From 03be4a4494c4b3cef0f2cf5765a4d3f64e14d895 Mon Sep 17 00:00:00 2001
From: "Xinwei Xiong(cubxxw)" <3293172751nss@gmail.com>
Date: Wed, 17 May 2023 12:38:27 +0800
Subject: [PATCH] ci: gosec help us audit the Go code

Signed-off-by: Xinwei Xiong(cubxxw) <3293172751nss@gmail.com>
---
 .github/workflows/gosec.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/gosec.yml

diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
new file mode 100644
index 000000000..26d454128
--- /dev/null
+++ b/.github/workflows/gosec.yml
@@ -0,0 +1,31 @@
+name: Run gosec
+
+# gosec is a source code security audit tool for the Go language. It performs a static 
+# analysis of the Go code, looking for potential security problems. The main functions of gosec are:
+#     1. Find common security vulnerabilities, such as SQL injection, command injection, and cross-site scripting (XSS).
+#     2. Audit codes according to common security standards and find non-standard codes.
+#     3. Assist the Go language engineer to write safe and reliable code.
+
+on:
+  push:
+    branches: "*"
+  pull_request:
+    branches: "*"
+    paths-ignore:
+      - 'docs/**'
+      - '*.md'
+      - '*.yml'
+      - '.github'
+
+jobs:
+  golang-security-action:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./...
\ No newline at end of file