Merge pull request #379 from mbaldessari/govuln

Add a govulnscan Makefile target

Author: openshift-merge-bot[bot]

.gitignore

@@ -30,3 +30,7 @@
 /config/samples/pattern-catalog-*.yaml
 **/apikey.txt
 /coverage.html
+
+# Govulncheck stuff
+govulncheck.results
+/database

Makefile

@@ -193,6 +193,9 @@ KUSTOMIZE_VERSION ?= v5.3.0
 CONTROLLER_TOOLS_VERSION ?= v0.16.4
 ENVTEST_VERSION ?= release-0.19
 GOLANGCI_LINT_VERSION ?= v2.0.2
+GOVULNCHECK_VERSION ?= v1.1.4
+# parameters to pass to govulnscan
+GOVULNCHECK_OPTS ?=
 # update for major version updates to YQ_VERSION!
 YQ_API_VERSION = v4
 YQ_VERSION = v4.41.1
@@ -202,6 +205,7 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION)
 ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION)
 GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)
 YQ = $(LOCALBIN)/yq-$(YQ_VERSION)
+GOVULNCHECK ?= $(LOCALBIN)/govulncheck-$(GOVULNCHECK_VERSION)
 
 ## Tool Versions
 OPERATOR_SDK_VERSION ?= v1.37.0
@@ -232,6 +236,15 @@ $(KUSTOMIZE): $(LOCALBIN)
 envtest: ## Download envtest-setup locally if necessary.
 	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION))
 
+.PHONY: govulncheck
+govulncheck: $(GOVULNCHECK) ## Download govulncheck
+$(GOVULNCHECK): $(LOCALBIN)
+	$(call go-install-tool,$(GOVULNCHECK),golang.org/x/vuln/cmd/govulncheck,$(GOVULNCHECK_VERSION))
+
+.PHONY: govulnscan
+govulnscan: govulncheck
+	$(GOVULNCHECK) $(GOVULNCHECK_OPTS) ./... 2>&1 | tee govulncheck.results
+
 # go-get-tool will 'go get' any package $2 and install it to $1.
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist