From f83527aa2d9b9b94d9ef7fe60d5e488df7f17fbb Mon Sep 17 00:00:00 2001
From: jake <jake.young.dev@gmail.com>
Date: Fri, 3 Apr 2026 15:11:33 -0400
Subject: [PATCH] ready to test

---
 action.yaml     |  7 ++++++-
 src/security.sh | 12 +++++++++---
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/action.yaml b/action.yaml
index 8f9e5d1..481c534 100644
--- a/action.yaml
+++ b/action.yaml
@@ -49,4 +49,9 @@ runs:
 
     - name: "run security checks"
       shell: bash
-      run:  ${{ github.action_path }}/src/security.sh
\ No newline at end of file
+      run:  ${{ github.action_path }}/src/security.sh
+      env:
+        STATIC_FLAG: ${{ inputs.static }}
+        STATIC_FAIL: ${{ inputs.static-fail }}
+        VULN_CHECK: ${{ inputs.vulnerability }}
+        VULN_FAIL: ${{ inputs.vulnerability-fail }}
\ No newline at end of file
diff --git a/src/security.sh b/src/security.sh
index 14b90f3..9451791 100644
--- a/src/security.sh
+++ b/src/security.sh
@@ -2,13 +2,19 @@
 
 set -eo pipefail
 
-if [[ "$STATIC_FLAG" == "no" && "$VULN_SCAN" == "no" ]]; then
+if [[ "$STATIC_FLAG" == "no" && "$VULN_CHECK" == "no" ]]; then
     echo "[INFO] no security flags set, skipping!";
     exit 0;
 fi
 
+toolchain=$(go mod edit go.mod -json | jq ".Toolchain");
+version=$(go mod edit -json | jq ".Toolchain");
+if [[ ! -z "$toolchain" ]]; then
+    version=$toolchain;
+fi
+
 if [[ "$STATIC_FLAG" == "yes" ]]; then
-    if gosec ./...; then
+    if GOTOOLCHAIN=$version gosec ./...; then
         echo "[INFO] gosec passed!";
     else
         if [[ "$STATIC_FAIL" == "yes" ]]; then
@@ -21,7 +27,7 @@ if [[ "$STATIC_FLAG" == "yes" ]]; then
 fi
 
 if [[ "$VULN_CHECK" == "yes" ]]; then
-    if govulncheck ./...; then
+    if GOTOOLCHAIN=$version govulncheck ./...; then
         echo "[INFO] govulncheck passed!";
     else
         if [[ "$VULN_FAIL" == "yes" ]]; then