Added gosec

.dockerignore

@@ -1 +1 @@
-bin
+bin/*

Dockerfile.dev

@@ -6,26 +6,5 @@ RUN set -e -x \
     && /opt/devtools.sh
 ENV PATH=/go/bin:$PATH
 
-# install mkdocs
-RUN set -ex \
-    && buildDeps=' \
-        build-essential \
-        python3-dev \
-    ' \
-    && apt-get update && apt-get install -y --no-install-recommends \
-        $buildDeps \
-        python3 \
-        python3-setuptools \
-        python3-wheel \
-        python3-pip \
-    && pip3 install --upgrade \
-        pip \
-        'Markdown>=2.6.9' \
-        'mkdocs>=0.16.3' \
-        'mkdocs-material>=1.10.1' \
-        'markdown-include>=0.5.1' \
-    && apt-get purge -y --auto-remove $buildDeps \
-    && rm -rf /var/lib/apt/lists/*
-
 ENV CGO_ENABLED 0
 ENV GOPATH /go:/yq

Makefile

@@ -17,6 +17,7 @@ help:
 	@echo '    make vendor          Install dependencies to vendor directory.'
 	@echo '    make format          Run code formatter.'
 	@echo '    make check           Run static code analysis (lint).'
+	@echo '    make secure          Run gosec.'
 	@echo '    make test            Run tests on project.'
 	@echo '    make cover           Run tests and capture code coverage metrics on project.'
 	@echo '    make clean           Clean the directory tree of produced artifacts.'
@@ -48,7 +49,7 @@ tmp/dev_image_id: Dockerfile.dev scripts/devtools.sh
 # ----------------------------------------------
 # build
 .PHONY: build
-build: build/dev
+build: build/dev secure
 
 .PHONY: build/dev
 build/dev: test *.go
@@ -84,6 +85,10 @@ format: vendor
 check: format
 	${DOCKRUN} bash ./scripts/check.sh
 
+.PHONY: secure
+secure: 
+	${DOCKRUN} bash ./scripts/secure.sh
+
 .PHONY: test
 test: check
 	${DOCKRUN} bash ./scripts/test.sh
@@ -96,11 +101,6 @@ cover: check
 	@find cover -type d -exec chmod 755 {} \; || :
 	@find cover -type f -exec chmod 644 {} \; || :
 
-.PHONY: build-docs
-build-docs: prepare mkdocs.yml mkdocs/*
-	${DOCKRUN} mkdocs build
-	@find docs -type d -exec chmod 755 {} \; || :
-	@find docs -type f -exec chmod 644 {} \; || :
 
 .PHONY: release
 release: xcompile

scripts/check.sh

@@ -10,12 +10,3 @@ else
   ./bin/golangci-lint run --timeout=5m
 fi
 
-# ./bin/golangci-lint \
-#   --tests \
-#   --vendor \
-#   --disable=aligncheck \
-#   --disable=gotype \
-#   --disable=goconst \
-#   --disable=gocyclo \
-#   --deadline=300s \
-#   ./...

scripts/devtools.sh

@@ -1,4 +1,5 @@
 #!/bin/sh
 set -ex
 go get golang.org/x/tools/cmd/goimports
-wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.24.0
+wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.37.1
+wget -O- -nv https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.6.1

scripts/secure.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+
+if command -v gosec &> /dev/null
+then
+    gosec ${PWD}
+else
+  ./bin/gosec ${PWD}
+fi