chore(deps): update tool dependencies #62

Workflow file for this run

.github/workflows/security.yml at 24be72b

	name: Security

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	schedule:
	- cron: '26 21 * * 3'

	permissions:
	contents: read

	jobs:
	# Static Application Security Testing (SAST) - gosec
	gosec:
	name: Go Security Check
	runs-on: ubuntu-slim
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version-file: 'go.mod'
	cache: true

	- name: Run gosec
	run: make sec-gosec

	# Software Composition Analysis (SCA) - Go vulnerability check
	govulncheck:
	name: Go Vulnerability Check
	runs-on: ubuntu-slim
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version-file: 'go.mod'
	cache: true

	- name: Run govulncheck
	run: make sec-vuln

	# Secret scanning - Gitleaks
	gitleaks:
	name: Secret Scanning
	runs-on: ubuntu-slim
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version-file: 'go.mod'
	cache: true

	- name: Run Gitleaks
	run: make sec-gitleaks

	# Binary artifact scanning - Trivy on built binary
	trivy:
	name: Binary Vulnerability Scan
	runs-on: ubuntu-slim
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version-file: 'go.mod'
	cache: true

	- name: Run Trivy
	run: make sec-trivy

	# Dependency license compliance
	licenses:
	name: License Check
	runs-on: ubuntu-slim
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Setup Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
	with:
	go-version-file: 'go.mod'
	cache: true

	- name: Check licenses
	run: make licenses

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update tool dependencies #62

Workflow file

chore(deps): update tool dependencies #62

Uh oh!

Workflow file for this run