1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-08 08:45:48 +00:00
Commit graph

2 commits

Author SHA1 Message Date
Jason Hall
ae5c462368
simplify example workflow
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-06 23:42:32 -04:00
Jason Hall
39e329ab61
Initial implementation of govulncheck GitHub Action
This action runs govulncheck on Go projects and creates GitHub annotations
for vulnerabilities found in dependencies and code paths.

Features:
- Automated vulnerability scanning with govulncheck
- Smart annotations on go.mod for vulnerable dependencies
- Annotations on source code lines that call vulnerable functions
- Configurable working directory
- Output variables for vulnerability detection

The implementation includes:
- Modular architecture with separate concerns (execution, parsing, annotation)
- Comprehensive test suite with 100% function coverage
- Example vulnerable Go module for demonstration
- GitHub workflow example
- Full documentation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-06 23:41:03 -04:00