Summary
make security silently skips with an install hint if govulncheck isn't on PATH — exits 0. make check on a clean dev machine therefore passes without actually running the security gate. CI installs the tool explicitly so CI is fine, but a developer running make check before pushing gets false confidence.
Scope
Drop the soft-skip branch in the security Makefile target. Fail with the install hint if the tool is missing.
Acceptance criteria
make security without govulncheck exits non-zero with a clear install instruction.- CI (which installs the tool) still passes.
make check behaviour on CI unchanged.
Source: go-quality agent.
Summary
make securitysilently skips with an install hint ifgovulncheckisn't on PATH — exits 0.make checkon a clean dev machine therefore passes without actually running the security gate. CI installs the tool explicitly so CI is fine, but a developer runningmake checkbefore pushing gets false confidence.Scope
Drop the soft-skip branch in the
securityMakefile target. Fail with the install hint if the tool is missing.Acceptance criteria
make securitywithout govulncheck exits non-zero with a clear install instruction.make checkbehaviour on CI unchanged.Source: go-quality agent.