Google Git
Sign in
go / govulncheck-action / 4876574c49676abb67f1c56c5038d32d02b17503
commit4876574c49676abb67f1c56c5038d32d02b17503[log] [tgz]
authorBrandon Kessler <bkessler@google.com>Thu Jul 06 10:38:39 2023 -0400
committerBrandon Kessler <bkessler@google.com>Thu Jul 06 17:02:59 2023 +0000
treed8217be673f2dfe3385c028f5e29609944a2ba0a
parenta46a9b37e1aeb4ccad626d440f1d51246f6b0ba6 [diff]
Updates the README to specify the leatest version of the GitHub Action

Change-Id: Id46b55c5e52fa65cb33cb6f0558b7236cb7b3418
Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/507756
TryBot-Bypass: Brandon Kessler <bkessler@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
1 file changed
tree: d8217be673f2dfe3385c028f5e29609944a2ba0a
  1. action.yml
  2. CONTRIBUTING.md
  3. LICENSE
  4. PATENTS
  5. README.md
README.md

GitHub Action for govulncheck

This repository holds the GitHub Action for govulncheck.

Govulncheck provides a low-noise, reliable way for Go users to learn about known vulnerabilities that may affect their dependencies. See details on Go's support for vulnerability management.

The govulncheck GitHub Action is currently experimental and is under active development.

Using the govulncheck GitHub Action

To use the govulncheck GitHub Action add the following step to your workflow:

- id: govulncheck
  uses: golang/govulncheck-action@v0.2.0

By default the govulncheck Github Action will run with the latest version of Go and analyze all packages in the provided Go module. Assuming you have the latest Go version installed locally, this is equivalent to running the following on your command line:

$ govulncheck ./...

To specify a specific Go version or package pattern, use the following syntax:

- id: govulncheck
  uses: golang/govulncheck-action@v0.2.0
  with:
     go-version-input: <your-Go-version>
     go-package: <your-package-pattern>

For example, the code snippet below can be used to run govulncheck against a repository on every push:

on: [push]

jobs:
  govulncheck_job:
    runs-on: ubuntu-latest
    name: Run govulncheck
    steps:
      - id: govulncheck
        uses: golang/govulncheck-action@v0.2.0
        with:
           go-version-input: 1.20.4
           go-package: ./...

When a vulnerability is found, an error will be displayed for that GitHub job with information about the vulnerability and how to fix it. For example:

image

Contributing

Our canonical Git repository is located at https://go.googlesource.com/govulncheck-action. There is a mirror of the repository at https://github.com/golang/govulncheck-action. See https://go.dev/doc/contribute.html for details on how to contribute.

Feedback

The main issue tracker for the time repository is located at

If you want to report a bug or have a feature suggestion, please file an issue at https://github.com/golang/go/issues, prefixed with govulncheck-action: in the title.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.