Add the gosec report to our release artifacts

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Major - P3
    • patch-next
    • Affects Version/s: None
    • Component/s: None
    • 3
    • Tools and Replicator
    • 0.25
    • Needed
    • All release artifacts (tarballs, debs, RPMs, etc.) now include a SARIF report in JSON format.

      Right now, these reports are only visible as part of the logs in Evergreen. The Evergreen team is planning to stop retaining logs indefinitely, but we want to make these reports available as long as the download for a given version is available.

      The easiest solution is to generate a report and add it to the release artifact, like we do with the SBOM.

              Assignee:
              Dave Rolsky
              Reporter:
              Dave Rolsky
              Felipe Gasper, Jessica Covan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: