github.com/sentienttechnologies/studio-go-runner@v0.0.0-20201118202441-6d21f2ced8ee/docs/codescanning.md (about)

     1  # Static code analysis for CVE and other vulnerabilities
     2  
     3  When used within a commercial context the studio-go-runner (runner) code is scanned using both the gosec utility, https://github.com/securego/gosec.git, and also by the Veracode Agent-Based Scan command line utility.
     4  
     5  Installation of the Veracode utility is describe by instructions found at, https://help.veracode.com/reader/hHHR3gv0wYc2WbCclECf_A/_RlhBWebMi564OawIpet1w.
     6  
     7  ## gosec
     8  
     9  The gosec utility can be downloaded using the ```go get -f -u github.com/securego/gosec/cmd/gosec``` command.  To run scans the following commands can be used:
    10  
    11  ```shell
    12  
    13  ```
    14  
    15  Copyright &copy 2019-2020 Cognizant Digital Business, Evolutionary AI. All rights reserved. Issued under the Apache 2.0 license.