.github/workflows/scan-cve.yml

name: scan-cve

on:
  workflow_dispatch:
  push:
    branches: [ "master", "dev" ]
  pull_request:
    branches: [ "master", "dev" ]
  schedule:
    - cron: "03 */24 * * *"

permissions:
  contents: read

jobs:

  scan:
    runs-on: ubuntu-latest
    timeout-minutes: 5

    steps:
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

    - name: Set up Go
      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
      with:
        # renovate: datasource=golang-version depName=golang
        go-version: '1.23.6'

    - name: Install govulncheck
      run: go install golang.org/x/vuln/cmd/govulncheck@latest

    - name: Run govulncheck for project
      run: govulncheck -show verbose -scan module

    - name: Build binary
      run: make build-via-docker

    - name: Run govulncheck for binary
      run: govulncheck -mode=binary -show verbose -scan module ./ptcpdump