/commit/d34f8b7) chore(deps): update all dependencies - [`8658b8e`](https://togithub.com/securego/gosec/commit/8658b8e) Update Go to version 2.22.3 in CI and release - [`d3b2359`](https://togithub.com/securego/gosec/commit/d3b2359) chore(deps): update module golang.org/x/text to v0.15.0 - [`cf29d54`](https://togithub.com/securego/gosec/commit/cf29d54) chore(deps): update all dependencies - [`09d62bd`](https://togithub.com/securego/gosec/commit/09d62bd) chore(deps): update module github.com/onsi/gomega to v1.33.0 - [`3b23ec8`](https://togithub.com/securego/gosec/commit/3b23ec8) Update to go 1.22.2 - [`31009c3`](https://togithub.com/securego/gosec/commit/31009c3) chore(deps): update all dependencies - [`daf6f67`](https://togithub.com/securego/gosec/commit/daf6f67) chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 - [`e27f442`](https://togithub.com/securego/gosec/commit/e27f442) chore(deps): update all dependencies - [`5513615`](https://togithub.com/securego/gosec/commit/5513615) fix(helpers/goversion): get from go.mod - [`43b8b75`](https://togithub.com/securego/gosec/commit/43b8b75) chore: fix function name - [`accd7a1`](https://togithub.com/securego/gosec/commit/accd7a1) chore(deps): update all dependencies - [`48aa72e`](https://togithub.com/securego/gosec/commit/48aa72e) Format the imports using the gci tool - [`b6df69c`](https://togithub.com/securego/gosec/commit/b6df69c) Fixup: delete unused variable - [`ccb0a08`](https://togithub.com/securego/gosec/commit/ccb0a08) Fix test: update test to comply with the spec of generated sources - [`3a0ea51`](https://togithub.com/securego/gosec/commit/3a0ea51) Refactor: use standard function to check if a file is generated - [`11c3252`](https://togithub.com/securego/gosec/commit/11c3252) Fix lint warnings - [`be378e6`](https://togithub.com/securego/gosec/commit/be378e6) Add support for math/rand/v2 added in Go 1.22 - [`36878a9`](https://togithub.com/securego/gosec/commit/36878a9) Skip the G601 tests for Go version 1.22 - [`903c75b`](https://togithub.com/securego/gosec/commit/903c75b) Update go version to 1.22.1 and 1.21.8 - [`f25ccd9`](https://togithub.com/securego/gosec/commit/f25ccd9) Ignore 'implicit memory aliasing' rule for Go 1.22+ - [`582e91a`](https://togithub.com/securego/gosec/commit/582e91a) chore(deps): update all dependencies - [`198a40c`](https://togithub.com/securego/gosec/commit/198a40c) chore(deps): update module golang.org/x/tools to v0.18.0 - [`c824a5d`](https://togithub.com/securego/gosec/commit/c824a5d) fix(hardcoded): remove duplicated `Stripe API Key` - [`d13d7da`](https://togithub.com/securego/gosec/commit/d13d7da) Update gosec version to v2.19.0 in the Github action ### [`v2.19.0`](https://togithub.com/securego/gosec/releases/tag/v2.19.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.18.2...v2.19.0) #### Changelog - [`26e57d6`](https://togithub.com/securego/gosec/commit/26e57d6) Update CI to go version 1.22 - [`e60b8d8`](https://togithub.com/securego/gosec/commit/e60b8d8) chore(deps): update all dependencies - [`1285eb7`](https://togithub.com/securego/gosec/commit/1285eb7) chore(deps): update all dependencies - [`cf4ab3e`](https://togithub.com/securego/gosec/commit/cf4ab3e) chore(deps): update all dependencies - [`277553c`](https://togithub.com/securego/gosec/commit/277553c) chore(deps): update all dependencies - [`57ec76b`](https://togithub.com/securego/gosec/commit/57ec76b) chore(deps): update all dependencies - [`8fa46c1`](https://togithub.com/securego/gosec/commit/8fa46c1) chore(deps): update dependency babel-standalone to v7.23.7 - [`53aa3f7`](https://togithub.com/securego/gosec/commit/53aa3f7) chore(deps): update module golang.org/x/crypto to v0.17.0 \[security] - [`187adab`](https://togithub.com/securego/gosec/commit/187adab) chore(deps): update all dependencies - [`e1f27ba`](https://togithub.com/securego/gosec/commit/e1f27ba) chore(deps): update actions/setup-go action to v5 - [`2aad3f0`](https://togithub.com/securego/gosec/commit/2aad3f0) Fix lint warnings by properly formatting the files - [`0e2a618`](https://togithub.com/securego/gosec/commit/0e2a618) chore: Refactor Sample Code to Separate Files - [`bc03d1c`](https://togithub.com/securego/gosec/commit/bc03d1c) Update go version to 1.21.5 and 1.20.12 ([#1084](https://togithub.com/securego/gosec/issues/1084)) - [`79a6b47`](https://togithub.com/securego/gosec/commit/79a6b47) chore(deps): update all dependencies ([#1080](https://togithub.com/securego/gosec/issues/1080)) - [`eb256a7`](https://togithub.com/securego/gosec/commit/eb256a7) Ignore the issues from generated files when using the analysis framework ([#1079](https://togithub.com/securego/gosec/issues/1079)) - [`43b7cbf`](https://togithub.com/securego/gosec/commit/43b7cbf) Update README with upload-sarif v2 ([#1078](https://togithub.com/securego/gosec/issues/1078)) - [`fece498`](https://togithub.com/securego/gosec/commit/fece498) chore(deps): update dependency babel-standalone to v7.23.4 - [`24c614b`](https://togithub.com/securego/gosec/commit/24c614b) Added ppc64le support - [`c736581`](https://togithub.com/securego/gosec/commit/c736581) chore(deps): update all dependencies - [`3188e3f`](https://togithub.com/securego/gosec/commit/3188e3f) Ensure ignores are handled properly for multi-line issues - [`6d56592`](https://togithub.com/securego/gosec/commit/6d56592) Update Go to version 1.21.4 and 1.20.11 - [`870103b`](https://togithub.com/securego/gosec/commit/870103b) chore(deps): update module golang.org/x/text to v0.14.0 - [`b50e493`](https://togithub.com/securego/gosec/commit/b50e493) chore(deps): update all dependencies - [`2f9965b`](https://togithub.com/securego/gosec/commit/2f9965b) Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM - [`fa1b74d`](https://togithub.com/securego/gosec/commit/fa1b74d) Avoid allocations with `(*regexp.Regexp).MatchString` - [`64bbe90`](https://togithub.com/securego/gosec/commit/64bbe90) Fix some typos - [`d9071e3`](https://togithub.com/securego/gosec/commit/d9071e3) Update local installation instructions by removing the details for Go 1.16 - [`5d837bc`](https://togithub.com/securego/gosec/commit/5d837bc) Update gosec version to 2.18.2 in the action ### [`v2.18.2`](https://togithub.com/securego/gosec/releases/tag/v2.18.2) [Compare Source](https://togithub.com/securego/gosec/compare/v2.18.1...v2.18.2) #### Changelog - [`55d7949`](https://togithub.com/securego/gosec/commit/55d7949) Disable dot-imports in revive linter - [`4656817`](https://togithub.com/securego/gosec/commit/4656817) chore(deps): update module github.com/onsi/gomega to v1.28.1 - [`5567ac4`](https://togithub.com/securego/gosec/commit/5567ac4) Run the gosec with data race detector active during tests - [`a239758`](https://togithub.com/securego/gosec/commit/a239758) Fix data race in the analyzer - [`c06903a`](https://togithub.com/securego/gosec/commit/c06903a) Fix test that checks the overriden nosec directive - [`bde2619`](https://togithub.com/securego/gosec/commit/bde2619) Clean global state in flgs tests - [`e108c56`](https://togithub.com/securego/gosec/commit/e108c56) Format the file - [`e298388`](https://togithub.com/securego/gosec/commit/e298388) Update README with details which describe the current behaviour of #nosec - [`d8a6d35`](https://togithub.com/securego/gosec/commit/d8a6d35) Ensure the ignores are parsed before analysing the package - [`7846db0`](https://togithub.com/securego/gosec/commit/7846db0) chore(deps): update all dependencies - [`8e0cf8c`](https://togithub.com/securego/gosec/commit/8e0cf8c) Update gosec to version 2.18.1 in the action - [`6b12a71`](https://togithub.com/securego/gosec/commit/6b12a71) Update cosign version to v2.2.0 ### [`v2.18.1`](https://togithub.com/securego/gosec/releases/tag/v2.18.