>>> gosec: Building community/gosec 2.23.0-r0 (using abuild 3.16.0-r0) started Wed, 18 Feb 2026 01:18:27 +0000 >>> gosec: Validating /home/buildozer/aports/community/gosec/APKBUILD... >>> gosec: Analyzing dependencies... >>> gosec: Installing for build: build-base go (1/2) Installing go (1.25.7-r0) (2/2) Installing .makedepends-gosec (20260218.011828) Executing busybox-1.37.0-r31.trigger OK: 432.9 MiB in 107 packages >>> gosec: Cleaning up srcdir >>> gosec: Cleaning up pkgdir >>> gosec: Cleaning up tmpdir >>> gosec: Fetching https://distfiles.alpinelinux.org/distfiles/edge/gosec-2.23.0.tar.gz /var/cache/distfiles/edge/gosec-2.23.0.tar.gz: OK >>> gosec: Fetching https://distfiles.alpinelinux.org/distfiles/edge/gosec-2.23.0.tar.gz /var/cache/distfiles/edge/gosec-2.23.0.tar.gz: OK >>> gosec: Unpacking /var/cache/distfiles/edge/gosec-2.23.0.tar.gz... fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git make build fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git make[1]: Entering directory '/home/buildozer/aports/community/gosec/src/gosec-2.23.0' fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git go build -ldflags " -X 'main.Version=' -X 'main.GitTag=' -X 'main.BuildDate=2026-02-18T01:18:29Z'" -o gosec ./cmd/gosec/ fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git go: downloading github.com/anthropics/anthropic-sdk-go v1.22.0 go: downloading google.golang.org/genai v1.45.0 go: downloading github.com/openai/openai-go/v3 v3.18.0 go: downloading golang.org/x/tools v0.41.0 go: downloading go.yaml.in/yaml/v3 v3.0.4 go: downloading golang.org/x/sync v0.19.0 go: downloading github.com/gookit/color v1.6.0 go: downloading github.com/google/uuid v1.6.0 go: downloading github.com/ccojocar/zxcvbn-go v1.0.4 go: downloading github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e go: downloading github.com/tidwall/gjson v1.18.0 go: downloading github.com/tidwall/sjson v1.2.5 go: downloading github.com/tidwall/pretty v1.2.1 go: downloading github.com/tidwall/match v1.1.1 go: downloading cloud.google.com/go/auth v0.16.5 go: downloading cloud.google.com/go v0.121.2 go: downloading github.com/google/go-cmp v0.7.0 go: downloading github.com/gorilla/websocket v1.5.3 go: downloading github.com/googleapis/gax-go/v2 v2.15.0 go: downloading cloud.google.com/go/compute/metadata v0.8.0 go: downloading golang.org/x/net v0.49.0 go: downloading google.golang.org/grpc v1.75.0 go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 go: downloading github.com/googleapis/enterprise-certificate-proxy v0.3.6 go: downloading github.com/google/s2a-go v0.1.9 go: downloading go.opentelemetry.io/otel/trace v1.37.0 go: downloading go.opentelemetry.io/otel/metric v1.37.0 go: downloading github.com/felixge/httpsnoop v1.0.4 go: downloading go.opentelemetry.io/otel v1.37.0 go: downloading google.golang.org/protobuf v1.36.8 go: downloading golang.org/x/crypto v0.48.0 go: downloading golang.org/x/text v0.34.0 go: downloading github.com/go-logr/logr v1.4.3 go: downloading go.opentelemetry.io/auto/sdk v1.1.0 go: downloading github.com/go-logr/stdr v1.2.2 go: downloading golang.org/x/mod v0.32.0 go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c go: downloading golang.org/x/sys v0.41.0 make[1]: Leaving directory '/home/buildozer/aports/community/gosec/src/gosec-2.23.0' go: downloading github.com/onsi/ginkgo/v2 v2.28.1 go: downloading github.com/go-task/slim-sprig/v3 v3.0.0 go: downloading github.com/Masterminds/semver/v3 v3.4.0 go: downloading github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 go: downloading github.com/onsi/gomega v1.39.1 go: downloading github.com/stretchr/testify v1.11.1 go: downloading github.com/pmezard/go-difflib v1.0.0 go: downloading gopkg.in/yaml.v3 v3.0.1 go: downloading github.com/davecgh/go-spew v1.1.1 Running Suite: gosec Suite - /home/buildozer/aports/community/gosec/src/gosec-2.23.0 ==================================================================================== Random Seed: 1771377543 Will run 222 of 222 specs ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve basic literal github.com/securego/gosec/v2/resolve_test.go:15 • [0.084 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve identifier github.com/securego/gosec/v2/resolve_test.go:35 • [0.075 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve variable identifier github.com/securego/gosec/v2/resolve_test.go:55 • [0.103 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve variable identifier with no declaration github.com/securego/gosec/v2/resolve_test.go:75 • [0.090 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve assign statement github.com/securego/gosec/v2/resolve_test.go:96 • [0.078 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve assign statement without rhs github.com/securego/gosec/v2/resolve_test.go:117 • [0.072 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve assign statement with unsolvable rhs github.com/securego/gosec/v2/resolve_test.go:139 • [0.080 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve a binary statement github.com/securego/gosec/v2/resolve_test.go:161 • [0.082 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve value spec github.com/securego/gosec/v2/resolve_test.go:180 • [0.078 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve value spec without values github.com/securego/gosec/v2/resolve_test.go:200 • [0.071 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve value spec with unsolvable value github.com/securego/gosec/v2/resolve_test.go:222 • [0.072 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve composite literal