|author||Brandon Kessler <email@example.com>||Thu Jul 06 10:38:39 2023 -0400|
|committer||Brandon Kessler <firstname.lastname@example.org>||Thu Jul 06 17:02:59 2023 +0000|
Updates the README to specify the leatest version of the GitHub Action Change-Id: Id46b55c5e52fa65cb33cb6f0558b7236cb7b3418 Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/507756 TryBot-Bypass: Brandon Kessler <email@example.com> Reviewed-by: Julie Qiu <firstname.lastname@example.org>
This repository holds the GitHub Action for govulncheck.
The govulncheck GitHub Action is currently experimental and is under active development.
To use the govulncheck GitHub Action add the following step to your workflow:
- id: govulncheck uses: email@example.com
By default the govulncheck Github Action will run with the latest version of Go and analyze all packages in the provided Go module. Assuming you have the latest Go version installed locally, this is equivalent to running the following on your command line:
$ govulncheck ./...
To specify a specific Go version or package pattern, use the following syntax:
- id: govulncheck uses: firstname.lastname@example.org with: go-version-input: <your-Go-version> go-package: <your-package-pattern>
For example, the code snippet below can be used to run govulncheck against a repository on every push:
on: [push] jobs: govulncheck_job: runs-on: ubuntu-latest name: Run govulncheck steps: - id: govulncheck uses: email@example.com with: go-version-input: 1.20.4 go-package: ./...
When a vulnerability is found, an error will be displayed for that GitHub job with information about the vulnerability and how to fix it. For example:
Our canonical Git repository is located at https://go.googlesource.com/govulncheck-action. There is a mirror of the repository at https://github.com/golang/govulncheck-action. See https://go.dev/doc/contribute.html for details on how to contribute.
The main issue tracker for the time repository is located at
If you want to report a bug or have a feature suggestion, please file an issue at https://github.com/golang/go/issues, prefixed with
govulncheck-action: in the title.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.