Add govulncheck in CI
Go recently released a vulnerability scanning tool/library(govulncheck
) which only highlights the vulnerabilities that your codebase touches/uses. This makes it a good candidate for adding it into our CI/dev-workflow and raising security issues early on. More details about the are available at https://go.dev/blog/vuln
It is currently an experimental tool but I think we should add this in our CI which won't fail if vulnerabilities are raised. It will only raise warnings.
Edited by Vishal Tak