Update Secure, Protect analyzers to Go 1.16
Proposal
Update Go-based devopssecure analyzers and Category:Container Scanning analyzer to Go 1.16, when it's available. See https://golang.org/doc/devel/release.html
In the multi-stage Dockerfile of the analyzer projects, the Docker image used to build the Go project need to be upgraded from golang:1.15 to golang:1.16.
When doing this, we might reintroduce a Docker build argument called GO_VERSION, to be used in the name of the Docker image, like golang:$GO_VERSION-alpine. This makes it easy to try the build with any version of Go, to either try out a major upgrade or investigate a regression introduced by a minor revision of Go. See discussion. cc @theoretick @dsearles
The Secure analyzers make heavy use of Go's ioutil package which will be deprecated in 1.16. See https://www.srcbeat.com/2021/01/golang-ioutil-deprecated/
Projects to be updated:
- all Go-based analyzer projects; see https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/blob/master/Dockerfile#L1
- common library; see https://gitlab.com/gitlab-org/security-products/analyzers/common/-/blob/master/.gitlab-ci.yml#L1
- ci-templates's
go.yml, currently used by analyzers/report; see https://gitlab.com/gitlab-org/security-products/ci-templates/blob/master/includes-dev/go.yml#L2
TODO: Promote to epic and create issues when doing workflowplanning breakdown.