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.18.0...v2.18.1) #### Changelog - [`0ec6cd9`](https://togithub.com/securego/gosec/commit/0ec6cd9) Refactor how ignored issues are tracked - [`f338a98`](https://togithub.com/securego/gosec/commit/f338a98) Restrict the maximum depth when tracking the slice bounds - [`7e2d8d3`](https://togithub.com/securego/gosec/commit/7e2d8d3) Handle empty ssa results - [`074353a`](https://togithub.com/securego/gosec/commit/074353a) Handle gracefully any panic that occurs when building the SSA representation of a package - [`ec31a3a`](https://togithub.com/securego/gosec/commit/ec31a3a) Fix typo - [`a11eb28`](https://togithub.com/securego/gosec/commit/a11eb28) Handle new function when getting the call info in case is overriden - [`5b7867d`](https://togithub.com/securego/gosec/commit/5b7867d) Bump golang.org/x/net from 0.16.0 to 0.17.0 ([#1037](https://togithub.com/securego/gosec/issues/1037)) - [`dd08f99`](https://togithub.com/securego/gosec/commit/dd08f99) Update to Go 1.21.3 and 1.20.10 ([#1035](https://togithub.com/securego/gosec/issues/1035)) - [`616520f`](https://togithub.com/securego/gosec/commit/616520f) Update the list of unsafe functions detected by the unsafe rule ([#1033](https://togithub.com/securego/gosec/issues/1033)) - [`3952187`](https://togithub.com/securego/gosec/commit/3952187) Update the action to use gosec version v2.18.0 ([#1029](https://togithub.com/securego/gosec/issues/1029)) - [`2b62dd1`](https://togithub.com/securego/gosec/commit/2b62dd1) Use a step ID in github release action to get the digest of the image ([#1028](https://togithub.com/securego/gosec/issues/1028)) ### [`v2.18.0`](https://togithub.com/securego/gosec/releases/tag/v2.18.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.17.0...v2.18.0) #### Changelog - [`53fc0c3`](https://togithub.com/securego/gosec/commit/53fc0c3) Update to go version 1.21.2 and 1.20.9 ([#1027](https://togithub.com/securego/gosec/issues/1027)) - [`7f7c47f`](https://togithub.com/securego/gosec/commit/7f7c47f) chore(deps): update all dependencies ([#1026](https://togithub.com/securego/gosec/issues/1026)) - [`d864a91`](https://togithub.com/securego/gosec/commit/d864a91) Enable gochecknoinits; fix lint issues; use consts for some vars ([#1022](https://togithub.com/securego/gosec/issues/1022)) - [`09cf6ef`](https://togithub.com/securego/gosec/commit/09cf6ef) Fix typos in struct fields, comments, and docs ([#1023](https://togithub.com/securego/gosec/issues/1023)) - [`665e87b`](https://togithub.com/securego/gosec/commit/665e87b) chore(deps): update all dependencies - [`4def3a4`](https://togithub.com/securego/gosec/commit/4def3a4) Fix lint warning - [`0d332a1`](https://togithub.com/securego/gosec/commit/0d332a1) Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666 - [`293d887`](https://togithub.com/securego/gosec/commit/293d887) Fix lint warnings - [`ac482cb`](https://togithub.com/securego/gosec/commit/ac482cb) Update ginkgo to latest version - [`e02e2f6`](https://togithub.com/securego/gosec/commit/e02e2f6) Redesign and reimplement the slice out of bounds check using SSA code representation - [`e1278f9`](https://togithub.com/securego/gosec/commit/e1278f9) docs: add reMarkable to users list - [`f6a6496`](https://togithub.com/securego/gosec/commit/f6a6496) chore(deps): update all dependencies - [`aebe20c`](https://togithub.com/securego/gosec/commit/aebe20c) Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it - [`7a98537`](https://togithub.com/securego/gosec/commit/7a98537) Update to latest go version - [`b192f06`](https://togithub.com/securego/gosec/commit/b192f06) chore(deps): update all dependencies ([#1011](https://togithub.com/securego/gosec/issues/1011)) - [`6c93653`](https://togithub.com/securego/gosec/commit/6c93653) Fix hardcoded_credentials rule to only match on more specific patterns ([#1009](https://togithub.com/securego/gosec/issues/1009)) - [`325eb19`](https://togithub.com/securego/gosec/commit/325eb19) chore(deps): update all dependencies ([#1008](https://togithub.com/securego/gosec/issues/1008)) - [`beef125`](https://togithub.com/securego/gosec/commit/beef125) Exclude maps from slince bounce check rule ([#1006](https://togithub.com/securego/gosec/issues/1006)) - [`21d13c9`](https://togithub.com/securego/gosec/commit/21d13c9) Ignore struct pointers in G601 ([#1003](https://togithub.com/securego/gosec/issues/1003)) - [`85005c4`](https://togithub.com/securego/gosec/commit/85005c4) Update gosec image version to 2.17.0 in the Github action ([#1002](https://togithub.com/securego/gosec/issues/1002)) - [`6a2c5e1`](https://togithub.com/securego/gosec/commit/6a2c5e1) Update cosign to version v2.1.1 ([#1000](https://togithub.com/securego/gosec/issues/1000)) ### [`v2.17.0`](https://togithub.com/securego/gosec/releases/tag/v2.17.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.16.0...v2.17.0) #### Changelog - [`a89e9d5`](https://togithub.com/securego/gosec/commit/a89e9d5) Enable go 1.21.0 in the CI build ([#998](https://togithub.com/securego/gosec/issues/998)) - [`4b458c4`](https://togithub.com/securego/gosec/commit/4b458c4) chore(deps): update all dependencies ([#997](https://togithub.com/securego/gosec/issues/997)) - [`7d51bfe`](https://togithub.com/securego/gosec/commit/7d51bfe) Update to go version 1.20.7 and 1.19.12 ([#993](https://togithub.com/securego/gosec/issues/993)) - [`fc2f66b`](https://togithub.com/securego/gosec/commit/fc2f66b) chore(deps): update all dependencies ([#992](https://togithub.com/securego/gosec/issues/992)) - [`2cf2f96`](https://togithub.com/securego/gosec/commit/2cf2f96) chore(deps): update module github.com/onsi/gomega to v1.27.10 ([#991](https://togithub.com/securego/gosec/issues/991)) - [`bf7feda`](https://togithub.com/securego/gosec/commit/bf7feda) fix: correctly identify infixed concats as potential SQL injections ([#987](https://togithub.com/securego/gosec/issues/987)) - [`2292ed5`](https://togithub.com/securego/gosec/commit/2292ed5) chore(deps): update all dependencies ([#989](https://togithub.com/securego/gosec/issues/989)) - [`fc570b6`](https://togithub.com/securego/gosec/commit/fc570b6) Add a new flag terse to show only the results and summary ([#986](https://togithub.com/securego/gosec/issues/986)) - [`36f6933`](https://togithub.com/securego/gosec/commit/36f6933) Switch to a maintained fork of zxcvbn module ([#984](https://togithub.com/securego/gosec/issues/984)) - [`ed7b334`](https://togithub.com/securego/gosec/commit/ed7b334) Fix dependencies after bot update ([#983](https://togithub.com/securego/gosec/issues/983)) - [`e76ad70`](https://togithub.com/securego/gosec/commit/e76ad70) chore(deps): update all dependencies ([#982](https://togithub.com/securego/gosec/issues/982)) - [`3a6fd99`](https://togithub.com/securego/gosec/commit/3a6fd99) Update to Go version 1.19.11 and 1.20.6 ([#981](https://togithub.com/securego/gosec/issues/981)) - [`ea39309`](https://togithub.com/securego/gosec/commit/ea39309) Fix and tidy the dependencies ([#977](https://togithub.com/securego/gosec/issues/977)) - [`ef8f560`](https://togithub.com/securego/gosec/commit/ef8f560) chore(deps): update all dependencies ([#976](https://togithub.com/securego/gosec/issues/976)) - [`17b7d31`](https://togithub.com/securego/gosec/commit/17b7d31) Update README file with new rule ([#975](https://togithub.com/securego/gosec/issues/975)) - [`a018cf0`](https://togithub.com/securego/gosec/commit/a018cf0) Feature: G602 Slice Bound Checking ([#973](https://togithub.com/securego/gosec/issues/973)) - [`82364a7`](https://togithub.com/securego/gosec/commit/82364a7) chore(deps): update all dependencies ([#974](https://togithub.com/securego/gosec/issues/974)) - [`abeab10`](https://togithub.com/securego/gosec/commit/abeab10) Feature: G101 match variable values and names ([#971](https://togithub.com/securego/gosec/issues/971)) - [`b824c10`](https://togithub.com/securego/gosec/commit/b824c10) Update build script to go version 1.20.5 - [`022584d`](https://togithub.com/securego/gosec/commit/022584d) chore(deps): update all dependencies - [`bd58600`](https://togithub.com/securego/gosec/commit/bd58600) Recognize struct field in G601 - [`1457921`](https://togithub.com/securego/gosec/commit/1457921) Remove the depguard from the list of enabled linters - [`1f68996`](https://togithub.com/securego/gosec/commit/1f68996) Fix typos in comments, vars and tests - [`e148465`](https://togithub.com/securego/gosec/commit/e148465) chore(deps): update all dependencies - [`9120883`](https://togithub.com/securego/gosec/commit/9120883) Fix no-sec alternative tag ([#962](https://togithub.com/securego/gosec/issues/962)) - [`87cc45e`](https://togithub.com/securego/gosec/commit/87cc45e) Use image digest instead of tag when signing the released image with cosign ([#960](https://togithub.com/securego/gosec/issues/960)) - [`6df05bd`](https://togithub.com/securego/gosec/commit/6df05bd) Update gosec image version to 2.16.0 in the Github action ([#959](https://togithub.com/securego/gosec/issues/959)) ### [`v2.16.0`](https://togithub.com/securego/gosec/releases/tag/v2.16.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.15.0...v2.16.0) #### Changelog - [`c5ea1b7`](https://togithub.com/securego/gosec/commit/c5ea1b7) Update cosign to latest version in release Github action ([#958](https://togithub.com/securego/gosec/issues/958)) - [`8632a8c`](https://togithub.com/securego/gosec/commit/8632a8c) chore(deps): update all dependencies ([#956](https://togithub.com/securego/gosec/issues/956)) - [`ae3c2f7`](https://togithub.com/securego/gosec/commit/ae3c2f7) Update go version in build and release scripts ([#957](https://togithub.com/securego/gosec/issues/957)) - [`970cc29`](https://togithub.com/securego/gosec/commit/970cc29) chore(deps): update all dependencies ([#955](https://togithub.com/securego/gosec/issues/955)) - [`47bfd4e`](https://togithub.com/securego/gosec/commit/47bfd4e) Update Go version to 1.20.3 ([#953](https://togithub.com/securego/gosec/issues/953)) - [`440141a`](https://togithub.com/securego/gosec/commit/440141a) chore(deps): update all dependencies ([#952](https://togithub.com/securego/gosec/issues/952)) - [`7df7baa`](https://togithub.com/securego/gosec/commit/7df7baa) Fix for Dockerfile smell DL3059 ([#951](https://togithub.com/securego/gosec/issues/951)) - [`2ee3213`](https://togithub.com/securego/gosec/commit/2ee3213) README: upgrade GitHub action in examples ([#950](https://togithub.com/securego/gosec/issues/950)) - [`68b5201`](https://togithub.com/securego/gosec/commit/68b5201) enable ginkgolinter linter ([#948](https://togithub.com/securego/gosec/issues/948)) - [`780ebd0`](https://togithub.com/securego/gosec/commit/780ebd0) chore(deps): update all dependencies ([#947](https://togithub.com/securego/gosec/issues/947)) - [`d6aeaad`](https://togithub.com/securego/gosec/commit/d6aeaad) correct gci linter ([#946](https://togithub.com/securego/gosec/issues/946)) - [`73f0efc`](https://togithub.com/securego/gosec/commit/73f0efc) remove deprecated linters - [`aef69b3`](https://togithub.com/securego/gosec/commit/aef69b3) increase timeout to 5m - [`6bad723`](https://togithub.com/securego/gosec/commit/6bad723) chore(deps): update all dependencies - [`96bb741`](https://togithub.com/securego/gosec/commit/96bb741) Use the latest version - [`6a73248`](https://togithub.com/securego/gosec/commit/6a73248) Fix some linting warnings - [`83fc5e6`](https://togithub.com/securego/gosec/commit/83fc5e6) Fix lint warning - [`8e7cf4b`](https://togithub.com/securego/gosec/commit/8e7cf4b) Bump the go versions and golanci - [`e7bfcd1`](https://togithub.com/securego/gosec/commit/e7bfcd1) chore(deps): update all dependencies ([#942](https://togithub.com/securego/gosec/issues/942)) - [`f823a7e`](https://togithub.com/securego/gosec/commit/f823a7e) Check nil pointer when variable is declared in a different file - [`cdd3476`](https://togithub.com/securego/gosec/commit/cdd3476) fix dead link to issue.go in README.md ([#936](https://togithub.com/securego/gosec/issues/936)) - [`d5a9c73`](https://togithub.com/securego/gosec/commit/d5a9c73) Remove rule G307 which checks when an error is not handled when a file or socket connection is closed ([#935](https://togithub.com/securego/gosec/issues/935)) - [`27bf0e4`](https://togithub.com/securego/gosec/commit/27bf0e4) Fix rule index reference into sarif report ([#934](https://togithub.com/securego/gosec/issues/934)) - [`e7b896f`](https://togithub.com/securego/gosec/commit/e7b896f) Bump golang.org/x/net from 0.6.0 to 0.7.0 - [`4340efa`](https://togithub.com/securego/gosec/commit/4340efa) Format file - [`f850069`](https://togithub.com/securego/gosec/commit/f850069) Use the gosec issue in the go analysers - [`b1fd948`](https://togithub.com/securego/gosec/commit/b1fd948) Fix file formatting - [`2071786`](https://togithub.com/securego/gosec/commit/2071786) Update Go version in CI builds - [`1915717`](https://togithub.com/securego/gosec/commit/1915717) Fix method name in the comment - [`de2c6a3`](https://togithub.com/securego/gosec/commit/de2c6a3) Extract the issue in its own package - [`31e6327`](https://togithub.com/securego/gosec/commit/31e6327) Add support for Go