github.com/sentienttechnologies/studio-go-runner@v0.0.0-20201118202441-6d21f2ced8ee/docs/codescanning.md (about) 1 # Static code analysis for CVE and other vulnerabilities 2 3 When used within a commercial context the studio-go-runner (runner) code is scanned using both the gosec utility, https://github.com/securego/gosec.git, and also by the Veracode Agent-Based Scan command line utility. 4 5 Installation of the Veracode utility is describe by instructions found at, https://help.veracode.com/reader/hHHR3gv0wYc2WbCclECf_A/_RlhBWebMi564OawIpet1w. 6 7 ## gosec 8 9 The gosec utility can be downloaded using the ```go get -f -u github.com/securego/gosec/cmd/gosec``` command. To run scans the following commands can be used: 10 11 ```shell 12 13 ``` 14 15 Copyright © 2019-2020 Cognizant Digital Business, Evolutionary AI. All rights reserved. Issued under the Apache 2.0 license.