mirror of
https://github.com/Valkyrie00/bold-brew.git
synced 2026-03-22 17:54:39 +01:00
b9d380a16cAdd comprehensive security scanning to the project with vulnerability checks and static analysis tools.
53 lines
1 KiB
YAML
53 lines
1 KiB
YAML
name: Security
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
govulncheck:
|
|
name: Go Vulnerability Check
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.25'
|
|
|
|
- name: Install govulncheck
|
|
run: go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
|
|
- name: Run govulncheck
|
|
run: govulncheck ./...
|
|
|
|
gosec:
|
|
name: Security Scanner
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.25'
|
|
|
|
- name: Run Gosec Security Scanner
|
|
uses: securego/gosec@master
|
|
with:
|
|
args: '-no-fail -fmt sarif -out results.sarif ./...'
|
|
|
|
- name: Upload SARIF file
|
|
if: always()
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
sarif_file: results.sarif
|
|
|