analysis framework and SSA code representation - [`e795d75`](https://togithub.com/securego/gosec/commit/e795d75) chore(deps): update all dependencies ([#931](https://togithub.com/securego/gosec/issues/931)) - [`8aa00db`](https://togithub.com/securego/gosec/commit/8aa00db) Remove the version form ci github action - [`392e53c`](https://togithub.com/securego/gosec/commit/392e53c) Pin github action to latest release version 2.15.0 - [`ffe254e`](https://togithub.com/securego/gosec/commit/ffe254e) Revert the image tag in github action until a working solution is found - [`a0eddfb`](https://togithub.com/securego/gosec/commit/a0eddfb) Fix version interpolation in github action image - [`d22a7b6`](https://togithub.com/securego/gosec/commit/d22a7b6) Add gosec version as an input parameter to GitHub action ([#927](https://togithub.com/securego/gosec/issues/927)) - [`2d6b0a5`](https://togithub.com/securego/gosec/commit/2d6b0a5) Update release build script ([#924](https://togithub.com/securego/gosec/issues/924)) ### [`v2.15.0`](https://togithub.com/securego/gosec/releases/tag/v2.15.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.14.0...v2.15.0) #### Changelog - [`a459eb0`](https://togithub.com/securego/gosec/commit/a459eb0) Fix dependencies after renovate update - [`54f56c7`](https://togithub.com/securego/gosec/commit/54f56c7) chore(deps): update all dependencies ([#922](https://togithub.com/securego/gosec/issues/922)) - [`df14837`](https://togithub.com/securego/gosec/commit/df14837) Update to Go 1.20 and fix unit tests ([#923](https://togithub.com/securego/gosec/issues/923)) - [`b4270dd`](https://togithub.com/securego/gosec/commit/b4270dd) Update Go to latest version ([#920](https://togithub.com/securego/gosec/issues/920)) - [`a624254`](https://togithub.com/securego/gosec/commit/a624254) Update hardcoded_credentials.go fix: adaper equal expr which const value at left ([#917](https://togithub.com/securego/gosec/issues/917)) - [`9432e67`](https://togithub.com/securego/gosec/commit/9432e67) Fix github latest URL ([#918](https://togithub.com/securego/gosec/issues/918)) - [`e85e1a7`](https://togithub.com/securego/gosec/commit/e85e1a7) Fix github release url ([#916](https://togithub.com/securego/gosec/issues/916)) - [`7dcb8c7`](https://togithub.com/securego/gosec/commit/7dcb8c7) chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 ([#914](https://togithub.com/securego/gosec/issues/914)) - [`c5d217d`](https://togithub.com/securego/gosec/commit/c5d217d) Update Go version in CI script ([#913](https://togithub.com/securego/gosec/issues/913)) - [`5874e63`](https://togithub.com/securego/gosec/commit/5874e63) Track back when a file path was sanitized with filepath.Clean ([#912](https://togithub.com/securego/gosec/issues/912)) - [`fd28036`](https://togithub.com/securego/gosec/commit/fd28036) Fix the TLS config rule when parsing the settings from a variable ([#911](https://togithub.com/securego/gosec/issues/911)) - [`a522ae6`](https://togithub.com/securego/gosec/commit/a522ae6) Fix build after updating the dependencies ([#910](https://togithub.com/securego/gosec/issues/910)) - [`4cc97ad`](https://togithub.com/securego/gosec/commit/4cc97ad) chore(deps): update all dependencies ([#909](https://togithub.com/securego/gosec/issues/909)) - [`05a7bc5`](https://togithub.com/securego/gosec/commit/05a7bc5) Fix dependencies after renovate update ([#907](https://togithub.com/securego/gosec/issues/907)) - [`11898d5`](https://togithub.com/securego/gosec/commit/11898d5) chore(deps): update all dependencies ([#906](https://togithub.com/securego/gosec/issues/906)) - [`f9a8bf0`](https://togithub.com/securego/gosec/commit/f9a8bf0) Update slack badge and link ([#905](https://togithub.com/securego/gosec/issues/905)) - [`dabc7dc`](https://togithub.com/securego/gosec/commit/dabc7dc) Auto-detect TLS MinVersion integer base ([#903](https://togithub.com/securego/gosec/issues/903)) - [`c39bcdb`](https://togithub.com/securego/gosec/commit/c39bcdb) Adding s390x support ([#902](https://togithub.com/securego/gosec/issues/902)) - [`e06bbf9`](https://togithub.com/securego/gosec/commit/e06bbf9) chore(deps): update all dependencies ([#904](https://togithub.com/securego/gosec/issues/904)) - [`f79c584`](https://togithub.com/securego/gosec/commit/f79c584) chore(deps): update all dependencies ([#898](https://togithub.com/securego/gosec/issues/898)) - [`44f484f`](https://togithub.com/securego/gosec/commit/44f484f) Additional types for bad defer check ([#897](https://togithub.com/securego/gosec/issues/897)) - [`2fe6c5b`](https://togithub.com/securego/gosec/commit/2fe6c5b) chore(deps): update all dependencies ([#894](https://togithub.com/securego/gosec/issues/894)) - [`a0b7ebb`](https://togithub.com/securego/gosec/commit/a0b7ebb) chore(deps): update all dependencies ([#892](https://togithub.com/securego/gosec/issues/892)) - [`0acfbb4`](https://togithub.com/securego/gosec/commit/0acfbb4) Update Go version in CI scripts ([#889](https://togithub.com/securego/gosec/issues/889)) - [`6a964b2`](https://togithub.com/securego/gosec/commit/6a964b2) chore(deps): update all dependencies ([#888](https://togithub.com/securego/gosec/issues/888)) - [`a7ad827`](https://togithub.com/securego/gosec/commit/a7ad827) Allow to override build date with SOURCE_DATE_EPOCH ([#887](https://togithub.com/securego/gosec/issues/887)) - [`26f0389`](https://togithub.com/securego/gosec/commit/26f0389) chore(deps): update all dependencies ([#886](https://togithub.com/securego/gosec/issues/886)) - [`7f91d85`](https://togithub.com/securego/gosec/commit/7f91d85) chore(deps): update all dependencies ([#884](https://togithub.com/securego/gosec/issues/884)) - [`cf63541`](https://togithub.com/securego/gosec/commit/cf63541) fileperms: bitwise permission comparison ([#883](https://togithub.com/securego/gosec/issues/883)) ### [`v2.14.0`](https://togithub.com/securego/gosec/releases/tag/v2.14.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.13.1...v2.14.0) #### Changelog - [`1af1d5b`](https://togithub.com/securego/gosec/commit/1af1d5b) Pin release build to Go version 1.19.2 ([#882](https://togithub.com/securego/gosec/issues/882)) - [`0ae0174`](https://togithub.com/securego/gosec/commit/0ae0174) Refactor to support duplicate imports with different aliases ([#865](https://togithub.com/securego/gosec/issues/865)) - [`a2719d3`](https://togithub.com/securego/gosec/commit/a2719d3) chore(deps): update all dependencies ([#881](https://togithub.com/securego/gosec/issues/881)) - [`ed38681`](https://togithub.com/securego/gosec/commit/ed38681) go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions ([#880](https://togithub.com/securego/gosec/issues/880)) - [`8466173`](https://togithub.com/securego/gosec/commit/8466173) Update Go version to 1.19 in the makefile ([#876](https://togithub.com/securego/gosec/issues/876)) - [`f9ad0d8`](https://togithub.com/securego/gosec/commit/f9ad0d8) chore(deps): update all dependencies ([#875](https://togithub.com/securego/gosec/issues/875)) - [`6cd9e62`](https://togithub.com/securego/gosec/commit/6cd9e62) Add CWE-676 to cwe mapping ([#874](https://togithub.com/securego/gosec/issues/874)) - [`bb4a1e3`](https://togithub.com/securego/gosec/commit/bb4a1e3) chore(deps): update all dependencies ([#872](https://togithub.com/securego/gosec/issues/872)) - [`7ea37bb`](https://togithub.com/securego/gosec/commit/7ea37bb) Add a way to use private repositories on GitHub ([#869](https://togithub.com/securego/gosec/issues/869)) - [`e244c81`](https://togithub.com/securego/gosec/commit/e244c81) chore(deps): update all dependencies ([#868](https://togithub.com/securego/gosec/issues/868)) - [`e9b2781`](https://togithub.com/securego/gosec/commit/e9b2781) Check go version when installing govulncheck - [`88c23de`](https://togithub.com/securego/gosec/commit/88c23de) Check go version when running govulncheck - [`84f6424`](https://togithub.com/securego/gosec/commit/84f6424) Add vulncheck to the test steps - [`180fc23`](https://togithub.com/securego/gosec/commit/180fc23) chore(deps): update all dependencies - [`dfde579`](https://togithub.com/securego/gosec/commit/dfde579) Fix false positives for G404 with aliased packages - [`aaaf80c`](https://togithub.com/securego/gosec/commit/aaaf80c) chore(deps): update all dependencies - [`ae58325`](https://togithub.com/securego/gosec/commit/ae58325) chore(deps): update all dependencies - [`a892be9`](https://togithub.com/securego/gosec/commit/a892be9) fix: add a CWE ID mapping to rule G114 - [`a319b66`](https://togithub.com/securego/gosec/commit/a319b66) chore(deps): update golang.org/x/crypto digest to [`bc19a97`](https://togithub.com/securego/gosec/commit/bc19a97) ### [`v2.13.1`](https://togithub.com/securego/gosec/releases/tag/v2.13.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.13.0...v2.13.1) #### Changelog - [`19fa856`](https://togithub.com/securego/gosec/commit/19fa856) fix: make sure that nil Cwe pointer is handled when getting the CWE ID - [`62fa4b4`](https://togithub.com/securego/gosec/commit/62fa4b4) test: remove white spaces from template - [`074dc71`](https://togithub.com/securego/gosec/commit/074dc71) fix: handle nil CWE pointer in text template ### [`v2.13.0`](https://togithub.com/securego/gosec/releases/tag/v2.13.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.12.0...v2.13.0) #### Changelog - [`79a5b13`](https://togithub.com/securego/gosec/commit/79a5b13) chore(deps): update dependency babel-standalone to v7 - [`97f03d9`](https://togithub.com/securego/gosec/commit/97f03d9) chore: update module go to 1.19 - [`0ba05e1`](https://togithub.com/securego/gosec/commit/0ba05e1) chore: fix lint warnings - [`d3933f9`](https://togithub.com/securego/gosec/commit/d3933f9) chore: add support for Go 1.19 - [`4e68fb5`](https://togithub.com/securego/gosec/commit/4e68fb5) fix: parsing of the Go version ([#844](https://togithub.com/securego/gosec/issues/844)) - [`0c8e63e`](https://togithub.com/securego/gosec/commit/0c8e63e) Detect use of net/http functions that have no support for setting timeouts ([#842](https://togithub.com/securego/gosec/issues/842)) - [`6a26c23`](https://togithub.com/securego/gosec/commit/6a26c23) Refactor SQL rules for better extensibility ([#841](https://togithub.com/securego/gosec/issues/841)) - [`1b0873a`](https://togithub.com/securego/gosec/commit/1b0873a) chore(deps): update module golang.org/x/tools to v0.1.12 ([#840](https://togithub.com/securego/gosec/issues/840)) - [`845483e`](https://togithub.com/securego/gosec/commit/845483e) Fix lint warning - [`45bf9a6`](https://togithub.com/securego/gosec/commit/45bf9a6) Check the suppressed issues when generating the exit code - [`a5982fb`](https://togithub.com/securego/gosec/commit/a5982fb) Fix for G402. Check package path instead of package name ([#838](https://togithub.com/securego/gosec/issues/838)) - [`ea6d49d`](https://togithub.com/securego/gosec/commit/ea6d49d) fix G204 bugs ([#835](https://togithub.com/securego/gosec/issues/835)) - [`21fcd2f`](https://togithub.com/securego/gosec/commit/21fcd2f) Phase out support for Go 1.16 since is not supported anymore by Go team ([#837](https://togithub.com/securego/gosec/issues/837)) - [`3cda47a`](https://togithub.com/securego/gosec/commit/3cda47a) chore(deps): update all dependencies ([#836](https://togithub.com/securego/gosec/issues/836)) - [`0212c83`](https://togithub.com/securego/gosec/commit/0212c83) chore(deps): update dependency highlight.js to v11.6.0 ([#830](https://togithub.com/securego/gosec/issues/830)) - [`9a25f4e`](https://togithub.com/securego/gosec/commit/9a25f4e) fix: filepaths with git anywhere in them being erroneously excluded ([#828](https://togithub.com/securego/gosec/issues/828)) - [`602ced7`](https://togithub.com/securego/gosec/commit/602ced7) Fix wrong location for G109 ([#829](https://togithub.com/securego/gosec/issues/829)) - [`7dd9ddd`](https://togithub.com/securego/gosec/commit/7dd9ddd) chore(deps): update golang.org/x/crypto digest to [`0559593`](https://togithub.com/securego/gosec/commit/0559593) ([#826](https://togithub.com/securego/gosec/issues/826)) - [`b0f3e78`](https://togithub.com/securego/gosec/commit/b0f3e78) fix ReadTimeout for G112 rule - [`05f3ca8`](https://togithub.com/securego/gosec/commit/05f3ca8) Pin cosign-installer to `v2` ([#824](https://togithub.com/securego/gosec/issues/824)) ### [`v2.12.0`](https://togithub.com/securego/gosec/releases/tag/v2.12.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.11.0...v2.12.0) #### Changelog - [`a9b0ef0`](https://togithub.com/securego/gosec/commit/a9b0ef0) chore(deps): update all dependencies ([#822](https://togithub.com/securego/gosec/issues/822)) - [`9c19cb6`](https://togithub.com/securego/gosec/commit/9c19cb6) Add check for usage of Rat.SetString in math/big with an overflow error ([#819](https://togithub.com/securego/gosec/issues/819)) - [`fb587c1`](https://togithub.com/securego/gosec/commit/fb587c1) Remove additional `--update` for apk in Dockerfile ([#818](https://togithub.com/securego/gosec/issues/818)) - [`c3ede62`](https://togithub.com/securego/gosec/commit/c3ede62) Update x/tools to pick up fix for [golang/go#51629](https://togithub.com/golang/go/issues/51629) ([#817](https://togithub.com/securego/gosec/issues/817)) - [`0a929c7`](https://togithub.com/securego/gosec/commit/0a929c7) chore(deps): update all dependencies ([#816](https://togithub.com/securego/gosec/issues/816)) - [`12be148`](https://togithub.com/securego/gosec/commit/12be148) chore(deps): update all dependencies ([#812](https://togithub.com/securego/gosec/issues/812)) - [`0dcc336`](https://togithub.com/securego/gosec/commit/0dcc336) chore(deps): update all dependencies ([#811](https://togithub.com/securego/gosec/issues/811)) - [`34d144b`](https://togithub.com/securego/gosec/commit/34d144b) Add new rule for Slowloris Attack - [`a64cde5`](https://togithub.com/securego/gosec/commit/a64cde5) Fix the dependencies after renovate upate ([#806](https://togithub.com/securego/gosec/issues/806)) - [`b69c3d4`](https://togithub.com/securego/gosec/commit/b69c3d4) chore(deps): update all dependencies ([#805](https://togithub.com/securego/gosec/issues/805)) - [`89dfdc0`](https://togithub.com/securego/gosec/commit/89dfdc0) Update the description message of template rule ([#803](https://togithub.com/securego/gosec/issues/803)) - [`0791d31`](https://togithub.com/securego/gosec/commit/0791d31) Fix typo in ReadMe ([#802](https://togithub.com/securego/gosec/issues/802)) - [`2ef1d9a`](https://togithub.com/securego/gosec/commit/2ef1d9a) Fix build after renovate update ([#800](https://togithub.com/securego/gosec/issues/800)) - [`afc9903`](https://togithub.com/securego/gosec/commit/afc9903) Fix use rule IDs to retrieve the rule config - [`82eaa12`](https://togithub.com/securego/gosec/commit/82eaa12) chore(deps): update all dependencies ([#796](https://togithub.com/securego/gosec/issues/796)) ### [`v2.11.0`](https://togithub.com/securego/gosec/releases/tag/v2.11.