Skip to content

Commit 15c9b2a

Browse files
committed
CI: govulncheck
1 parent 14bc5df commit 15c9b2a

1 file changed

Lines changed: 39 additions & 0 deletions

File tree

.github/workflows/govulncheck.yml

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
---
2+
name: Check for Vulnerabilities
3+
4+
on:
5+
pull_request:
6+
branches:
7+
- master
8+
push:
9+
branches:
10+
- master
11+
schedule:
12+
- cron: "0 9 * * 1"
13+
14+
permissions:
15+
contents: read
16+
security-events: write
17+
18+
jobs:
19+
check-for-vulnerabilities:
20+
name: Check for Vulnerabilities
21+
runs-on: ubuntu-latest
22+
23+
steps:
24+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
25+
26+
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
27+
with:
28+
go-version-file: 'go.mod'
29+
30+
- name: Run govulncheck and save to file
31+
run: go run golang.org/x/vuln/cmd/govulncheck@latest -format sarif ./... > govulncheck.sarif
32+
env:
33+
GOEXPERIMENT: jsonv2
34+
35+
- name: Upload SARIF File
36+
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
37+
with:
38+
sarif_file: govulncheck.sarif
39+
category: govulncheck

0 commit comments

Comments
 (0)