-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Github Actions: Cannot get go standard library version with --lockfile=go.mod #620
Comments
Thanks for the interest in the Github Action! Couple of different things happening here:
If you can't use |
as it's very likely to be found in a lot of circumstances (e.g. running in CI). See #620 for more context.
Thanks @another-rex, super informative. No that makes complete sense. I am just trying to implement a I will have a go at utilising Thanks again for the help. |
Also have a look at |
Hi all,
I am trying to use
google/osv-scanner/actions/scanner@main
to scan my project'sgo.mod
file for any vulnerable dependencies within a github action workflow. To do this, I am specifying thego.mod
as the--lockfile
forosv-scanner
.The step exits in Github actions with
Exit code: 127
:The entirety of the step output is as follows:
Looking through the code-base for
osv-scanner
, I can see that whengo.mod
is provided as the--lockfile
, the code will try to enrich the scanner by runninggo env GOVERSION
, which I believe is where the issue lies:osv-scanner/pkg/osvscanner/optional_enricher.go
Line 13 in f819495
I ran this command in a previous step and it does return a version in the format it is looking for:
Please let me know if I am missing anything!
Thanks in advance!
The text was updated successfully, but these errors were encountered: