govulncheck-action: rename to golang-govulncheck-action

Rename action to golang-govulncheck-action, since govulncheck-action and
govulncheck are already taken on the GitHub marketplace.

Change-Id: I4f329b8dce27d9ecef0f78650579e7ba74997252
TryBot-Bypass: Julie Qiu <>
Reviewed-by: Brandon Kessler <>
Reviewed-by: Julie Qiu <>
Reviewed-by: Julie Qiu <>
1 file changed
tree: 869e2ae3a444bbca1cd963a921eee8459a075113
  1. action.yml

GitHub Action for govulncheck

This repository holds the GitHub Action for govulncheck. Govulncheck reports known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application. You can read more about govulncheck at

The govulncheck GitHub Action is currently experimental and is under active development.

Using the govulncheck GitHub Action

To use the govulncheck GitHub Action add the following step to your workflow:

- id: govulncheck
  uses: golang/govulncheck-action@v1

By default the govulncheck Github Action will run with the latest version of Go using the ./... package path:

govulncheck ./...

If you would like to specify a specific version of Go to use or a different package path to run govulncheck against then you can do so by adding the following step to your workflow:

- id: govulncheck
  uses: golang/govulncheck-action@v1
     go-version-input: 1.XX
     go-package: ./...

Below is a full example of a workflow that runs govulncheck against a simple repository on every push:

on: [push]

    runs-on: ubuntu-latest
    name: Run govulncheck
      - id: govulncheck
        uses: golang/govulncheck-action@v1
           go-version-input: 1.20.3

When this workflow finds a vulnerability you will see an error in the Run govulncheck job like the one below. The output contains information about the vulnerability and how to fix it:


Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see

The main issue tracker for the time repository is located at Prefix your issue with “x/govulncheck-action:” in the subject line, so it is easy to find.