Update Go dependencies #260

Workflow file for this run

.github/workflows/security.yml at 9f6e748

	name: Security

	on:
	workflow_call:
	push:
	branches: [master]
	pull_request:
	branches: [master]
	schedule:
	- cron: '0 6 * * 1'

	permissions: {}

	jobs:
	secrets:
	name: Secret scanning
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0
	persist-credentials: false
	- name: Install gitleaks
	run: \|
	curl -sSfL https://github.com/gitleaks/gitleaks/releases/download/v8.21.2/gitleaks_8.21.2_linux_x64.tar.gz \| tar -xz
	sudo mv gitleaks /usr/local/bin/
	- name: Run gitleaks
	run: gitleaks detect --source . --verbose

	trivy:
	name: Trivy vulnerability scan
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	if: github.event_name != 'pull_request'
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false
	- uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
	with:
	scan-type: fs
	format: sarif
	output: trivy-results.sarif
	- uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
	with:
	sarif_file: trivy-results.sarif
	category: trivy

	gosec:
	name: Go security analysis
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	if: github.event_name != 'pull_request'
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false
	- uses: securego/gosec@223e19b8856e00f02cc67804499a83f77e208f3c # v2.25.0
	with:
	args: -no-fail -exclude=G304,G401,G501 -exclude-dir=e2e -fmt sarif -out gosec-results.sarif ./...
	- uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
	with:
	sarif_file: gosec-results.sarif
	category: gosec

	dependency-review:
	name: Dependency review
	runs-on: ubuntu-latest
	permissions:
	contents: read
	if: github.event_name == 'pull_request'
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false
	- uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Go dependencies #260

Workflow file

Update Go dependencies #260

Uh oh!

Workflow file for this run