Merge pull request #340 from arnested/govulncheck-sarif

Use sarif output of golang.org/x/vuln/cmd/govulncheck

.github/workflows/security.yml

@@ -39,7 +39,15 @@ jobs:
         uses: WillAbides/setup-go-faster@v1.14.0
         with:
           go-version-file: go.mod
-      - name: Install govulncheck
-        run: go install golang.org/x/vuln/cmd/govulncheck@latest
-      - name: Run govulncheck
-        run: govulncheck ./...
+      - id: govulncheck
+        uses: golang/govulncheck-action@master
+        with:
+          govulncheck-action: go.mod
+          output-format: sarif
+          output-file: results.sarif
+      - name: Fix SARIF format
+        run: yq --inplace --output-format json '.runs |= map ({"results":[]} + .)' results.sarif
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif