-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathstaticcheck-example.toml
More file actions
80 lines (66 loc) · 2.53 KB
/
staticcheck-example.toml
File metadata and controls
80 lines (66 loc) · 2.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
packages = './...' # packages to process (for help specifying packages, run: go help packages)
options = [] # staticcheck options (must not conflict with options set by Code Dx)
[source-code]
relativeDirectory='' # source code directory specified by relative directory name (overrides projectFileDirectoryPatterns)
projectFileDirectoryPatterns=['go.mod'] # patterns (e.g., *.sln,*.csproj) to find source code directory by largest, first file found
[request] # (reserved for Code Dx use)
# The image name contains the Docker image that handles this scan request file.
#
imageName = "codedx/codedx-staticcheckrunner:v1.57.0"
# The work directory stores k8s secrets, trusted CA certificates,a copy of the scan request
# file, and the exit code file. The user running the Docker image *must* have write access
# to the work directory.
#
# $workDirectory/analysis-exit-code - exit code of the shell command
# $workDirectory/ca-certificates - trusted CA certificates
# $workDirectory/config/request.toml - a copy of the scan request file
# $workDirectory/input - analysis input
# $workDirectory/workflow-secrets - workflow secrets
#
workDirectory = "/opt/codedx/staticcheck/work"
# The shell cmd to run as the entry point for the tool.
#
shellCmd = '''
source=$(ls /opt/codedx/staticcheck/work/input)
pwsh /opt/codedx/staticcheck/script/StaticCheck.ps1 \
"/opt/codedx/staticcheck/work/input/$source" \
/opt/codedx/staticcheck/work/output/staticcheck.results \
/opt/codedx/staticcheck/work/config/request.toml
'''
# The result file contains the tool output provided to Code Dx.
#
resultFilePath = "/opt/codedx/staticcheck/work/output/staticcheck.results"
# The Intelligent Orchestration security activities supported by this tool (e.g., sca, sast, dast)
#
securityActivities = ['sast']
# The list of emptyDir volumes for the tool. The /.cache and /.local are needed when not using uid 1000.
#
ephemeralVolumePaths = ["/tmp","/.cache","/.local","/home/staticcheck/.cache","/home/staticcheck/.local","/opt/codedx/staticcheck/work","/opt/codedx/staticcheck/work/output"]
[request.workflowSecurityContext]
# The pod security context for the tool.
#
podSecurityContext = '''
{
"fsGroup": 1000,
"runAsGroup": 1000,
"runAsUser": 1000,
"runAsNonRoot": true,
"seccompProfile": {
"type": "RuntimeDefault"
},
"supplementalGroups": []
}
'''
# The container security context for the tool.
#
securityContext = '''
{
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
},
"readOnlyRootFilesystem": true
}
'''