Another try at running govulncheck

2026-06-06 09:15:57 +02:00 · 2025-09-24 12:50:06 +05:30
parent 4d95af20c2
commit 4ffacbbe80
2 changed files with 17 additions and 3 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -9,9 +9,6 @@ on:
    schedule:
        - cron: '0 22 * * 5'

-permissions:
-    contents: read # to fetch code (actions/checkout)
-
 jobs:
    CodeQL-Build:

@@ -67,3 +64,14 @@ jobs:

        - name: Perform CodeQL Analysis
          uses: github/codeql-action/analyze@v3
+
+        - name: Run govulncheck
+          if: matrix.language == 'go'
+          run: python3 .github/workflows/ci.py govulncheck
+
+        - name: Upload govulncheck results
+          if: matrix.language == 'go'
+          uses: github/codeql-action/upload-sarif@v3
+          with:
+              sarif_file: govulncheck.sarif
+              category: govulncheck