Skip to content
Run Security Checks

chore(deps): update module github.com/docker/docker-credential-helper… #1669

Sign in to view logs

chore(deps): update module github.com/docker/docker-credential-helper…

chore(deps): update module github.com/docker/docker-credential-helper… #1669

Workflow file for this run

.github/workflows/security.yaml at ff4b92b
---
name: Run Security Checks
on:
push:
branches: [main]
pull_request:
branches: [main]
paths:
- cmd/**
- pkg/**
- internal/**
- main.go
- go.mod
- go.sum
schedule:
- cron: "0 0 * * *"
env:
OUTPUT_FILE: results.sarif
permissions:
contents: read # Set default read-only permissions
jobs:
gosec:
name: Run gosec Scanner
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Harden the Runner (Step Security)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit
- name: Checkout Repo
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- name: Run Gosec Security Scanner
uses: securego/gosec@9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889 # v2.27.1
with:
args: "-exclude-generated -no-fail -fmt sarif -out ${{ env.OUTPUT_FILE }} ./..."
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
sarif_file: ${{ env.OUTPUT_FILE }}
category: gosec-sarif
govulncheck:
name: Run govulncheck Scanner
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Harden the Runner (Step Security)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit
- name: Run govulncheck
id: govulncheck
uses: nicholas-fedor/govulncheck-action@2e8328bfd2a2259f6b48ad47edc8101c86e74883 # v1.0.5
with:
output-format: sarif
output-file: ${{ env.OUTPUT_FILE }}
go-version-file: "go.mod"
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
sarif_file: ${{ env.OUTPUT_FILE }}
category: govulncheck-sarif