README
¶
Golang Vulncheck
Performs vulnerability scan using govulncheck and afterwards uploads it as Sarif Report to Github
ℹ Limitations of govulncheck ℹ
For a full list of currently known limitations please head over to here. Listed below are an important overview.
- Govulncheck only reads binaries compiled with Go 1.18 and later.
- Govulncheck only reports vulnerabilities that apply to the current Go build system and configuration (GOOS/GOARCH settings).
📚 Useful links & resources on govulncheck 📚
Usage
Example Workflow
name: My Workflow
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Running govulncheck
uses: Templum/govulncheck-action@<version>
with:
go-version: 1.18
vulncheck-version: latest
package: ./...
github-token: ${{ secrets.GITHUB_TOKEN }}
Inputs
| Input | Description |
|---|---|
go-version (optional) |
Version of Go used for scanning the code, should equal your runtime version. Defaults to 1.19 |
vulncheck-version (optional) |
Version of govulncheck that should be used, by default latest |
package (optional) |
The package you want to scan, by default will be ./... |
github-token (optional) |
Github Token to upload sarif report. Needs write permissions for security_events |
âš Please be aware that go-version should be a valid tag name for the golang dockerhub image.
🔒 Please be aware if the token is not specified it uses
github.tokenfor more details on that check those docs
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.