You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
Golang Vulncheck
v0.0.5
Performs vulnerability scan using govulncheck and afterwards uploads it as Sarif Report to Github
For a full list of currently known limitations please head over to here. Listed below are an important overview.
- Govulncheck only reads binaries compiled with Go 1.18 and later.
- Govulncheck only reports vulnerabilities that apply to the current Go build system and configuration (GOOS/GOARCH settings).
name: My Workflow
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Running govulncheck
uses: Templum/govulncheck-action@<version>
with:
go-version: 1.18
vulncheck-version: latest
package: ./...
github-token: ${{ secrets.GITHUB_TOKEN }}| Input | Description |
|---|---|
go-version (optional) |
Version of Go used for scanning the code, should equal your runtime version. Defaults to 1.19 |
vulncheck-version (optional) |
Version of govulncheck that should be used, by default latest |
package (optional) |
The package you want to scan, by default will be ./... |
github-token (optional) |
Github Token to upload sarif report. Needs write permissions for security_events |
⚠️ Please be aware that go-version should be a valid tag name for the golang dockerhub image.
🔒 Please be aware if the token is not specified it uses
github.tokenfor more details on that check those docs