Security Scans #54

	name: Security Scans

	on:
	schedule:
	- cron: '0 3 * * *'
	workflow_dispatch:
	pull_request:
	paths:
	- '*/.go'
	- 'go.mod'
	- 'go.sum'

	permissions:
	contents: read
	security-events: write

	jobs:
	static-analysis:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v5
	with:
	go-version-file: go.mod
	- name: Govulncheck
	uses: golang/govulncheck-action@v1
	with:
	go-version-file: go.mod
	args: ./...
	- name: Install gosec
	run: go install github.com/securego/gosec/v2/cmd/gosec@latest
	- name: Run gosec
	run: gosec -no-fail -fmt sarif -out gosec.sarif ./...
	- name: Upload SARIF
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: gosec.sarif
	dependency-review:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/dependency-review-action@v4

Provide feedback