commit | 4a0e9dd4bd68ca7f805e0759952f48430367c5cf | [log] [tgz] |
---|---|---|
author | Oliver Newman <olivernewman@google.com> | Wed Sep 27 19:56:04 2023 +0000 |
committer | CQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com> | Wed Sep 27 19:56:04 2023 +0000 |
tree | ba2af2b80f4396503e781d677c4efde44d899980 | |
parent | 62acf29a492b8cf23136a3deb549843acd56bb58 [diff] |
[engine] Fix gosec The gosec check was previously failing silently (producing a retcode of zero) because it was run in a sandbox without the necessary environment variables set (specifically `GOPACKAGESDRIVER=off` needed to be set for it to work inside the sandbox). After fixing the check there were a bunch of fixes required, mostly related to error propagation. Change-Id: Ib6ff1ae370d3e07fb9c63cb2bfddf907a526955f Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/922774 Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com> Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com> Reviewed-by: Anthony Fandrianto <atyfto@google.com>
Shac (Scalable Hermetic Analysis and Checks) is a unified and ergonomic tool and framework for writing and running static analysis checks.
Shac checks are written in Starlark.
go install go.fuchsia.dev/shac-project/shac@latest shac check shac doc shac.star | less
Planned features/changes, in descending order by priority:
shac.textproto
shac.star
files.shac
cache directory that checks can write toctx.scm
glob
arguments to ctx.scm.{all,affected}_files()
functions for easier filtering⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.
See CONTRIBUTING.md to submit changes.