Skip to content

Vulnerability Check #73

Vulnerability Check

Vulnerability Check #73

Workflow file for this run

name: Vulnerability Check
on:
schedule:
- cron: '0 06 * * 0' # 6am UTC on Sundays
workflow_dispatch:
jobs:
vulnerability-scans:
name: Run vulnerability scans
runs-on: ubuntu-latest
env:
RELEASE_GO_VER: "1.23"
steps:
- name: Check out code
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: "Set up Go"
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: "${{ env.RELEASE_GO_VER }}"
check-latest: true
# intentionally not pinned to always run the latest scanner
- name: "Install govulncheck"
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
- name: "Run govulncheck"
run: |
govulncheck ./...
# intentionally not pinned to always run the latest scanner
- name: "Install OSV Scanner"
run: |
go install github.com/google/osv-scanner/cmd/osv-scanner@latest
- name: "Run OSV Scanner"
run: |
osv-scanner scan --config .osv-scanner.toml -r --experimental-licenses="Apache-2.0,BSD-2-Clause,BSD-3-Clause,ISC,MIT,CC-BY-SA-4.0,UNKNOWN" .