Inspect source code for security issues

soumeh01 · soumeh01 · commit b707ec9834d5 · 2025-01-30T13:08:54.000+01:00
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -67,6 +67,20 @@ jobs:
         run: |
           make format-check
 
+  gosec:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@e0cca6fe95306b7e7790d6f1bf6a7bec6d622459 # v2.22.0
+        with:
+          args: '-severity high -exclude-dir=testdata -exclude=*_test.go ./...'
+
   vulnerability-check:
     name: "Vulnerability check"
     runs-on: ubuntu-latest
diff --git a/cmd/utils/utils.go b/cmd/utils/utils.go
@@ -118,6 +118,7 @@ func DownloadFile(URL string, timeout int) (string, error) {
 	// For now, skip insecure HTTPS downloads verification only for localhost
 	var tls tls.Config
 	if strings.Contains(URL, "https://127.0.0.1") {
+		// #nosec G402
 		tls.InsecureSkipVerify = true //nolint:gosec
 	} else {
 		tls.InsecureSkipVerify = false
