Skip to content

Merge pull request #13 from piyushdatazip/main #8

Merge pull request #13 from piyushdatazip/main

Merge pull request #13 from piyushdatazip/main #8

Workflow file for this run

name: Go Security CI
on:
push:
branches:
- "master"
pull_request:
branches:
- "*"
workflow_dispatch:
inputs:
logLevel:
description: "Log level"
required: true
default: "warning"
jobs:
govulncheck:
name: govulncheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
check-latest: "true"
go-version: "1.21.x"
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run vulnerability checks
run: govulncheck ./...
gosec:
name: GoSec Security Scanner
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
check-latest: "true"
go-version: "1.21.x"
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: ./...
trivy:
name: trivy
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
exit-code: '1'
scan-type: 'fs'
scan-ref: './'
severity: 'HIGH,CRITICAL'