Loading README.md +11 −0 Original line number Diff line number Diff line Loading @@ -164,3 +164,14 @@ It is bound to the `test` stage, and uses the following variables: | `GO_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `GO_SBOM_IMAGE` | Image of cyclonedx-gomod used for SBOM analysis | `registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest` | | `GO_SBOM_OPTS` | [@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis | `-main .` | ### `go-govulncheck` job This job enables Vulnerability Management with [Govulncheck](https://go.dev/blog/vuln). It is bound to the `test` stage, and uses the following variables: | Name | description | default value | | --------------------- | -------------------------------------- | ----------------- | | `GO_VULNCHECK_DISABLED` | Set to `true` to disable this job | _none_ | `GO_VULNCHECK_ARGS` | `govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags) | `./...` | No newline at end of file kicker.json +14 −0 Original line number Diff line number Diff line Loading @@ -132,6 +132,20 @@ "advanced": true } ] }, { "id": "govulncheck", "name": "Govulncheck", "description": "Vulnerability Management with [Govulncheck](https://go.dev/blog/vuln)", "disable_with": "GO_VULNCHECK_DISABLED", "variables": [ { "name": "GO_VULNCHECK_ARGS", "description": "`govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags)", "default": "./...", "advanced": true } ] } ] } templates/gitlab-ci-golang.yml +27 −0 Original line number Diff line number Diff line Loading @@ -85,6 +85,9 @@ variables: # Default arguments for go-mod-outdated command GO_MOD_OUTDATED_ARGS: '-update -direct' GO_VULNCHECK_ARGS: >- ./... # Default golangci-lint Docker image (can be overridden) GO_CI_LINT_IMAGE: "registry.hub.docker.com/golangci/golangci-lint:latest-alpine" Loading Loading @@ -222,6 +225,16 @@ stages: cd - } function install_go_govulncheck() { if ! command -v govulncheck > /dev/null then cd "$(mktemp -d)" go mod init govulncheck go install golang.org/x/vuln/cmd/govulncheck@latest cd - fi } function install_ca_certs() { certs=$1 if [[ -z "$certs" ]] Loading Loading @@ -498,3 +511,17 @@ go-sbom: - if: '$GO_SBOM_DISABLED == "true"' when: never - !reference [.test-policy, rules] go-govulncheck: extends: .go-base stage: test dependencies: [] script: - mkdir -p -m 777 reports - install_go_govulncheck - $GOBIN/govulncheck ${GO_VULNCHECK_ARGS} rules: # exclude if GO_CI_LINT_DISABLED set - if: '$GO_VULNCHECK_DISABLED == "true"' when: never - !reference [.test-policy, rules] No newline at end of file Loading
README.md +11 −0 Original line number Diff line number Diff line Loading @@ -164,3 +164,14 @@ It is bound to the `test` stage, and uses the following variables: | `GO_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `GO_SBOM_IMAGE` | Image of cyclonedx-gomod used for SBOM analysis | `registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest` | | `GO_SBOM_OPTS` | [@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis | `-main .` | ### `go-govulncheck` job This job enables Vulnerability Management with [Govulncheck](https://go.dev/blog/vuln). It is bound to the `test` stage, and uses the following variables: | Name | description | default value | | --------------------- | -------------------------------------- | ----------------- | | `GO_VULNCHECK_DISABLED` | Set to `true` to disable this job | _none_ | `GO_VULNCHECK_ARGS` | `govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags) | `./...` | No newline at end of file
kicker.json +14 −0 Original line number Diff line number Diff line Loading @@ -132,6 +132,20 @@ "advanced": true } ] }, { "id": "govulncheck", "name": "Govulncheck", "description": "Vulnerability Management with [Govulncheck](https://go.dev/blog/vuln)", "disable_with": "GO_VULNCHECK_DISABLED", "variables": [ { "name": "GO_VULNCHECK_ARGS", "description": "`govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags)", "default": "./...", "advanced": true } ] } ] }
templates/gitlab-ci-golang.yml +27 −0 Original line number Diff line number Diff line Loading @@ -85,6 +85,9 @@ variables: # Default arguments for go-mod-outdated command GO_MOD_OUTDATED_ARGS: '-update -direct' GO_VULNCHECK_ARGS: >- ./... # Default golangci-lint Docker image (can be overridden) GO_CI_LINT_IMAGE: "registry.hub.docker.com/golangci/golangci-lint:latest-alpine" Loading Loading @@ -222,6 +225,16 @@ stages: cd - } function install_go_govulncheck() { if ! command -v govulncheck > /dev/null then cd "$(mktemp -d)" go mod init govulncheck go install golang.org/x/vuln/cmd/govulncheck@latest cd - fi } function install_ca_certs() { certs=$1 if [[ -z "$certs" ]] Loading Loading @@ -498,3 +511,17 @@ go-sbom: - if: '$GO_SBOM_DISABLED == "true"' when: never - !reference [.test-policy, rules] go-govulncheck: extends: .go-base stage: test dependencies: [] script: - mkdir -p -m 777 reports - install_go_govulncheck - $GOBIN/govulncheck ${GO_VULNCHECK_ARGS} rules: # exclude if GO_CI_LINT_DISABLED set - if: '$GO_VULNCHECK_DISABLED == "true"' when: never - !reference [.test-policy, rules] No newline at end of file
