@@ -249,42 +249,18 @@ jobs:
249249 git config --global url."https://github.com/".insteadOf "git@github.com:"
250250 git config --global url."https://".insteadOf "git://"
251251
252- - name : Install Static Analysis Tools
253- run : |
254- echo "Go version: $(go version)"
255- echo "GOPATH: $(go env GOPATH)"
256- echo "GOPROXY: $(go env GOPROXY)"
257-
258- # Install reliable static analysis tools that work with Go 1.24
259- echo "Installing staticcheck..."
260- go install honnef.co/go/tools/cmd/staticcheck@latest
261-
262- echo "Installing govulncheck..."
263- go install golang.org/x/vuln/cmd/govulncheck@latest
264-
265- - name : Run Static Analysis
266- run : |
267- echo "Running static analysis tools..."
268-
269- # Run staticcheck for code quality issues
270- echo "Running staticcheck..."
271- staticcheck -f json ./... > staticcheck-results.json || true
272-
273- # Run govulncheck for vulnerability scanning
274- echo "Running govulncheck..."
275- govulncheck -json ./... > govulncheck-results.json || true
276-
277- # Create a basic SARIF file from the results
278- echo "Creating SARIF output..."
279- echo '{"version":"2.1.0","runs":[{"tool":{"driver":{"name":"static-analysis-suite","version":"1.0.0","informationUri":"https://github.com/perun-engineering/deployment-annotator-for-grafana","rules":[]}},"results":[]}]}' > gosec-results.sarif
252+ - name : Install gosec
253+ run : go install github.com/securego/gosec/v2/cmd/gosec@latest
280254
281- echo "Static analysis completed successfully"
255+ - name : Run gosec
256+ run : gosec -no-fail -fmt sarif -out gosec-results.sarif ./...
282257
283- - name : Upload Static Analysis results
258+ - name : Upload gosec results
284259 uses : github/codeql-action/upload-sarif@v4
285260 if : always() && hashFiles('gosec-results.sarif') != ''
286261 with :
287262 sarif_file : gosec-results.sarif
263+ category : gosec
288264
289265 - name : Install Semgrep
290266 run : python3 -m pip install semgrep
0 commit comments