mirror of
https://github.com/mikefarah/yq.git
synced 2026-07-01 09:51:40 +00:00
build: exclude go caches from gosec
Without tuning, gosec scans all of the vendor/gocache/gomodcache, taking several minutes (3m35 here), whereas the core of the yq takes only 15 seconds to scan. If we intend to remediate upstream issues in future; add a seperate target to scan those. Signed-off-by: Robin H. Johnson <rjohnson@coreweave.com>
This commit is contained in:
parent
b79afe1d2f
commit
fcac8b1239
@ -292,3 +292,4 @@ nokyaml
|
||||
buildvcs
|
||||
behaviour
|
||||
GOFLAGS
|
||||
gocache
|
||||
|
||||
@ -3,9 +3,11 @@
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
|
||||
if command -v gosec &> /dev/null
|
||||
then
|
||||
gosec "${PWD}" ./...
|
||||
else
|
||||
./bin/gosec "${PWD}" ./...
|
||||
fi
|
||||
OPTS=(
|
||||
-exclude-dir=vendor
|
||||
-exclude-dir=.gomodcache
|
||||
-exclude-dir=.gocache
|
||||
)
|
||||
|
||||
command -v gosec &> /dev/null && BIN=gosec || BIN=./bin/gosec
|
||||
"${BIN}" "${OPTS[@]}" "${PWD}" ./...
|
||||
|
||||
Loading…
Reference in New Issue
Block a user