Preparing report...

Report for github.com/sigstore/cosign

(v1.13.6)

A+    Excellent!    Found 37 issues across 266 files

Tweet

gofmt100%

Gofmt formats Go programs. We run gofmt -s on your code, where -s is for the "simplify" command

No problems detected. Good job!


go_vet100%

go vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string.

No problems detected. Good job!


ineffassign100%

IneffAssign detects ineffectual assignments in Go code.

No problems detected. Good job!


gocyclo86%

Gocyclo calculates cyclomatic complexities of functions in Go source code. The cyclomatic complexity of a function is calculated according to the following rules: 1 is the base complexity of a function +1 for each 'if', 'for', 'case', '&&' or '||' Go Report Card warns on functions with cyclomatic complexity > 15.

    • cmd/cosign/cli/verify/verify.go
    • Line 78: warning: cyclomatic complexity 33 of function (*VerifyCommand).Exec() is high (> 15) (gocyclo)
    • Line 256: warning: cyclomatic complexity 28 of function PrintVerification() is high (> 15) (gocyclo)
    • pkg/cosign/verify.go
    • Line 771: warning: cyclomatic complexity 25 of function verifyImageAttestations() is high (> 15) (gocyclo)
    • Line 592: warning: cyclomatic complexity 19 of function VerifyImageSignature() is high (> 15) (gocyclo)
    • Line 222: warning: cyclomatic complexity 19 of function CheckCertificatePolicy() is high (> 15) (gocyclo)
    • pkg/sget/sget.go
    • Line 51: warning: cyclomatic complexity 17 of function (*SecureGet).Do() is high (> 15) (gocyclo)
    • pkg/oci/mutate/mutate_test.go
    • Line 153: warning: cyclomatic complexity 60 of function TestSignEntity() is high (> 15) (gocyclo)
    • Line 33: warning: cyclomatic complexity 26 of function TestAppendManifests() is high (> 15) (gocyclo)
    • cmd/cosign/cli/verify/verify_blob.go
    • Line 69: warning: cyclomatic complexity 47 of function VerifyBlobCmd() is high (> 15) (gocyclo)
    • Line 291: warning: cyclomatic complexity 19 of function verifyBlob() is high (> 15) (gocyclo)
    • Line 511: warning: cyclomatic complexity 17 of function verifyBundleMatchesData() is high (> 15) (gocyclo)
    • cmd/cosign/cli/sign/sign.go
    • Line 346: warning: cyclomatic complexity 26 of function signerFromKeyRef() is high (> 15) (gocyclo)
    • Line 126: warning: cyclomatic complexity 21 of function SignCmd() is high (> 15) (gocyclo)
    • Line 219: warning: cyclomatic complexity 19 of function signDigest() is high (> 15) (gocyclo)
    • pkg/oci/static/signature_test.go
    • Line 185: warning: cyclomatic complexity 35 of function TestNewAttestationBasic() is high (> 15) (gocyclo)
    • Line 30: warning: cyclomatic complexity 35 of function TestNewSignatureBasic() is high (> 15) (gocyclo)

license100%

Checks whether your project has a LICENSE file.

No problems detected. Good job!


misspell99%

Misspell Finds commonly misspelled English words

    • test/pkcs11_test.go
    • Line 26: warning: "overriden" is a misspelling of "overridden" (misspell)
    • Line 34: warning: "overriden" is a misspelling of "overridden" (misspell)