Skip to content

chore(deps): github.com/landlock-lsm/go-landlock ^ v0.9.0 #44

chore(deps): github.com/landlock-lsm/go-landlock ^ v0.9.0

chore(deps): github.com/landlock-lsm/go-landlock ^ v0.9.0 #44

Workflow file for this run

name: Security
on:
push:
branches: [master]
pull_request:
branches: [master]
schedule:
- cron: "0 6 * * 1"
permissions:
contents: read
security-events: write
pull-requests: write
jobs:
govulncheck:
name: govulncheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: "1.26.4"
- name: Run govulncheck
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck -show verbose ./...
gosec:
name: gosec
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: "1.26.4"
- name: Run gosec
uses: securego/gosec@master
env:
GOTOOLCHAIN: auto
with:
args: "-no-fail -fmt=sarif -out=gosec.sarif -severity=medium -confidence=medium -exclude=G101,G115,G204,G304,G306,G401,G501 ./..."
- name: Upload SARIF
if: always() && hashFiles('gosec.sarif') != ''
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: gosec.sarif
category: gosec
trivy:
name: trivy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Trivy filesystem scan
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
scan-ref: .
format: sarif
output: trivy.sarif
severity: CRITICAL,HIGH,MEDIUM
ignore-unfixed: true
exit-code: "0"
- name: Upload SARIF
if: always()
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: trivy.sarif
category: trivy
- name: Trivy config scan
uses: aquasecurity/trivy-action@master
with:
scan-type: config
scan-ref: .
format: table
severity: CRITICAL,HIGH
exit-code: "1"
skip-dirs: docs/node_modules
codeql:
name: codeql
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: "1.26.4"
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: go
queries: security-extended
- name: Build
run: go build ./...
- name: Analyze
uses: github/codeql-action/analyze@v4
with:
category: codeql-go