github.com/minio/console@v1.3.0/.github/workflows/vulncheck.yaml

github.com/minio/console@v1.3.0/.github/workflows/vulncheck.yaml (about)

     1  # @format
     2  
     3  name: Vulnerability Check
     4  on:
     5    pull_request:
     6      branches:
     7        - master
     8    push:
     9      branches:
    10        - master
    11  
    12  permissions:
    13    contents: read # to fetch code (actions/checkout)
    14  
    15  jobs:
    16    vulncheck:
    17      name: Analysis
    18      runs-on: ubuntu-latest
    19      steps:
    20        - name: Check out code into the Go module directory
    21          uses: actions/checkout@v3
    22        - name: Set up Go
    23          uses: actions/setup-go@v3
    24          with:
    25            go-version: 1.21.9
    26            check-latest: true
    27        - name: Get official govulncheck
    28          run: go install golang.org/x/vuln/cmd/govulncheck@latest
    29          shell: bash
    30        - name: Run govulncheck
    31          run: govulncheck ./...
    32          shell: bash
    33  
    34    react-code-known-vulnerabilities:
    35      name: "React Code Has No Known Vulnerable Deps"
    36      runs-on: ubuntu-latest
    37      strategy:
    38        matrix:
    39          go-version: [ 1.21.8 ]
    40          os: [ ubuntu-latest ]
    41      steps:
    42        - name: Check out code
    43          uses: actions/checkout@v3
    44        - uses: actions/setup-node@v3
    45          with:
    46            node-version: ${{ env.NVMRC }}
    47            cache: "yarn"
    48            cache-dependency-path: web-app/yarn.lock
    49        - name: Checks for known security issues with the installed packages
    50          working-directory: ./web-app
    51          continue-on-error: false
    52          run: |
    53            yarn audit --groups dependencies