Summary
As a security hardening tool, micromize should practice what it preaches. Currently there is no automated security scanning.
What's Needed
Add security scanning to the CI pipeline:
1. Go Vulnerability Check
Add govulncheck to the CI workflow:
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run govulncheck
run: govulncheck ./...
2. Container Image Scanning
Add Trivy scanning after image builds:
- Scan the Dockerfile for misconfigurations
- Scan built images for CVEs
3. CodeQL Analysis
Add .github/workflows/codeql.yml for automated code scanning:
- Languages: Go
- Schedule: weekly + on PRs
Files
.github/workflows/ci.yml (or separate security.yml).github/workflows/codeql.yml
Summary
As a security hardening tool, micromize should practice what it preaches. Currently there is no automated security scanning.
What's Needed
Add security scanning to the CI pipeline:
1. Go Vulnerability Check
Add
govulncheckto the CI workflow:2. Container Image Scanning
Add Trivy scanning after image builds:
3. CodeQL Analysis
Add
.github/workflows/codeql.ymlfor automated code scanning:Files
.github/workflows/ci.yml(or separatesecurity.yml).github/workflows/codeql.yml