Skip to content

ADD govluncheck action #493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mcbenjemaa wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ADD govluncheck action #493

mcbenjemaa wants to merge 2 commits into from

Conversation

@mcbenjemaa
Copy link
Member

@mcbenjemaa mcbenjemaa commented May 28, 2025
edited
Loading

This PR adds govluncheck action to check for CVEs in go packages.

Fixes #487

@mcbenjemaa mcbenjemaa self-assigned this May 28, 2025
@github-actions
Copy link

github-actions bot commented May 28, 2025

Tests

Please note that running unit and e2e tests requires manual approval from a team member.

e2e tests

We use labels to control which e2e tests contexts are run:

Label Behaviour
none Run Generic tests only
e2e/none skip all e2e tests (documentation etc) - overrides all e2e/* labels Do not run any e2e tests
e2e/flatcar run Flatcar e2e tests Add Flatcar tests

ℹ️ Ask a team member to add the requested labels if you don't have enough permissions.

@mcbenjemaa mcbenjemaa added the e2e/none skip all e2e tests (documentation etc) - overrides all e2e/* labels label May 28, 2025
@wikkyk
Copy link
Collaborator

wikkyk commented Jul 4, 2025

Is dependabot insufficient?

@mcbenjemaa
Copy link
Member Author

mcbenjemaa commented Jul 4, 2025

Is Dependabot insufficient?

We have agreed long before to add this.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 6, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link

github-actions bot commented Jan 16, 2026

No vulnerabilities found.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 16, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
2 Security Hotspots
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

wikkyk
wikkyk reviewed Jan 19, 2026
View reviewed changes
.github/workflows/vulncheck.yml
govulncheck:
name: vulncheck
runs-on: ubuntu-latest
permissions: write-all
Copy link
Collaborator

@wikkyk wikkyk Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use a more fine-grained permission.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wikkyk wikkyk wikkyk left review comments

@65278 65278 Awaiting requested review from 65278 65278 is a code owner

@avorima avorima Awaiting requested review from avorima

@pborn-ionos pborn-ionos Awaiting requested review from pborn-ionos pborn-ionos is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@mcbenjemaa mcbenjemaa

Labels

e2e/none skip all e2e tests (documentation etc) - overrides all e2e/* labels

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

govulncheck action

3 participants

@mcbenjemaa @wikkyk