gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-04-28 11:33:06 -07:00
Code Issues Packages Projects Releases Wiki Activity
330 Commits 14 Branches 61 Tags
571711ff6b2d395c69dc596b7b24381fb6d471fb
Commit Graph

330 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
571711ff6b chore(deps): bump github.com/projectdiscovery/nuclei/v3 
Bumps [github.com/projectdiscovery/nuclei/v3](https://github.com/projectdiscovery/nuclei) from 3.7.1 to 3.8.0.
- [Release notes](https://github.com/projectdiscovery/nuclei/releases)
- [Commits](https://github.com/projectdiscovery/nuclei/compare/v3.7.1...v3.8.0)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/nuclei/v3
  dependency-version: 3.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-24 16:21:28 +00:00
celeste
e86a917364 Merge pull request #98 from vmfunc/ci/bump-go-1.25 
ci: bump go to 1.25 and migrate golangci-lint to v2
 2026-04-24 09:19:55 -07:00
vmfunc
09314edf5c ci: suppress v2-only staticcheck rules and 3 stray errcheck cases 
second pass after v2 surfaced more old-code noise:
  * staticcheck ST1000/ST1003 were the v1 'stylecheck' linter
    (never enabled here); disabled to preserve prior parity
  * errcheck can't match (io.Closer).Close against concrete
    types (tarball, tcp, logger); added narrow file+text rules

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-24 09:04:50 -07:00
vmfunc
9863a252d8 ci: appease yamllint and relax v2 linters to match v1 parity 
yamllint wanted a '---' document start and lines <=80 chars.

golangci-lint v2 surfaces 63 latent issues that v1.64.8 missed:
  * staticcheck QF1003/QF1012 (new quickfix checks) -- disabled
  * errcheck on idiomatic Body.Close / fmt.Fprint -- excluded
  * gocritic importShadow (nuclei output pkg alias) -- excluded
  * gocritic rangeValCopy (nuclei value-type iteration) -- excluded
  * gosec G301/G302 (log perms, intentional) -- excluded
  * noctx in 3 scan files -- excluded by path until refactored

real fixes for the noctx/perms cases are a separate follow-up;
this PR is strictly the toolchain + lint-action bump.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-24 09:01:33 -07:00
vmfunc
84b0b81996 ci: bump go toolchain to 1.25 and migrate golangci-lint to v2 
nuclei/v3 v3.8.0 (PR #97) requires go >= 1.25.7 in go.mod.
this breaks the existing CI pinned to go 1.24:

  - build: "go.mod requires go >= 1.25.7 (running go 1.24.13;
    GOTOOLCHAIN=local)"
  - lint:  "the Go language version (go1.24) used to build
    golangci-lint is lower than the targeted Go version (1.25.7)"

bumps setup-go to 1.25 across all workflows and moves the lint
job to golangci-lint-action v8 with golangci-lint v2.11.4 (built
with go 1.25). migrates .golangci.yml to the v2 schema:

  - version: "2"
  - linters-settings -> linters.settings
  - issues.exclude-rules -> linters.exclusions.rules
  - drop gosimple (merged into staticcheck in v2)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-24 08:53:43 -07:00
celeste
383e645d85 Merge pull request #91 from vmfunc/dependabot/github_actions/codecov/codecov-action-6 
chore(deps): bump codecov/codecov-action from 5 to 6
 2026-04-24 00:37:55 -07:00
celeste
30bf148768 Merge pull request #92 from vmfunc/dependabot/go_modules/go_modules-f67f74747b 
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 in the go_modules group across 1 directory
 2026-04-24 00:37:42 -07:00
celeste
3d04a61b27 Merge pull request #89 from vmfunc/dependabot/go_modules/github.com/charmbracelet/log-1.0.0 
chore(deps): bump github.com/charmbracelet/log from 0.4.2 to 1.0.0
 2026-04-24 00:37:22 -07:00
celeste
9bd1d8cd14 Merge pull request #93 from vmfunc/dependabot/github_actions/actions/github-script-9 
chore(deps): bump actions/github-script from 8 to 9
 2026-04-24 00:37:01 -07:00
celeste
68fed81eee Merge pull request #94 from vmfunc/dependabot/go_modules/github.com/projectdiscovery/utils-0.10.1 
chore(deps): bump github.com/projectdiscovery/utils from 0.9.0 to 0.10.1
 2026-04-24 00:36:47 -07:00
celeste
cf72dfff0e Merge pull request #95 from vmfunc/dependabot/github_actions/softprops/action-gh-release-3 
chore(deps): bump softprops/action-gh-release from 2 to 3
 2026-04-24 00:36:20 -07:00
dependabot[bot]
a469463c19 chore(deps): bump softprops/action-gh-release from 2 to 3 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2 to 3.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 12:45:52 +00:00
dependabot[bot]
c527668c60 chore(deps): bump github.com/projectdiscovery/utils from 0.9.0 to 0.10.1 
Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.9.0 to 0.10.1.
- [Release notes](https://github.com/projectdiscovery/utils/releases)
- [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md)
- [Commits](https://github.com/projectdiscovery/utils/compare/v0.9.0...v0.10.1)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/utils
  dependency-version: 0.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 12:43:54 +00:00
dependabot[bot]
4917eaf7e7 chore(deps): bump actions/github-script from 8 to 9 
Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v8...v9)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 12:45:52 +00:00
dependabot[bot]
4152e74ade chore(deps): bump github.com/go-git/go-git/v5 
Bumps the go_modules group with 1 update in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git).


