Update govulncheck workflow to scan source code
Changed govulncheck to run on all source files (./...) instead of the built binary. This fixes uploading to GitHub Code Scanning as the location data will be valid, so it will get accepted.
This commit is contained in:
Kynan Ware
parent
dd26fba80c
commit
3f55855e8b
1 changed files with 1 additions and 2 deletions
3
.github/workflows/govulncheck.yml
vendored
3
.github/workflows/govulncheck.yml
vendored
|
|
@ -21,8 +21,7 @@ jobs:
|
|||
# See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Exit_codes for more information on exit codes.
|
||||
- name: Check Go vulnerabilities
|
||||
run: |
|
||||
make
|
||||
go run golang.org/x/vuln/cmd/govulncheck@d1f380186385b4f64e00313f31743df8e4b89a77 -mode=binary -format sarif bin/gh > gh.sarif
|
||||
go run golang.org/x/vuln/cmd/govulncheck@d1f380186385b4f64e00313f31743df8e4b89a77 -format sarif ./... > gh.sarif
|
||||
|
||||
- name: Upload SARIF report
|
||||
uses: github/codeql-action/upload-sarif@9b02dc2f60288b463e7a66e39c78829b62780db7 # 2.22.1
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue