akanealw
eec8c28fb3
Some checks are pending
Go Benchmark / Performance Regression Check (push) Waiting to run
Cerberus Integration / Cerberus Security Stack Integration (push) Waiting to run
Upload Coverage to Codecov / Backend Codecov Upload (push) Waiting to run
Upload Coverage to Codecov / Frontend Codecov Upload (push) Waiting to run
CodeQL - Analyze / CodeQL analysis (go) (push) Waiting to run
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Waiting to run
CrowdSec Integration / CrowdSec Bouncer Integration (push) Waiting to run
Docker Build, Publish & Test / build-and-push (push) Waiting to run
Docker Build, Publish & Test / Security Scan PR Image (push) Blocked by required conditions
Quality Checks / Auth Route Protection Contract (push) Waiting to run
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Waiting to run
Quality Checks / Backend (Go) (push) Waiting to run
Quality Checks / Frontend (React) (push) Waiting to run
Rate Limit integration / Rate Limiting Integration (push) Waiting to run
Security Scan (PR) / Trivy Binary Scan (push) Waiting to run
Supply Chain Verification (PR) / Verify Supply Chain (push) Waiting to run
WAF integration / Coraza WAF Integration (push) Waiting to run
34 lines
1023 B
YAML
Executable File
34 lines
1023 B
YAML
Executable File
version: "2"
|
|
|
|
run:
|
|
timeout: 2m
|
|
tests: true # Include test files to catch security issues early
|
|
|
|
linters:
|
|
enable:
|
|
- staticcheck # Primary focus - catches subtle bugs
|
|
- govet # Essential Go checks
|
|
- errcheck # Unchecked errors
|
|
- ineffassign # Ineffectual assignments
|
|
- unused # Unused code detection
|
|
- gosec # Security checks (critical issues only)
|
|
settings:
|
|
govet:
|
|
enable:
|
|
- shadow
|
|
errcheck:
|
|
exclude-functions:
|
|
- (io.Closer).Close
|
|
- (*os.File).Close
|
|
- (net/http.ResponseWriter).Write
|
|
gosec:
|
|
# Only check CRITICAL security issues for fast pre-commit
|
|
includes:
|
|
- G101 # Hardcoded credentials
|
|
- G110 # Potential DoS via decompression bomb
|
|
- G305 # File traversal when extracting archive
|
|
- G401 # Weak crypto (MD5, SHA1)
|
|
- G501 # Blacklisted import crypto/md5
|
|
- G502 # Blacklisted import crypto/des
|
|
- G503 # Blacklisted import crypto/rc4
|