Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Go
Manage
Activity
Members
Plan
Wiki
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Analyze
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
to be continuous...
Go
Commits
bc4a87d6
Commit
bc4a87d6
authored
1 year ago
by
Cédric OLIVIER
Committed by
Pierre Smeyers
1 year ago
Browse files
Options
Downloads
Patches
Plain Diff
feat: add govulncheck
parent
77c5c8ba
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
README.md
+11
-0
11 additions, 0 deletions
README.md
kicker.json
+14
-0
14 additions, 0 deletions
kicker.json
templates/gitlab-ci-golang.yml
+27
-0
27 additions, 0 deletions
templates/gitlab-ci-golang.yml
with
52 additions
and
0 deletions
README.md
+
11
−
0
View file @
bc4a87d6
...
...
@@ -164,3 +164,14 @@ It is bound to the `test` stage, and uses the following variables:
|
`GO_SBOM_DISABLED`
| Set to
`true`
to disable this job | _none_ |
|
`GO_SBOM_IMAGE`
| Image of cyclonedx-gomod used for SBOM analysis |
`registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest`
|
|
`GO_SBOM_OPTS`
|
[
@cyclonedx/cyclonedx-gomod options
](
https://github.com/CycloneDX/cyclonedx-gomod#usage
)
used for SBOM analysis |
`-main .`
|
### `go-govulncheck` job
This job enables Vulnerability Management with
[
Govulncheck
](
https://go.dev/blog/vuln
)
.
It is bound to the
`test`
stage, and uses the following variables:
| Name | description | default value |
| --------------------- | -------------------------------------- | ----------------- |
|
`GO_VULNCHECK_DISABLED`
| Set to
`true`
to disable this job | _none_
|
`GO_VULNCHECK_ARGS`
|
`govulncheck`
[
command line arguments
](
https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags
)
|
`./...`
|
\ No newline at end of file
This diff is collapsed.
Click to expand it.
kicker.json
+
14
−
0
View file @
bc4a87d6
...
...
@@ -132,6 +132,20 @@
"advanced"
:
true
}
]
},
{
"id"
:
"govulncheck"
,
"name"
:
"Govulncheck"
,
"description"
:
"Vulnerability Management with [Govulncheck](https://go.dev/blog/vuln)"
,
"disable_with"
:
"GO_VULNCHECK_DISABLED"
,
"variables"
:
[
{
"name"
:
"GO_VULNCHECK_ARGS"
,
"description"
:
"`govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags)"
,
"default"
:
"./..."
,
"advanced"
:
true
}
]
}
]
}
This diff is collapsed.
Click to expand it.
templates/gitlab-ci-golang.yml
+
27
−
0
View file @
bc4a87d6
...
...
@@ -85,6 +85,9 @@ variables:
# Default arguments for go-mod-outdated command
GO_MOD_OUTDATED_ARGS
:
'
-update
-direct'
GO_VULNCHECK_ARGS
:
>-
./...
# Default golangci-lint Docker image (can be overridden)
GO_CI_LINT_IMAGE
:
"
registry.hub.docker.com/golangci/golangci-lint:latest-alpine"
...
...
@@ -222,6 +225,16 @@ stages:
cd -
}
function install_go_govulncheck() {
if ! command -v govulncheck > /dev/null
then
cd "$(mktemp -d)"
go mod init govulncheck
go install golang.org/x/vuln/cmd/govulncheck@latest
cd -
fi
}
function install_ca_certs() {
certs=$1
if [[ -z "$certs" ]]
...
...
@@ -498,3 +511,17 @@ go-sbom:
-
if
:
'
$GO_SBOM_DISABLED
==
"true"'
when
:
never
-
!reference
[
.test-policy
,
rules
]
go-govulncheck
:
extends
:
.go-base
stage
:
test
dependencies
:
[]
script
:
-
mkdir -p -m 777 reports
-
install_go_govulncheck
-
$GOBIN/govulncheck ${GO_VULNCHECK_ARGS}
rules
:
# exclude if GO_CI_LINT_DISABLED set
-
if
:
'
$GO_VULNCHECK_DISABLED
==
"true"'
when
:
never
-
!reference
[
.test-policy
,
rules
]
\ No newline at end of file
This diff is collapsed.
Click to expand it.
Pierre-Alain RIVIERE
@pariviere
mentioned in commit
bddb3c1a
·
1 year ago
mentioned in commit
bddb3c1a
mentioned in commit bddb3c1a989358a80da6379e3ed43f7e1eed7aa7
Toggle commit list
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment