From bbef795287e9c03d4db488d24f21b344d032365f Mon Sep 17 00:00:00 2001
From: Higor Oliveira QA Azion <higor.oliveira@azion.com>
Date: Wed, 22 May 2024 15:01:36 -0300
Subject: [PATCH] chore: Add GoVulnCheck

---
 .github/workflows/package-audit.yaml | 18 ++++++++++++++++++
 Makefile                             |  9 +++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 .github/workflows/package-audit.yaml

diff --git a/.github/workflows/package-audit.yaml b/.github/workflows/package-audit.yaml
new file mode 100644
index 000000000..04d42a981
--- /dev/null
+++ b/.github/workflows/package-audit.yaml
@@ -0,0 +1,18 @@
+name: Package Auditing
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  PackageAuditing:
+    name: Package Auditor (GoVulnCheck)
+    runs-on: ubuntu-latest
+    container:
+      image: golang:1.22.3
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: GoVulnCheck
+        run: make govulncheck
diff --git a/Makefile b/Makefile
index a76f2bc31..9f292f414 100644
--- a/Makefile
+++ b/Makefile
@@ -10,6 +10,7 @@ endif
 GOPATH ?= $(shell $(GO) env GOPATH)
 GOBIN ?= $(GOPATH)/bin
 GOSEC ?= $(GOBIN)/gosec
+GOVULNCHECK ?= $(GOBIN)/govulncheck
 GOLINT ?= $(GOBIN)/golint
 GOFMT ?= $(GOBIN)/gofmt
 RELOAD ?= $(GOBIN)/CompileDaemon
@@ -86,6 +87,14 @@ get-gosec-deps:
 	@ cd $(GOPATH); \
 		$(GO) install github.com/securego/gosec/v2/cmd/gosec@latest
 
+.PHONY: govulncheck
+govulncheck: get-govulncheck-deps ## running GoVulnCheck
+	@ $(GOVULNCHECK) ./...
+
+.PHONY: get-govulncheck-deps
+get-govulncheck-deps:
+	@ $(GO) install golang.org/x/vuln/cmd/govulncheck@latest
+
 .PHONY : build
 build: ## build application
 	@ $(GO) version