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.10.0...v2.11.0) #### Changelog - [`607d607`](https://togithub.com/securego/gosec/commit/607d607) Enable Go 1.18 in the ci and release workflows - [`b99b5f7`](https://togithub.com/securego/gosec/commit/b99b5f7) Fix the lint action after upgrade ([#790](https://togithub.com/securego/gosec/issues/790)) - [`8af0af7`](https://togithub.com/securego/gosec/commit/8af0af7) chore(deps): update all dependencies ([#789](https://togithub.com/securego/gosec/issues/789)) - [`ea5d31f`](https://togithub.com/securego/gosec/commit/ea5d31f) Add a recursive flag -r to skip specifying ./... path - [`48bbf96`](https://togithub.com/securego/gosec/commit/48bbf96) Adds directory traversal for Http.Dir("/") ### [`v2.10.0`](https://togithub.com/securego/gosec/releases/tag/v2.10.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.6...v2.10.0) #### Changelog - [`26f10e0`](https://togithub.com/securego/gosec/commit/26f10e0) Extend the release action to sign the docker image and binary files with cosign ([#781](https://togithub.com/securego/gosec/issues/781)) - [`7d539ed`](https://togithub.com/securego/gosec/commit/7d539ed) feat: add concurrency option to parallelize package loading ([#778](https://togithub.com/securego/gosec/issues/778)) - [`43577ce`](https://togithub.com/securego/gosec/commit/43577ce) chore(deps): update all dependencies - [`c0680bb`](https://togithub.com/securego/gosec/commit/c0680bb) Process the code snippet before adding it to the SARIF report - [`db8d98b`](https://togithub.com/securego/gosec/commit/db8d98b) Updated sponsor link in README.md - [`507f847`](https://togithub.com/securego/gosec/commit/507f847) chore(deps): update golang.org/x/crypto commit hash to [`30dcbda`](https://togithub.com/securego/gosec/commit/30dcbda) - [`853e1d5`](https://togithub.com/securego/gosec/commit/853e1d5) chore(deps): update all dependencies - [`09a2941`](https://togithub.com/securego/gosec/commit/09a2941) Use the CWE name as a name in the SARIF report - [`9399e7b`](https://togithub.com/securego/gosec/commit/9399e7b) chore(deps): update all dependencies ([#771](https://togithub.com/securego/gosec/issues/771)) - [`2fad8a4`](https://togithub.com/securego/gosec/commit/2fad8a4) Resolve the TLS min version when is declarted in the same package but in a different file - [`1fbcf10`](https://togithub.com/securego/gosec/commit/1fbcf10) Add a test for tls min version defined in a different file - [`b12c0f6`](https://togithub.com/securego/gosec/commit/b12c0f6) chore(deps): update all dependencies ([#765](https://togithub.com/securego/gosec/issues/765)) ### [`v2.9.6`](https://togithub.com/securego/gosec/releases/tag/v2.9.6) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.5...v2.9.6) #### Changelog - [`1d909e2`](https://togithub.com/securego/gosec/commit/1d909e2) Add db.Exec and db.Prepare to the sql rule ([#763](https://togithub.com/securego/gosec/issues/763)) - [`742aa84`](https://togithub.com/securego/gosec/commit/742aa84) chore(deps): update golang.org/x/crypto commit hash to [`5e0467b`](https://togithub.com/securego/gosec/commit/5e0467b) ([#764](https://togithub.com/securego/gosec/issues/764)) - [`7be6d4e`](https://togithub.com/securego/gosec/commit/7be6d4e) Add os.Create to the readfile rule ([#761](https://togithub.com/securego/gosec/issues/761)) - [`75cc7dc`](https://togithub.com/securego/gosec/commit/75cc7dc) Fix false negative for SQL injection when using DB.QueryRow.Scan() ([#759](https://togithub.com/securego/gosec/issues/759)) - [`58058af`](https://togithub.com/securego/gosec/commit/58058af) chore(deps): update dependency highlight.js to v11.4.0 ([#758](https://togithub.com/securego/gosec/issues/758)) - [`9d66b0d`](https://togithub.com/securego/gosec/commit/9d66b0d) Fix false negatives for SQL injection in multi-line queries - [`4c1afaa`](https://togithub.com/securego/gosec/commit/4c1afaa) Find G303 with filepath.Join'd temp dirs ([#754](https://togithub.com/securego/gosec/issues/754)) - [`19bda8d`](https://togithub.com/securego/gosec/commit/19bda8d) Find more tempdirs - [`827fca9`](https://togithub.com/securego/gosec/commit/827fca9) build(fmt): use `[` instead of `[[` ([#751](https://togithub.com/securego/gosec/issues/751)) - [`ad5d74d`](https://togithub.com/securego/gosec/commit/ad5d74d) Update to ginkgo v2 ([#753](https://togithub.com/securego/gosec/issues/753)) - [`72f1145`](https://togithub.com/securego/gosec/commit/72f1145) Fix [#743](https://togithub.com/securego/gosec/issues/743) ([#748](https://togithub.com/securego/gosec/issues/748)) - [`63a8e78`](https://togithub.com/securego/gosec/commit/63a8e78) Handle nil when looking up a file by position into a package ([#747](https://togithub.com/securego/gosec/issues/747)) - [`3038a30`](https://togithub.com/securego/gosec/commit/3038a30) Add in the config file settings for exclude and include options - [`bf0dd2f`](https://togithub.com/securego/gosec/commit/bf0dd2f) chore(deps): update golang.org/x/crypto commit hash to [`e495a2d`](https://togithub.com/securego/gosec/commit/e495a2d) ([#745](https://togithub.com/securego/gosec/issues/745)) - [`2d1c1a6`](https://togithub.com/securego/gosec/commit/2d1c1a6) Track both #nosec and #nosec rulelist for one violation ([#741](https://togithub.com/securego/gosec/issues/741)) - [`e0f354a`](https://togithub.com/securego/gosec/commit/e0f354a) Add the sponsors section in the README file ([#740](https://togithub.com/securego/gosec/issues/740)) - [`d23ab2d`](https://togithub.com/securego/gosec/commit/d23ab2d) Remove space between `//` and `#nosec` in examples and internal use ### [`v2.9.5`](https://togithub.com/securego/gosec/releases/tag/v2.9.5) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.4...v2.9.5) #### Changelog - [`35af340`](https://togithub.com/securego/gosec/commit/35af340) Fix [#736](https://togithub.com/securego/gosec/issues/736) ([#738](https://togithub.com/securego/gosec/issues/738)) - [`6c0b344`](https://togithub.com/securego/gosec/commit/6c0b344) chore(deps): update