image-spec icon indicating copy to clipboard operation
image-spec copied to clipboard
verified publisher icon opencontainers

uploaded the security scan for golang github aciton

Open virajsabhaya23 opened this issue 2 months ago • 1 comments

Security vulnerability scan that can help go lang to check any threat safe.

virajsabhaya23 avatar Oct 20 '25 19:10 virajsabhaya23

I'm a (soft) -1 on this change:

  1. the schema module is not/barely maintained, so I wouldn't say it's exactly "security supported" (and it's a library, so any security issue in the deps would be trivial to bump downstream instead without us doing stricter deps in the library itself that are otherwise unnecessary bumps that violate Go's principle of "minimal version selection")

  2. the rest of the repository is essentially just a bunch of structs - if we've got a security issue in our imports there, we should remove it because it shouldn't be there :sweat_smile: (or again, can be bumped in downstream consumers)

tianon avatar Oct 23 '25 17:10 tianon