src/security.sh

#!/bin/bash

set -eo pipefail

if [[ "$STATIC_FLAG" == "no" && "$VULN_CHECK" == "no" ]]; then
    echo "[INFO] no security flags set, skipping!";
    exit 0;
fi

toolchain=$(go mod edit -json go.mod | jq -r ".Toolchain // empty");
version=$(go env -json | jq -r ".GOVERSION // empty");

if [[ -n "$toolchain" ]]; then
    echo "[DEBUG] overwriting version with toolchain";
    version=$toolchain;
fi

if [[ "$STATIC_FLAG" == "yes" ]]; then
    if GOTOOLCHAIN=$version gosec ./...; then
        echo "[INFO] gosec passed!";
    else
        if [[ "$STATIC_FAIL" == "yes" ]]; then
            echo "[FATAL] gosec failed!";
            exit 1;
        else
            echo "[INFO] gosec failed!";
        fi
    fi
fi

if [ "$VULN_CHECK" == "yes" ]; then
    if GOTOOLCHAIN=$version govulncheck ./...; then
        echo "[INFO] govulncheck passed!";
    else
        if [ "$VULN_FAIL" == "yes" ]; then
            echo "[FATAL] govulncheck failed!"
            exit 1;
        else
            echo "[INFO] govulncheck failed!"
        fi
    fi
fi
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`#!/bin/bash`

			`set -eo pipefail`

improving bash - i shouldve read thru it 2026-04-03 15:52:18 -04:00			`if [[ "$STATIC_FLAG" == "no" && "$VULN_CHECK" == "no" ]]; then`
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`echo "[INFO] no security flags set, skipping!";`
			`exit 0;`
			`fi`

forgot jq empty 2026-04-03 15:54:51 -04:00			`toolchain=$(go mod edit -json go.mod \| jq -r ".Toolchain // empty");`
			`version=$(go env -json \| jq -r ".GOVERSION // empty");`
bugfixes 2026-04-03 15:28:01 -04:00
improving bash - i shouldve read thru it 2026-04-03 15:52:18 -04:00			`if [[ -n "$toolchain" ]]; then`
bash syntax fixes 2026-04-03 15:41:13 -04:00			`echo "[DEBUG] overwriting version with toolchain";`
ready to test 2026-04-03 15:11:33 -04:00			`version=$toolchain;`
			`fi`

improving bash - i shouldve read thru it 2026-04-03 15:52:18 -04:00			`if [[ "$STATIC_FLAG" == "yes" ]]; then`
ready to test 2026-04-03 15:11:33 -04:00			`if GOTOOLCHAIN=$version gosec ./...; then`
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`echo "[INFO] gosec passed!";`
			`else`
improving bash - i shouldve read thru it 2026-04-03 15:52:18 -04:00			`if [[ "$STATIC_FAIL" == "yes" ]]; then`
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`echo "[FATAL] gosec failed!";`
			`exit 1;`
			`else`
			`echo "[INFO] gosec failed!";`
			`fi`
			`fi`
			`fi`

bash syntax fixes 2026-04-03 15:41:13 -04:00			`if [ "$VULN_CHECK" == "yes" ]; then`
ready to test 2026-04-03 15:11:33 -04:00			`if GOTOOLCHAIN=$version govulncheck ./...; then`
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`echo "[INFO] govulncheck passed!";`
			`else`
bash syntax fixes 2026-04-03 15:41:13 -04:00			`if [ "$VULN_FAIL" == "yes" ]; then`
restructure and adding functionality 2026-04-03 00:22:36 -04:00			`echo "[FATAL] govulncheck failed!"`
			`exit 1;`
			`else`
			`echo "[INFO] govulncheck failed!"`
			`fi`
			`fi`
			`fi`