security.yml

name: Security Scans

on:
  workflow_dispatch:
  workflow_call:
  pull_request_target:
  schedule:
    - cron: "0 8 * * *"

jobs:
  dependency-review:
    name: Dependency Review
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        name: Checkout code

      - name: Run dependency review
        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

  govulncheck:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        name: Checkout code

      - name: Set up Go
        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          check-latest: true

      - name: Install govulncheck
        run: |
          go install golang.org/x/vuln/cmd/govulncheck@latest

      - name: Run govulncheck
        run: |
          govulncheck ./...