Quad4-Software/Linking-Tool
2
0
Fork 0
Code Issues 4 Pull Requests 6 Actions Packages Projects Releases 1 Wiki Activity

Update CI workflows and OSV scan script for improved functionality
All checks were successful
OSV-Scanner Scheduled Scan / scan-scheduled (push) Successful in 21s
Details
CI / build-frontend (push) Successful in 39s
Details
CI / build-backend (push) Successful in 21s
Details

Browse Source 
- Updated the 'checkout' action to version 4 for consistency across workflows.
- Added a 'Setup Go' step to initialize the Go environment using the latest action version.
- Modified the OSV scan script to generalize vulnerability reporting, removing specific severity checks for a broader output.
This commit is contained in:
ivan
2025-12-27 12:46:16 -06:00
parent 7e75064ae5
commit 4923619b51
3 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.gitea/workflows/osv-pr.yml
View File

@@ -14,7 +14,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Setup Go
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
with:
go-version-file: 'go.mod'
- name: OSV scan
run: bash scripts/osv_scan.sh

7
.gitea/workflows/osv-scheduled.yml
View File

@@ -14,7 +14,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Setup Go
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
with:
go-version-file: 'go.mod'
- name: OSV scan
run: bash scripts/osv_scan.sh

8
scripts/osv_scan.sh
View File

@@ -23,20 +23,16 @@ VULNS=$(jq -r '
.results[]? |
.source as $src |
.vulns[]? |
select(
(.database_specific.severity // "" | ascii_upcase | test("HIGH|CRITICAL")) or
(.severity[]?.score // "" | tostring | split("/")[0] | tonumber? // 0 | . >= 7.0)
) |
"\(.id) (source: \($src))"
' "$OSV_JSON")
if [ -n "$VULNS" ]; then
echo "OSV scan found HIGH/CRITICAL vulnerabilities:"
echo "OSV scan found vulnerabilities:"
echo "$VULNS" | while IFS= read -r line; do
echo " - $line"
done
exit 1
else
echo "OSV scan: no HIGH/CRITICAL vulnerabilities found."
echo "OSV scan: no vulnerabilities found."
fi