From db63505fa75d673bb4d5ef4a319dc6221a01f90e Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Wed, 13 Aug 2025 10:16:24 +0300 Subject: [PATCH] fix(ci): update security.yml --- .github/workflows/security.yml | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 045bb50..1033e66 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -9,16 +9,18 @@ on: # Run security scan weekly on Sundays at 00:00 UTC - cron: '0 0 * * 0' -permissions: - security-events: write - contents: read - actions: read +permissions: read-all jobs: security: name: Security Analysis runs-on: ubuntu-latest + permissions: + security-events: write + contents: read + actions: read + steps: - name: Checkout code uses: actions/checkout@v4 @@ -26,7 +28,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: '1.23' + go-version-file: 'go.mod' - name: Cache Go modules uses: actions/cache@v4 @@ -40,7 +42,7 @@ jobs: # Security Scanning with gosec - name: Run gosec Security Scanner - uses: securecodewarrior/github-action-gosec@master + uses: securego/gosec@v2 with: args: '-fmt sarif -out gosec-results.sarif ./...' @@ -69,16 +71,15 @@ jobs: # Additional Security Linting - name: Run security-focused golangci-lint - run: | - go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest - golangci-lint run --enable=gosec,gocritic,bodyclose,rowserrcheck,misspell,unconvert,unparam,unused \ - --timeout=5m + uses: golangci/golangci-lint-action@v6.0.1 + with: + args: "--enable=gosec,gocritic,bodyclose,rowserrcheck,misspell,unconvert,unparam,unused --timeout=5m" # Makefile Linting - name: Run checkmake on Makefile - run: | - go install github.com/mrtazz/checkmake/cmd/checkmake@latest - checkmake --config=.checkmake Makefile + uses: Uno-Takashi/checkmake-action@v2 + with: + config: .checkmake # Shell Script Formatting Check - name: Check shell script formatting