yq/scripts/secure.sh
Robin H. Johnson fcac8b1239
build: exclude go caches from gosec
Without tuning, gosec scans all of the vendor/gocache/gomodcache, taking
several minutes (3m35 here), whereas the core of the yq takes only 15
seconds to scan.

If we intend to remediate upstream issues in future; add a seperate
target to scan those.

Signed-off-by: Robin H. Johnson <rjohnson@coreweave.com>
2025-12-29 10:10:59 -08:00

14 lines
227 B
Bash
Executable File

#!/bin/bash
set -o errexit
set -o pipefail
OPTS=(
-exclude-dir=vendor
-exclude-dir=.gomodcache
-exclude-dir=.gocache
)
command -v gosec &> /dev/null && BIN=gosec || BIN=./bin/gosec
"${BIN}" "${OPTS[@]}" "${PWD}" ./...