Potential security issues with EdgeX
Alexandre Courouble <acourouble@...>
Gosec (https://github.com/securego/gosec) is a tool that parses the source code and looks for security anti-patterns.
We ran gosec against the EdgeX-go source code and uncovered a series of potential vulnerabilities including but not limited to:
I’ve attached the gosec output to this email.
Do these vulnerabilities seem critical to you? If so, we would love to contribute fixes.
We would like to know how we should proceed further?
Potentially we could integrate gosec into the build pipeline.
Member of Technical Staff – Open Source Engineer
VMware Open Source Technology Center