1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-14 19:35:52 +00:00
Commit graph

5 commits

Author SHA1 Message Date
Jason Hall
c8672cd458
prepare for v0.1
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-07 02:32:17 -04:00
Jason Hall
f71237bd63
add to readme
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-07 01:54:53 -04:00
Jason Hall
1c60665312
Update README with comprehensive feature documentation
- Document enhanced annotation features including rich context and links
- Add examples of all three annotation types (warnings, source code, suggested fixes)
- Explain the comprehensive workflow summary feature
- Update file structure to include summary.js
- Detail what users can expect when running the action
- Include specific examples of annotation content with emojis and formatting
2025-06-07 01:05:02 -04:00
Jason Hall
ae5c462368
simplify example workflow
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-06 23:42:32 -04:00
Jason Hall
39e329ab61
Initial implementation of govulncheck GitHub Action
This action runs govulncheck on Go projects and creates GitHub annotations
for vulnerabilities found in dependencies and code paths.

Features:
- Automated vulnerability scanning with govulncheck
- Smart annotations on go.mod for vulnerable dependencies
- Annotations on source code lines that call vulnerable functions
- Configurable working directory
- Output variables for vulnerability detection

The implementation includes:
- Modular architecture with separate concerns (execution, parsing, annotation)
- Comprehensive test suite with 100% function coverage
- Example vulnerable Go module for demonstration
- GitHub workflow example
- Full documentation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-06 23:41:03 -04:00