Synchronize Go version across SAST Analyzers
Problem to solve
As of SASTBot: Monthly dependency updates for 16.10 (gitlab-org/security-products/analyzers/semgrep!383 - merged) • Craig Smith • 16.10, semgrep is using Go 1.19, whereas all the other SAST analyzers are using Go 1.18
Proposal
- Update each analyzer to use the most recent Go version provided in the go-fips image registry. https://gitlab.com/gitlab-org/gitlab-runner/container_registry/2588206
- Update SASTBot to automatically update the Go version.
Implementation Plan
- Update each analyzers dockerfile, dockerfile.fips, go.mod
-
kubesec - gitlab-org/security-products/analyzers/kubesec!107 (merged) -
pmd-apex - gitlab-org/security-products/analyzers/pmd-apex!129 (merged) -
semgrep -
sobelow - gitlab-org/security-products/analyzers/sobelow!119 (merged) -
spotbugs - gitlab-org/security-products/analyzers/spotbugs!202 (merged) -
kics - gitlab-org/security-products/analyzers/kics!114 (merged) -
gitlab advanced SAST
-
Edited by Craig Smith