From c5ebde5de3532720c48cb36f9ad5265b9f1e0a7e Mon Sep 17 00:00:00 2001
From: RajathInuganti <rajathinuganti@gmail.com>
Date: Sat, 19 Feb 2022 12:14:23 -0800
Subject: [PATCH] Added CI that scans for Golang Vulnerabilities and code
 smells

The vulnerability scanning is performed by gosec, which is an open source security checker.
The gosec package can be utilized through github actions and used in a workflow.
---
 .github/workflows/security-check.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/security-check.yml

diff --git a/.github/workflows/security-check.yml b/.github/workflows/security-check.yml
new file mode 100644
index 0000000..96a3621
--- /dev/null
+++ b/.github/workflows/security-check.yml
@@ -0,0 +1,22 @@
+name: Security Scan - Gosec
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./...