Skip to content

govulncheck

govulncheck #224

Workflow file for this run

# GitHub Actions workflow for govulncheck.
# This file is licensed under MIT License.
# Copied from https://github.com/fxamacker/cbor
name: govulncheck
# Revoke default permissions and grant what's needed in each job.
permissions: {}
on:
workflow_dispatch:
schedule:
# Run at least once daily because vulnerability database might be updated.
- cron: '30 15 * * *'
pull_request:
paths:
- '**'
- '!**.md'
push:
paths:
- '**'
- '!**.md'
branches:
- 'main'
- 'release*'
tags:
- 'v*'
jobs:
vulncheck:
runs-on: ubuntu-latest
permissions:
# Grant permission to read content.
contents: read
steps:
- name: Checkout source
uses: actions/checkout@v3
with:
fetch-depth: 1
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.20.x
check-latest: true
- name: Install latest from golang.org
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run govulncheck
# Use -v flag to print a full call stack for each vulnerability found.
run: govulncheck -v ./...