From e90b626746b327135d67aeba57c6c786de37d8ba Mon Sep 17 00:00:00 2001
From: Nic Manoogian <nic.manoogian@doppler.com>
Date: Mon, 19 Aug 2024 16:31:24 -0400
Subject: [PATCH 1/3] Update federacy/scan-action to v0.1.5 and add Salus
 config

---
 .github/workflows/salus.yaml |  4 +++-
 salus-config.yaml            | 27 +++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 salus-config.yaml

diff --git a/.github/workflows/salus.yaml b/.github/workflows/salus.yaml
index a8af62f..fa07721 100644
--- a/.github/workflows/salus.yaml
+++ b/.github/workflows/salus.yaml
@@ -15,7 +15,9 @@ jobs:
       run: ./hack/inject-nosec.sh
     - name: Salus Scan
       id: salus_scan
-      uses: federacy/scan-action@0.1.2
+      uses: federacy/scan-action@0.1.5
+      env:
+        SALUS_CONFIGURATION: "file://salus-config.yaml"
       with:
         report_uri: file://./salus-report.txt
         report_format: txt
diff --git a/salus-config.yaml b/salus-config.yaml
new file mode 100644
index 0000000..6759e81
--- /dev/null
+++ b/salus-config.yaml
@@ -0,0 +1,27 @@
+# https://github.com/coinbase/salus/blob/master/docs/configuration.md
+
+# Used in the report to identify the project being scanned.
+project_name: Doppler-Kubernetes-Operator
+
+# Defines where to send Salus reports and in what format.
+reports:
+  - uri: file://salus-report.txt
+    format: txt
+
+# All scanners to execute, or the String value "all"/"none"
+active_scanners:
+  - Gosec
+  - PatternSearch
+  - RepoNotEmpty
+  - GoVersionScanner
+  - GoPackageScanner
+  - ReportGoDep
+  - Trufflehog
+
+# All scanners that will exit non-zero if they fail, or the String value "all"/"none"
+enforced_scanners: "all"
+
+scanner_configs:
+  GoVersionScanner:
+    error:
+      min_version: "1.22.0"

From c8187c96a046ad0dc0e26d465d902f3013502807 Mon Sep 17 00:00:00 2001
From: Nic Manoogian <nic.manoogian@doppler.com>
Date: Mon, 19 Aug 2024 18:01:12 -0400
Subject: [PATCH 2/3] Update golang to v1.22

---
 .github/workflows/release.yml | 2 +-
 Dockerfile                    | 2 +-
 go.mod                        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 19bf9d2..8f83d3f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -45,7 +45,7 @@ jobs:
 
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.20"
+          go-version: "1.22"
 
       - name: Generate Helm Chart and Recommended YAML
         run: make dist charts
diff --git a/Dockerfile b/Dockerfile
index 2d1bfcd..02a6e89 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.20 as builder
+FROM golang:1.22 as builder
 
 ARG CONTROLLER_VERSION
 ARG TARGETOS
diff --git a/go.mod b/go.mod
index 17f1b2b..3c1d357 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/DopplerHQ/kubernetes-operator
 
-go 1.20
+go 1.22
 
 require (
 	github.com/go-logr/logr v0.3.0

From e25ddc460837d1eb53bee4582474600c9c470e19 Mon Sep 17 00:00:00 2001
From: Nic Manoogian <nic.manoogian@doppler.com>
Date: Mon, 19 Aug 2024 18:15:31 -0400
Subject: [PATCH 3/3] Add gosec ignore for body close

---
 pkg/api/api.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/api/api.go b/pkg/api/api.go
index 45d8346..b67b09b 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -100,6 +100,8 @@ func PerformRequest(context APIContext, req *http.Request) (*APIResponse, *APIEr
 	if err != nil {
 		return nil, &APIError{Err: err, Message: "Unable to load response"}
 	}
+
+	// #nosec G307
 	defer r.Body.Close()
 
 	body, err := ioutil.ReadAll(r.Body)