-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run govulncheck daily to alert us to vulnerabilities in the main branch #404
Conversation
make verify-govulncheck
by importing the go module from makefile_modulesmake verify-govulncheck
by importing the go module from makefile_modules
210acc8
to
37585a1
Compare
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
make verify-govulncheck
by importing the go module from makefile_modulesThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not know if GH actions is better vs prow.
The badge seems to be an advantage of GH actions.
We can still move if there are any issues.
/approve
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: inteon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Run govulncheck at midnight every night on the main branch to alert us to recent vulnerabilities which affect the Go code in this project.
For example, this would have alerted us to the vulnerabilities in the Go 1.21.7 which were fixed in Go 1.21.8.
The badge would have turned red and GitHub notifications would have been received by maintainers who are subscribed to this project.
The output of the failed action would have looked like:
Depends on the
make verify-govulncheck
target which was added to makefile_modules in cert-manager/makefile-modules#90:Testing
I've tested the new workflow by updating the default branch of my fork and triggering it there, as explained by @jsoref in https://github.com/orgs/community/discussions/25746.
Here are the results:
And here's what the new badge in the README file should look like: