diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 76dcafdb5..29bdde22b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -233,6 +233,19 @@ jobs: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version version: latest + # Run govulncheck on the latest go version, the one we build binaries with + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.19 + check-latest: true + + - name: Install govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + + - name: Scan for vulnerabilities + run: govulncheck ./... + android: if: ${{ github.repository == 'rclone/rclone' || github.event.inputs.manual }} timeout-minutes: 30