Google Git
Sign in
go / govulncheck-action / e03a9cb1749c40f9034d4a77067c376014c58073
commite03a9cb1749c40f9034d4a77067c376014c58073[log] [tgz]
authorJulie Qiu <julie@golang.org>Sun May 21 21:01:14 2023 -0400
committerJulie Qiu <julieqiu@google.com>Mon May 22 16:36:50 2023 +0000
treefffcec50cc9da25115a798f91d825e089c3046de
parent714f1ec27c6d48f1b447bdcdaa870beb6a68985e [diff]
README.md: wrap text

Change-Id: Ic440b5168ecf73bf739373bcbbc3af36273b9951
Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/496877
Reviewed-by: Brandon Kessler <bkessler@google.com>
Reviewed-by: Julie Qiu <julie@golang.org>
TryBot-Bypass: Julie Qiu <julie@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
1 file changed
tree: fffcec50cc9da25115a798f91d825e089c3046de
  1. action.yml
  2. CONTRIBUTING.md
  3. LICENSE
  4. PATENTS
  5. README.md
README.md

GitHub Action for govulncheck

This repository holds the GitHub Action for govulncheck. Govulncheck reports known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application. You can read more about govulncheck at https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck.

The govulncheck GitHub Action is currently experimental and is under active development.

Using the govulncheck GitHub Action

To use the govulncheck GitHub Action add the following step to your workflow:

- id: govulncheck
  uses: golang/govulncheck-action@v1

By default the govulncheck Github Action will run with the latest version of Go using the ./... package path:

govulncheck ./...

If you would like to specify a specific version of Go to use or a different package path to run govulncheck against then you can do so by adding the following step to your workflow:

- id: govulncheck
  uses: golang/govulncheck-action@v1
  with:
     go-version-input: 1.XX
     go-package: ./...

Below is a full example of a workflow that runs govulncheck against a simple repository on every push:

on: [push]

jobs:
  govulncheck_job:
    runs-on: ubuntu-latest
    name: Run govulncheck
    steps:
      - id: govulncheck
        uses: golang/govulncheck-action@v1
        with:
           go-version-input: 1.20.3

When this workflow finds a vulnerability you will see an error in the Run govulncheck job like the one below. The output contains information about the vulnerability and how to fix it:

image

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.html.

The main issue tracker for the time repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/govulncheck-action:” in the subject line, so it is easy to find.