Skip to content

Commit 03dd391

Browse files
aramasearamase
committed
ci: add govulncheck
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
1 parent 4ab55c1 commit 03dd391

File tree

1 file changed

+30
-0
lines changed

1 file changed

+30
-0
lines changed

.github/workflows/scan-vulns.yaml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
name: scan_vulns
2+
3+
on:
4+
push:
5+
paths-ignore:
6+
- "docs/**"
7+
- "**.md"
8+
pull_request:
9+
paths-ignore:
10+
- "docs/**"
11+
- "**.md"
12+
13+
permissions: read-all
14+
15+
jobs:
16+
govulncheck:
17+
name: "Run govulncheck"
18+
runs-on: ubuntu-22.04
19+
timeout-minutes: 15
20+
steps:
21+
- name: Harden Runner
22+
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
23+
with:
24+
egress-policy: audit
25+
26+
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
27+
with:
28+
go-version: "1.21"
29+
check-latest: true
30+
- uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2

0 commit comments

Comments
 (0)