From def19be23013c109b9b7ba4281c402ff7595d000 Mon Sep 17 00:00:00 2001
From: andres-portainer <91705312+andres-portainer@users.noreply.github.com>
Date: Mon, 1 Sep 2025 14:44:45 -0300
Subject: [PATCH] fix(depguard): mitigate improper usage of openpgp BE-11977
 (#1122)

---
 .golangci.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.golangci.yaml b/.golangci.yaml
index 4e39f1a45..2036922a6 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -40,12 +40,16 @@ linters:
               desc: use github.com/portainer/portainer/pkg/libhttp
             - pkg: golang.org/x/crypto
               desc: golang.org/x/crypto is not allowed because of FIPS mode
+            - pkg: github.com/ProtonMail/go-crypto/openpgp
+              desc: github.com/ProtonMail/go-crypto/openpgp is not allowed because of FIPS mode
     forbidigo:
       forbid:
         - pattern: ^tls\.Config$
           msg: Use crypto.CreateTLSConfiguration() instead
         - pattern: ^tls\.Config\.(InsecureSkipVerify|MinVersion|MaxVersion|CipherSuites|CurvePreferences)$
           msg: Do not set this field directly, use crypto.CreateTLSConfiguration() instead
+        - pattern: ^object\.(Commit|Tag)\.Verify$
+          msg: "Not allowed because of FIPS mode"
       analyze-types: true
   exclusions:
     generated: lax