forked from projectdiscovery/nuclei
-
Notifications
You must be signed in to change notification settings - Fork 0
30 lines (28 loc) · 856 Bytes
/
govulncheck.yaml
File metadata and controls
30 lines (28 loc) · 856 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
name: 🐛 govulncheck
on:
schedule:
- cron: '0 0 * * 0' # Weekly
workflow_dispatch: {}
jobs:
govulncheck:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei'
permissions:
actions: read
contents: read
security-events: write
env:
OUTPUT: "/tmp/results.sarif"
steps:
- uses: actions/checkout@v6
- uses: projectdiscovery/actions/setup/go@v1
with:
go-version-file: go.tool.mod
cache-dependency-path: go.tool.sum
- run: |
go tool -modfile=go.tool.mod govulncheck -scan package -format sarif ./... | \
jq '(.runs[].tool.driver.rules[]?.properties.tags)? |= unique' > $OUTPUT
- uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: "${{ env.OUTPUT }}"
category: "govulncheck"