-
Notifications
You must be signed in to change notification settings - Fork 0
41 lines (34 loc) · 1.14 KB
/
vuln-scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: Vulnerability Scan
on:
schedule:
- cron: '0 5 * * *'
workflow_dispatch:
permissions:
security-events: write
jobs:
scan:
name: Run govulncheck
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.23.6'
check-latest: true
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run govulncheck
run: govulncheck ./...
- name: Notify on failure
if: failure()
uses: actions/github-script@v7
with:
script: |
const issue = await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: '🚨 Vulnerability found in dependencies',
body: 'The daily vulnerability scan has detected potential security issues. Please check the [workflow run](' + context.serverUrl + '/' + context.repo.owner + '/' + context.repo.repo + '/actions/runs/' + context.runId + ') for details.'
});