[workflow]: Add Nancy for Vulnerability Scanning in Golang Dependencies#107
[workflow]: Add Nancy for Vulnerability Scanning in Golang Dependencies#107karanngi wants to merge 1 commit intomicrocks:masterfrom
Conversation
Signed-off-by: karanngi <karann.git@gmail.com>
|
@karanngi Are you going to work on this? |
|
It is complete; we need to handle some secrets in GitHub environments. |
|
This pull request has been automatically marked as stale because it has not had recent activity 😴 It will be closed in 30 days if no further activity occurs. To unstale this pull request, add a comment with detailed explanation. There can be many reasons why some specific pull request has no activity. The most probable cause is lack of time, not lack of interest. Microcks is a Cloud Native Computing Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model. Let us figure out together how to push this pull request forward. Connect with us through one of many communication channels we established here. Thank you for your patience ❤️ |
2 participants
Description
We should consider adding Nancy to our workflow for scanning vulnerabilities in Golang dependencies. It's widely used in CNCF projects and can help identify security risks early, improving the overall security of our codebase.
Creates a GitHub issue if vulnerabilities are found.
Related issue(s)
#105
@yada @lbroudoux