diff --git a/.disvulncheck.yml b/.disvulncheck.yml new file mode 100644 index 0000000..6596026 --- /dev/null +++ b/.disvulncheck.yml @@ -0,0 +1,2 @@ +--- +toolchain: go1.24.7 \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1b8725f..88356bb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ concurrency: # Single source of truth for tool versions env: - GO_VERSION: '1.25' + GO_VERSION: '1.24.7' jobs: dis-redirect-proxy-audit: @@ -25,12 +25,10 @@ jobs: with: go-version: ${{ env.GO_VERSION }} cache: true - - name: Generate Go Module List - run: go list -json -m all > go.list - - name: Run audit check with Nancy - uses: sonatype-nexus-community/nancy-github-action@main - with: - nancyVersion: "v1.0.48" + - name: Install dis-vulncheck + run: go install github.com/ONSdigital/dis-vulncheck@latest + - name: Run dis-vulncheck + run: make audit dis-redirect-proxy-build: runs-on: ubuntu-latest diff --git a/Dockerfile.local b/Dockerfile.local index 07a5883..b9f8dfa 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -1,4 +1,4 @@ -FROM golang:1.25 AS build +FROM golang:1.24 AS build ENV GOCACHE=/go/.go/cache GOPATH=/go/.go/path TZ=Europe/London diff --git a/Makefile b/Makefile index 24455eb..77872f1 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ all: delimiter-AUDIT audit delimiter-LINTERS lint delimiter-UNIT-TESTS test deli .PHONY: audit audit: ## Runs checks for security vulnerabilities on dependencies (including transient ones) - go list -json -m all | nancy sleuth + dis-vulncheck .PHONY: build build: ## Builds binary of application code and stores in bin directory as dis-redirect-proxy diff --git a/README.md b/README.md index 5403ac1..c90bfda 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,14 @@ A Go Service to redirect legacy URLs requested by users * No further dependencies other than those defined in `go.mod` +### Tools + +To run some of our tests you will need additional tooling: + +#### Audit + +We use `dis-vulncheck` for auditing, which you will [need to install](https://github.com/ONSdigital/dis-vulncheck). + ### Configuration | Environment variable | Default | Description | diff --git a/go.mod b/go.mod index 8817912..480845e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/ONSdigital/dis-redirect-proxy -go 1.25 +go 1.24.0 require ( github.com/ONSdigital/dis-redis v0.3.0 @@ -37,7 +37,7 @@ require ( github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-json-experiment/json v0.0.0-20250910080747-cc2cfa0554c3 // indirect + github.com/go-json-experiment/json v0.0.0-20250813233538-9b1f9ea2e11b // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gobwas/httphead v0.1.0 // indirect diff --git a/go.sum b/go.sum index b36323c..8fd2d55 100644 --- a/go.sum +++ b/go.sum @@ -51,8 +51,8 @@ github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/go-json-experiment/json v0.0.0-20250910080747-cc2cfa0554c3 h1:02WINGfSX5w0Mn+F28UyRoSt9uvMhKguwWMlOAh6U/0= -github.com/go-json-experiment/json v0.0.0-20250910080747-cc2cfa0554c3/go.mod h1:uNVvRXArCGbZ508SxYYTC5v1JWoz2voff5pm25jU1Ok= +github.com/go-json-experiment/json v0.0.0-20250813233538-9b1f9ea2e11b h1:6Q4zRHXS/YLOl9Ng1b1OOOBWMidAQZR3Gel0UKPC/KU= +github.com/go-json-experiment/json v0.0.0-20250813233538-9b1f9ea2e11b/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=