Omar Polo <[email protected]> writes:
> Aaron Bieber <[email protected]> writes: > >> Hi! >> >> Here is a handy tool that can be used to find common issues in Go code. >> >> I recently used it on security/ogvt with great success! >> >> Information for inst:gosec-2.9.5 >> >> Comment: >> security checker for Go projects >> >> Description: >> Inspects source code for security problems by scanning the Go AST. >> >> Maintainer: The OpenBSD ports mailing-list <[email protected]> >> >> WWW: https://securego.io/ >> >> OK to import? >> >> [2. application/octet-stream; gosec.tgz]... > > port looks fine, i've played a bit with it on some go projects and seems > to find stuff. > > I'd just set MODGO_LDFLAGS so the version is included in the binary: > > % gosec -h 2>&1 | head > [...] > VERSION: v2.9.5 > GIT TAG: > BUILD DATE: > > > --- Makefile.orig Thu Jan 20 16:51:37 2022 > +++ Makefile Thu Jan 20 16:47:06 2022 > @@ -16,6 +16,8 @@ > > MODULES = lang/go > > +MODGO_LDFLAGS = -X main.Version=${MODGO_VERSION} > + > .include "modules.inc" > > .include <bsd.port.mk> > > > don't know if it's worth doing the same for git tag and build date. Oh good call! I think i'll skip the tag and date since I can't come up with a good way to get those without shelling out in the makefile.
