github.heygears.com/openimsdk/tools@v0.0.49/.github/workflows/gosec.yml (about) 1 # Copyright © 2023 OpenIM. All rights reserved. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 name: OpenIM Run Gosec 16 17 # gosec is a source code security audit tool for the Go language. It performs a static 18 # analysis of the Go code, looking for potential security problems. The main functions of gosec are: 19 # 1. Find common security vulnerabilities, such as SQL injection, command injection, and cross-site scripting (XSS). 20 # 2. Audit codes according to common security standards and find non-standard codes. 21 # 3. Assist the Go language engineer to write safe and reliable code. 22 # https://github.com/securego/gosec/ 23 on: 24 push: 25 branches: "*" 26 pull_request: 27 branches: "*" 28 paths-ignore: 29 - '*.md' 30 - '*.yml' 31 - '.github' 32 33 jobs: 34 golang-security-action: 35 runs-on: ubuntu-latest 36 env: 37 GO111MODULE: on 38 steps: 39 - name: Check out code 40 uses: actions/checkout@v4 41 - name: Run Gosec Security Scanner 42 uses: securego/gosec@master 43 with: 44 args: ./... 45 continue-on-error: true