Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run govulncheck tool in CI #1368

Closed
xenowits opened this issue Oct 28, 2022 · 0 comments
Closed

Run govulncheck tool in CI #1368

xenowits opened this issue Oct 28, 2022 · 0 comments
Assignees
@LukeHackett12
Labels
protocol Protocol Team tickets

Comments

@xenowits
Copy link
Contributor

Problem to be solved

We wish to run the govulncheck tool as a github workflow triggered when a new pull request is raised. As quoted in the article, Go’s vulnerability detection package, vulncheck, aims to provide a low-noise, reliable way for Go users to learn about known vulnerabilities that may affect their projects.

Proposed solution

Create a new file security.yml under .github/workflows. Run the govulncheck tool which reports if the PR introduces any known vulnerability. The workflow fails if it finds any vuln although this github action doesn't hinder merging PRs by merge-when-ready if failed.

Out of Scope

None.
@thomasheremans thomasheremans added the protocol Protocol Team tickets label Jan 23, 2023
@corverroos corverroos mentioned this issue Jan 30, 2023
Merged
obol-bulldozer bot pushed a commit that referenced this issue Jan 30, 2023
@corverroos
github: add govulncheck action (#1714)
af213e7 
Adds a github action that executes vulncheck on every PR and every commit on main. 

category: misc
ticket: #1368
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LukeHackett12 LukeHackett12

Labels
protocol Protocol Team tickets
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@LukeHackett12 @corverroos @xenowits @thomasheremans