From 96bdfaa523984377a8ff9a530f06aa42ee44120f Mon Sep 17 00:00:00 2001
From: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com>
Date: Thu, 5 Oct 2023 15:13:25 +0530
Subject: [PATCH] Add scheduled go security scan

Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com>
---
 .github/workflows/go-security-scan.yml     | 30 ++++++++++++++++++++++
 .github/workflows/scheduled-image-scan.yml |  4 +--
 2 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/go-security-scan.yml

diff --git a/.github/workflows/go-security-scan.yml b/.github/workflows/go-security-scan.yml
new file mode 100644
index 00000000000..2c1374b7473
--- /dev/null
+++ b/.github/workflows/go-security-scan.yml
@@ -0,0 +1,30 @@
+name: "Go Security Scan"
+
+# Run workflow each time code is pushed to your repository and on a schedule.
+# The scheduled workflow runs every Sunday at 00:00 UTC time.
+on:
+  push:
+  schedule:
+    - cron: '0 0 * * 0'
+  workflow_dispatch: { }
+
+jobs:
+  go-src-scan:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: '-no-fail -fmt=sarif -out=go-security-scan-results.sarif -exclude-dir=./pkg/client -exclude-dir=./pkg/clientv1alpha1 ./pkg/... ./cmd/...'
+
+      - name: Upload SARIF file to Github Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: go-security-scan-results.sarif
+          category: gosec-tool
diff --git a/.github/workflows/scheduled-image-scan.yml b/.github/workflows/scheduled-image-scan.yml
index 6aa3f985499..f3c4c0687f7 100644
--- a/.github/workflows/scheduled-image-scan.yml
+++ b/.github/workflows/scheduled-image-scan.yml
@@ -99,6 +99,6 @@ jobs:
 
       - name: Upload sarif file to Github Code Scanning
         if: always()
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: application/${{ matrix.image.name }}/docker.snyk.sarif
\ No newline at end of file
+          sarif_file: application/${{ matrix.image.name }}/docker.snyk.sarif