Adding rules for lint and changes for pass in pipeline (#15)

* Adding rules for lint and changes for pass in pipeline

* Fixing Risk Accept and vuln

.github/workflows/security-pipeline.yml

@@ -7,10 +7,9 @@ jobs:
     name: horusec-security
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code into the Go module directory
+      - name: Check out code
         uses: actions/checkout@v2
       - name: Running Horusec Security
-        shell: bash
         run: |
-          curl -fsSL https://horusec-cli.s3.amazonaws.com/install.sh | bash
-          horusec start -p="./"
+          curl -fsSL https://horusec.io/bin/install.sh | bash
+          horusec start -p="./" -e="true"

.golangci.yml

@@ -0,0 +1,122 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+    settings:
+      printf:
+        funcs:
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
+  golint:
+    min-confidence: 0.8
+  gocyclo:
+    min-complexity: 5
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 100
+  goconst:
+    min-len: 2
+    min-occurrences: 2
+  depguard:
+    list-type: blacklist
+    packages:
+      # logging is allowed only by logutils.Log, logrus
+      # is allowed to use only in logutils package
+      - github.com/sirupsen/logrus
+    packages-with-error-messages:
+      github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
+  misspell:
+    locale: US
+  lll:
+    line-length: 120
+  goimports:
+    local-prefixes: github.com/golangci/golangci-lint
+  gocritic:
+    enabled-tags:
+      - opinionated
+      - experimental
+      - diagnostic
+      - style
+      - performance
+    disabled-checks:
+      - evalOrder
+      - wrapperFunc
+      - unnamedResult
+      - octalLiteral
+      - dupImport
+  funlen:
+    lines: 15
+    statements: 10
+
+linters:
+  # please, do not use `enable-all`: it's deprecated and will be removed soon.
+  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
+  disable-all: true
+  enable:
+    - dogsled
+    - deadcode
+    - depguard
+    - bodyclose
+    - funlen
+    - errcheck
+    - dupl
+    - gocritic
+    - gochecknoinits
+    - goconst
+    - gofmt
+    - gocyclo
+    - gosec
+    - golint
+    - ineffassign
+    - gosimple
+    - govet
+    - lll
+    - interfacer
+    - nakedret
+    - misspell
+    - staticcheck
+    - scopelint
+    - stylecheck
+    - structcheck
+    - unconvert
+    - typecheck
+    - unused
+    - unparam
+    - whitespace
+    - varcheck
+
+run:
+  skip-dirs:
+    - vendor/
+    - tmp
+    - e2e/
+  skip-files:
+    - .*_test.go
+    - .*_mock.go
+
+issues:
+  exclude-rules:
+    - path: platforms/finding.go
+      linters:
+        - gocritic
+    - path: platforms/rule.go
+      linters:
+        - gocritic
+    - path: text/file.go
+      linters:
+        - gocritic
+    - path: text/rule.go
+      linters:
+        - gocritic
+    - path: text/unit.go
+      linters:
+        - gocritic
+
+# golangci.com configuration
+# https://github.com/golangci/golangci/wiki/Configuration
+service:
+  golangci-lint-version: v1.21.0 # use the fixed version to not introduce new linters unexpectedly
+  prepare:
+    - echo "here I can run custom commands, but no preparation needed for this repo"

.semver.yaml

@@ -1,4 +1,4 @@
 alpha: 0
 beta: 0
 rc: 0
-release: v0.2.7
+release: v0.2.8

CONTRIBUTING.md

@@ -12,7 +12,7 @@ Please note we have a code of conduct, please follow it in all your interactions
 2. Update the README.md with details of changes to the interface, this includes new environment
    variables, exposed ports, useful file locations and container parameters.
 3. Increase the version numbers in any examples files and the README.md to the new version that this
-   Pull Request would represent. The versioning scheme we use is [SemVer](http://semver.org/). You can usage [SEMVER-CLI](deployments/scripts/install-semver.sh) too.
+   Pull Request would represent. The versioning scheme we use is [SemVer](http://semver.org/). You can usage [SEMVER-CLI](https://github.com/ZupIT/horusec/tree/master/deployments/semver) too.
 4. You may merge the Pull Request in once you have the sign-off of two other developers, or if you
    do not have permission to do that, you may request the second reviewer to merge it for you.
 

Makefile

@@ -9,17 +9,15 @@ fmt:
 
 # Run converage with threshold
 coverage:
-	deployments/scripts/coverage.sh 75
+	curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/master/deployments/scripts/coverage.sh | bash -s 75 .
 
 # Check lint of project setup on file .golangci.yml
 lint:
     ifeq ($(wildcard $(GOCILINT)), $(GOCILINT))
-#		$(GOCILINT) run -v --timeout=2m -c .golangci.yml ./... # not implemented lint equals of the horusec
-		$(GOCILINT) run -v --timeout=2m ./...
+		$(GOCILINT) run -v --timeout=2m -c .golangci.yml ./...
     else
 		curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.25.0
-#		$(GOCILINT) run -v --timeout=2m -c .golangci.yml ./...  # not implemented lint equals of the horusec
-		$(GOCILINT) run -v --timeout=2m ./...  # not implemented lint equals of the horusec
+		$(GOCILINT) run -v --timeout=2m -c .golangci.yml ./...
     endif
 
 # Run all tests of project but stop the execution on the first test fail