Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
It would be great if projects that choose to vendor their modules (then presumably building with
This would satisfy a major requirement that many projects need to account for in their CI process-- ensuring that vendored code hasn't been tampered with.
While we move to go modules, perform the dep check for repos that still use dep. Run `go mod verify` instead for go modules. Note, this just verifies the integrity of modules in the local cache. We would have instead wanted to verify the vendored code here, but that is still not supported. golang/go#27348 Fixes #1879 Signed-off-by: Archana Shinde <firstname.lastname@example.org>