github.com/securego/gosec/v2/resolve_test.go:244 • [0.087 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve composite literal without elst github.com/securego/gosec/v2/resolve_test.go:263 • [0.072 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve composite literal with unsolvable elst github.com/securego/gosec/v2/resolve_test.go:283 • [0.070 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve call expressions github.com/securego/gosec/v2/resolve_test.go:303 • [0.071 seconds] ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve call expressions github.com/securego/gosec/v2/resolve_test.go:322 • [0.126 seconds] ------------------------------ Rule when using a ruleset should be possible to register a rule for multiple ast.Node github.com/securego/gosec/v2/rule_test.go:59 • [0.000 seconds] ------------------------------ Rule when using a ruleset should not register a rule when no ast.Nodes are specified github.com/securego/gosec/v2/rule_test.go:71 • [0.000 seconds] ------------------------------ Rule when using a ruleset should be possible to retrieve a list of rules for a given node type github.com/securego/gosec/v2/rule_test.go:76 • [0.000 seconds] ------------------------------ Rule when using a ruleset should register a suppressed rule github.com/securego/gosec/v2/rule_test.go:87 • [0.000 seconds] ------------------------------ Import Tracker when tracking a file should parse the imports from file github.com/securego/gosec/v2/import_tracker_test.go:13 • [0.102 seconds] ------------------------------ Import Tracker when tracking a file should parse the named imports from file github.com/securego/gosec/v2/import_tracker_test.go:33 • [0.101 seconds] ------------------------------ Helpers when listing package paths should return the root directory as package path github.com/securego/gosec/v2/helpers_test.go:24 • [0.000 seconds] ------------------------------ Helpers when listing package paths should return the package path github.com/securego/gosec/v2/helpers_test.go:29 • [0.000 seconds] ------------------------------ Helpers when listing package paths should exclude folder github.com/securego/gosec/v2/helpers_test.go:34 • [0.000 seconds] ------------------------------ Helpers when listing package paths should exclude folder with subpath github.com/securego/gosec/v2/helpers_test.go:46 • [0.000 seconds] ------------------------------ Helpers when listing package paths should be empty when folder does not exist github.com/securego/gosec/v2/helpers_test.go:58 • [0.000 seconds] ------------------------------ Helpers when getting the root path should return the absolute path from relative path github.com/securego/gosec/v2/helpers_test.go:67 • [0.000 seconds] ------------------------------ Helpers when getting the root path should return the absolute path from ellipsis path github.com/securego/gosec/v2/helpers_test.go:75 • [0.000 seconds] ------------------------------ Helpers when excluding the dirs should create a proper regexp github.com/securego/gosec/v2/helpers_test.go:86 • [0.000 seconds] ------------------------------ Helpers when excluding the dirs should create a proper regexp for dir with subdir github.com/securego/gosec/v2/helpers_test.go:95 • [0.000 seconds] ------------------------------ Helpers when excluding the dirs should create no regexp when dir list is empty github.com/securego/gosec/v2/helpers_test.go:106 • [0.000 seconds] ------------------------------ Helpers when getting call info should return the type and call name for selector expression github.com/securego/gosec/v2/helpers_test.go:115 • [0.083 seconds] ------------------------------ Helpers when getting call info should return the type and call name for new selector expression github.com/securego/gosec/v2/helpers_test.go:149 • [0.091 seconds] ------------------------------ Helpers when getting call info should return the type and call name for function selector expression github.com/securego/gosec/v2/helpers_test.go:182 • [0.082 seconds] ------------------------------ Helpers when getting call info should return the type and call name for package function github.com/securego/gosec/v2/helpers_test.go:219 • [0.104 seconds] ------------------------------ Helpers when getting call info should return the type and call name when built-in new function is overridden github.com/securego/gosec/v2/helpers_test.go:249 • [0.087 seconds] ------------------------------ Helpers when getting binary expression operands should return all operands of a binary expression github.com/securego/gosec/v2/helpers_test.go:282 • [0.123 seconds] ------------------------------ Helpers when getting binary expression operands should return all operands of complex binary expression github.com/securego/gosec/v2/helpers_test.go:312 • [0.109 seconds] ------------------------------ Helpers when transforming build tags to cli build flags should return an empty slice when no tags are provided github.com/securego/gosec/v2/helpers_test.go:347 • [0.000 seconds] ------------------------------ Helpers when transforming build tags to cli build flags should return a single -tags flag when one tag is provided github.com/securego/gosec/v2/helpers_test.go:352 • [0.000 seconds] ------------------------------ Helpers when transforming build tags to cli build flags should combine multiple tags into a single -tags flag github.com/securego/gosec/v2/helpers_test.go:357 • [0.000 seconds] ------------------------------ Helpers when transforming build tags to cli build flags should trim and ignore empty tags github.com/securego/gosec/v2/helpers_test.go:362 • [0.000 seconds] ------------------------------ Configuration when loading from disk should be possible to load configuration from a file github.com/securego/gosec/v2/config_test.go:20 • [0.000 seconds] ------------------------------ Configuration when loading from disk should return an error if configuration file is invalid github.com/securego/gosec/v2/config_test.go:28 • [0.000 seconds] ------------------------------ Configuration when saving to disk should be possible to save an empty configuration to file github.com/securego/gosec/v2/config_test.go:41 • [0.000 seconds] ------------------------------ Configuration when saving to disk should be possible to save configuration to file github.com/securego/gosec/v2/config_test.go:50 • [0.000 seconds] ------------------------------ Configuration when configuring rules should be possible to get configuration for a rule github.com/securego/gosec/v2/config_test.go:64 • [0.000 seconds] ------------------------------ Configuration when using global configuration options should have a default global section github.com/securego/gosec/v2/config_test.go:78 • [0.000 seconds] ------------------------------ Configuration when using global configuration options should save global settings to correct section github.com/securego/gosec/v2/config_test.go:85 • [0.000 seconds] ------------------------------ Configuration when using global configuration options should find global settings which are enabled github.com/securego/gosec/v2/config_test.go:100 • [0.000 seconds] ------------------------------ Configuration when using global configuration options should parse the global settings of type string from file github.com/securego/gosec/v2/config_test.go:107 • [0.000 seconds] ------------------------------ Configuration when using global configuration options should parse the global settings of other types from file github.com/securego/gosec/v2/config_test.go:122 • [0.000 seconds] ------------------------------ Analyzer when processing a package should not report an error if the package contains no Go files github.com/securego/gosec/v2/analyzer_test.go:48 • [0.001 seconds] ------------------------------ Analyzer when processing a package should report an error if the package fails to build github.com/securego/gosec/v2/analyzer_test.go:57 • [0.001 seconds] ------------------------------ Analyzer when processing a package should be able to analyze multiple Go files github.com/securego/gosec/v2/analyzer_test.go:73 • [0.147 seconds] ------------------------------ Analyzer when processing a package should be able to analyze multiple Go files concurrently github.com/securego/gosec/v2/analyzer_test.go:95 • [0.142 seconds] ------------------------------ Analyzer when processing a package should be able to analyze multiple Go packages github.com/securego/gosec/v2/analyzer_test.go:118 • [0.304 seconds] ------------------------------ Analyzer when processing a package should find errors when nosec is not in use github.com/securego/gosec/v2/analyzer_test.go:142 • [0.247 seconds] ------------------------------ Analyzer when processing a package should find errors when nosec is not in use github.com/securego/gosec/v2/analyzer_test.go:158 • [0.234 seconds] ------------------------------ Analyzer when processing a package should find errors when nosec is not in use github.com/securego/gosec/v2/analyzer_test.go:174 • [0.229 seconds] ------------------------------ Analyzer when processing a package should report Go build errors and invalid files github.com/securego/gosec/v2/analyzer_test.go:190 • [0.152 seconds] ------------------------------ Analyzer when processing a package should not report errors when a nosec line comment is present github.com/securego/gosec/v2/analyzer_test.go:218 • [0.251 seconds] ------------------------------ Analyzer when processing a package should not report errors when a disable directive is present github.com/securego/gosec/v2/analyzer_test.go:235 • [0.227 seconds] ------------------------------ Analyzer when processing a package should not report errors when a nosec line comment is present github.com/securego/gosec/v2/analyzer_test.go:252 • [0.245 seconds] ------------------------------ Analyzer when processing a package should not report errors when a disable directive is present github.com/securego/gosec/v2/analyzer_test.go:269 • [0.240 seconds] ------------------------------ Analyzer when processing a package should not report errors when a nosec line comment is present github.com/securego/gosec/v2/analyzer_test.go:286 • [0.215 seconds] ------------------------------ Analyzer when processing a package should not report errors when a disable directive is present github.com/securego/gosec/v2/analyzer_test.go:303 • [0.220 seconds] ------------------------------ Analyzer when processing a package should not report errors when a nosec block comment is present github.com/securego/gosec/v2/analyzer_test.go:320 • [0.264 seconds] ------------------------------ Analyzer when processing a package should not report errors when a nosec block comment is present github.com/securego/gosec/v2/analyzer_test.go:337 • [0.233 seconds] ------------------------------ Analyzer when processing a package should not report errors when a nosec block comment is present github.com/securego/gosec/v2/analyzer_test.go:354 • [0.216 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for the correct rule github.com/securego/gosec/v2/analyzer_test.go:371 • [0.238 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for the correct rule github.com/securego/gosec/v2/analyzer_test.go:389 • [0.239 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for the correct rule github.com/securego/gosec/v2/analyzer_test.go:407 • [0.227 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for the correct rule github.com/securego/gosec/v2/analyzer_test.go:425 • [0.234 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for the correct rule github.com/securego/gosec/v2/analyzer_test.go:443 • [0.215 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for the correct rule github.com/securego/gosec/v2/analyzer_test.go:461 • [0.210 seconds] ------------------------------ Analyzer when processing a package should not report errors when a nosec block and line comment are present github.com/securego/gosec/v2/analyzer_test.go:479 • [0.199 seconds] ------------------------------ Analyzer when processing a package should not report errors when only a nosec block is present github.com/securego/gosec/v2/analyzer_test.go:494 • [0.201 seconds] ------------------------------ Analyzer when processing a package should not report errors when a single line nosec is present on a multi-line issue github.com/securego/gosec/v2/analyzer_test.go:509 • [0.437 seconds] ------------------------------ Analyzer when processing a package should not report errors when a disable directive block and line comment are present github.com/securego/gosec/v2/analyzer_test.go:525 • [0.201 seconds] ------------------------------ Analyzer when processing a package should not report errors when only a disable directive block is present github.com/securego/gosec/v2/analyzer_test.go:540 • [0.197 seconds] ------------------------------ Analyzer when processing a package should not report errors when a single line nosec is present on a multi-line issue github.com/securego/gosec/v2/analyzer_test.go:555 • [0.419 seconds] ------------------------------ Analyzer when processing a package should report errors when an exclude comment is present for a different rule github.com/securego/gosec/v2/analyzer_test.go:571 • [0.250 seconds] ------------------------------ Analyzer when processing a package should report errors when an exclude comment is present for a different rule github.com/securego/gosec/v2/analyzer_test.go:588 • [0.243 seconds] ------------------------------ Analyzer when processing a package should report errors when an exclude comment is present for a different rule github.com/securego/gosec/v2/analyzer_test.go:605 • [0.220 seconds] ------------------------------ Analyzer when processing a package should report errors when an exclude comment is present for a different rule github.com/securego/gosec/v2/analyzer_test.go:622 • [0.232 seconds] ------------------------------ Analyzer when processing a package should report errors when an exclude comment is present for a different rule github.com/securego/gosec/v2/analyzer_test.go:639 • [0.213 seconds] ------------------------------ Analyzer when processing a package should report errors when an exclude comment is present for a different rule github.com/securego/gosec/v2/analyzer_test.go:656 • [0.211 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for multiple rules, including the correct rule github.com/securego/gosec/v2/analyzer_test.go:673 • [0.345 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for multiple rules, including the correct rule github.com/securego/gosec/v2/analyzer_test.go:692 • [0.350 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for multiple rules, including the correct rule github.com/securego/gosec/v2/analyzer_test.go:711 • [0.342 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for multiple rules, including the correct rule github.com/securego/gosec/v2/analyzer_test.go:730 • [0.338 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for multiple rules, including the correct rule github.com/securego/gosec/v2/analyzer_test.go:749 • [0.313 seconds] ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for multiple rules, including the correct rule github.com/securego/gosec/v2/analyzer_test.go:768 • [0.321 seconds] ------------------------------ Analyzer when processing a package should not panic if a file can not compile github.com/securego/gosec/v2/analyzer_test.go:787 • [0.153 seconds] ------------------------------ Analyzer when processing a package should exclude a reportable file, if excluded by build tags github.com/securego/gosec/v2/analyzer_test.go:801 • [0.001 seconds] ------------------------------ Analyzer when processing a package should attempt to analyse a file with build tags github.com/securego/gosec/v2/analyzer_test.go:820 • [0.201 seconds] ------------------------------ Analyzer when processing a package should report issues from a file with build tags github.com/securego/gosec/v2/analyzer_test.go:841 • [0.245 seconds] ------------------------------ Analyzer when processing a package should process an empty package with test file github.com/securego/gosec/v2/analyzer_test.go:862 • [0.471 seconds] ------------------------------ Analyzer when processing a package should be possible to overwrite nosec comments, and report issues github.com/securego/gosec/v2/analyzer_test.go:877 • [0.218 seconds] ------------------------------ Analyzer when processing a package should be possible to overwrite disable directive, and report issues github.com/securego/gosec/v2/analyzer_test.go:900 • [0.224 seconds] ------------------------------ Analyzer when processing a package should be possible to overwrite nosec comments, and report issues github.com/securego/gosec/v2/analyzer_test.go:923 • [0.230 seconds] ------------------------------ Analyzer when processing a package should be