golang.org/x/crypto commit hash to [`4570a08`](https://togithub.com/securego/gosec/commit/4570a08) ([#737](https://togithub.com/securego/gosec/issues/737)) ### [`v2.9.4`](https://togithub.com/securego/gosec/releases/tag/v2.9.4) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.3...v2.9.4) #### Changelog - [`b45f95f`](https://togithub.com/securego/gosec/commit/b45f95f) Add support for suppressing the findings - [`040327f`](https://togithub.com/securego/gosec/commit/040327f) chore(deps): update all dependencies ([#734](https://togithub.com/securego/gosec/issues/734)) ### [`v2.9.3`](https://togithub.com/securego/gosec/releases/tag/v2.9.3) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.2...v2.9.3) #### Changelog [`6a41fb9`](https://togithub.com/securego/gosec/commit/6a41fb9) Fix [https://github.com/securego/gosec/issues/714](https://togithub.com/securego/gosec/issues/714) ([#733](https://togithub.com/securego/gosec/issues/733)) [`c95e9c2`](https://togithub.com/securego/gosec/commit/c95e9c2) chore(deps): update all dependencies ([#731](https://togithub.com/securego/gosec/issues/731)) ### [`v2.9.2`](https://togithub.com/securego/gosec/releases/tag/v2.9.2) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.1...v2.9.2) #### Changelog [`e57efa8`](https://togithub.com/securego/gosec/commit/e57efa8) Fix a panic in suproc rule when the declaration of the variable is not available in the AST ([#728](https://togithub.com/securego/gosec/issues/728)) [`ff17c30`](https://togithub.com/securego/gosec/commit/ff17c30) Use go embed for templates ([#725](https://togithub.com/securego/gosec/issues/725)) [`3eba7b8`](https://togithub.com/securego/gosec/commit/3eba7b8) add openssh to docker image ([#719](https://togithub.com/securego/gosec/issues/719)) [`55c6cea`](https://togithub.com/securego/gosec/commit/55c6cea) Fix crash when parsing the TLS min version value ([#724](https://togithub.com/securego/gosec/issues/724)) [`40fa36d`](https://togithub.com/securego/gosec/commit/40fa36d) G303: catch with os.WriteFile, add os.Create test case ([#718](https://togithub.com/securego/gosec/issues/718)) [`873ac24`](https://togithub.com/securego/gosec/commit/873ac24) chore(deps): update all dependencies ([#722](https://togithub.com/securego/gosec/issues/722)) [`f1f0056`](https://togithub.com/securego/gosec/commit/f1f0056) Spelling fixes ([#717](https://togithub.com/securego/gosec/issues/717)) [`0680c75`](https://togithub.com/securego/gosec/commit/0680c75) chore(deps): update all dependencies ([#716](https://togithub.com/securego/gosec/issues/716)) [`79c8b79`](https://togithub.com/securego/gosec/commit/79c8b79) use a better naming for the variable ([#715](https://togithub.com/securego/gosec/issues/715)) ### [`v2.9.1`](https://togithub.com/securego/gosec/releases/tag/v2.9.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.0...v2.9.1) #### Changelog [`6921395`](https://togithub.com/securego/gosec/commit/6921395) Fix the SBOM generation step in the release action ([#712](https://togithub.com/securego/gosec/issues/712)) [`5a3a27a`](https://togithub.com/securego/gosec/commit/5a3a27a) Phase out support for go version 1.15 because current ginko is not backward compatible ([#710](https://togithub.com/securego/gosec/issues/710)) ### [`v2.9.0`](https://togithub.com/securego/gosec/compare/v2.8.1...v2.9.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.8.1...v2.9.0) ### [`v2.8.1`](https://togithub.com/securego/gosec/releases/tag/v2.8.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.8.0...v2.8.1) #### Changelog [`3f800cc`](https://togithub.com/securego/gosec/commit/3f800cc) Fix the unit tests ([#652](https://togithub.com/securego/gosec/issues/652)) [`df10b65`](https://togithub.com/securego/gosec/commit/df10b65) Fix gosimple lint warning ([#651](https://togithub.com/securego/gosec/issues/651)) [`731d0d5`](https://togithub.com/securego/gosec/commit/731d0d5) Results must always be present in the SARIF report ([#650](https://togithub.com/securego/gosec/issues/650)) [`3c230ac`](https://togithub.com/securego/gosec/commit/3c230ac) errors.go: add Hash.Write() to the white list. ([#648](https://togithub.com/securego/gosec/issues/648)) [`e72b1e5`](https://togithub.com/securego/gosec/commit/e72b1e5) Use of vars instead of func [`c81cff0`](https://togithub.com/securego/gosec/commit/c81cff0) Update all dependencies ([#646](https://togithub.com/securego/gosec/issues/646)) [`3ff0a2c`](https://togithub.com/securego/gosec/commit/3ff0a2c) Fixes [#644](https://togithub.com/securego/gosec/issues/644) ([#645](https://togithub.com/securego/gosec/issues/645)) [`e3dffd6`](https://togithub.com/securego/gosec/commit/e3dffd6) Update renovate configuration [`aa35eb5`](https://togithub.com/securego/gosec/commit/aa35eb5) Delete renovate.json ([#642](https://togithub.com/securego/gosec/issues/642)) [`3b1b77e`](https://togithub.com/securego/gosec/commit/3b1b77e) add onboarding ([#640](https://togithub.com/securego/gosec/issues/640)) [`03360ba`](https://togithub.com/securego/gosec/commit/03360ba) Update renovate configuration [`8a8dbec`](https://togithub.com/securego/gosec/commit/8a8dbec) Tidy up the dependencies ([#637](https://togithub.com/securego/gosec/issues/637)) [`3a4d09b`](https://togithub.com/securego/gosec/commit/3a4d09b) Update all dependencies ([#635](https://togithub.com/securego/gosec/issues/635)) [`6cde6b3`](https://togithub.com/securego/gosec/commit/6cde6b3) Disable cache in golangci job ([#636](https://togithub.com/securego/gosec/issues/636)) [`1256f16`](https://togithub.com/securego/gosec/commit/1256f16) Fix lint and fail on error in the ci build [`dbb9811`](https://togithub.com/securego/gosec/commit/dbb9811) Add crypto and lint to the tools modules [`244adc6`](https://togithub.com/securego/gosec/commit/244adc6) Update the github ci action to use cache and matrix strategy [`df1249d`](https://togithub.com/securego/gosec/commit/df1249d) Update install.sh with more installation options [`af27673`](https://togithub.com/securego/gosec/commit/af27673) Update README.md ### [`v2.8.0`](https://togithub.com/securego/gosec/releases/tag/v2.8.