chore: change exception for gosec linter

.github/workflows/check-manifest-generation-diff.yaml

@@ -3,6 +3,10 @@ name: Check for diff after manifest and generated targets
 on:
   pull_request: {}
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   diff-check-manifests:
     name: Check for diff

api/v1alpha1/constants.go

@@ -2,7 +2,7 @@
 
 const (
 	// DefaultRegistryCertificateSecretName is the name of the of certificate secret for client and registry.
-	DefaultRegistryCertificateSecretName = "ocm-registry-tls-certs" // nolint:gosec // not a credential
+	DefaultRegistryCertificateSecretName = "ocm-registry-tls-certs" // #nosec G101 // not a credential
 )
 
 // Internal ExtraIdentity keys.
@@ -35,5 +35,5 @@
 // Ocm credential config key for secrets.
 const (
 	// OCMCredentialConfigKey defines the secret key to look for in case a user provides an ocm credential config.
-	OCMCredentialConfigKey = ".ocmcredentialconfig" // nolint:gosec // it isn't a cred
+	OCMCredentialConfigKey = ".ocmcredentialconfig" // #nosec G101 // not a credential
 )

pkg/oci/repository.go

@@ -143,8 +143,7 @@
 }
 
 func (c *Client) constructTLSRoundTripper() http.RoundTripper {
-	// nolint:gosec // must provide lower version for quay.io
-	tlsConfig := &tls.Config{}
+	tlsConfig := &tls.Config{} // #nosec G402 // must provide lower version for quay.io
 	caCertPool := x509.NewCertPool()
 	caCertPool.AppendCertsFromPEM(c.ca)