Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Switch build target from main.go to a package.
This changes the way go embeds versions in the binary. Today, Grype can't determine which k3s version is used in k3s itself because it's built with the file. Here's what a scan looks like: ``` NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY github.com/k3s-io/k3s (devel) 1.24.17 go-module GHSA-m4hf-6vgr-75r2 High ``` If you make this switch, the scanner can correctly determine the version instead of (devel). Signed-off-by: Dan Lorenc <[email protected]>
- Loading branch information