Adding rule pack synthesis support to gosec
What does this MR do?
Bump the ruleset module.
What are the relevant issue numbers?
gitlab-org/gitlab#339614 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary (gitlab-org/gitlab!75234 (merged)) -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Merge request reports
Activity
assigned to @julianthome
added devopssecure groupvulnerability research sectionsec labels
added Category:SAST label and removed devopssecure groupvulnerability research sectionsec labels
Reviewer roulette
Please refer to the table below for assigning reviewers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Zach Rice ( @zrice
) (UTC-6)Lucas Charles ( @theoretick
) (UTC-8)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
Generated by
🚫 DangerEdited by 🤖 GitLab Bot 🤖added featureaddition label
added typefeature label
added devopssecure groupvulnerability research sectionsec labels
changed milestone to %14.6
requested review from @zrice
requested review from @theoretick
- Resolved by Lucas Charles
@zrice @theoretick I prepared this MR to integrate the latest ruleset module version. The
go-modules-qa
job seems to fail because I am lacking the proper permissions. However, apart from that I think this MR is ready to be reviewed.Edited by Julian Thome
mentioned in merge request gitlab-com/www-gitlab-com!95478 (merged)
marked the checklist item Conforms to the code review guidelines as completed
marked the checklist item Conforms to the Go guidelines as completed
enabled an automatic merge when the pipeline for 0ea72fdc succeeds
mentioned in commit c658d1a5
I mistagged
v3.4.0
before the merge succeeded so canceled release pipeline and setup new build tag:v3.4.0+1
. Releasing with https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/pipelines/428605701mentioned in merge request !135 (merged)
- go/src/app @ ba5d3dc7 0 → 160000
1 Subproject commit ba5d3dc712ddd7bfe6e75cd877c3ca726be9a797 Ah somehow I missed this one entirely
🤦 I think we'll likely want to delete it then but I would guess it's @julianthome's quick way of testing downstreams😬 . I recognize it because I use a similar cloning hackSorry and thanks a lot @dsearles for catching that. Missed that one completely. I think that was probably and artifact I copied over because there is no
.gitmodules
entry.Created an MR to remove it: !139 (merged)
Edited by Julian Thome