Gosec check failing

[michael-valdron]

Which area this feature is related to?

/kind bug

Which area this bug is related to?

/area ci
/area registry

What versions of software are you using?

Go project

Operating System and version: N/A

Go Pkg Version: 1.17

Describe the bug:

Newest release of gosec now require golang version 1.19 which breaks the CI check in devfile/registry-support.

To Reproduce:

Run "CI / Check go tools build (push)" workflow.

Expected behavior

Should perform the gosec check without dependency errors.

Any logs, error output, screenshots etc? Provide the devfile that sees this bug, if applicable

Run export PATH=$PATH:$(go env GOPATH)/bin
go: downloading github.com/securego/gosec/v2 v2.15.0
go: downloading github.com/securego/gosec v0.0.0-20200401082031-e946c8c39989
go: downloading golang.org/x/tools v0.5.0
go: downloading github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354
go: downloading github.com/google/uuid v1.3.0
go: downloading github.com/gookit/color v1.5.2
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading golang.org/x/sys v0.4.0
go: downloading github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778
go: downloading golang.org/x/mod v0.7.0
# github.com/securego/gosec/v2/rules
Error: ../../../go/pkg/mod/github.com/securego/gosec/v2@v2.15.0/rules/readfile.go:29:17: undefined: any
Error: ../../../go/pkg/mod/github.com/securego/gosec/v2@v2.15.0/rules/readfile.go:63:11: assignment mismatch: 2 variables but 1 value
Error: ../../../go/pkg/mod/github.com/securego/gosec/v2@v2.15.0/rules/readfile.go:135:19: undefined: any
note: module requires Go 1.19
Error: Process completed with exit code 2.

Additional context

Any workaround?

N/A

Suggestion on how to fix the bug

Change https://github.com/devfile/registry-support/blob/e2d3dd6b30f37b34d9e1701d81ba3ab38db0cbb7/.github/workflows/ci.yaml#L34 to use gosec 2.14: go install github.com/securego/gosec/v2/cmd/gosec@v2.14.0