You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* ci: Tier 1 OSS security scanners
CodeQL (security-extended) + Dependabot (gomod + actions) +
govulncheck + OSV-Scanner. 100% free for public repos.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* ci: scanner workflows clone needed sibling repos
The Tier 1 CodeQL + govulncheck workflows failed on PR #5 because
cli uses replace directives for sibling repos that weren't cloned.
Fix: each workflow now checks out cli into ./cli, plus clones the
public sibling repos cli actually depends on (per its go.mod).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* chore(go): bump toolchain to 1.25.10 — fixes reachable stdlib CVEs
govulncheck on PR #5 flagged Go-stdlib vulnerabilities reachable
from cli code paths. All fixed in Go 1.25.9–1.25.10.
Also merges any in-flight master commits onto the scanner-install
branch.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
0 commit comments