From 833066cf6f2bcb24bb29662dc24b13c7268ce6c2 Mon Sep 17 00:00:00 2001
From: Kelvin Lo <kello@live.ca>
Date: Wed, 19 May 2021 12:57:16 -0700
Subject: [PATCH 1/2] add gosec scan

---
 .ci/gosec.yml | 33 +++++++++++++++++++++++++++++++++
 CHANGELOG.md  |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 .ci/gosec.yml

diff --git a/.ci/gosec.yml b/.ci/gosec.yml
new file mode 100644
index 0000000000..6a6632c008
--- /dev/null
+++ b/.ci/gosec.yml
@@ -0,0 +1,33 @@
+name: Run Gosec
+
+on:
+  workflow_dispatch:
+  schedule:
+    #        ┌───────────── minute (0 - 59)
+    #        │  ┌───────────── hour (0 - 23)
+    #        │  │ ┌───────────── day of the month (1 - 31)
+    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        *  * * * *
+    - cron: '30 1 * * *'
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: './...'
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: results.sarif
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4b701e53f7..5618d2b42b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@ Changes by Version
 0.26.0 (2021-05-12)
 -------------------
 * Bumped OpenTelemetry Collector to v0.26.0
+* Add GoSec workflow to GitHub Actions([TBD](TBD))
 
 0.25.0 (2021-05-06)
 -------------------

From db0d5c5d9a3c2eb706e1f36dc4d11720ef2b0a27 Mon Sep 17 00:00:00 2001
From: Kelvin Lo <kello@live.ca>
Date: Thu, 20 May 2021 09:33:38 -0700
Subject: [PATCH 2/2] update changelog

---
 .ci/gosec.yml | 2 +-
 CHANGELOG.md  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.ci/gosec.yml b/.ci/gosec.yml
index 6a6632c008..da24c0e926 100644
--- a/.ci/gosec.yml
+++ b/.ci/gosec.yml
@@ -30,4 +30,4 @@ jobs:
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v1
         with:
-          sarif_file: results.sarif
\ No newline at end of file
+          sarif_file: results.sarif
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5618d2b42b..39a0e422a9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ Changes by Version
 0.26.0 (2021-05-12)
 -------------------
 * Bumped OpenTelemetry Collector to v0.26.0
-* Add GoSec workflow to GitHub Actions([TBD](TBD))
+* Add GoSec workflow to GitHub Actions([#289](https://github.com/open-telemetry/opentelemetry-operator/pull/289))
 
 0.25.0 (2021-05-06)
 -------------------