Skip to content

govulncheck: run from a container #714

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xcoulon merged 2 commits into from
Dec 11, 2025
Merged

govulncheck: run from a container #714

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8ebc672
govulncheck: run from a container
xcoulon Dec 10, 2025
a4d2144
also, update ignored vulns (fixed in Go 1.24.11)
xcoulon Dec 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions .github/workflows/govulncheck.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,5 @@ jobs:
- name: Run govulncheck
uses: codeready-toolchain/toolchain-cicd/govulncheck-action@master
with:
go-version-file: go.mod
cache: false
config: .govulncheck.yaml
config: .govulncheck.yaml
debug: true # optional (default = false)
28 changes: 20 additions & 8 deletions .govulncheck.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,46 +4,58 @@ ignored-vulnerabilities:
# Fixed in: crypto/x509@go1.24.8
- id: GO-2025-4013
info: https://pkg.go.dev/vuln/GO-2025-4013
silence-until: 2025-12-03
silence-until: 2026-01-09
# Lack of limit when parsing cookies can cause memory exhaustion in net/http
# Found in: net/http@go1.23.12
# Fixed in: net/http@go1.24.8
- id: GO-2025-4012
info: https://pkg.go.dev/vuln/GO-2025-4012
silence-until: 2025-12-03
silence-until: 2026-01-09
# Parsing DER payload can cause memory exhaustion in encoding/asn1
# Found in: encoding/asn1@go1.23.12
# Fixed in: encoding/asn1@go1.24.8
- id: GO-2025-4011
info: https://pkg.go.dev/vuln/GO-2025-4011
silence-until: 2025-12-03
silence-until: 2026-01-09
# Insufficient validation of bracketed IPv6 hostnames in net/url
# Found in: net/url@go1.23.12
# Fixed in: net/url@go1.24.8
- id: GO-2025-4010
info: https://pkg.go.dev/vuln/GO-2025-4010
silence-until: 2025-12-03
silence-until: 2026-01-09
# Quadratic complexity when parsing some invalid inputs in encoding/pem
# Found in: encoding/pem@go1.23.12
# Fixed in: encoding/pem@go1.24.8
- id: GO-2025-4009
info: https://pkg.go.dev/vuln/GO-2025-4009
silence-until: 2025-12-03
silence-until: 2026-01-09
# ALPN negotiation error contains attacker controlled information in crypto/tls
# Found in: crypto/tls@go1.23.12
# Fixed in: crypto/tls@go1.24.8
- id: GO-2025-4008
info: https://pkg.go.dev/vuln/GO-2025-4008
silence-until: 2025-12-03
silence-until: 2026-01-09
# Quadratic complexity when checking name constraints in crypto/x509
# Found in: crypto/x509@go1.23.12
# Fixed in: crypto/x509@go1.24.9
- id: GO-2025-4007
info: https://pkg.go.dev/vuln/GO-2025-4007
silence-until: 2025-12-03
silence-until: 2026-01-09
# Excessive CPU consumption in ParseAddress in net/mail
# Found in: net/mail@go1.23.12
# Fixed in: net/mail@go1.24.8
- id: GO-2025-4006
info: https://pkg.go.dev/vuln/GO-2025-4006
silence-until: 2025-12-03
silence-until: 2026-01-09
# Excessive resource consumption when printing error string for host certificate validation in crypto/x509
# Found in: crypto/x509@go1.23.12
# Fixed in: crypto/x509@go1.24.11
- id: GO-2025-4155
info: https://pkg.go.dev/vuln/GO-2025-4155
silence-until: 2026-01-09
# Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
# Found in: crypto/x509@go1.23.12
# Fixed in: crypto/x509@go1.24.11
- id: GO-2025-4175
info: https://pkg.go.dev/vuln/GO-2025-4175
silence-until: 2026-01-09
Loading