Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added govulncheck workflow #405

Merged
merged 2 commits into from
Oct 30, 2023
Merged

Added govulncheck workflow #405

merged 2 commits into from
Oct 30, 2023

Conversation

tannerjones4075
Copy link
Contributor

Signed-off-by: Tanner Jones [email protected]

@tannerjones4075
Added govulncheck workflow
46d4c76 
Signed-off-by: Tanner Jones <[email protected]>
@tannerjones4075
Copy link
Contributor Author

Any thoughts @dblock?

@dblock
Copy link
Member

dblock commented Oct 30, 2023

What does this do? :)

@tannerjones4075
Copy link
Contributor Author

What does this do? :)

  1. It fetches the specified Go modules in the project
  2. It checks for any known vulnerabilities in the Go modules by comparing against the Go vulnerability database.
  3. It reports the vulnerabilities found

@dblock
Copy link
Member

dblock commented Oct 30, 2023

But we already have dependabot and friends, no?

Anyway I don't have anything against merging this PR! @Jakob3xD WDYT?

@tannerjones4075
Copy link
Contributor Author

But we already have dependabot and friends, no?

Anyway I don't have anything against merging this PR! @Jakob3xD WDYT?

Dependabot only looks at dependency versions govulncheck will look at code that's imported and used to determine if a vulnerability is reachable / affects the code.

@dblock dblock merged commit 8ab15f1 into opensearch-project:main Oct 30, 2023
@tannerjones4075 tannerjones4075 deleted the govulncheck branch October 30, 2023 21:08
@tannerjones4075 tannerjones4075 mentioned this pull request Oct 30, 2023
Open
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 31, 2023
@tannerjones4075 @github-actions
Added govulncheck workflow (#405)
4734a00 
* Added govulncheck workflow

Signed-off-by: Tanner Jones <[email protected]>

* Added govulncheck to CHANGELOG.md

Signed-off-by: Tanner Jones <[email protected]>

---------

Signed-off-by: Tanner Jones <[email protected]>
(cherry picked from commit 8ab15f1)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Oct 31, 2023
Merged
VachaShah pushed a commit that referenced this pull request Oct 31, 2023
@opensearch-trigger-bot @tannerjones4075
Added govulncheck workflow (#405) (#412)
bbd5b60 
* Added govulncheck workflow

Signed-off-by: Tanner Jones <[email protected]>

* Added govulncheck to CHANGELOG.md

Signed-off-by: Tanner Jones <[email protected]>

---------

Signed-off-by: Tanner Jones <[email protected]>
(cherry picked from commit 8ab15f1)

Co-authored-by: Tanner Jones <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VachaShah VachaShah VachaShah approved these changes

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@VijayanB VijayanB Awaiting requested review from VijayanB VijayanB is a code owner

@Jakob3xD Jakob3xD Awaiting requested review from Jakob3xD Jakob3xD is a code owner

Assignees
No one assigned
Labels
backport 2.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tannerjones4075 @dblock @VachaShah