gosec: global options are not being honored

[bcho]

Welcome

• Yes, I'm using a binary release within 2 latest major releases. Only such installations are supported.
• Yes, I've searched similar issues on GitHub and didn't find any.
• Yes, I've included all information below (version, config, etc.).
• Yes, I've tried with the standalone linter if available (e.g., gocritic, go vet, etc.). (https://golangci-lint.run/usage/linters/)

Description of the problem

In the official document https://golangci-lint.run/usage/linters#gosec , it says user can set the global option via config.global block. However, the settings under global section are not being honored.

We can reproduce with following settings:

linters-settings:
  gosec:
    config:
      global:
        nosec: true

Code:

//golangcitest:args -Egosec
//golangcitest:config_path testdata/configs/gosec_global_option.yml
package testdata

import (
	"crypto/md5" // want "G501: Blocklisted import crypto/md5: weak cryptographic primitive"
	"log"
)

func Gosec() {
	// #nosec G401
	h := md5.New() // want "G401: Use of weak cryptographic primitive"
	log.Print(h)
}

Version of golangci-lint

$ golangci-lint --version
golangci-lint has version 1.50.1 built from 8926a95f on 2022-10-22T10:50:47Z

I believe this issue affects all versions.

Configuration file

$ cat .golangci.yml
# paste output here

See above.

Go environment

$ go version && go env
# paste output here

Verbose output of running

$ golangci-lint cache clean
$ golangci-lint run -v
# paste output here

Code example or link to a public repository

// add your code here

[boring-cyborg]

Hey, thank you for opening your first Issue ! 🙂 If you would like to contribute we have a guide for contributors.