1
59%
main: 59%

Ran 09 Dec 2025 09:40PM UTC

Files 398

Run time 12s

Badge

Embed ▾

Committed 09 Dec 2025 09:39PM UTC coverage: 49.492%. Remained the same

Job # 20079373373.1

Build Type

push

github

Committed by

web-flow

Commit Message

Add vulnerability exclusion support to govulncheck workflow (#2972)

Add a post-processing step to the govulncheck GitHub Action that allows
excluding specific vulnerabilities with documented justification.

The govulncheck tool does not currently support excluding vulnerabilities
via config file or flag. This feature is tracked in golang/go#61211.
Until that is implemented, we use a post-processing approach similar to
GitLab's Gitaly project.

Use JSON output format since it returns success even when vulnerabilities
are found, allowing the exclusion check step to run.

Exclude GO-2025-4192 (CVE-2025-66564): sigstore/timestamp-authority
excessive memory allocation vulnerability. This is an indirect dependency
via sigstore-go used for container signature verification. The vulnerability
affects timestamp-authority server request parsing, but ToolHive only uses
sigstore-go as a client - it does not expose any timestamp-authority server
endpoints.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Run Details

26622 of 53790 relevant lines covered (49.49%)

58.53 hits per line

stacklok / toolhive / 20079373373 / 1
59%
main: 59%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 20079373373.1

stacklok / toolhive / 20079373373 / 1 59% main: 59%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 20079373373.1

stacklok / toolhive / 20079373373 / 1
59%
main: 59%

README BADGES
x