Update gosec analyzer to latest version of upstream dependency
Problem to solve
The latest release of gosec
at time of writing is v2.3.0
. We should update to the latest version.
There are a couple dragons to look out for, including dropping of support for go 1.11 we should consider.
Intended users
User experience goal
Better scan results and more reliability
Proposal
- Update
gosec
version to latest - Test sufficiently
- Document limitation of dropped go1.11 support (we can recommend pinning IMAGE_TAG to last supported version)
Further details
Permissions and Security
N/A
Documentation
Document limitation of dropped go1.11 support (we can recommend pinning IMAGE_TAG to last supported version)
Availability & Testing
Ensure all downstream pipelines pass
What does success look like, and how can we measure that?
Better data and more reliable scanner
What is the type of buyer?
Is this a cross-stage feature?
No
Links / references
Edited by Lucas Charles