Gosec

This scanner component runs the popular open source SAST Gosec.

How to use with Smithy

Open-Source

# file ./my-workflow/workflow.yml
description: Workflow scanning with gosec
name: gosec
components:
- component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2
- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/gosec:v1.2.2
- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.1
- component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.1
- component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.1

Configure the run parameters of the component in the overrides file

# file: ./my-workflow/overrides.yaml
git-clone:
- name: "repo_url"
  type: "string"
  value: "https://github.com/0c34/govwa.git"
- name: "reference"
  type: "string"
  value: "master"

SaaS

In the Smithy UI, open the page to create a new workflow.
Find Gosec in the Scanners section. Click to add it to the workflow.
Run the workflow as normal.

Options

This component does not accept options.

How to use with Smithy​

Open-Source​

SaaS​

Options​

How to use with Smithy

Open-Source

SaaS

Options