The CSM services/repositories are inspected for security vulnerabilities via gosec.
Every issue detected by gosec is mapped to a CWE (Common Weakness Enumeration) which describes in more generic terms the vulnerability. The exact mapping can be found at https://github.com/securego/gosec in the issue.go file. The list of rules checked by gosec can be found here.
In addition to this, there are various security checks that get executed against a branch when a pull request is created/updated. Please refer to pull request for more information.
Have you discovered a security vulnerability in this project? We ask you to alert the maintainers by sending an email, describing the issue, impact, and fix - if applicable.
You can reach the CSM maintainers at [email protected].