# report-vulns
A very simple action to check for vulnerabilities in projects during workflows

## Usage
Use a tagged release to avoid unexpected changes that may come to the master branch
```yaml
name: "security checkpoint"
uses: https://code.jakeyoungdev.com/actions/report-vulns@master
with:
  manager: npm
  panic: no
```

### Inputs
Some inputs are supplied for better customization
|Input|Required|Values|Default|Description|
|---|---|---|---|---|
|manager|required|go/npm|.|Package manager to use for scan|
|panic|optional|yes/no|yes|Determines whether or not the job fails when vulnerabilities are found

## Requirements
Package managers like Go and Node must be installed before running this action

## Managers
The default or "built-in" vulnerability scanner will be used for each package manager
|Package Manager|Vulnerability Scanner|
|---|---|
|npm|npm audit|
|go|govulncheck|