Skip to content
Go Security Scan

Update CHANGELOG.md for v1.1.0 release #5

Sign in to view logs

Update CHANGELOG.md for v1.1.0 release

Update CHANGELOG.md for v1.1.0 release #5

Workflow file for this run

.github/workflows/security-scan.yml at 6a38524
name: Go Security Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 0 * * 0' # Run weekly on Sundays
permissions:
contents: read
security-events: write
jobs:
govulncheck:
name: Vulnerability Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
check-latest: true
- name: Check file existence
shell: bash
run: |
echo "Checking if go.mod and go.sum exist before dependency verification"
if [ -f "go.mod" ]; then
echo "go.mod exists"
cat go.mod
else
echo "go.mod does not exist"
fi
if [ -f "go.sum" ]; then
echo "go.sum exists"
echo "go.sum line count: $(wc -l go.sum)"
else
echo "go.sum does not exist"
fi
- name: Verify dependencies
shell: bash
run: |
go mod download
go mod tidy
# Ensure go.sum exists
if [ ! -f "go.sum" ]; then
touch go.sum
fi
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run govulncheck
run: govulncheck ./...
- name: Run gosec security scanner
shell: bash
run: |
# Direct installation of gosec
go install github.com/securego/gosec/v2/cmd/gosec@latest
# Verify gosec installation
which gosec || echo "gosec not found in PATH"
# Run gosec with full output
gosec -fmt=json -out=gosec-results.json ./stl || echo "gosec JSON output failed"
gosec -fmt=sarif -out=gosec-results.sarif ./stl || echo "gosec SARIF output failed"
# Show results summary
gosec ./stl || echo "gosec scan failed"
- name: Upload gosec results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: gosec-results.sarif
category: gosec