Security Checks

Another common use case for continuous integration is static security checks. These are checks that can be run on your code to find potential security vulnerabilities.

There are many products out there that do this sort of thing. One of the most popular open-source ones is Gosec.

Install Gosec

go install github.com/securego/gosec/v2/cmd/gosec@latest

Run Gosec

To run gosec on the entire Notely codebase, run this from the root of the project:

gosec ./...

You should see a few unhandled errors! That's okay. Don't fix them yet.

Run and submit the CLI tests from the root of your repo.

The Boot.dev CLI requires you to be signed in to submit your solution!

Copy/paste one of the following commands into your terminal:

Run

bootdev run a9027b1f-e5d7-4ece-8a3b-11292a882acc

Submit

bootdev run a9027b1f-e5d7-4ece-8a3b-11292a882acc -s

To run and submit the tests for this lesson, you must have an active Boot.dev membership

Using the Bootdev CLI

The Bootdev CLI is the only way to submit your solution for this type of lesson. We need to be able to run commands in your environment to verify your solution.

You can install it here. It's a Go program hosted on GitHub, so you'll need Go installed as well. Instructions are on the GitHub page.