Use govulncheck in CI #522
Comments
orpheuslummis
added
ci/build
|
Use govulncheck to find vulnerabilities and update go version in the future. I gave it a dry run and all our vulnerabilities that it was showing on go1.19 version were fixed by just bumping to go1.20 |
This was referenced Jul 22, 2023
shahzadlone
added a commit
that referenced
this issue
Jul 23, 2023
## Relevant issue(s) - Resolves #522 - Resolves #1687 ## Description - This is a routine version bump of GoLang, the previous bump was done in (#818) - This PR also introduces a new workflow action (not-mandatory to pass in order to merge) that was showing some vulnerabilities pre-version-bump, all of the vulnerabilities were resolved once the golang version was bumped. In future this trigger will be used to bump golang versions. - Also updates the golang version for AWS AMI generation. Note: - Before the bump we had 13 vulnerabilities: https://github.com/sourcenetwork/defradb/actions/runs/5629964770/job/15255493129?pr=1688 - After the bump: passing with no vulnerabilities. ## How has this been tested? - Added action that failed with vulnerabilities. - Bumped version. - Vulnerabilities were resolved and action passed. Specify the platform(s) on which this was tested: - Arch Linux
shahzadlone
added a commit
to shahzadlone/defradb
that referenced
this issue
Feb 23, 2024
## Relevant issue(s) - Resolves sourcenetwork#522 - Resolves sourcenetwork#1687 ## Description - This is a routine version bump of GoLang, the previous bump was done in (sourcenetwork#818) - This PR also introduces a new workflow action (not-mandatory to pass in order to merge) that was showing some vulnerabilities pre-version-bump, all of the vulnerabilities were resolved once the golang version was bumped. In future this trigger will be used to bump golang versions. - Also updates the golang version for AWS AMI generation. Note: - Before the bump we had 13 vulnerabilities: https://github.com/sourcenetwork/defradb/actions/runs/5629964770/job/15255493129?pr=1688 - After the bump: passing with no vulnerabilities. ## How has this been tested? - Added action that failed with vulnerabilities. - Bumped version. - Vulnerabilities were resolved and action passed. Specify the platform(s) on which this was tested: - Arch Linux
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Go introduces new tooling for vulnerability detection: golang.org/x/vuln/vulncheck
Because it is experimental it could potentially report false positives, thereby "blocking" PRs. We can be mindful of that and perhaps additionally it shouldn't be enabled on the develop/main branch checks, just on PRs.
The text was updated successfully, but these errors were encountered: