4f17f7ff81
BREAKING CHANGE: Die alte Shell-Version muss vor der Installation der Go-Version deinstalliert werden.
37 lines
814 B
YAML
37 lines
814 B
YAML
# AdGuard Shield CI - Security Scan
|
|
# Checks Go dependencies and reachable code for known vulnerabilities.
|
|
name: Security Scan
|
|
|
|
on:
|
|
pull_request:
|
|
branches: [master]
|
|
workflow_dispatch:
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
govulncheck:
|
|
name: Go Vulnerability Check
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: golang:1.26.2-alpine
|
|
|
|
steps:
|
|
- name: Install dependencies
|
|
run: apk add --no-cache git nodejs
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Go module cache
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: /go/pkg/mod
|
|
key: go-mod-${{ hashFiles('go.sum') }}
|
|
|
|
- name: Install govulncheck
|
|
run: go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
|
|
- name: Run govulncheck
|
|
run: govulncheck ./...
|