fix: Security scan excludes examples with separate go.mod

agilira · agilira · commit 291f0ce45b15 · 2025-10-20T12:13:33.000+02:00
- Fix gosec panic on otel_integration example - Exclude examples/, benchmarks/, overhead-benchmarks/ from security scan - These directories have separate go.mod files with external dependencies - Maintain security scanning for main module and cmd/ - Resolves blocking PR checks for Dependabot updates Fixes: Security scan exit code 1 blocking PR #8
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -36,4 +36,10 @@ jobs:
       run: go install github.com/securego/gosec/v2/cmd/gosec@latest
 
     - name: Security Scan
-      run: gosec --exclude=G104,G306,G301 ./...
+      run: |
+        # Only scan the main module and cmd, exclude examples and benchmarks with separate go.mod
+        gosec --exclude=G104,G306,G301 \
+          --exclude-dir=examples \
+          --exclude-dir=benchmarks \
+          --exclude-dir=overhead-benchmarks \
+          ./ ./cmd/...
