28b080122a
Signed-off-by: Benjamin Perez <benjamin@bexsoft.net> Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
54 lines
1.4 KiB
YAML
54 lines
1.4 KiB
YAML
# @format
|
|
|
|
name: Vulnerability Check
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
|
|
permissions:
|
|
contents: read # to fetch code (actions/checkout)
|
|
|
|
jobs:
|
|
vulncheck:
|
|
name: Analysis
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out code into the Go module directory
|
|
uses: actions/checkout@v4
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: 1.23.8
|
|
check-latest: true
|
|
- name: Get official govulncheck
|
|
run: go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
shell: bash
|
|
- name: Run govulncheck
|
|
run: govulncheck ./...
|
|
shell: bash
|
|
|
|
react-code-known-vulnerabilities:
|
|
name: "React Code Has No Known Vulnerable Deps"
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
go-version: [ 1.23.x ]
|
|
os: [ ubuntu-latest ]
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@v4
|
|
- name: Read .nvmrc
|
|
id: node_version
|
|
run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
|
|
- name: Enable Corepack
|
|
run: corepack enable
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: ${{ env.NVMRC }}
|
|
- name: Checks for known security issues with the installed packages
|
|
working-directory: ./web-app
|
|
continue-on-error: false
|
|
run: |
|
|
yarn npm audit --recursive --environment production --no-deprecations
|