.github/workflows/scan-cve.yml

name: scan-cve

on:
  workflow_dispatch:
  push:
    branches: [ "master", "dev" ]
  pull_request:
    branches: [ "master", "dev" ]
  schedule:
    - cron: "03 */24 * * *"

permissions:
  contents: read

jobs:

  scan:
    runs-on: ubuntu-latest
    timeout-minutes: 5

    steps:
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

    - name: Set up Go
      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
      with:
        go-version: '1.23'

    - name: Install govulncheck
      run: go install golang.org/x/vuln/cmd/govulncheck@latest

    - name: Run govulncheck for project
      run: govulncheck -show verbose -scan module

    - name: Build binary
      run: make build-via-docker

    - name: Run govulncheck for binary
      run: govulncheck -mode=binary -show verbose -scan module ./ptcpdump