Gosec

build(deps): Bump actions/dependency-review-action from 3.1.3 to 3.1.4 #139

	---
	# This workflow uses actions that are not certified by GitHub. They are provided
	# by a third-party and are governed by separate terms of service, privacy
	# policy, and support documentation.

	name: Gosec
	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	# Declare default permissions as read only.
	permissions: read-all

	jobs:
	gosec_job:
	runs-on: ubuntu-latest
	name: Scan for vulns
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
	with:
	egress-policy: audit

	- name: Checkout Source
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Run Gosec Security Scanner
	uses: securego/gosec@5567ac4cfe9acae14f516b500e2cf229b6a8d16f # master
	with:
	args: ./...

Provide feedback