Releases: securego/gosec
Releases · securego/gosec
v2.23.0
Changelog
- 398ad54 feat: Support for adding taint analysis engine (#1486)
- 6eacd5c chore(deps): update all dependencies (#1494)
- 181a7cb chore(deps): update all dependencies (#1494)
- e2fa6ab chore(deps): update all dependencies (#1488)
- eb252ba Fix G602 analyzer panic that kills gosec process (#1491)
- 20d71a0 update go version to 1.25.7 (#1492)
- a631af8 Fix URL regexp and remove redundant Google regex patterns (#1485)
- 8968502 feat: implement global cache usage in rules (#1480)
- 04f729c chore(deps): update module google.golang.org/genai to v1.43.0 (#1484)
- ade0e8f refactor: optimize nosec parsing and reduce allocations (#1478)
- d24bbf7 Fix SARIF artifactChanges null validation error (#1483)
- 15cba7f feat: optimize GetCallInfo with per-package sync.Pool caching (#1481)
- 5288673 feat: implement entropy pre-filtering to optimize secret detection (#1479)
- d9a9bcd feat: ensure GoVersion is cached using sync.Once (#1477)
- 516260a Fix #1240: nosec comments now work with trailing open brackets (#1475)
- be0fd6d Debug Build Profiling Support: Code improvement suggestions for PR#1471 (#1476)
- b579523 Update the go version to 1.25.6 and 1.24.12 (#1474)
- bd3c738 G115: Enhance RangeAnalyzer with constant propagation and chained arithmetic support (#1470)
- 6897b36 chore(deps): update all dependencies (#1473)
- 9f20212 feat: support path-based rule exclusions via exclude-rules (#1465)
- 726d847 Optimize analyzer with parallel package processing (#1466)
- 3150b28 feat: add goanalysis package for nogo (#1449)
- 7284e15 Refactor Analyzers: Unify Range Logic & Optimize Allocations (#1464)
- 7a4ccef Optimize G115, G602, G407 analyzers to reduce allocations and memory (#1463)
- 833d791 refactor(g115): improve coverage (#1462)
- 0cc9e01 Refine G407 to improve detection and coverage of hardcoded nonces (#1460)
- 303f84d chore(deps): update all dependencies (#1461)
- 7387d22 Refactor rules to use callListRule base structure (#1458)
- 52f5dbf feat(slice): enhance slice bounds analysis with dynamic bounds handling (#1457)
- 649e2c8 remove deprecated ast.Object (#1455)
- 35a92b4 feat(sql): enhance SQL injection detection with improved string concatenation checks (#1454)
- bc9d2bc feat(rules): enhance subprocess variable checks (#1453)
- 8a5404e feat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#1452)
- 0f6f21c feat: add secrets serialization G117 (#1451)
- 717706e feat(rules): add support for detecting high entropy strings in composite literals (#1447)
- 082deb6 whitelist crypto/rand Read from error checks (#1446)
- 095d529 chore(deps): update all dependencies (#1443)
- c073629 Improve slice bound check (#1442)
- 538a05c docs: add documentation for using gosec with private modules (#1441)
- 2580437 chore(deps): update all dependencies (#1440)
- 872b331 docs: add G116 rule description to README (#1439)
- dcf93a8 Update GitHub action to gosec 2.22.11 (#1438)
v2.22.11
Changelog
- 424fc4c feature: add rule for trojan source (#1431)
- aa2e2fb feat(ai): add OpenAI and custom API provider support (#1424)
- b6eea26 chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437)
- 41f28e2 chore(deps): update module google.golang.org/genai to v1.37.0 (#1435)
- daccba6 refactor: simplify report functions in main.go (#1434)
- d4be287 Update go to 1.25.5 and 1.24.11 in CI (#1433)
- fde7515 chore(deps): update all dependencies (#1425)
- 20c9506 feat(ai): add support for latest Claude models and update provider flags (#1423)
- bd9e372 Bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#1427)
- 7aa7e93 chore(deps): update module golang.org/x/crypto to v0.45.0 [security] (#1428)
- a58917f fix: correct schema with temporary placeholder (#1418)
- 8b0d0b8 perf: skip SSA analysis if no analyzers are loaded (#1419)
- 8a5d01a test: add sarif validation (#1417)
- a8fefd1 chore(deps): update all dependencies (#1421)
- c34cbbf Update go to version 1.25.4 and 1.24.10 in CI (#1415)
- 10cf58a fix: build tag parsing. (#1413)
- d2d7348 chore(deps): update all dependencies (#1411)
