chore(security): Support Go Vulnerability Management (#21139)

See https://go.dev/security/vuln/ Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com> Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>
2025-07-22 18:28:37 +00:00 · 2022-09-11 15:02:18 +08:00
parent 77c916f6d9
commit 24b5a384d2
2 changed files with 16 additions and 0 deletions
--- a/6
+++ b/6
@@ -35,6 +35,7 @@ MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.0
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.3.0
+GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest

 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
@@ -728,6 +729,10 @@ generate-go: $(TAGS_PREREQ)
 	@echo "Running go generate..."
 	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)

+.PHONY: security-check
+security-check:
+	govulncheck -v ./...
+
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

@@ -813,6 +818,7 @@ deps-backend:
 	$(GO) install $(SWAGGER_PACKAGE)
 	$(GO) install $(XGO_PACKAGE)
 	$(GO) install $(GO_LICENSES_PACKAGE)
+	$(GO) install $(GOVULNCHECK_PACKAGE)

 node_modules: package-lock.json
 	npm install --no-save