mirror of
https://github.com/imjasonh/govulncheck-action
synced 2026-07-10 09:33:07 +00:00
This action runs govulncheck on Go projects and creates GitHub annotations for vulnerabilities found in dependencies and code paths. Features: - Automated vulnerability scanning with govulncheck - Smart annotations on go.mod for vulnerable dependencies - Annotations on source code lines that call vulnerable functions - Configurable working directory - Output variables for vulnerability detection The implementation includes: - Modular architecture with separate concerns (execution, parsing, annotation) - Comprehensive test suite with 100% function coverage - Example vulnerable Go module for demonstration - GitHub workflow example - Full documentation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
58 lines
No EOL
1.4 KiB
JavaScript
58 lines
No EOL
1.4 KiB
JavaScript
class VulnerabilityParser {
|
|
parse(output) {
|
|
const vulnerabilities = [];
|
|
const lines = output.split('\n').filter(line => line.trim());
|
|
|
|
for (const line of lines) {
|
|
try {
|
|
const json = JSON.parse(line);
|
|
|
|
// Check for vulnerability findings
|
|
if (json.finding) {
|
|
vulnerabilities.push(json);
|
|
}
|
|
} catch (e) {
|
|
// Skip non-JSON lines
|
|
}
|
|
}
|
|
|
|
return vulnerabilities;
|
|
}
|
|
|
|
extractUniqueModules(vulnerabilities) {
|
|
const modules = new Set();
|
|
|
|
for (const vuln of vulnerabilities) {
|
|
const finding = vuln.finding;
|
|
if (finding.trace && finding.trace.length > 0 && finding.trace[0].module) {
|
|
modules.add(finding.trace[0].module);
|
|
}
|
|
}
|
|
|
|
return Array.from(modules);
|
|
}
|
|
|
|
extractCallSites(vulnerabilities) {
|
|
const callSites = [];
|
|
|
|
for (const vuln of vulnerabilities) {
|
|
const finding = vuln.finding;
|
|
if (finding.trace) {
|
|
for (const frame of finding.trace) {
|
|
if (frame.position && frame.position.filename) {
|
|
callSites.push({
|
|
filename: frame.position.filename,
|
|
line: frame.position.line || 1,
|
|
function: frame.function || 'unknown function',
|
|
osv: finding.osv || null
|
|
});
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return callSites;
|
|
}
|
|
}
|
|
|
|
module.exports = VulnerabilityParser; |