Add actions for vulnerability scans

aws · Oct 26, 2023 · 99c340c · 99c340c
1 parent 76d57f2
commit 99c340c
Showing 1 changed file with 42 additions and 0 deletions.
diff --git a/.github/workflows/vulnerability.yml b/.github/workflows/vulnerability.yml
@@ -0,0 +1,42 @@
+name: "Vulnerability scan"
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    # every day at 7am UTC
+    - cron: '0 7 * * *'
+permissions:
+  contents: read
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v3
+  govulncheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
+      - name: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          repo-checkout: false
+          go-version-file: go.mod
+      - name: govulncheck for release module
+        uses: golang/govulncheck-action@v1
+        with:
+          repo-checkout: false
+          work-dir: release
+          go-version-file: release/go.mod