-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(ci): add govulncheck step to depedency-review #2752
chore(ci): add govulncheck step to depedency-review #2752
Conversation
Hey @hairyhum. Please have a look at this and let me know if any changes are to be made |
Hi, Thanks for the PR. I realize It would be good if in a first step By the way, the Github Action https://github.com/golang/govulncheck-action is marked experimental at this point. I'm not sure if that's a serious impediment, on the other hand running the command directly on the build images might create a more realistic scan speaking about vulnerabilities that depend on the Go version in actual use. Also since it has a [1] https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Limitations |
Hi @psilva-veeam. Thank you for bringing up the continue-on-error: true feature. It sounds like incorporating this option should address the issue of pipeline blocking due to govulncheck findings. Your insight is much appreciated! I'll proceed to implement this change in the upcoming commit. Thanks again for your helpful suggestion! |
d174d4c
to
f22113f
Compare
Hey @psilva-veeam. Do you suggest we use the |
The @psilva-veeam @hairyhum @pavannd1 any objection with adding this as part of the CI workflow? |
I see, my from side sounds good to use the |
07d6d67
to
d328c27
Compare
Change Overview
Pull request type
Please check the type of change your PR introduces:
Issues
Changes