From 5b8dd37d58d271366b92d4e090078d378cc78a7f Mon Sep 17 00:00:00 2001
From: Dmitry Salakhov <to@dimasalakhov.com>
Date: Tue, 9 Feb 2021 15:40:09 +1300
Subject: [PATCH] add nancy

---
 .../{security-scan.yml => quality-scan.yml}     | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)
 rename .github/workflows/{security-scan.yml => quality-scan.yml} (82%)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/quality-scan.yml
similarity index 82%
rename from .github/workflows/security-scan.yml
rename to .github/workflows/quality-scan.yml
index 40c2dbb7e..fac1629f4 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/quality-scan.yml
@@ -53,7 +53,7 @@ jobs:
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v1
-  gosec:
+  server-security:
     name: Server security check
     runs-on: ubuntu-latest
     env:
@@ -62,7 +62,7 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v2
       - name: Download dependencies
-        run: cd api && go get -v -d && cd ..
+        run: cd api && go get -v -d
       - name: Run Gosec Security Scanner
         uses: portainer/gosec@fix-sarif-format
         with:
@@ -73,3 +73,16 @@ jobs:
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: results.sarif
+  server-dependencies:
+    name: Server dependency check
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+      NANCY_VERSION: v1.0.11
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Get Nancy binary
+        run: curl -s -L "https://github.com/sonatype-nexus-community/nancy/releases/download/$NANCY_VERSION/nancy-linux.amd64-$NANCY_VERSION" -o "/tmp/tools/nancy"
+      - name: Scan modules
+        run: cd api && go list -json -m all | /tmp/tools/nancy sleuth