From 15f06915f778949e2daf28b02fd8bacb6a469d49 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Tue, 16 Jul 2024 13:56:49 -0400 Subject: [PATCH 1/4] add make target for gosec --- Makefile | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 232aec1c..fbf6508c 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# Image URL to use all building/pushing image targets + Image URL to use all building/pushing image targets IMG ?= controller:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.30.1 @@ -84,14 +84,16 @@ test: manifests generate fmt vet envtest ## Run tests. test-e2e: $Q$(GO) test ./test/e2e/ -v -ginkgo.v -.PHONY: lint +.PHONY: lint lint-fix lint: golangci-lint ## Run golangci-lint linter $Q$(GOLANGCI_LINT) run -.PHONY: lint-fix lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes $Q$(GOLANGCI_LINT) run --fix +sec: + $Q$(GOSEC) ./... + ##@ Build manager: manifests generate fmt vet ## Build manager binary. @@ -189,6 +191,7 @@ KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION) CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) +GOSEC := $(shell which gosec) ## Tool Versions KUSTOMIZE_VERSION ?= v5.4.1 From 054ae73a8745b1d2ee347400de7150019ac6a8e5 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Tue, 16 Jul 2024 13:58:49 -0400 Subject: [PATCH 2/4] woops --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index fbf6508c..59049587 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ - Image URL to use all building/pushing image targets +# Image URL to use all building/pushing image targets IMG ?= controller:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.30.1 @@ -91,7 +91,7 @@ lint: golangci-lint ## Run golangci-lint linter lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes $Q$(GOLANGCI_LINT) run --fix -sec: +gosec: ## Run gosec for static security scanning $Q$(GOSEC) ./... ##@ Build From 0c47d15351ad7b06b0dcf64436ceac33b2f8c89f Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Tue, 16 Jul 2024 14:00:29 -0400 Subject: [PATCH 3/4] more cleaning --- internal/controller/gitea_controller.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/internal/controller/gitea_controller.go b/internal/controller/gitea_controller.go index 1f61b9ca..a9b8cdad 100644 --- a/internal/controller/gitea_controller.go +++ b/internal/controller/gitea_controller.go @@ -57,8 +57,6 @@ func init() { } } -var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") - func randString(n int) (string, error) { const letters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-" ret := make([]byte, n) From ddf1746254b5575e8c22f5609605a339476a6655 Mon Sep 17 00:00:00 2001 From: Dan Molik Date: Tue, 16 Jul 2024 14:02:26 -0400 Subject: [PATCH 4/4] run scan on main for clearing security --- .github/workflows/scan.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index aaf1fa7b..51c80804 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -3,6 +3,9 @@ name: Scan # Run workflow each time code is pushed to your repository and on a schedule. # The scheduled workflow runs every at 00:00 on Sunday UTC time. on: + push: + branches: + - main pull_request: jobs: