Add gosec (#199)

gardener · Nov 28, 2024 · 6f6260d · 6f6260d
1 parent 2dedcd4
commit 6f6260d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -79,6 +79,14 @@ check-generate:
 format: $(GOIMPORTS) $(GOIMPORTSREVISER)
 	@bash $(GARDENER_HACK_DIR)/format.sh ./cmd ./pkg ./test
 
+.PHONY: sast
+sast: $(GOSEC)
+	@bash $(GARDENER_HACK_DIR)/sast.sh
+
+.PHONY: sast-report
+sast-report: $(GOSEC)
+	@bash $(GARDENER_HACK_DIR)/sast.sh --gosec-report true
+
 .PHONY: check
 check: $(GO_ADD_LICENSE) $(GOIMPORTS) $(GOLANGCI_LINT)
 	@bash $(GARDENER_HACK_DIR)/check.sh --golangci-lint-config=./.golangci.yaml ./cmd/... ./pkg/... ./test/...
@@ -99,10 +107,10 @@ test-clean:
 	@bash $(GARDENER_HACK_DIR)/test-cover-clean.sh
 
 .PHONY: verify
-verify: check format test
+verify: check format test sast
 
 .PHONY: verify-extended
-verify-extended: check-generate check format test-cov test-clean
+verify-extended: check-generate check format test-cov test-clean sast-report
 
 .PHONY: clean
 clean:

diff --git a/pkg/client/factory.go b/pkg/client/factory.go
@@ -55,7 +55,7 @@ func NewFactoryFromSecret(secret *corev1.Secret) (*Factory, error) {
 }
 
 func newAuthenticatedProviderClientFromCredentials(credentials *credentials) (*gophercloud.ProviderClient, error) {
-	config := &tls.Config{}
+	config := &tls.Config{} // #nosec: G402 -- Can be parameterized.
 
 	if credentials.CACert != nil {
 		caCertPool := x509.NewCertPool()