A GitHub Action for running go sec.
To use the GitHub Action, add the following to your job:
- uses: conventional-actions/go-sec@v1| Name | Default | Description |
|---|---|---|
version |
latest |
the version of gosec to install |
output_path |
gosec.sarif |
the output path to write the SARIF file |
package |
./... |
the package to scan |
config_path |
N/A | path to config file |
confidence |
low |
filter out the issues with a lower confidence than the given value. Valid options are: low, medium, high |
exclude |
N/A | comma-separated list of rules IDs to exclude. (see rule list) |
include |
N/A | comma-separated list of rules IDs to include. (see rule list) |
exclude_generated |
true |
exclude generated files |
format |
sarif |
set output format. Valid options are: json, yaml, csv, junit-xml, html, sonarqube, golint, sarif or text |
fail_on_error |
false |
fail the scanning if issues are found |
include_tests |
false |
scan tests files |
severity |
low |
filter out the issues with a lower severity than the given value. Valid options are: low, medium, high |
tags |
N/A | comma-separated list of build tags |
exclude_path |
N/A | exclude folder from scan (can be specified multiple times) |
| Name | Type | Description |
|---|---|---|
output_path |
string |
output file path |
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: gosec
uses: conventional-actions/go-sec@v1
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{steps.gosec.outputs.output_path}}The scripts and documentation in this project are released under the MIT License.