+++ This bug was initially created as a clone of Bug #1830361 +++ Description of problem: gosec has proved to be a problematic tool for code analysis. It should not be used in merge-blocking jobs Version-Release number of selected component (if applicable): 4.2.0 --- Additional comment from Adam Kaplan on 2020-05-01 18:08:25 UTC --- Marking VERIFIED - we merged this before 4.4.0 feature freeze. https://github.com/openshift/cluster-image-registry-operator/pull/435
@Adam I saw it's a issue to remove gosec tool for code analysis, could we verify this directly as bug #1830361?
https://github.com/openshift/cluster-image-registry-operator/blob/release-4.3/Makefile#L27 No verify-sec now ^^
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2006