Add vulnerability checking to the CI pipelines

[trstringer]

Please describe the Improvement and/or Feature Request

Our CI pipeline should be actively checking for Go vulnerabilities with the newly announced govulncheck tooling to catch issues as soon as possible.

Scope (please mark with X where applicable)

• CI System [X]

Possible use cases

CI vulnerability checking.

[github-actions[bot]]

Added default label kind/needed. Please consider re-labeling this issue appropriately.

[lam-man]

@trstringer I think this is not taken yet. Would you mind assigning it to me?

[keithmattix]

Thanks for your willingness to tackle this! You're now assigned to the issue 👍🏾

[lam-man]

Thanks @keithmattix !

[lam-man]

Progress update: Figured out how to run the Go vulnerability check in GitHub Action. However, the GitHub Action job I created always got killed by GitHub Actions when running the command govulncheck ./.... I am trying to resolve this. Thanks!

[lam-man]

• Result update: I think this issue is blocked due to the memory limitation of our CI environment (VM for Github Actions).
  • Free memory of VM using free -m :

                total        used        free      shared  buff/cache   available
  Mem:           6943         623         936          12        5384        6009
  Swap:          4095           0        4095
  

• Suggestion: Increase the memory limit for Github Action VMs.
• Details:
  • The first thought I had is that govulncheck will check modules parallelly and consume more memory than expected. I then ran the command govulncheck module by module. However, I found the memory limitation still cause the issue. For some module, the command allocated more than 12 GB memory. The total available in the CI environment is about 11 GB (~7GB RAM + ~4GB SWAP). That is why the CI job always got killed with out of memory error.

@keithmattix @trstringer