Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Add Dependabot Security Updates for Go Modules and Weekly Govulncheck Workflow #5963

Open
dwisiswant0 opened this issue Jan 8, 2025 · 0 comments · May be fixed by #5964
Open

[FEATURE] Add Dependabot Security Updates for Go Modules and Weekly Govulncheck Workflow #5963

dwisiswant0 opened this issue Jan 8, 2025 · 0 comments · May be fixed by #5964
Assignees
@dwisiswant0
Labels
Type: Maintenance Updating phrasing or wording to make things clearer or removing ambiguity.

Comments

@dwisiswant0
Copy link
Member

Describe your feature request

Add two new features:

  1. Dependabot Update: A new security group in the gomod ecosystem focusing on security updates for Go modules.
  2. Govulncheck Workflow: A GitHub Action to automatically run govulncheck every week -> uploads the results to GitHub in SARIF format.

Describe the use case of the feature

  1. Dependabot Security Updates:

  2. Govulncheck Scanning:

    • Finds vulnerabilities early, so we can fix them before they escalate into serious issues.
    • Uploads results directly into GitHub’s security dashboard, making it easy to review and handle problems.

Describe alternatives you've considered

No response

Additional context

The Dependabot change is just for security updates. Both features reduce technical debt: Dependabot handles security updates automatically, and govulncheck ensures our dependencies are secure w/o extra manual effort.
@dwisiswant0 dwisiswant0 added the Type: Maintenance Updating phrasing or wording to make things clearer or removing ambiguity. label Jan 8, 2025
@dwisiswant0 dwisiswant0 self-assigned this Jan 8, 2025
@dwisiswant0 dwisiswant0 linked a pull request Jan 8, 2025 that will close this issue
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dwisiswant0 dwisiswant0

Labels
Type: Maintenance Updating phrasing or wording to make things clearer or removing ambiguity.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: added new govulncheck workflow projectdiscovery/nuclei
1 participant
@dwisiswant0