possible to overwrite disable directive comments, and report issues github.com/securego/gosec/v2/analyzer_test.go:946 • [0.211 seconds] ------------------------------ Analyzer when processing a package should be possible to overwrite nosec comments, and report issues github.com/securego/gosec/v2/analyzer_test.go:969 • [0.199 seconds] ------------------------------ Analyzer when processing a package should be possible to overwrite disable directive comments, and report issues github.com/securego/gosec/v2/analyzer_test.go:992 • [0.192 seconds] ------------------------------ Analyzer when processing a package should be possible to overwrite nosec comments, and report issues but they should not be counted github.com/securego/gosec/v2/analyzer_test.go:1015 • [0.241 seconds] ------------------------------ Analyzer when processing a package should be possible to overwrite nosec comments, and report issues but they should not be counted github.com/securego/gosec/v2/analyzer_test.go:1041 • [0.230 seconds] ------------------------------ Analyzer when processing a package should be possible to overwrite nosec comments, and report issues but they should not be counted github.com/securego/gosec/v2/analyzer_test.go:1067 • [0.226 seconds] ------------------------------ Analyzer when processing a package should not report errors when nosec tag is in front of a line github.com/securego/gosec/v2/analyzer_test.go:1093 • [0.261 seconds] ------------------------------ Analyzer when processing a package should not report errors when disable directive is in front of a line github.com/securego/gosec/v2/analyzer_test.go:1110 • [0.256 seconds] ------------------------------ Analyzer when processing a package should not report errors when nosec tag is in front of a line github.com/securego/gosec/v2/analyzer_test.go:1127 • [0.234 seconds] ------------------------------ Analyzer when processing a package should not report errors when disable directive is in front of a line github.com/securego/gosec/v2/analyzer_test.go:1144 • [0.245 seconds] ------------------------------ Analyzer when processing a package should not report errors when nosec tag is in front of a line github.com/securego/gosec/v2/analyzer_test.go:1161 • [0.209 seconds] ------------------------------ Analyzer when processing a package should not report errors when disable directive is in front of a line github.com/securego/gosec/v2/analyzer_test.go:1178 • [0.218 seconds] ------------------------------ Analyzer when processing a package should report errors when nosec tag is not in front of a line github.com/securego/gosec/v2/analyzer_test.go:1195 • [0.220 seconds] ------------------------------ Analyzer when processing a package should report errors when nosec tag is not in front of a line github.com/securego/gosec/v2/analyzer_test.go:1212 • [0.222 seconds] ------------------------------ Analyzer when processing a package should report errors when nosec tag is not in front of a line github.com/securego/gosec/v2/analyzer_test.go:1229 • [0.205 seconds] ------------------------------ Analyzer when processing a package should not report errors when rules are in front of nosec tag even rules are wrong github.com/securego/gosec/v2/analyzer_test.go:1246 • [0.248 seconds] ------------------------------ Analyzer when processing a package should not report errors when rules are in front of nosec tag even rules are wrong github.com/securego/gosec/v2/analyzer_test.go:1263 • [0.234 seconds] ------------------------------ Analyzer when processing a package should not report errors when rules are in front of nosec tag even rules are wrong github.com/securego/gosec/v2/analyzer_test.go:1280 • [0.210 seconds] ------------------------------ Analyzer when processing a package should report errors when there are nosec tags after a #nosec WrongRuleList annotation github.com/securego/gosec/v2/analyzer_test.go:1297 • [0.252 seconds] ------------------------------ Analyzer when processing a package should report errors when there are disable directives after a //gosec:disable WrongRuleList github.com/securego/gosec/v2/analyzer_test.go:1314 • [0.240 seconds] ------------------------------ Analyzer when processing a package should report errors when there are nosec tags after a #nosec WrongRuleList annotation github.com/securego/gosec/v2/analyzer_test.go:1331 • [0.235 seconds] ------------------------------ Analyzer when processing a package should report errors when there are disable directives after a //gosec:disable WrongRuleList github.com/securego/gosec/v2/analyzer_test.go:1348 • [0.238 seconds] ------------------------------ Analyzer when processing a package should report errors when there are nosec tags after a #nosec WrongRuleList annotation github.com/securego/gosec/v2/analyzer_test.go:1365 • [0.209 seconds] ------------------------------ Analyzer when processing a package should report errors when there are disable directives after a //gosec:disable WrongRuleList github.com/securego/gosec/v2/analyzer_test.go:1382 • [0.211 seconds] ------------------------------ Analyzer when processing a package should be possible to use an alternative nosec tag github.com/securego/gosec/v2/analyzer_test.go:1399 • [0.244 seconds] ------------------------------ Analyzer when processing a package should be possible to use an alternative nosec tag github.com/securego/gosec/v2/analyzer_test.go:1422 • [0.240 seconds] ------------------------------ Analyzer when processing a package should be possible to use an alternative nosec tag github.com/securego/gosec/v2/analyzer_test.go:1445 • [0.214 