| name | Create New Gosec Rule |
| description | Propose and implement a new generic gosec rule from a Go security issue description. |
Create a new gosec rule from issue description
Use this skill when you want to design and implement a new gosec rule based on a Go security issue report.
Required input
Provide the issue description using this structure:
Summary
Steps to reproduce the behavior
gosec version
Go version (output of 'go version')
Operating system / Environment
<os, architecture, and relevant environment details>
Expected behavior
Actual behavior
Execution workflow
- Analyze the current source code of gosec, with emphasis on existing analyzers (SSA and taint) and current rules.
- Think deeply and propose the best implementation approach for this issue.
- Prefer an SSA-based analyzer over an AST-based rule when feasible.
- Assess whether this issue is still relevant for supported Go versions (Go 1.25 and Go 1.26).
- Propose a candidate rule ID and stop. Ask for confirmation before implementation.
After confirmation, implement end-to-end:
- Implement the analyzer or rule with idiomatic Go and maintainable structure.
- Optimize for performance (avoid unnecessary repeated AST or SSA traversals).
- Select an appropriate CWE aligned with current repository mappings.
- Integrate the rule in all required registration points.
- Add sample file(s) in testutils following existing conventions:
- At least 2 positive samples (issue must trigger)
- At least 2 negative samples (issue must not trigger)
- Update rule documentation in README.md in the same style as other rules.
- Validate the change:
- Build succeeds
- Relevant tests pass
- golangci-lint is clean for new code
- Rule works against a sample file with the gosec CLI
Output requirements
- First response must only contain:
- Proposed rule ID
- Approach recommendation (SSA / taint / AST with rationale)
- Relevance assessment for Go 1.25 and 1.26
- A request for user confirmation
- Do not start implementation until confirmation is provided.
