testing better logging

README.md

@@ -0,0 +1,3 @@
+# donotpassgo
+
+action to run general go code scans, includes dependency scan with govulncheck and static code analysis from gosec

action.yaml

@@ -6,11 +6,9 @@ runs:
     - name: "install go packages"
       run: |
         go install golang.org/x/vuln/cmd/govulncheck@latest
+        go install github.com/securego/gosec/v2/cmd/gosec@latest
       
     - name: "dependency scan"
-      run: govulncheck ./...
+      run: |
-
+        govulncheck ./...
-    - name: "static code analysis"
+        gosec ./...
-      uses: securego/gosec@master
-      with:
-        args: ./...