seconds] ------------------------------ Analyzer when processing a package should ignore vulnerabilities when the default tag is found github.com/securego/gosec/v2/analyzer_test.go:1468 • [0.211 seconds] ------------------------------ Analyzer when processing a package should ignore vulnerabilities when the default tag is found github.com/securego/gosec/v2/analyzer_test.go:1491 • [0.220 seconds] ------------------------------ Analyzer when processing a package should ignore vulnerabilities when the default tag is found github.com/securego/gosec/v2/analyzer_test.go:1514 • [0.198 seconds] ------------------------------ Analyzer when processing a package should be able to analyze Go test package github.com/securego/gosec/v2/analyzer_test.go:1537 • [0.192 seconds] ------------------------------ Analyzer when processing a package should be able to scan generated files if NOT excluded when using the rules github.com/securego/gosec/v2/analyzer_test.go:1562 • [0.039 seconds] ------------------------------ Analyzer when processing a package should be able to skip generated files if excluded when using the rules github.com/securego/gosec/v2/analyzer_test.go:1583 • [0.038 seconds] ------------------------------ Analyzer when processing a package should be able to scan generated files if NOT excluded when using the analyzes github.com/securego/gosec/v2/analyzer_test.go:1604 • [0.196 seconds] ------------------------------ Analyzer when processing a package should be able to skip generated files if excluded when using the analyzes github.com/securego/gosec/v2/analyzer_test.go:1627 • [0.198 seconds] ------------------------------ Analyzer should be able to analyze Cgo files github.com/securego/gosec/v2/analyzer_test.go:1651 • [0.629 seconds] ------------------------------ Analyzer when parsing errors from a package should return no error when the error list is empty github.com/securego/gosec/v2/analyzer_test.go:1668 • [0.000 seconds] ------------------------------ Analyzer when parsing errors from a package should properly parse the errors github.com/securego/gosec/v2/analyzer_test.go:1674 • [0.000 seconds] ------------------------------ Analyzer when parsing errors from a package should properly parse the errors without line and column github.com/securego/gosec/v2/analyzer_test.go:1694 • [0.000 seconds] ------------------------------ Analyzer when parsing errors from a package should properly parse the errors without column github.com/securego/gosec/v2/analyzer_test.go:1714 • [0.000 seconds] ------------------------------ Analyzer when parsing errors from a package should return error when line cannot be parsed github.com/securego/gosec/v2/analyzer_test.go:1734 • [0.000 seconds] ------------------------------ Analyzer when parsing errors from a package should return error when column cannot be parsed github.com/securego/gosec/v2/analyzer_test.go:1747 • [0.000 seconds] ------------------------------ Analyzer when parsing errors from a package should append error to the same file github.com/securego/gosec/v2/analyzer_test.go:1760 • [0.000 seconds] ------------------------------ Analyzer when parsing errors from a package should set the config github.com/securego/gosec/v2/analyzer_test.go:1787 • [0.000 seconds] ------------------------------ Analyzer when parsing errors from a package should reset the analyzer github.com/securego/gosec/v2/analyzer_test.go:1795 • [0.000 seconds] ------------------------------ Analyzer when appending errors should skip error for non-buildable packages github.com/securego/gosec/v2/analyzer_test.go:1805 • [0.000 seconds] ------------------------------ Analyzer when appending errors should add a new error github.com/securego/gosec/v2/analyzer_test.go:1814 • [0.000 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed github.com/securego/gosec/v2/analyzer_test.go:1830 • [0.241 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed github.com/securego/gosec/v2/analyzer_test.go:1850 • [0.244 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed github.com/securego/gosec/v2/analyzer_test.go:1870 • [0.242 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed github.com/securego/gosec/v2/analyzer_test.go:1890 • [0.236 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed github.com/securego/gosec/v2/analyzer_test.go:1910 • [0.209 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed github.com/securego/gosec/v2/analyzer_test.go:1930 • [0.211 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed without certain rules github.com/securego/gosec/v2/analyzer_test.go:1950 • [0.220 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed without certain rules github.com/securego/gosec/v2/analyzer_test.go:1970 • [0.221 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed without certain rules github.com/securego/gosec/v2/analyzer_test.go:1990 • [0.209 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed without certain rules github.com/securego/gosec/v2/analyzer_test.go:2010 • [0.220 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed without certain rules github.com/securego/gosec/v2/analyzer_test.go:2030 • [0.189 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed without certain rules github.com/securego/gosec/v2/analyzer_test.go:2050 • [0.205 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the rule is not included github.com/securego/gosec/v2/analyzer_test.go:2070 • [0.194 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the rule is excluded github.com/securego/gosec/v2/analyzer_test.go:2089 • [0.178 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the analyzer is not