Updates `github.com/go-git/go-git/v5` from 5.16.5 to 5.17.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.16.5...v5.17.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.17.1
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-30 17:15:28 +00:00
dependabot[bot]
3e0cbbc5dd chore(deps): bump codecov/codecov-action from 5 to 6 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 12:45:10 +00:00
dependabot[bot]
abe8bac165 chore(deps): bump github.com/charmbracelet/log from 0.4.2 to 1.0.0 
Bumps [github.com/charmbracelet/log](https://github.com/charmbracelet/log) from 0.4.2 to 1.0.0.
- [Release notes](https://github.com/charmbracelet/log/releases)
- [Commits](https://github.com/charmbracelet/log/compare/v0.4.2...v1.0.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/log
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 12:44:04 +00:00
celeste
d6c52d3dd8 Merge pull request #87 from vmfunc/dependabot/go_modules/github.com/projectdiscovery/nuclei/v3-3.7.1 
chore(deps): bump github.com/projectdiscovery/nuclei/v3 from 3.7.0 to 3.7.1
 2026-03-06 22:01:46 +01:00
celeste
439e829c1b Merge pull request #88 from vmfunc/dependabot/go_modules/github.com/antchfx/htmlquery-1.3.6 
chore(deps): bump github.com/antchfx/htmlquery from 1.3.5 to 1.3.6
 2026-03-06 22:01:27 +01:00
dependabot[bot]
d5067d08b2 chore(deps): bump github.com/antchfx/htmlquery from 1.3.5 to 1.3.6 
Bumps [github.com/antchfx/htmlquery](https://github.com/antchfx/htmlquery) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/antchfx/htmlquery/releases)
- [Commits](https://github.com/antchfx/htmlquery/compare/v1.3.5...v1.3.6)

---
updated-dependencies:
- dependency-name: github.com/antchfx/htmlquery
  dependency-version: 1.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 12:44:13 +00:00
dependabot[bot]
98c987bfbb chore(deps): bump github.com/projectdiscovery/nuclei/v3 
Bumps [github.com/projectdiscovery/nuclei/v3](https://github.com/projectdiscovery/nuclei) from 3.7.0 to 3.7.1.
- [Release notes](https://github.com/projectdiscovery/nuclei/releases)
- [Commits](https://github.com/projectdiscovery/nuclei/compare/v3.7.0...v3.7.1)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/nuclei/v3
  dependency-version: 3.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 12:44:06 +00:00
celeste
237dfde4d1 Merge pull request #86 from vmfunc/chore/bump-setup-go-v6 
chore: bump setup-go to v6, drop go 1.23 from CI matrix
 2026-03-01 05:13:54 +01:00
vmfunc
c69bbe1232 chore: bump setup-go to v6, drop go 1.23 from CI matrix 
go.mod requires >= 1.24.2 so the 1.23 matrix entry was already dead.
setup-go v6 sets GOTOOLCHAIN=local which makes it fail explicitly.
 2026-03-01 05:07:23 +01:00
celeste
d52bcfc736 Merge pull request #84 from vmfunc/dependabot/go_modules/go_modules-9655125a49 
chore(deps): bump the go_modules group across 1 directory with 2 updates
 2026-03-01 05:05:02 +01:00
celeste
fcffe18ba5 Merge pull request #85 from vmfunc/dependabot/github_actions/github/codeql-action-4 
chore(deps): bump github/codeql-action from 3 to 4
 2026-03-01 05:04:59 +01:00
dependabot[bot]
7749b50d25 chore(deps): bump github/codeql-action from 3 to 4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 12:45:54 +00:00
dependabot[bot]
93783d8bd3 chore(deps): bump the go_modules group across 1 directory with 2 updates 
Bumps the go_modules group with 2 updates in the / directory: [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) and [github.com/cloudflare/circl](https://github.com/cloudflare/circl).


