File tree Expand file tree Collapse file tree 3 files changed +407
-0
lines changed Expand file tree Collapse file tree 3 files changed +407
-0
lines changed Original file line number Diff line number Diff line change 1+ # Copyright (c) 2025, NVIDIA CORPORATION. All rights reserved.
2+ #
3+ # Licensed under the Apache License, Version 2.0 (the "License");
4+ # you may not use this file except in compliance with the License.
5+ # You may obtain a copy of the License at
6+ #
7+ # http://www.apache.org/licenses/LICENSE-2.0
8+ #
9+ # Unless required by applicable law or agreed to in writing, software
10+ # distributed under the License is distributed on an "AS IS" BASIS,
11+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+ # See the License for the specific language governing permissions and
13+ # limitations under the License.
14+
15+ name : Go Vulnerability Check
16+
17+ on :
18+ push :
19+ branches :
20+ - main
21+ - " pull-request/[0-9]+"
22+ paths-ignore :
23+ - ' **/*.md'
24+ - ' docs/**'
25+ - ' LICENSE'
26+ - ' .github/ISSUE_TEMPLATE/**'
27+ - ' .github/headers/**'
28+ tags :
29+ - ' v*'
30+ workflow_dispatch :
31+ schedule :
32+ - cron : ' 0 6 * * *'
33+
34+ concurrency :
35+ group : ${{ github.workflow }}-${{ github.ref }}
36+ cancel-in-progress : ${{ github.ref != 'refs/heads/main' }}
37+
38+ permissions :
39+ contents : read
40+ security-events : write
41+ pull-requests : write
42+
43+ jobs :
44+ govulncheck :
45+ runs-on : ubuntu-latest
46+ timeout-minutes : 30
47+ permissions :
48+ contents : read
49+ security-events : write
50+ steps :
51+ - uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
52+
53+ - name : Setup Go
54+ uses : actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
55+ with :
56+ go-version : ' stable'
57+
58+ - name : Install dependencies
59+ run : |
60+ go install golang.org/x/vuln/cmd/govulncheck@latest
61+ sudo apt-get update && sudo apt-get install -y jq
62+
63+ name : Run govulncheck on all Go modules
64+ run : ./scripts/govulncheck-all.sh
Original file line number Diff line number Diff line change @@ -370,6 +370,17 @@ go-mod-tidy-all: ## Run go mod tidy in all directories with go.mod files
370370 done
371371 @echo " go mod tidy completed in all modules"
372372
373+ # Run vulnerability checks on all Go modules
374+ .PHONY : govulncheck
375+ govulncheck : # # Check for security vulnerabilities in all Go modules
376+ @echo " Running vulnerability checks on all Go modules..."
377+ ./scripts/govulncheck-all.sh
378+
379+ .PHONY : govulncheck-strict
380+ govulncheck-strict : # # Check for vulnerabilities (fail on any, including non-actionable)
381+ @echo " Running strict vulnerability checks on all Go modules..."
382+ ./scripts/govulncheck-all.sh --fail-on-any
383+
373384# Lint and test non-health-monitor Go modules
374385.PHONY : go-lint-test-all
375386go-lint-test-all :
You can’t perform that action at this time.
0 commit comments