-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
51 lines (39 loc) · 1.34 KB
/
Makefile
File metadata and controls
51 lines (39 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
build: cmd/sample-go-app/main.go
go build ./...
build-linux: cmd/sample-go-app/main.go
GOOS=linux GOARCH=amd64 go build ./...
clean::
rm sample-go-app
security: trivy
trivy:
trivy fs .
gofmt:
gofmt -w .
GOSEC_VERSION ?= latest
GOSV_VERSION ?= latest
GITLEAKS_VERSION ?= latest
# Install/Update Security Tools (Runs before scan targets)
tools::
go install github.com/securego/gosec/v2/cmd/gosec@$(GOSEC_VERSION)
go install github.com/google/osv-scanner/v2/cmd/osv-scanner@$(GOSV_VERSION)
go install github.com/gitleaks/gitleaks/v8@$(GITLEAKS_VERSION)
# Static Analysis Security Testing (SAST)
scan-sast: tools
@echo "--- Running Gosec (SAST) ---"
gosec -fmt=json -out=gosec-report.json ./...
@echo "Gosec report generated: gosec-report.json"
# Dependency Vulnerability Scanning
scan-deps: tools
@echo "--- Running OSV-Scanner (Dependency Scan) ---"
osv-scanner --format=json --output=osv-report.json ./...
@echo "OSV-Scanner report generated: osv-report.json"
# Secrets Scanning
scan-secrets: tools
@echo "--- Running GitLeaks (Secrets Scan) ---"
gitleaks detect --verbose --report-path=gitleaks-report.json
@echo "GitLeaks report generated: gitleaks-report.json"
# Combined Security Scan (Runs all checks)
scan: scan-sast scan-deps scan-secrets
# Clean up generated reports
clean::
rm -f gosec-report.json osv-report.json gitleaks-report.json