diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7149e386c9..e37c5cc870 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,6 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 with: go-version: '1.20' @@ -83,3 +82,15 @@ jobs: run: ./scripts/report.sh env: BUILDKITE_ANALYTICS_TOKEN: ${{ secrets.BUILDKITE_ANALYTICS_TOKEN }} + + vuln_check: + runs-on: ubuntu-latest + timeout-minutes: 5 + + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: '1.20' + - run: go install golang.org/x/vuln/cmd/govulncheck@latest + - run: govulncheck ./... diff --git a/devenv.nix b/devenv.nix index f74b52c56b..e1250867a3 100644 --- a/devenv.nix +++ b/devenv.nix @@ -7,6 +7,7 @@ pkgs.go pkgs.git pkgs.git-cliff + pkgs.govulncheck pkgs.python311 ]; }