- afa853e chore(deps): update all dependencies (#1409)
- 6b2e6e4 chore(deps): update all dependencies (#1408)
- 0adab9d Update gosec to version v2.22.10 in the github action (#1405)
v2.22.10
Changelog
- 6be2b51 Update go to version 1.25.3 and 1.24.9 in CI (#1404)
- fddb942 chore(deps): update all dependencies (#1402)
- f676031 Update go to version 1.25.2 and 2.24.8 in CI (#1401)
- 35f7ec2 chore(deps): update all dependencies (#1399)
- 01029f0 check nil slices, partially check bounds (#1396)
- 34db3de Remove unused target from the makefile
- f5a3b7a Use the ginkgo command install by the dependencies
- 761fcbc Keep the go module at 1.24 version for compatibility reasons
- 2238079 Remove manual test deps
- bb08aa3 fix: text must be supplied when markdown is used
- 23597d2 fix: improve error message of CheckAnalyzers
- 8d7e9d5 fix: log panic on SSA
- 0d8255e chore(deps): update all dependencies
- f9c52aa Update gosec to version v.22.9 in the github action
v2.22.9
Changelog
- 15d5c61 Update cosign to v2.6.0 and go in the CI to latest version
- 7b8713e fix(autofix): unnecessary conversion
- 64ebfc0 feat(autofix): update gemini sdk and add anthropic claude
- 506407e feat(G304): add os.Root remediation hint (Autofix) when Go >= 1.24
- 3ead143 chore(deps): update all dependencies
- e81fba3 refactor(G304): remove unused trackJoin helper; no functional change
- ab078db style: gofmt rules/readfile.go
- e6218c8 test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed)
- 79f835d rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed
- 40ac530 rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #1309 report\n- Rules tests: 42 passed
- 4be6b11 chore(deps): update all dependencies
- 5af1117 chore(deps): update all dependencies
- 287b46c chore(deps): update all dependencies
- cee0aea Update gosec version to v2.22.8 in the Github action
v2.22.8
v2.22.7
v2.22.6
Changelog
- bc3f214 Update go version to 1.24.5 and 1.23.11 in the CI
- 925741b chore(deps): update module google.golang.org/api to v0.242.0
- 59ae7e9 chore(deps): update all dependencies
- e7abd9e chore(deps): update all dependencies
- 35e7bc1 chore(deps): update all dependencies
- 2d1ed95 chore(deps): update all dependencies
- 4a8cb46 Do not allow dashes in file names
- bcc8afb Update gosec to version 2.22.5 in Github action
v2.22.5
Changelog
- d2d3ae6 Switch back go.mod to minimum 1.23.0
- 1e7ed06 Update dependencies
- 1bef91a Update go version 1.24.4 and 1.23.10 in CI
- 621702f chore(deps): update all dependencies
- 017d1d6 G201/G202: add checks for injection into sql.Conn methods
- 67f63d4 chore(deps): update module google.golang.org/api to v0.235.0
- b4eabb1 chore(deps): update module google.golang.org/api to v0.234.0
- 52a80ff chore(deps): update module google.golang.org/api to v0.233.0
- e2a9506 chore(deps): update module google.golang.org/api to v0.232.0
v2.22.4
Changelog
- 6decf96 Update to go version 1.24.3 and 1.23.9
- d522338 update: updated the build command to include version metadata
- 270b5ce chore(deps): update all dependencies
- 6027926 Update the AI provider API key value when provided as an argument
- 65d2d9f chore(deps): update module google.golang.org/api to v0.230.0
- dc1c38b chore(deps): update module google.golang.org/api to v0.229.0
- 55dbf5a chore(deps): update all dependencies
- 2aaa9c4 Comment the reason why the file can be nil when an issue is created
- 700e9a9 Handle nil file when creating a new issue
- d514c42 chore(deps): update all dependencies (#1333)
- 1d458c5 Update version in 'action.yml' to 2.22.3 (anticipating next version (#1332)
v2.22.3
Changelog
- 955a68d Update go version to 1.24.2 and 1.23.8 (#1331)
- 1336dc6 remove G113. It only affects old/unsupported versions of Go (#1328)
- 5fd2a37 chore(deps): update all dependencies (#1325)
- 39e4477 Add SSOJet (#1320)
- 6141d10 chore(deps): update all dependencies (#1319)
- 9452efe Update the integrity sha for babel dependency in html report (#1316)
- 57ec633 Add support for
//gosec:disabledirective (#1314) - e5fee17 chore(deps): update all dependencies (#1315)