Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: run govulncheck before allowing progression #58

Draft
wants to merge 1 commit into
base: dev
Choose a base branch
from
Draft

Conversation

efd6
Copy link
Collaborator

@efd6 efd6 commented Apr 17, 2024

This adds social pressure to keep this up to date with published vulnerabilities.

Please take a look.

@efd6 efd6 added enhancement New feature or request Team:Security-External Integrations Label for the Security External Integrations team labels Apr 17, 2024
@efd6 efd6 requested a review from a team April 17, 2024 01:42
@efd6 efd6 self-assigned this Apr 17, 2024
@efd6 efd6 marked this pull request as ready for review April 17, 2024 01:44
@@ -23,6 +23,10 @@ jobs:
- name: Checkout code
uses: actions/checkout@v2

- name: govulncheck
run: |
go run golang.org/x/vuln/cmd/govulncheck@latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are there ever published vulnerabilities in their database that do not have fixes yet? If yes, that could block devs from making this check pass.

An alternative could be to put this into its own job which is a required merge check. (I have no idea any checks are required today in this repo.)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a potential for that. This is something that I was thinking about yesterday. There is an open issue to add exclusions to be ignored. I had a look at implementing that and I may do that in the coming weeks. I'll leave this for now.

@efd6 efd6 marked this pull request as draft April 18, 2024 21:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request Team:Security-External Integrations Label for the Security External Integrations team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants