chore: change tool to scan vuls. (#24)

Author: mythrnr

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @mythrnr

.github/dependabot.yaml

@@ -7,14 +7,10 @@ version: 2
 updates:
   - package-ecosystem: "github-actions"
     directory: "/"
-    reviewers:
-      - "mythrnr"
     schedule:
       interval: "weekly"
 
   - package-ecosystem: "gomod"
     directory: "/"
-    reviewers:
-      - "mythrnr"
     schedule:
       interval: "weekly"

.github/workflows/check-code.yaml

@@ -24,20 +24,7 @@ jobs:
           version: "latest"
 
   scan-vulnerabilities:
-    name: "Scan Vulnerabilities"
-    runs-on: "ubuntu-latest"
-    timeout-minutes: 5
-    steps:
-      - uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
-
-      - uses: "actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00" # v6.0.0
-        with:
-          go-version: "1.25"
-
-      - name: "Write go.list file"
-        run: "go list -buildvcs=false -deps -json ./... > go.list"
-
-      - uses: "sonatype-nexus-community/nancy-github-action@main"
+    uses: "./.github/workflows/scan-vulnerabilities.yaml"
 
   spell-check:
     name: "Check spell"

.github/workflows/scan-vulnerabilities.yaml

@@ -3,6 +3,7 @@ name: "Scan Vulnerabilities"
 on:
   schedule:
     - cron: "0 0 * * *"
+  workflow_call:
   workflow_dispatch:
 
 permissions:
@@ -20,7 +21,5 @@ jobs:
         with:
           go-version: "1.25"
 
-      - name: "Write go.list file"
-        run: "go list -buildvcs=false -deps -json ./... > go.list"
-
-      - uses: "sonatype-nexus-community/nancy-github-action@main"
+      - name: "Run vulnerability check"
+        run: "make vulnerability-check"

.vscode/cspell.json

@@ -15,7 +15,6 @@
   "language": "en",
   "minWordLength": 4,
   "words": [
-    "buildvcs",
     "cyclop",
     "depguard",
     "dupl",
@@ -30,6 +29,7 @@
     "golangci",
     "gomod",
     "gopath",
+    "govulncheck",
     "guyarb",
     "httprouter",
     "julienschmidt",
@@ -39,8 +39,6 @@
     "nestif",
     "nolint",
     "println",
-    "sonatype",
-    "sonatypecommunity",
     "stretchr",
     "testableexamples",
     "testpackage",

Makefile

@@ -5,6 +5,9 @@ endif
 pkg ?= ./...
 pwd = $(shell pwd)
 
+.PHONY: ci-suite
+ci-suite: spell-check fmt lint vulnerability-check test
+
 .PHONY: clean
 clean:
 	rm -rf .cache/*
@@ -23,12 +26,6 @@ lint:
 		-w /app \
 		golangci/golangci-lint:latest golangci-lint run $(pkg)
 
-.PHONY: nancy
-nancy:
-	docker pull sonatypecommunity/nancy:latest > /dev/null \
-	&& go list -buildvcs=false -deps -json ./... \
-	| docker run --rm -i sonatypecommunity/nancy:latest sleuth
-
 .PHONY: release
 release:
 	if [ "$(version)" = "" ]; then \
@@ -56,3 +53,8 @@ test-json:
 .PHONY: tidy
 tidy:
 	go mod tidy
+
+.PHONY: vulnerability-check
+vulnerability-check:
+	go install golang.org/x/vuln/cmd/govulncheck@latest
+	govulncheck -show=version ./...