included github.com/securego/gosec/v2/analyzer_test.go:2108 • [0.225 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the analyzer is excluded github.com/securego/gosec/v2/analyzer_test.go:2127 • [0.224 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the analyzer is not included github.com/securego/gosec/v2/analyzer_test.go:2146 • [0.196 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the analyzer is excluded github.com/securego/gosec/v2/analyzer_test.go:2165 • [0.181 seconds] ------------------------------ Analyzer when tracking suppressions should track multiple suppressions if the violation is multiply suppressed github.com/securego/gosec/v2/analyzer_test.go:2184 • [0.199 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed on a struct filed github.com/securego/gosec/v2/analyzer_test.go:2202 • [0.405 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed on a struct filed github.com/securego/gosec/v2/analyzer_test.go:2223 • [0.425 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed on multi-lien issue github.com/securego/gosec/v2/analyzer_test.go:2244 • [0.195 seconds] ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed on multi-lien issue github.com/securego/gosec/v2/analyzer_test.go:2275 • [0.192 seconds] ------------------------------ Analyzer when fixing issue #1240 - nosec with open bracket should suppress G115 when #nosec is at the end of an if line with bracket github.com/securego/gosec/v2/analyzer_test.go:2308 • [0.194 seconds] ------------------------------ Analyzer when fixing issue #1240 - nosec with open bracket should suppress G115 when #nosec is used with block comment before bracket github.com/securego/gosec/v2/analyzer_test.go:2347 • [0.189 seconds] ------------------------------ Analyzer when fixing issue #1240 - nosec with open bracket should suppress G115 in for loop with bracket and trailing comment github.com/securego/gosec/v2/analyzer_test.go:2379 • [0.151 seconds] ------------------------------ Analyzer when fixing issue #1240 - nosec with open bracket should suppress G115 in switch statement with bracket and trailing comment github.com/securego/gosec/v2/analyzer_test.go:2407 • [0.148 seconds] ------------------------------ PathExclusionFilter NewPathExclusionFilter with valid rules should create a filter with single rule github.com/securego/gosec/v2/path_filter_test.go:16 • [0.000 seconds] ------------------------------ PathExclusionFilter NewPathExclusionFilter with valid rules should create a filter with multiple rules github.com/securego/gosec/v2/path_filter_test.go:25 • [0.000 seconds] ------------------------------ PathExclusionFilter NewPathExclusionFilter with valid rules should handle empty rules slice github.com/securego/gosec/v2/path_filter_test.go:36 • [0.000 seconds] ------------------------------ PathExclusionFilter NewPathExclusionFilter with invalid rules should reject empty path github.com/securego/gosec/v2/path_filter_test.go:44 • [0.000 seconds] ------------------------------ PathExclusionFilter NewPathExclusionFilter with invalid rules should reject invalid regex github.com/securego/gosec/v2/path_filter_test.go:53 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with specific rule exclusions should exclude matching path and rule github.com/securego/gosec/v2/path_filter_test.go:78 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with specific rule exclusions should not exclude matching path with non-matching rule github.com/securego/gosec/v2/path_filter_test.go:83 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with specific rule exclusions should not exclude non-matching path github.com/securego/gosec/v2/path_filter_test.go:88 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with specific rule exclusions should handle nested paths correctly github.com/securego/gosec/v2/path_filter_test.go:93 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with wildcard rule exclusion should exclude any rule for matching path github.com/securego/gosec/v2/path_filter_test.go:111 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with wildcard rule exclusion should not exclude non-matching paths github.com/securego/gosec/v2/path_filter_test.go:118 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with Windows-style paths should normalize backslashes to forward slashes github.com/securego/gosec/v2/path_filter_test.go:133 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with nil or empty filter should not exclude anything with nil filter github.com/securego/gosec/v2/path_filter_test.go:140 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with nil or empty filter should not exclude anything with empty rules github.com/securego/gosec/v2/path_filter_test.go:145 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with complex regex patterns should match test files github.com/securego/gosec/v2/path_filter_test.go:163 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with complex regex patterns should match cmd or tools prefix github.com/securego/gosec/v2/path_filter_test.go:169 • [0.000 seconds] ------------------------------ PathExclusionFilter ShouldExclude with complex regex patterns should match mock/fake/stub directories github.com/securego/gosec/v2/path_filter_test.go:175 • [0.000 seconds] ------------------------------ PathExclusionFilter FilterIssues should filter matching issues github.com/securego/gosec/v2/path_filter_test.go:198 • [0.000 seconds] ------------------------------ PathExclusionFilter FilterIssues should handle empty issues slice github.com/securego/gosec/v2/path_filter_test.go:212 • [0.000 