platform-compat
gosec
platform-compat | gosec | |
---|---|---|
23 | 20 | |
249 | 7,490 | |
- | 1.1% | |
1.2 | 8.7 | |
over 3 years ago | 3 days ago | |
C# | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
platform-compat
-
KeePass flaw allows retrieval of master password
DotNet offers the SecureString class to keep a string encrypted in Memory, but as long as the OS does not natively support this concept, the only advantage is that it resides in memory for a shorter time, the disadvantage is that SecureStrings are easier to search for.
- System.Net.Mail.SmtpClient is not recommended anymore; what is the alternative?
-
Bitwarden PINs can be brute-forced
Note the KeePass's resistance to the attack mentioned depends on the security of .NET's secure string, which, here's what Microsoft has to say about it (https://github.com/dotnet/platform-compat/blob/master/docs/D...)
As for KeePassXC, last I checked it didn't even bother.
-
Ever Find A Dead Man's Switch On A Network/Domain?
TIL. Looks like the deprecation note recommends MailKit.
-
Disabilities and Windows Passwords
Well of course, but it does have to be passed to the module that generates the hashes AD uses in the first place. And as I said, the standard password reset screen is bound to store the password in plain text somewhere as well.
-
Embedded logo in HTML email sent from PowerShell
This won’t help you with your question, but I figured I should warn against using send-mailmessage.
-
Alternative to PowerShell cmdlet 'send-mailmessage'
points you here.
-
API pagination help?
Some of the reasons for not using Hashtable or other non-generic collection types are outlined here. That's why Microsoft doesn't recommend their usage in new implementations across all of its API documentation.
- How to deal with credentials in automated scripts?
-
pfSense configuration backup
And if you really want to be secure you need to something better than a SecureString: https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md
gosec
-
Secure Randomness in Go 1.22
For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`
https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...
-
Top 10 Snyk Alternatives for Code Security
6. Gosec
-
Safety in Go
You can (and definitely should!) also use gosec.
-
We have getrandom at home
The crypto source in Go is great, no complaints there. Lints like gosec even recommend using it when generating crypto entropy. Go did a good job here, and I expect Rust will do the same sometime after getrandom reaches 1.0 so the API questions are settled, plus whatever makes sense for the future-proofing the standard library needs.
-
any open source that checks security vulnerabilities in code?
i think there's https://github.com/securego/gosec linter
-
Goast: Generic static analysis for Go Abstract Syntax Tree by OPA/Rego
Various static analysis tools are available for the Go language, and existing static analysis tools can check general best practices. For example, gosec is a tool to check secure Go coding, and I use it myself. However, coding rules in software development are not only based on best practices, but can also be software- or team-specific. For example
-
Vulnerability Management for Go
What's the difference between this a https://github.com/securego/gosec?
-
Github template for Golang services
A github actions workflow is provided to run go fmt, vet, test and gosec. An initial configuration for dependabot is also provided.
- gosec
-
What tools exists, or you recommend, for code review, quality and/or security review
Besides what was mentioned, we use : staticcheck.io and https://github.com/securego/gosec
What are some alternatives?
envchain - Environment variables meet macOS Keychain and gnome-keyring <3
golangci-lint - Fast linters runner for Go
ImportExcel - PowerShell module to import/export Excel spreadsheets, without Excel
gokart - A static analysis tool for securing Go code
envconsul - Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.
go-tools - Staticcheck - The advanced Go linter
MailKit - A cross-platform .NET library for IMAP, POP3, and SMTP.
pre-commit-golang - Pre-commit hooks for Golang with support for monorepos, the ability to pass arguments and environment variables to all hooks, and the ability to invoke custom go tools.
distrobuilder - System container image builder for LXC and Incus
docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
AngleSharp - :angel: The ultimate angle brackets parser library parsing HTML5, MathML, SVG and CSS to construct a DOM based on the official W3C specifications.
rustsec - RustSec API & Tooling