ci: fix govulncheck workflow

Signed-off-by: Francisco de Borja Aranda Castillejo <[email protected]>
zeta-chain · Jul 23, 2024 · e6e9414 · e6e9414
1 parent 3106ecc
commit e6e9414
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 28 deletions.
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -0,0 +1,31 @@
+name: 'Go vulnerability check'
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run govulncheck
+        id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          check-latest: true
+          go-version-input: 1.22
+          go-package: ./...
+          output-format: sarif
+          output-file: govulncheck.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: govulncheck.sarif