Update gosec.yml

stenya · web-flow · commit da72c270a001 · 2024-09-09T11:07:25.000+03:00
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
@@ -21,7 +21,8 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v4
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
+        #uses: securego/gosec@master 
+        uses: securego/gosec@2.20.0 #TODO: Use gosec@master. This is temporary because the latest version (2.21.1) has SARIF format compatibility issues with GitHub.
         with:
           # we let the report trigger content trigger a failure using the GitHub Security features.
           args: '-exclude=G104,G307 -no-fail -fmt sarif -out results.sarif ./...'
