laconicd/.github/workflows/security.yml

name: Run Gosec
on:
  pull_request:
  push:
    branches:
      - main

jobs:
  Gosec:
    runs-on: ubuntu-latest
    env:
      GO111MODULE: on
    steps:
      - name: Checkout Source
        uses: actions/checkout@v3
      - name: Get Diff
        uses: technote-space/get-diff-action@v6.0.1
        with:
          PATTERNS: |
            **/*.go
            go.mod
            go.sum
      - name: Run Gosec Security Scanner
        uses: cosmos/gosec@master
        with:
          # we let the report trigger content trigger a failure using the GitHub Security features.
          args: '-no-fail -fmt sarif -out results.sarif ./...'
        if: "env.GIT_DIFF_FILTERED != ''"
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v1
        with:
          # Path to SARIF file relative to the root of the repository
          sarif_file: results.sarif
        if: "env.GIT_DIFF_FILTERED != ''"
ci: add gosec to PRs and main (#750) * ci: add gosec to PRs and main * use informalsystems gosec * add SARIF * commit to test * comment changes Co-authored-by: Federico Kunze Küllmer <federico.kunze94@gmail.com> Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-16 09:36:22 +00:00			`name: Run Gosec`
			`on:`
ci: enable gosec sarif upload (#776) * ci: enable gosec sarif upload * Update .github/workflows/security.yml Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-24 11:42:47 +00:00			`pull_request:`
ci: add gosec to PRs and main (#750) * ci: add gosec to PRs and main * use informalsystems gosec * add SARIF * commit to test * comment changes Co-authored-by: Federico Kunze Küllmer <federico.kunze94@gmail.com> Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-16 09:36:22 +00:00			`push:`
			`branches:`
			`- main`
ci: enable gosec sarif upload (#776) * ci: enable gosec sarif upload * Update .github/workflows/security.yml Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-24 11:42:47 +00:00
ci: add gosec to PRs and main (#750) * ci: add gosec to PRs and main * use informalsystems gosec * add SARIF * commit to test * comment changes Co-authored-by: Federico Kunze Küllmer <federico.kunze94@gmail.com> Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-16 09:36:22 +00:00			`jobs:`
ci: enable gosec sarif upload (#776) * ci: enable gosec sarif upload * Update .github/workflows/security.yml Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-24 11:42:47 +00:00			`Gosec:`
ci: add gosec to PRs and main (#750) * ci: add gosec to PRs and main * use informalsystems gosec * add SARIF * commit to test * comment changes Co-authored-by: Federico Kunze Küllmer <federico.kunze94@gmail.com> Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-16 09:36:22 +00:00			`runs-on: ubuntu-latest`
			`env:`
			`GO111MODULE: on`
			`steps:`
			`- name: Checkout Source`
build(deps): bump actions/checkout from 2.4.0 to 3 (#965) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-03-03 17:07:19 +00:00			`uses: actions/checkout@v3`
ci: enable gosec sarif upload (#776) * ci: enable gosec sarif upload * Update .github/workflows/security.yml Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-24 11:42:47 +00:00			`- name: Get Diff`
build(deps): bump technote-space/get-diff-action from 5 to 6.0.1 (#880) 2022-01-05 10:34:28 +00:00			`uses: technote-space/get-diff-action@v6.0.1`
ci: enable gosec sarif upload (#776) * ci: enable gosec sarif upload * Update .github/workflows/security.yml Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-24 11:42:47 +00:00			`with:`
			`PATTERNS: \|`
			`*/.go`
			`go.mod`
			`go.sum`
ci: add gosec to PRs and main (#750) * ci: add gosec to PRs and main * use informalsystems gosec * add SARIF * commit to test * comment changes Co-authored-by: Federico Kunze Küllmer <federico.kunze94@gmail.com> Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-16 09:36:22 +00:00			`- name: Run Gosec Security Scanner`
use cosmos/goces 2022-10-18 06:10:03 +00:00			`uses: cosmos/gosec@master`
ci: add gosec to PRs and main (#750) * ci: add gosec to PRs and main * use informalsystems gosec * add SARIF * commit to test * comment changes Co-authored-by: Federico Kunze Küllmer <federico.kunze94@gmail.com> Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-16 09:36:22 +00:00			`with:`
			`# we let the report trigger content trigger a failure using the GitHub Security features.`
ci: enable gosec sarif upload (#776) * ci: enable gosec sarif upload * Update .github/workflows/security.yml Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> 2021-11-24 11:42:47 +00:00			`args: '-no-fail -fmt sarif -out results.sarif ./...'`
			`if: "env.GIT_DIFF_FILTERED != ''"`
			`- name: Upload SARIF file`
			`uses: github/codeql-action/upload-sarif@v1`
			`with:`
			`# Path to SARIF file relative to the root of the repository`
			`sarif_file: results.sarif`
			`if: "env.GIT_DIFF_FILTERED != ''"`