Aaron Bieber <[email protected]> writes:
> Hi!
>
> Here is a handy tool that can be used to find common issues in Go code.
>
> I recently used it on security/ogvt with great success!
>
> Information for inst:gosec-2.9.5
>
> Comment:
> security checker for Go projects
>
> Description:
> Inspects source code for security problems by scanning the Go AST.
>
> Maintainer: The OpenBSD ports mailing-list <[email protected]>
>
> WWW: https://securego.io/
>
> OK to import?
>
> [2. application/octet-stream; gosec.tgz]...
port looks fine, i've played a bit with it on some go projects and seems
to find stuff.
I'd just set MODGO_LDFLAGS so the version is included in the binary:
% gosec -h 2>&1 | head
[...]
VERSION: v2.9.5
GIT TAG:
BUILD DATE:
--- Makefile.orig Thu Jan 20 16:51:37 2022
+++ Makefile Thu Jan 20 16:47:06 2022
@@ -16,6 +16,8 @@
MODULES = lang/go
+MODGO_LDFLAGS = -X main.Version=${MODGO_VERSION}
+
.include "modules.inc"
.include <bsd.port.mk>
don't know if it's worth doing the same for git tag and build date.
