Download Latest Version
gosec_2.24.7_linux_s390x.tar.gz (20.8 MB)
Get an email when there's a new version of gosec
Changelog
- [271492] fix: G704 false positive on const URL (#1551)
- [1341ae] fix(G705): eliminate false positive for non-HTTP io.Writer (#1550)
- [f2262c] G120: avoid false positive when MaxBytesReader is applied in middleware (#1547)
- [5b580c] Fix G602 regression coverage for issue [#1545] and stabilize G117 TOML test dependency (#1546)
- [eba2d1] taint: skip
context.Contextarguments during taint propagation to fix false positives (#1543) - [a6381c] test: add missing rules to formatter report tests (#1540)
- [fea972] chore(deps): update all dependencies (#1541)
- [f3e2fa] Regenrate the TLS config rule (#1539)
- [200461] Improve documentation (#1538)
- [078a62] Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537)
- [ffdc62] Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536)
- [c13a48] Add G707 taint analyzer for SMTP command/header injection (#1535)
- [f61ed3] Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534)
- [b568aa] Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532)
- [1735e5] fix(G602): avoid false positives for range-over-array indexing (#1531)
- [caf93d] Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530)
- [bd11fb] fix: taint analysis false positives with G703,G705 (#1522)
- [e34e8d] Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529)
- [b94070] Fix the G117 rule to take the JSON serialization into account (#1528)
- [4f8462] (docs) fix justification format (#1524)
- [36ba72] Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521)
- [238f98] Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520)
- [89cde2] Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519)
- [14fdd9] Fix G115 false positives and negatives (Issue [#1501]) (#1518)
- [cec54e] chore(deps): update all dependencies (#1517)
- [2b2077] Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516)
- [a7666f] Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515)
- [47f8b5] Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513)
- [4f1f36] Add more unit tests to improve coverage (#1512)
- [934458] Improve test coverage in various areas (#1511)
- [8d1b2c] Imprve the test coverage (#1510)
- [993c1c] Fix incorrect detection of fixed iv in G407 (#1509)
- [8668b7] Add support for go 1.26.x and removed support for go 1.24.x (#1508)
- [514225] Fix the sonar report to follow the latest schema (#1507)
- [000384] fix: broken taint analysis causing false positives (#1506)
- [616192] fix: panic on float constants in overflow analyzer (#1505)
- [79956a] fix: panic when scanning multi-module repos from root (#1504)
- [5736e8] fix: G602 false positive for array element access (#1499)
- [1b7e1e] Update gosec to version v2.23.0 in the Github action (#1496)
