From 1d74401328af2203ee47a00d55106b11d22e1711 Mon Sep 17 00:00:00 2001 From: Carlos Herrero Date: Fri, 15 May 2026 09:34:42 +0200 Subject: [PATCH] ci(security): run govulncheck on admin module The admin module was added to release-time govulncheck in #100, but the PR/push security workflow only scans root, sdk, and contrib. Add a symmetric step so admin vulnerabilities are caught on every PR, not just at release. gosec already covers admin (separate step); this closes the matching gap for govulncheck. --- .github/workflows/security.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 0b0afa5..b2bcb2d 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -74,6 +74,9 @@ jobs: - name: Run govulncheck (Contrib module) run: cd plugins/contrib && govulncheck ./... + - name: Run govulncheck (admin module) + run: cd admin && govulncheck ./... + gosec: name: Security Scan (gosec) needs: [changes]