diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index b50e423..164fdb6 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -16,7 +16,6 @@ jobs: matrix: target: - govulncheck - - osv-scanner steps: - uses: actions/checkout@v3 - name: Set up Go @@ -34,17 +33,11 @@ jobs: matrix: target: - npm-audit - - osv-scanner steps: - uses: actions/checkout@v3 - name: Use Node.js uses: actions/setup-node@v3 with: node-version: 18 - - name: Set up Go - if: matrix.target == 'osv-scanner' - uses: actions/setup-go@v4 - with: - go-version: '1.20' - name: Scan run: make scan-node-${{ matrix.target }} diff --git a/Makefile b/Makefile index 24b379c..92c2e3c 100644 --- a/Makefile +++ b/Makefile @@ -41,20 +41,15 @@ golangci-lint: $(go_bin_dir)/golangci-lint scan: scan-go scan-node .PHONEY: scan-go -scan-go: scan-go-govulncheck scan-go-osv-scanner +scan-go: scan-go-govulncheck .PHONEY: scan-go-govulncheck scan-go-govulncheck: go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck '$(base_dir)/...' -.PHONEY: scan-go-osv-scanner -scan-go-osv-scanner: - go install github.com/google/osv-scanner/cmd/osv-scanner@latest - osv-scanner --lockfile='$(base_dir)/go.mod' - .PHONEY: scan-node -scan-node: scan-node-npm-audit scan-node-osv-scanner +scan-node: scan-node-npm-audit .PHONEY: scan-node-npm-audit scan-node-npm-audit: @@ -62,13 +57,6 @@ scan-node-npm-audit: npm install --package-lock-only && \ npm audit --omit=dev -.PHONEY: scan-node-osv-scanner -scan-node-osv-scanner: - go install github.com/google/osv-scanner/cmd/osv-scanner@latest - cd "$(node_dir)/admin" && \ - npm install --package-lock-only && \ - osv-scanner --lockfile=package-lock.json - .PHONEY: escapes_detect escapes_detect: @go build -gcflags="-m -l" ./... 2>&1 | grep "escapes to heap" || true