Skip to content

ci: Add PR pipeline with Trivy, gosec, and tests#49

Open
starlightromero wants to merge 1 commit intorobertlestak:mainfrom
starlightromero:ci/security-scans
Open

ci: Add PR pipeline with Trivy, gosec, and tests#49
starlightromero wants to merge 1 commit intorobertlestak:mainfrom
starlightromero:ci/security-scans

Conversation

@starlightromero
Copy link
Copy Markdown
Contributor

@starlightromero starlightromero commented Apr 11, 2026

Summary

Add a GitHub Actions CI pipeline that runs on pull requests to main.

Jobs

Job Tool Description
Test go test Run all Go tests
Trivy aquasecurity/trivy-action Filesystem scan, fails on CRITICAL/HIGH vulnerabilities
Gosec securego/gosec Go static security analysis, fails on MEDIUM+ severity

All three jobs run in parallel.

Pinned SHAs

All action references use commit SHAs instead of tags:

  • actions/checkout @ de0fac2e (v6.0.2)
  • actions/setup-go @ 4a360112 (v6.4.0)
  • aquasecurity/trivy-action @ 57a97c7e (v0.35.0)
  • securego/gosec @ 223e19b8 (v2.25.0)

@starlightromero
ci: Add PR pipeline with Trivy, gosec, and tests
f4ea2fd 
Run on pull requests to main:
- Go tests
- Trivy filesystem scan (fail on CRITICAL/HIGH)
- Gosec static analysis (fail on MEDIUM+ severity)

All action references use pinned commit SHAs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@starlightromero