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.7.0...v2.8.0) #### Changelog [`9fc8e20`](https://togithub.com/securego/gosec/commit/9fc8e20) Add favicon for HTML template ([#628](https://togithub.com/securego/gosec/issues/628)) [`91dae7f`](https://togithub.com/securego/gosec/commit/91dae7f) Update the design of HTML report [`e72f54e`](https://togithub.com/securego/gosec/commit/e72f54e) Fix HTML template and display the gosec version [`c3f25b8`](https://togithub.com/securego/gosec/commit/c3f25b8) fix html report tag styling ([#623](https://togithub.com/securego/gosec/issues/623)) [`433a674`](https://togithub.com/securego/gosec/commit/433a674) show nosec in html report summary ([#621](https://togithub.com/securego/gosec/issues/621)) [`d040f07`](https://togithub.com/securego/gosec/commit/d040f07) Handle gosec version in SARIF report [`51f7411`](https://togithub.com/securego/gosec/commit/51f7411) Add arm64 support ([#618](https://togithub.com/securego/gosec/issues/618)) [`e7ac882`](https://togithub.com/securego/gosec/commit/e7ac882) Update go version to 1.16 ([#616](https://togithub.com/securego/gosec/issues/616)) [`3a9a6ad`](https://togithub.com/securego/gosec/commit/3a9a6ad) Sarif provide Snippet with Issue.Code [`1325319`](https://togithub.com/securego/gosec/commit/1325319) Create dependabot.yml ([#614](https://togithub.com/securego/gosec/issues/614)) [`d8cfcd6`](https://togithub.com/securego/gosec/commit/d8cfcd6) Allow the user to enable/disable colorisation of the text report in the stdout [`a8b633f`](https://togithub.com/securego/gosec/commit/a8b633f) Adding stdout and verbose flags and refactor how the report is saved [`103c429`](https://togithub.com/securego/gosec/commit/103c429) Enable golangcli and improve testing for formatters [`4df7f1c`](https://togithub.com/securego/gosec/commit/4df7f1c) Fix typos, Go Report link and Gofmt [`f4ea33d`](https://togithub.com/securego/gosec/commit/f4ea33d) Update how the test coverage is generated [`c4f5932`](https://togithub.com/securego/gosec/commit/c4f5932) Refactor : Replace Cwe with cwe.Weakness [`ddfa253`](https://togithub.com/securego/gosec/commit/ddfa253) Define a report package with core and per format sub-packages [`cc83d4c`](https://togithub.com/securego/gosec/commit/cc83d4c) Generate the SARIF types, handle taxonomies and separate responsibilities [`0fa5d0b`](https://togithub.com/securego/gosec/commit/0fa5d0b) Fix the go modules after updating to get the tests passing ([#605](https://togithub.com/securego/gosec/issues/605)) [`3763953`](https://togithub.com/securego/gosec/commit/3763953) Migrate sonar types in a dedicated package ([#604](https://togithub.com/securego/gosec/issues/604)) [`b519743`](https://togithub.com/securego/gosec/commit/b519743) chore(deps): update all dependencies ([#599](https://togithub.com/securego/gosec/issues/599)) [`569328e`](https://togithub.com/securego/gosec/commit/569328e) Fix typos ([#594](https://togithub.com/securego/gosec/issues/594)) [`0695fa0`](https://togithub.com/securego/gosec/commit/0695fa0) Add `-u` to local install instructions ([#595](https://togithub.com/securego/gosec/issues/595)) [`7f2308b`](https://togithub.com/securego/gosec/commit/7f2308b) Tidy up the moduels after updating ([#593](https://togithub.com/securego/gosec/issues/593)) [`f21b0b8`](https://togithub.com/securego/gosec/commit/f21b0b8) chore(deps): update all dependencies ([#592](https://togithub.com/securego/gosec/issues/592)) [`148e608`](https://togithub.com/securego/gosec/commit/148e608) Adding KICS to USERS.md ([#590](https://togithub.com/securego/gosec/issues/590)) ### [`v2.7.0`](https://togithub.com/securego/gosec/releases/tag/v2.7.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.6.1...v2.7.0) #### Changelog [`27a5ffb`](https://togithub.com/securego/gosec/commit/27a5ffb) Quiet warnings about integer truncation ([#586](https://togithub.com/securego/gosec/issues/586)) [`bf2cd23`](https://togithub.com/securego/gosec/commit/bf2cd23) Update all dependencies ([#585](https://togithub.com/securego/gosec/issues/585)) [`01ee764`](https://togithub.com/securego/gosec/commit/01ee764) Fix typo in USERS.md ([#583](https://togithub.com/securego/gosec/issues/583)) [`9c047e3`](https://togithub.com/securego/gosec/commit/9c047e3) Add support for Go 1.16 in the CI and release workflows ([#581](https://togithub.com/securego/gosec/issues/581)) [`1fce461`](https://togithub.com/securego/gosec/commit/1fce461) fix: WriteParams rule to work also with golang 1.16 ([#577](https://togithub.com/securego/gosec/issues/577)) [`dcbcc4d`](https://togithub.com/securego/gosec/commit/dcbcc4d) Use a more generic path for sonarqube import path ([#573](https://togithub.com/securego/gosec/issues/573)) [`2777e50`](https://togithub.com/securego/gosec/commit/2777e50) Update README with a note which describes how to import a SonarQube report ([#572](https://togithub.com/securego/gosec/issues/572)) [`897c203`](https://togithub.com/securego/gosec/commit/897c203) Reset the state of TLS rule after each version check ([#570](https://togithub.com/securego/gosec/issues/570)) [`6c57ae1`](https://togithub.com/securego/gosec/commit/6c57ae1) Fix sarif formatting issues ([#565](https://togithub.com/securego/gosec/issues/565)) [`b6524ce`](https://togithub.com/securego/gosec/commit/b6524ce) Update all dependencies ### [`v2.6.1`](https://togithub.com/securego/gosec/releases/tag/v2.6.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.6.0...v2.6.1) #### Changelog [`00bbbd8`](https://togithub.com/securego/gosec/commit/00bbbd8) Fix the release workflow to allow unsecure commands ### [`v2.6.0`](https://togithub.com/securego/gosec/compare/v2.5.0...v2.6.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.5.0...v2.6.0) ### [`v2.5.0`](https://togithub.com/securego/gosec/releases/tag/v2.5.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.4.0...v2.5.0) #### Changelog [`a4746e1`](https://togithub.com/securego/gosec/commit/a4746e1) Update all dependencies ([#533](https://togithub.com/securego/gosec/issues/533)) [`6bd6e4b`](https://togithub.com/securego/gosec/commit/6bd6e4b) Use $(go env GOPATH) that works even when GOPATH is not set [`aef335a`](https://togithub.com/securego/gosec/commit/aef335a) Fix typo in README.md [`0ce48a5`](https://togithub.com/securego/gosec/commit/0ce48a5) Reproducible junit report ([#529](https://togithub.com/securego/gosec/issues/529)) [`868556b`](https://togithub.com/securego/gosec/commit/868556b) Update README with the correct path to tlsconfig command [`13519fd`](https://togithub.com/securego/gosec/commit/13519fd) Update the tls configuration generate to handle also the NSS alternative names [`e351067`](https://togithub.com/securego/gosec/commit/e351067) Update all dependencies [`166e4f5`](https://togithub.com/securego/gosec/commit/166e4f5) Update README file with some more details required to run successfully a scan with the docker image [`f5cc32a`](https://togithub.com/securego/gosec/commit/f5cc32a) Update the Go version to 1.15 in the Makefile [`ea0fa28`](https://togithub.com/securego/gosec/commit/ea0fa28) Update the Github go action version to 1.6.0 [`feea8bb`](https://togithub.com/securego/gosec/commit/feea8bb) Fix the action tag [`6688a97`](https://togithub.com/securego/gosec/commit/6688a97) Fix the github action for Go 1.15 [`7234349`](https://togithub.com/securego/gosec/commit/7234349) Add Go 1.15 to the supported version and phase out the Go 1.12 [`a3895d5`](https://togithub.com/securego/gosec/commit/a3895d5) Fix typo in README file [`17c9555`](https://togithub.com/securego/gosec/commit/17c9555) Incorrect local installation instructions for v2 [`f13b8bc`](https://togithub.com/securego/gosec/commit/f13b8bc) Add also filepath.Rel as a sanitization method for input argument in the G304 ruConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.