gilles/onvif-go
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
00e2e0d46f0f703ab16216730a37ed3ed871ed0b
onvif-go/.github/workflows/security.yml
T
0x524a 00e2e0d46f chore: update CI/CD workflows and configuration 
- Enhanced .golangci.yml with additional linters and settings for improved code quality checks.
- Updated CI workflow to include multiple branches for pull requests and improved caching strategies.
- Added new workflows for documentation checks, dependency reviews, and security scans.
- Refined coverage analysis workflow to provide detailed reports and comments on pull requests.
- Removed outdated test workflow and consolidated testing strategies into extended tests.
- Improved release workflow with better version handling and artifact management.
2025-12-02 00:53:20 -05:00

53 lines
1.1 KiB
YAML
Raw Blame History

name: Security Scan
on:
push:
branches: [ master, main ]
pull_request:
branches: [ master, main ]
schedule:
- cron: '0 0 * * 0' # Weekly on Sunday
permissions:
contents: read
security-events: write
jobs:
gosec:
name: Security Scan (gosec)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: '-no-fail -fmt json -out gosec-report.json ./...'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: gosec-report.json
govulncheck:
name: Vulnerability Check (govulncheck)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.23'
- name: Run govulncheck
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
Reference in New Issue View Git Blame Copy Permalink