Updates `filippo.io/edwards25519` from 1.1.0 to 1.1.1
- [Commits](https://github.com/FiloSottile/edwards25519/compare/v1.1.0...v1.1.1)

Updates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.6.1...v1.6.3)

---
updated-dependencies:
- dependency-name: filippo.io/edwards25519
  dependency-version: 1.1.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.3
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-25 19:34:14 +00:00
dependabot[bot]
fef7806ac2 chore(deps): bump github.com/refraction-networking/utls (#78) 
Bumps the go_modules group with 1 update in the / directory: [github.com/refraction-networking/utls](https://github.com/refraction-networking/utls).


Updates `github.com/refraction-networking/utls` from 1.8.1 to 1.8.2
- [Release notes](https://github.com/refraction-networking/utls/releases)
- [Commits](https://github.com/refraction-networking/utls/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/refraction-networking/utls
  dependency-version: 1.8.2
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 02:11:40 +01:00
dependabot[bot]
422245fe7f chore(deps): bump actions/labeler from 5 to 6 (#80) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 5 to 6.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 02:11:25 +01:00
dependabot[bot]
24a9f4411f chore(deps): bump reviewdog/action-misspell from 1.26.0 to 1.27.0 (#82) 
Bumps [reviewdog/action-misspell](https://github.com/reviewdog/action-misspell) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/reviewdog/action-misspell/releases)
- [Commits](https://github.com/reviewdog/action-misspell/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: reviewdog/action-misspell
  dependency-version: 1.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 02:10:52 +01:00
dependabot[bot]
22936a3281 chore(deps): bump reviewdog/action-yamllint from 1.19.0 to 1.21.0 (#83) 
Bumps [reviewdog/action-yamllint](https://github.com/reviewdog/action-yamllint) from 1.19.0 to 1.21.0.
- [Release notes](https://github.com/reviewdog/action-yamllint/releases)
- [Commits](https://github.com/reviewdog/action-yamllint/compare/v1.19.0...v1.21.0)

---
updated-dependencies:
- dependency-name: reviewdog/action-yamllint
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 02:10:40 +01:00
vmfunc
495d2c5496 feat: add securitytrails integration for domain discovery + target expansion v2026.2.17 2026-02-17 13:38:07 +01:00
dependabot[bot]
5ddfbc6204 chore(deps): bump github.com/likexian/whois from 1.15.1 to 1.15.7 (#67) 
Bumps [github.com/likexian/whois](https://github.com/likexian/whois) from 1.15.1 to 1.15.7.
- [Release notes](https://github.com/likexian/whois/releases)
- [Commits](https://github.com/likexian/whois/compare/v1.15.1...v1.15.7)

---
updated-dependencies:
- dependency-name: github.com/likexian/whois
  dependency-version: 1.15.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-13 15:32:55 +01:00
dependabot[bot]
b522aa3206 chore(deps): bump github.com/charmbracelet/log from 0.2.4 to 0.4.2 (#74) 
Bumps [github.com/charmbracelet/log](https://github.com/charmbracelet/log) from 0.2.4 to 0.4.2.
- [Release notes](https://github.com/charmbracelet/log/releases)
- [Commits](https://github.com/charmbracelet/log/compare/v0.2.4...v0.4.2)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/log
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-13 15:11:38 +01:00
dependabot[bot]
efd089a9b6 chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (#66) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.0 to 2.4.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.3)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-13 15:11:30 +01:00
dependabot[bot]
dd9db0dfd6 chore(deps): bump reviewdog/action-shellcheck from 1.27.0 to 1.32.0 (#70) 
Bumps [reviewdog/action-shellcheck](https://github.com/reviewdog/action-shellcheck) from 1.27.0 to 1.32.0.
- [Release notes](https://github.com/reviewdog/action-shellcheck/releases)
- [Commits](https://github.com/reviewdog/action-shellcheck/compare/v1.27.0...v1.32.0)

---
updated-dependencies:
- dependency-name: reviewdog/action-shellcheck
  dependency-version: 1.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-13 15:11:26 +01:00
dependabot[bot]
1eab6143bb chore(deps): bump reviewdog/action-markdownlint from 0.24.0 to 0.26.2 (#73) 
Bumps [reviewdog/action-markdownlint](https://github.com/reviewdog/action-markdownlint) from 0.24.0 to 0.26.2.
- [Release notes](https://github.com/reviewdog/action-markdownlint/releases)
- [Commits](https://github.com/reviewdog/action-markdownlint/compare/v0.24.0...v0.26.2)

---
updated-dependencies:
- dependency-name: reviewdog/action-markdownlint
  dependency-version: 0.26.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-13 15:11:23 +01:00
dependabot[bot]
418180a124 chore(deps): bump actions/github-script from 7 to 8 (#77) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-13 15:05:54 +01:00
dependabot[bot]
6f4144efe1 chore(deps): bump actions/checkout from 4 to 6 (#68) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-13 14:47:32 +01:00
vmfunc
a05d6ada56 ci: add pr bot for auto-labeling + rewrite release workflow for semver tags 
pr-bot labels PRs by area (scan, nuclei, modules, ci, deps, etc) and size
(xs/s/m/l/xl), posts a summary comment with file stats breakdown.

release workflow now triggers on v* tags instead of every push to main -
extracts version from tag, injects via ldflags, auto-generates changelog
from commits since last release, includes install instructions in the
release body. prerelease detection for rc/beta tags.

Signed-off-by: vmfunc <celeste@linux.com>
 2026-02-13 02:19:19 +01:00
vmfunc
75da3e3131 fix: resolve all golangci-lint issues across codebase 
- noctx: use http.NewRequestWithContext instead of http.Get/client.Get
- bodyclose: close response bodies on all code paths
- httpNoBody: use http.NoBody instead of nil for GET request bodies
- ifElseChain: convert if/else chains to switch in sif.go
- sloppyReassign: use := in logger.go where possible
- nilnil: annotate intentional nil,nil returns in lfi.go, sql.go
- errcheck: handle template install error in nuclei.go
- govet copylock: pass mutex by pointer in executor.go
- log.Fatalf: replace with log.Errorf+continue in api mode
 2026-02-13 02:11:17 +01:00
vmfunc
f5251d0c44 chore: strengthen golangci-lint config - add gosec, errorlint, nilnil, wastedassign, usetesting linters 
adds security and correctness linters, suppresses noisy checks
(fieldalignment, shadow, unusedwrite, nestingReduce), excludes
logger.Write from errcheck since log writes are best-effort
 2026-02-13 02:11:03 +01:00
vmfunc
e2198e932b ci: replace qodana with codeql - no external tokens needed 
Signed-off-by: vmfunc <celeste@linux.com>
 2026-02-13 02:08:32 +01:00
vmfunc
bad5b598c9 test: add fuzz tests for LFI detection, SQL patterns, version parsing 
fuzz targets: DetectLFIFromResponse, isAdminPanel, databaseErrorPatterns,
isValidVersionString, ExtractVersionOptimized - should bump the scorecard
fuzzing check.

Signed-off-by: vmfunc <celeste@linux.com>
 2026-02-13 01:57:46 +01:00
vmfunc
c85201b1ed ci: pin govulncheck to v1.1.4 - fixes scorecard pinned-dependencies 
Signed-off-by: vmfunc <celeste@linux.com>
 2026-02-13 01:57:36 +01:00
vmfunc
45a384bdc9 add SECURITY.md - fixes scorecard security-policy check 
Signed-off-by: vmfunc <celeste@linux.com>
 2026-02-13 01:57:31 +01:00
vmfunc
fcf9291653 ci: add explicit permissions to all workflows - fixes scorecard token-permissions 
Signed-off-by: vmfunc <celeste@linux.com>
 2026-02-13 01:40:22 +01:00
vmfunc
e94fda0acf deps: bump go-git to v5.16.5 - fixes CVE-2026-25934 
Signed-off-by: vmfunc <celeste@linux.com>
 2026-02-13 01:39:00 +01:00
vmfunc
03a9488b65 internal/scan: migrate nuclei integration to v3 SDK 
replace ~100 lines of manual nuclei v2 plumbing (catalog, loader, core,
protocolstate, protocolinit, hosterrorscache, interactsh, reporting,
ratelimit, testutils) with the v3 lib SDK - NewNucleiEngineCtx +
functional options.

drops direct ratelimit dep, mholt/archiver and nwaples/rardecode
(resolves dependabot CVE alerts for path traversal + DoS).

Signed-off-by: vmfunc <celeste@linux.com>
 2026-02-13 01:22:25 +01:00
vmfunc
83702e9a41 ci: overhaul workflows - lint, security scanning, release hardening 
- add golangci-lint job to go.yml (parallel with build+test)
- add Go 1.23/1.24 version matrix, coverage only on 1.24
- upgrade setup-go@v4 to v5, codecov@v4 to v5 across all workflows
- fix check-large-files bug (find|while never exits 1), exclude .git/
- add concurrency groups to push+PR workflows (no duplicate runs)
- lowercase all workflow names to match project voice
- add gosec, errorlint, gocognit, nilnil, wastedassign, usetesting linters
- remove deprecated exportloopref (Go 1.22 fixed loop var capture)
- new: govulncheck.yml - Go vuln scanner with call-graph analysis
- new: scorecard.yml - OpenSSF supply chain scorecard
- new: dependabot.yml - auto-update Go deps + Actions versions
- release: SHA256 checksums + SBOM generation for all artifacts
- add CODEOWNERS
 2026-02-13 01:09:57 +01:00