Inspect source code for security issues

soumeh01 · web-flow · commit fdceb7773bea · 2025-01-30T11:11:40.000+01:00
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -67,6 +67,20 @@ jobs:
         run: |
           make format-check
 
+  gosec:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@e0cca6fe95306b7e7790d6f1bf6a7bec6d622459 # v2.22.0
+        with:
+          args: '-severity high -exclude-dir=testdata -exclude=*_test.go ./...'
+
   vulnerability-check:
     name: "Vulnerability check"
     runs-on: ubuntu-latest
