src/security.sh

#!/bin/bash

set -eo pipefail

if [[ "$STATIC_FLAG" == "no" && "$VULN_CHECK" == "no" ]]; then
    echo "[INFO] no security flags set, skipping!";
    exit 0;
fi

toolchain=$(go mod edit -json go.mod | jq -r ".Toolchain");
echo "[DEBUG] $toolchain found in go.mod";

version=$(go env -json | jq -r ".GOVERSION");
echo "[DEBUG] $version found in go env";

if [[ ! -z "$toolchain" ]]; then
    version=$toolchain;
fi

if [[ "$STATIC_FLAG" == "yes" ]]; then
    if GOTOOLCHAIN=$version gosec ./...; then
        echo "[INFO] gosec passed!";
    else
        if [[ "$STATIC_FAIL" == "yes" ]]; then
            echo "[FATAL] gosec failed!";
            exit 1;
        else
            echo "[INFO] gosec failed!";
        fi
    fi
fi

if [[ "$VULN_CHECK" == "yes" ]]; then
    if GOTOOLCHAIN=$version govulncheck ./...; then
        echo "[INFO] govulncheck passed!";
    else
        if [[ "$VULN_FAIL" == "yes" ]]; then
            echo "[FATAL] govulncheck failed!"
            exit 1;
        else
            echo "[INFO] govulncheck failed!"
        fi
    fi
fi
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`#!/bin/bash`

			`set -eo pipefail`

ready to test 2026-04-03 15:11:33 -04:00			`if [[ "$STATIC_FLAG" == "no" && "$VULN_CHECK" == "no" ]]; then`
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`echo "[INFO] no security flags set, skipping!";`
			`exit 0;`
			`fi`

fixing mod commands and jq outputs 2026-04-03 15:33:31 -04:00			`toolchain=$(go mod edit -json go.mod \| jq -r ".Toolchain");`
bugfixes 2026-04-03 15:28:01 -04:00			`echo "[DEBUG] $toolchain found in go.mod";`

fixing mod commands and jq outputs 2026-04-03 15:33:31 -04:00			`version=$(go env -json \| jq -r ".GOVERSION");`
bugfixes 2026-04-03 15:28:01 -04:00			`echo "[DEBUG] $version found in go env";`

ready to test 2026-04-03 15:11:33 -04:00			`if [[ ! -z "$toolchain" ]]; then`
			`version=$toolchain;`
			`fi`

restructure and adding functionality 2026-04-03 00:22:36 -04:00			`if [[ "$STATIC_FLAG" == "yes" ]]; then`
ready to test 2026-04-03 15:11:33 -04:00			`if GOTOOLCHAIN=$version gosec ./...; then`
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`echo "[INFO] gosec passed!";`
			`else`
			`if [[ "$STATIC_FAIL" == "yes" ]]; then`
			`echo "[FATAL] gosec failed!";`
			`exit 1;`
			`else`
			`echo "[INFO] gosec failed!";`
			`fi`
			`fi`
			`fi`

			`if [[ "$VULN_CHECK" == "yes" ]]; then`
ready to test 2026-04-03 15:11:33 -04:00			`if GOTOOLCHAIN=$version govulncheck ./...; then`
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`echo "[INFO] govulncheck passed!";`
			`else`
			`if [[ "$VULN_FAIL" == "yes" ]]; then`
			`echo "[FATAL] govulncheck failed!"`
			`exit 1;`
			`else`
			`echo "[INFO] govulncheck failed!"`
			`fi`
			`fi`
			`fi`