codeready-toolchain · rsoaresd · Sep 3, 2025 · Sep 2, 2025 · Sep 2, 2025 · Sep 3, 2025
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -19,8 +19,8 @@ jobs:
         go-version-file: go.mod
 
     - name: Run govulncheck
-      uses: golang/govulncheck-action@v1
+      uses: codeready-toolchain/toolchain-cicd/govulncheck-action@master
       with:
-        go-version-input: ${{ steps.install-go.outputs.go-version }}
-        go-package: ./...
-        repo-checkout: false
+        go-version-file: go.mod
+        cache: false
+        config: .govulncheck.yaml
diff --git a/.govulncheck.yaml b/.govulncheck.yaml
@@ -0,0 +1,20 @@
+ignored-vulnerabilities:
+  # Request smuggling due to acceptance of invalid chunked data in net/http
+  # Standard library
+  # Found in: net/http/internal@go1.22.12
+  # Fixed in: net/http/internal@go1.23.8
+  - id: GO-2025-3563
+    silence-until: 2025-10-02
+    info: https://pkg.go.dev/vuln/GO-2025-3563
+  # Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
+  # Found in: os@go1.22.12
+  # Fixed in: os@go1.23.10
+  - id: GO-2025-3750
+    silence-until: 2025-10-02
+    info: https://pkg.go.dev/vuln/GO-2025-3750
+  # Sensitive headers not cleared on cross-origin redirect in net/http
+  # Found in: net/http@go1.22.12
+  # Fixed in: Fixed in: net/http@go1.23.10
+  - id: GO-2025-3751
+    info: https://pkg.go.dev/vuln/GO-2025-3751
+    silence-until: 2025-10-02