ci: add gosec check

Signed-off-by: Aleksa Sarai <asarai@suse.de>
opencontainers · Dec 26, 2018 · 142f012 · 142f012
1 parent 65cca9d
commit 142f012
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -13,12 +13,13 @@ before_install:
   - go get -u github.com/cpuguy83/go-md2man
   - go get -u github.com/vbatts/git-validation
   - go get -u golang.org/x/lint/golint
+  - go get -u github.com/securego/gosec/cmd/gosec
 
 env:
-  - DOCKER_IMAGE="opensuse/amd64:42.3"
+  - DOCKER_IMAGE="opensuse/leap:latest"
   - DOCKER_IMAGE="fedora:latest"
-  - DOCKER_IMAGE="debian:jessie"
-  - DOCKER_IMAGE="ubuntu:16.04"
+  - DOCKER_IMAGE="debian:latest"
+  - DOCKER_IMAGE="ubuntu:latest"
 
 notifications:
     email: false

diff --git a/Makefile b/Makefile
@@ -91,12 +91,14 @@ local-validate: local-validate-git local-validate-go local-validate-reproducible
 # TODO: Remove the special-case ignored system/* warnings.
 .PHONY: local-validate-go
 local-validate-go:
-	@type gofmt    >/dev/null 2>/dev/null || (echo "ERROR: gofmt not found." && false)
+	@type gofmt     >/dev/null 2>/dev/null || (echo "ERROR: gofmt not found." && false)
 	test -z "$$(gofmt -s -l . | grep -vE '^vendor/|^third_party/' | tee /dev/stderr)"
-	@type golint   >/dev/null 2>/dev/null || (echo "ERROR: golint not found." && false)
+	@type golint    >/dev/null 2>/dev/null || (echo "ERROR: golint not found." && false)
 	test -z "$$(golint $(PROJECT)/... | grep -vE '/vendor/|/third_party/' | tee /dev/stderr)"
 	@go doc cmd/vet >/dev/null 2>/dev/null || (echo "ERROR: go vet not found." && false)
 	test -z "$$($(GO) vet $$($(GO) list $(PROJECT)/... | grep -vE '/vendor/|/third_party/') 2>&1 | tee /dev/stderr)"
+	@type gosec     >/dev/null 2>/dev/null || (echo "ERROR: gosec not found." && false)
+	test -z "$$(gosec -quiet -exclude=G301,G302,G304 $(PROJECT)/... | tee /dev/stderr)"
 
 EPOCH_COMMIT ?= 97ecdbd53dcb72b7a0d62196df281f131dc9eb2f
 .PHONY: local-validate-git