From edf5067570b608ae79c21385628d6476debb6146 Mon Sep 17 00:00:00 2001
From: thiyyakat <meghana.thiyyakat@gmail.com>
Date: Mon, 23 Dec 2024 15:47:57 +0530
Subject: [PATCH 1/2] Add newlines at the end of files

---
 .gitignore   | 2 +-
 Makefile     | 2 +-
 hack/sast.sh | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 24112694..0015144e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,4 +30,4 @@ main
 cmi-plugin
 
 # gosec
-gosec-report.sarif
\ No newline at end of file
+gosec-report.sarif
diff --git a/Makefile b/Makefile
index 143f3a34..df469469 100644
--- a/Makefile
+++ b/Makefile
@@ -109,4 +109,4 @@ sast: $(GOSEC)
 
 .PHONY: sast-report
 sast-report: $(GOSEC)
-	@./hack/sast.sh --gosec-report true
\ No newline at end of file
+	@./hack/sast.sh --gosec-report true
diff --git a/hack/sast.sh b/hack/sast.sh
index 5cc71087..e1e3a0ae 100755
--- a/hack/sast.sh
+++ b/hack/sast.sh
@@ -40,4 +40,4 @@ fi
 # Thus, generated code is excluded from gosec scan.
 # Nested go modules are not supported by gosec (see https://github.com/securego/gosec/issues/501), so the ./hack folder
 # is excluded too. It does not contain productive code anyway.
-gosec -exclude-generated -exclude-dir=hack $gosec_report_parse_flags  ./...
\ No newline at end of file
+gosec -exclude-generated -exclude-dir=hack $gosec_report_parse_flags  ./...

From c1e32a10b6eddbd69a681d772eddd32a76742957 Mon Sep 17 00:00:00 2001
From: thiyyakat <meghana.thiyyakat@gmail.com>
Date: Mon, 23 Dec 2024 15:48:39 +0530
Subject: [PATCH 2/2] Add license-headers and update go lang version to 1.23.3.

---
 .ci/pipeline_definitions | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.ci/pipeline_definitions b/.ci/pipeline_definitions
index 890cf7b0..371f8a54 100644
--- a/.ci/pipeline_definitions
+++ b/.ci/pipeline_definitions
@@ -1,5 +1,12 @@
 machine-controller-manager-provider-gcp:
   base_definition:
+    repo:
+      source_labels:
+        - name: cloud.gardener.cnudie/dso/scanning-hints/source_analysis/v1
+          value:
+            policy: skip
+            comment: |
+              we use gosec for sast scanning. See attached log.
     traits:
       version:
         inject_effective_version: true
@@ -67,6 +74,16 @@ machine-controller-manager-provider-gcp:
           ocm_repository: europe-docker.pkg.dev/gardener-project/releases
         release:
           nextversion: 'bump_minor'
+          assets:
+            - type: build-step-log
+              step_name: check
+              purposes:
+                - lint
+                - sast
+                - gosec
+              comment: |
+                we use gosec (linter) for SAST scans
+                see: https://github.com/securego/gosec
         publish:
           dockerimages:
             <<: *default_images