Download Latest Version
gosec_2.22.9_linux_s390x.tar.gz (15.4 MB)
Get an email when there's a new version of gosec
Changelog
- [15d5c6] Update cosign to v2.6.0 and go in the CI to latest version
- [7b8713] fix(autofix): unnecessary conversion
- [64ebfc] feat(autofix): update gemini sdk and add anthropic claude
- [506407] feat(G304): add os.Root remediation hint (Autofix) when Go >= 1.24
- [3ead14] chore(deps): update all dependencies
- [e81fba] refactor(G304): remove unused trackJoin helper; no functional change
- [ab078d] style: gofmt rules/readfile.go
- [e6218c] test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed)
- [79f835] rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed
- [40ac53] rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue [#1309] report\n- Rules tests: 42 passed
- [4be6b1] chore(deps): update all dependencies
- [5af111] chore(deps): update all dependencies
- [287b46] chore(deps): update all dependencies
- [cee0ae] Update gosec version to v2.22.8 in the Github action