go-consistent icon indicating copy to clipboard operation
go-consistent copied to clipboard
verified publisher icon quasilyte

Add workflow govulncheck to detect vulnerabilitied

Open peczenyj opened this issue 1 year ago • 4 comments

GitHub Action for govulncheck

https://github.com/golang/govulncheck-action

peczenyj avatar Apr 18 '24 14:04 peczenyj

@cristaloleg do you know anything about this dependency review action?

quasilyte avatar Apr 18 '24 15:04 quasilyte

My 2c: I prefer verifying Go code via govulncheck https://go.dev/blog/govulncheck (by example https://github.com/cristalhq/.github/blob/main/.github/workflows/vuln.yml) and nothing else.

Also, I don't check Github Actions deps 'cause it's mostly checkout my code and install Go.

cristaloleg avatar Apr 18 '24 15:04 cristaloleg

Official govulncheck Github Action https://github.com/golang/govulncheck-action

cristaloleg avatar Apr 18 '24 15:04 cristaloleg

how about now?

peczenyj avatar Apr 18 '24 16:04 peczenyj