Skip to content

ci: Add govulncheck CVE detection for Go modules#6394

Open
Vperiodt wants to merge 3 commits into
feast-dev:masterfrom
Vperiodt:govulncheck
Open

ci: Add govulncheck CVE detection for Go modules#6394
Vperiodt wants to merge 3 commits into
feast-dev:masterfrom
Vperiodt:govulncheck

Conversation

@Vperiodt
Copy link
Copy Markdown
Contributor

@Vperiodt Vperiodt commented May 12, 2026

What this PR does / why we need it:

Which issue(s) this PR fixes:

Checks

  • I've made sure the tests are passing.
  • My commits are signed off (git commit -s)
  • My PR title follows conventional commits format

Testing Strategy

  • Unit tests
  • Integration tests
  • Manual tests
  • Testing is not required for this change

Misc

@ntkathole
Copy link
Copy Markdown
Member

ntkathole commented May 19, 2026

@Vperiodt CI checks failing

ntkathole
ntkathole reviewed May 21, 2026
View reviewed changes
Comment thread .github/workflows/security.yml Outdated
run: go install golang.org/x/vuln/cmd/govulncheck@latest

- name: Run govulncheck
continue-on-error: true
Copy link
Copy Markdown
Member

@ntkathole ntkathole May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't we block the PR on failure ?

ntkathole
ntkathole reviewed May 21, 2026
View reviewed changes
Comment thread .github/workflows/security.yml Outdated
if: matrix.needs-protos
run: make compile-protos-go

- name: Install govulncheck
Copy link
Copy Markdown
Member

@ntkathole ntkathole May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead we can use official golang/govulncheck-action github action

ntkathole
ntkathole reviewed May 21, 2026
View reviewed changes
Comment thread .github/workflows/security.yml
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
Copy link
Copy Markdown
Member

@ntkathole ntkathole May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-events: write

Vperiodt added 2 commits May 21, 2026 13:24
@Vperiodt
added govulncheck
0f67138 
Signed-off-by: Vanshika Vanshika <vvanshik@redhat.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
@Vperiodt
fix-CI
cd66b99 
Signed-off-by: Vanshika Vanshika <vvanshik@redhat.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
@Vperiodt
ci: Use official govulncheck-action with SARIF upload
c51da0e 
Signed-off-by: Vanshika Vanshika <vvanshik@redhat.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ntkathole ntkathole ntkathole left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Vperiodt @ntkathole