From b1a00a9ae450f7c1ca9fb4a007a54f4b5836153c Mon Sep 17 00:00:00 2001 From: Ian Gregory Date: Fri, 7 Nov 2025 14:42:05 -0500 Subject: [PATCH] feat: add flag -exclude-analyzers --- cmd/gosec/main.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go index 63e0ffd9ae..e0ffbb7d79 100644 --- a/cmd/gosec/main.go +++ b/cmd/gosec/main.go @@ -106,6 +106,9 @@ var ( // rules to explicitly exclude flagRulesExclude = vflag.ValidatedFlag{} + // exclude Analyzer-based rules + flagExcludeAnalyzers = flag.Bool("exclude-analyzers", false, "Exclude rules that require SSA analysis, which improves performance considerably") + // rules to explicitly exclude flagExcludeGenerated = flag.Bool("exclude-generated", false, "Exclude generated files") @@ -252,8 +255,12 @@ func loadRules(include, exclude string) rules.RuleList { return rules.Generate(*flagTrackSuppressions, filters...) } -func loadAnalyzers(include, exclude string) *analyzers.AnalyzerList { +func loadAnalyzers(include, exclude string, excludeAnalyzers bool) *analyzers.AnalyzerList { var filters []analyzers.AnalyzerFilter + if excludeAnalyzers { + logger.Println("Excluding all analyzers") + filters = append(filters, analyzers.NewAnalyzerFilter(false)) + } else { if include != "" { logger.Printf("Including analyzers: %s", include) including := strings.Split(include, ",") @@ -268,6 +275,7 @@ func loadAnalyzers(include, exclude string) *analyzers.AnalyzerList { filters = append(filters, analyzers.NewAnalyzerFilter(true, excluding...)) } else { logger.Println("Excluding analyzers: default") + } } return analyzers.Generate(*flagTrackSuppressions, filters...) } @@ -436,7 +444,7 @@ func main() { ruleList := loadRules(includeRules, excludeRules) - analyzerList := loadAnalyzers(includeRules, excludeRules) + analyzerList := loadAnalyzers(includeRules, excludeRules, *flagExcludeAnalyzers) if len(ruleList.Rules) == 0 && len(analyzerList.Analyzers) == 0 { logger.Fatal("No rules/analyzers are configured")