gansheer opened a new pull request, #4623: URL: https://github.com/apache/camel-k/pull/4623
Ref #3753 ## Motivation Adding the [govulncheck](https://go.dev/blog/govulncheck) tool to the project CI will provides more visibility on vulnerabilities of the golang code. ## Description The govulncheck looks into the dependencies but also [how they are used in the code](https://brandur.org/fragments/govulncheck-ci). As a result, it has been activated for any change on not only in go.mod/go.sum files but also on any golang file (*.go) changed. It is active on PRs and main/release branches changes. For now I decided not to use the [recently created github action](https://github.com/golang/govulncheck-action/tree/master) as I plan to see if other security tools like [gosec](https://github.com/securego/gosec) could be added. **Release Note** ```release-note feat(ci): Add govulncheck as ci workflow ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
