go-mail/.github/workflows/govulncheck.yml

# SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>
#
# SPDX-License-Identifier: CC0-1.0

name: Govulncheck Security Scan

on: [push, pull_request]

permissions:
  contents: read

jobs:
  test:
    runs-on: ubuntu-latest
    steps: 
    - name: Harden Runner
      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
      with:
        egress-policy: audit
    - name: Run govulncheck
      uses: golang/govulncheck-action@dd0578b371c987f96d1185abb54344b44352bd58 # v1.0.3
"Add Govulncheck Security Scan workflow" A new GitHub Actions workflow for Govulncheck Security Scan has been added. This workflow gets activated on every push or pull request and includes runner hardening and executing 'govulncheck' to identify potential vulnerabilities. 2024-03-23 18:59:10 +01:00			`# SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>`
			`#`
			`# SPDX-License-Identifier: CC0-1.0`

			`name: Govulncheck Security Scan`

			`on: [push, pull_request]`

			`permissions:`
			`contents: read`

			`jobs:`
			`test:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Harden Runner`
--- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2024-05-22 15:15:46 +02:00			`uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0`
"Add Govulncheck Security Scan workflow" A new GitHub Actions workflow for Govulncheck Security Scan has been added. This workflow gets activated on every push or pull request and includes runner hardening and executing 'govulncheck' to identify potential vulnerabilities. 2024-03-23 18:59:10 +01:00			`with:`
			`egress-policy: audit`
			`- name: Run govulncheck`
Bump golang/govulncheck-action from 1.0.2 to 1.0.3 Bumps [golang/govulncheck-action](https://github.com/golang/govulncheck-action) from 1.0.2 to 1.0.3. - [Release notes](https://github.com/golang/govulncheck-action/releases) - [Commits](https://github.com/golang/govulncheck-action/compare/3a32958c2706f7048305d5a2e53633d7e37e97d0...dd0578b371c987f96d1185abb54344b44352bd58) --- updated-dependencies: - dependency-name: golang/govulncheck-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2024-06-04 15:55:49 +02:00			`uses: golang/govulncheck-action@dd0578b371c987f96d1185abb54344b44352bd58 # v1.0.3`