Add gosec dependency installation (#172)

falfaroc · web-flow · commit bde5ddb1136e · 2025-07-09T08:29:05.000-04:00
diff --git a/.github/workflows/go-common.yml b/.github/workflows/go-common.yml
@@ -94,7 +94,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: gosec
+      - name: Run Gosec
         uses: dell/common-github-actions/gosec-runner@main
         with:
           excludes: ${{ env.GOSEC_EXCLUDES }}
diff --git a/gosec-runner/Dockerfile b/gosec-runner/Dockerfile
@@ -7,6 +7,8 @@ LABEL "com.github.actions.color"="gray-dark"
 
 LABEL version="1.0.0"
 
+RUN go install github.com/securego/gosec/v2/cmd/gosec@latest
+
 ENV GOFLAGS="-buildvcs=false"
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
diff --git a/gosec-runner/entrypoint.sh b/gosec-runner/entrypoint.sh
@@ -39,11 +39,6 @@ get_exclude_directories() {
     EXCLUDE_DIR_FLAG="$exclude_arg"
 }
 
-# Fetch the latest version of gosec
-LATEST_VERSION=$(curl -s https://api.github.com/repos/securego/gosec/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
-
-curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $LATEST_VERSION
-
 submodules=$(find . -name 'go.mod' -exec dirname {} +)
 for submodule in $submodules; do
   echo "Running gosec on $submodule"
