From c714532243f876a326f542467a72dec410a4dc85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Mon, 22 Jul 2024 08:08:27 +0200 Subject: [PATCH 1/2] Use sarif output of golang.org/x/vuln/cmd/govulncheck --- .github/workflows/security.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index dddcefa..a28720c 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -42,4 +42,8 @@ jobs: - name: Install govulncheck run: go install golang.org/x/vuln/cmd/govulncheck@latest - name: Run govulncheck - run: govulncheck ./... + run: govulncheck -format sarif ./... >results.sarif + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif From 180961b6ee9ea3c480c8af4add5e131128aeeedb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Mon, 22 Jul 2024 08:48:08 +0200 Subject: [PATCH 2/2] Use golang/govulncheck-action --- .github/workflows/security.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index a28720c..7d264a8 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -39,10 +39,14 @@ jobs: uses: WillAbides/setup-go-faster@v1.14.0 with: go-version-file: go.mod - - name: Install govulncheck - run: go install golang.org/x/vuln/cmd/govulncheck@latest - - name: Run govulncheck - run: govulncheck -format sarif ./... >results.sarif + - id: govulncheck + uses: golang/govulncheck-action@master + with: + govulncheck-action: go.mod + output-format: sarif + output-file: results.sarif + - name: Fix SARIF format + run: yq --inplace --output-format json '.runs |= map ({"results":[]} + .)' results.sarif - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v3 with: