Skip to content

Add supply-chain CI gates and adversarial fuzz evals (#311) #2

Add supply-chain CI gates and adversarial fuzz evals (#311)

Add supply-chain CI gates and adversarial fuzz evals (#311) #2

Triggered via push June 22, 2026 14:03
Status Failure
Total duration 1m 29s
Artifacts

security.yml

on: push
govulncheck
29s
govulncheck
gitleaks
8s
gitleaks
gosec (SARIF, non-gating)
1m 23s
gosec (SARIF, non-gating)
Fit to window
Zoom out
Zoom in

Annotations

1 error and 4 warnings
gitleaks
🛑 missing gitleaks license. Go grab one at gitleaks.io and store it as a GitHub Secret named GITLEAKS_LICENSE. For more info about the recent breaking update, see [here](https://github.com/gitleaks/gitleaks-action#-announcement).
gitleaks
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: gitleaks/gitleaks-action@v2. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
govulncheck
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/setup-go@v5. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
gosec (SARIF, non-gating)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/setup-go@v5, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
gosec (SARIF, non-gating)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/