go-mail/.github/workflows/govulncheck.yml

# SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>
#
# SPDX-License-Identifier: CC0-1.0

name: Govulncheck Security Scan

on: [push, pull_request]

permissions:
  contents: read

jobs:
  test:
    runs-on: ubuntu-latest
    steps: 
    - name: Harden Runner
      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
      with:
        egress-policy: audit
    - name: Run govulncheck
      uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2
"Add Govulncheck Security Scan workflow" A new GitHub Actions workflow for Govulncheck Security Scan has been added. This workflow gets activated on every push or pull request and includes runner hardening and executing 'govulncheck' to identify potential vulnerabilities. 2024-03-23 18:59:10 +01:00			`# SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>`
			`#`
			`# SPDX-License-Identifier: CC0-1.0`

			`name: Govulncheck Security Scan`

			`on: [push, pull_request]`

			`permissions:`
			`contents: read`

			`jobs:`
			`test:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Harden Runner`
Bump step-security/harden-runner from 2.7.0 to 2.7.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.7.0 to 2.7.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/63c24ba6bd7ba022e95695ff85de572c04a18142...a4aa98b93cab29d9b1101a6143fb8bce00e2eac4) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2024-04-30 16:03:23 +02:00			`uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1`
"Add Govulncheck Security Scan workflow" A new GitHub Actions workflow for Govulncheck Security Scan has been added. This workflow gets activated on every push or pull request and includes runner hardening and executing 'govulncheck' to identify potential vulnerabilities. 2024-03-23 18:59:10 +01:00			`with:`
			`egress-policy: audit`
			`- name: Run govulncheck`
[StepSecurity] ci: Harden GitHub Actions Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-03-23 19:01:31 +01:00			`uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2`