seconds] ------------------------------ PathExclusionFilter FilterIssues should preserve issue order github.com/securego/gosec/v2/path_filter_test.go:218 • [0.000 seconds] ------------------------------ PathExclusionFilter ParseCLIExcludeRules with valid input should parse single rule github.com/securego/gosec/v2/path_filter_test.go:236 • [0.000 seconds] ------------------------------ PathExclusionFilter ParseCLIExcludeRules with valid input should parse multiple rules separated by semicolon github.com/securego/gosec/v2/path_filter_test.go:244 • [0.000 seconds] ------------------------------ PathExclusionFilter ParseCLIExcludeRules with valid input should handle wildcard rule github.com/securego/gosec/v2/path_filter_test.go:254 • [0.000 seconds] ------------------------------ PathExclusionFilter ParseCLIExcludeRules with valid input should handle empty input github.com/securego/gosec/v2/path_filter_test.go:261 • [0.000 seconds] ------------------------------ PathExclusionFilter ParseCLIExcludeRules with valid input should trim whitespace github.com/securego/gosec/v2/path_filter_test.go:267 • [0.000 seconds] ------------------------------ PathExclusionFilter ParseCLIExcludeRules with invalid input should reject missing colon separator github.com/securego/gosec/v2/path_filter_test.go:277 • [0.000 seconds] ------------------------------ PathExclusionFilter ParseCLIExcludeRules with invalid input should reject empty path github.com/securego/gosec/v2/path_filter_test.go:283 • [0.000 seconds] ------------------------------ PathExclusionFilter ParseCLIExcludeRules with invalid input should reject empty rules github.com/securego/gosec/v2/path_filter_test.go:289 • [0.000 seconds] ------------------------------ PathExclusionFilter MergeExcludeRules should merge CLI and config rules with CLI first github.com/securego/gosec/v2/path_filter_test.go:298 • [0.000 seconds] ------------------------------ PathExclusionFilter MergeExcludeRules should handle empty CLI rules github.com/securego/gosec/v2/path_filter_test.go:312 • [0.000 seconds] ------------------------------ PathExclusionFilter MergeExcludeRules should handle empty config rules github.com/securego/gosec/v2/path_filter_test.go:321 • [0.000 seconds] ------------------------------ Call List should not return any matches when empty github.com/securego/gosec/v2/call_list_test.go:19 • [0.000 seconds] ------------------------------ Call List should be possible to add a single call github.com/securego/gosec/v2/call_list_test.go:23 • [0.000 seconds] ------------------------------ Call List should be possible to add multiple calls at once github.com/securego/gosec/v2/call_list_test.go:34 • [0.000 seconds] ------------------------------ Call List should be possible to add pointer call github.com/securego/gosec/v2/call_list_test.go:48 • [0.000 seconds] ------------------------------ Call List should be possible to check pointer call github.com/securego/gosec/v2/call_list_test.go:55 • [0.000 seconds] ------------------------------ Call List should not return a match if none are present github.com/securego/gosec/v2/call_list_test.go:62 • [0.000 seconds] ------------------------------ Call List should match a call based on selector and ident github.com/securego/gosec/v2/call_list_test.go:67 • [0.000 seconds] ------------------------------ Call List should match a package call expression github.com/securego/gosec/v2/call_list_test.go:72 • [0.112 seconds] ------------------------------ Call List should match a package call expression github.com/securego/gosec/v2/call_list_test.go:97 • [0.118 seconds] ------------------------------ Call List should match a package call expression github.com/securego/gosec/v2/call_list_test.go:122 • [0.099 seconds] ------------------------------ Call List should match a call expression github.com/securego/gosec/v2/call_list_test.go:147 • [0.115 seconds] ------------------------------ Cli vflag test value must be empty as parameter value contains invalid character github.com/securego/gosec/v2/flag_test.go:15 • [0.000 seconds]flag provided but not defined: -flag1 Usage of flag1: -falg1 value ------------------------------ Cli vflag test value must be empty as parameter value contains invalid character without equal sign github.com/securego/gosec/v2/flag_test.go:25 invalid value " -incorrect" for flag -test2: flag value cannot start with - Usage of test2: -test2 value • [0.000 seconds] ------------------------------ Cli vflag test value must not be empty as parameter value contains valid character github.com/securego/gosec/v2/flag_test.go:35 • [0.000 seconds] ------------------------------ Ran 222 of 222 Specs in 28.373 seconds SUCCESS! -- 222 Passed | 0 Failed | 0 Pending | 0 Skipped PASS Ginkgo ran 1 suite in 32.251903368s Test Suite Passed >>> gosec: Entering fakeroot... >>> gosec*: Running postcheck for gosec >>> gosec*: Preparing package gosec... >>> gosec*: Stripping binaries >>> gosec*: Scanning shared objects >>> gosec*: Tracing dependencies... so:libc.musl-armv7.so.1 >>> gosec*: Package size: 31.0 MB >>> gosec*: Compressing data... >>> gosec*: Create checksum... >>> gosec*: Create gosec-2.23.0-r0.apk >>> gosec: Build complete at Wed, 18 Feb 2026 01:19:36 +0000 elapsed time 0h 1m 9s >>> gosec: Cleaning up srcdir >>> gosec: Cleaning up pkgdir >>> gosec: Cleaning up tmpdir >>> gosec: Uninstalling dependencies... (1/2) Purging .makedepends-gosec (20260218.011828) (2/2) Purging go (1.25.7-r0) Executing busybox-1.37.0-r31.trigger OK: 289.6 MiB in 105 packages >>> gosec: Updating the community/armv7 repository index... >>> gosec: Signing the index...