Add GitHub Actions workflows

What this PR does / why we need it:

Added codespell for spell checking and trivy for vulnerability scanning to the csi-release-tools repository.

Currently, other CSI Sidecar repositories have spell checks and vulnerability scans using tools like codespell and trivy. However, the csi-release-tools repository lacks these configurations, which means it cannot detect spelling issues or vulnerabilities caused by the Go version within csi-release-tools. As a result, errors like the following have been encountered:

Does this PR introduce a user-facing change?:

NONE

act check:

codespell check

[codespell/Check for spelling errors] 🚀  Start image=catthehacker/ubuntu:act-latest
[codespell/Check for spelling errors]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[codespell/Check for spelling errors]   🐳  docker create image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[codespell/Check for spelling errors]   🐳  docker run image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[codespell/Check for spelling errors]   ☁  git clone 'https://github.com/codespell-project/actions-codespell' # ref=master
[codespell/Check for spelling errors] ⭐ Run Main actions/checkout@v4
[codespell/Check for spelling errors]   🐳  docker cp src=/Users/daikihayakawa/go/src/github.com/bells17/csi-release-tools/. dst=/Users/daikihayakawa/go/src/github.com/bells17/csi-release-tools
[codespell/Check for spelling errors]   ✅  Success - Main actions/checkout@v4
[codespell/Check for spelling errors] ⭐ Run Main codespell-project/actions-codespell@master
[codespell/Check for spelling errors]   🐳  docker build -t act-codespell-project-actions-codespell-master-dockeraction:latest /Users/daikihayakawa/.cache/act/codespell-project-actions-codespell@master/
[codespell/Check for spelling errors]   🐳  docker pull image=act-codespell-project-actions-codespell-master-dockeraction:latest platform= username= forcePull=false
[codespell/Check for spelling errors]   🐳  docker create image=act-codespell-project-actions-codespell-master-dockeraction:latest platform= entrypoint=[] cmd=[] network="container:act-codespell-Check-for-spelling-errors-d8979e8cd8036d583978cd86fd52846ee2733892a91d504563b08da255e77edc"
[codespell/Check for spelling errors]   🐳  docker run image=act-codespell-project-actions-codespell-master-dockeraction:latest platform= entrypoint=[] cmd=[] network="container:act-codespell-Check-for-spelling-errors-d8979e8cd8036d583978cd86fd52846ee2733892a91d504563b08da255e77edc"
| cp: can't create '/github/workflow/codespell-matcher.json': No such file or directory
[codespell/Check for spelling errors]   ❓ add-matcher /tmp/_github_workflow/codespell-matcher.json
| Running codespell on '' with the following options...
| Check filenames? 'true'
| Checking filenames
| Check hidden? ''
| Exclude file ''
| Skipping './.git,./.github/workflows/codespell.yml,.git,*.png,*.jpg,*.svg,*.sum,./vendor,go.sum,./release-tools/prow.sh,./client/vendor'
| Builtin dictionaries ''
| Ignore words file ''
| Ignore words list ''
| Ignore URI words list ''
| Resulting CLI options  --check-filenames --skip ./.git,./.github/workflows/codespell.yml,.git,*.png,*.jpg,*.svg,*.sum,./vendor,go.sum,./release-tools/prow.sh,./client/vendor
| 0
| Codespell found no problems
[codespell/Check for spelling errors]   ❓  ::remove-matcher owner=codespell-matcher-default::
[codespell/Check for spelling errors]   ❓  ::remove-matcher owner=codespell-matcher-specified::
[codespell/Check for spelling errors]   ✅  Success - Main codespell-project/actions-codespell@master
[codespell/Check for spelling errors] Cleaning up container for job Check for spelling errors
[codespell/Check for spelling errors] 🏁  Job succeeded

Go version vulnerabilities check(Go 1.22.3)

[Run Trivy scanner for Go version vulnerabilities/Build] 🚀  Start image=catthehacker/ubuntu:act-latest
[Run Trivy scanner for Go version vulnerabilities/Build]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[Run Trivy scanner for Go version vulnerabilities/Build]   🐳  docker create image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[Run Trivy scanner for Go version vulnerabilities/Build]   🐳  docker run image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[Run Trivy scanner for Go version vulnerabilities/Build]   ☁  git clone 'https://github.com/aquasecurity/trivy-action' # ref=master
[Run Trivy scanner for Go version vulnerabilities/Build] ⭐ Run Main Checkout code
[Run Trivy scanner for Go version vulnerabilities/Build]   🐳  docker cp src=/Users/daikihayakawa/go/src/github.com/bells17/csi-release-tools/. dst=/Users/daikihayakawa/go/src/github.com/bells17/csi-release-tools
[Run Trivy scanner for Go version vulnerabilities/Build]   ✅  Success - Main Checkout code
[Run Trivy scanner for Go version vulnerabilities/Build] ⭐ Run Main Get Go version
[Run Trivy scanner for Go version vulnerabilities/Build]   🐳  docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/go-version] user= workdir=
[Run Trivy scanner for Go version vulnerabilities/Build]   ✅  Success - Main Get Go version
[Run Trivy scanner for Go version vulnerabilities/Build]   ⚙  ::set-output:: version=1.22.3
[Run Trivy scanner for Go version vulnerabilities/Build] ⭐ Run Main Run Trivy scanner for Go version vulnerabilities
[Run Trivy scanner for Go version vulnerabilities/Build]   🐳  docker build -t act-aquasecurity-trivy-action-master-dockeraction:latest /Users/daikihayakawa/.cache/act/aquasecurity-trivy-action@master/
[Run Trivy scanner for Go version vulnerabilities/Build]   🐳  docker pull image=act-aquasecurity-trivy-action-master-dockeraction:latest platform= username= forcePull=false
[Run Trivy scanner for Go version vulnerabilities/Build]   🐳  docker create image=act-aquasecurity-trivy-action-master-dockeraction:latest platform= entrypoint=[] cmd=["-a image" "-b table" "-c " "-d 1" "-e true" "-f library" "-g CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN" "-h " "-i golang:1.22.3" "-j ." "-k " "-l " "-m " "-n " "-o " "-p " "-q " "-r false" "-s " "-t " "-u " "-v " "-x " "-z " "-y "] network="container:act-Run-Trivy-scanner-for-Go-version-vulnerabilities-Build-5869f5292cedc807e22de517281353b9c8ad4d9a3d02fcc0851170da64e58ef4"
[Run Trivy scanner for Go version vulnerabilities/Build]   🐳  docker run image=act-aquasecurity-trivy-action-master-dockeraction:latest platform= entrypoint=[] cmd=["-a image" "-b table" "-c " "-d 1" "-e true" "-f library" "-g CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN" "-h " "-i golang:1.22.3" "-j ." "-k " "-l " "-m " "-n " "-o " "-p " "-q " "-r false" "-s " "-t " "-u " "-v " "-x " "-z " "-y "] network="container:act-Run-Trivy-scanner-for-Go-version-vulnerabilities-Build-5869f5292cedc807e22de517281353b9c8ad4d9a3d02fcc0851170da64e58ef4"
| Running trivy with options: trivy image  --format table --exit-code  1 --ignore-unfixed --vuln-type  library --severity  CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN  golang:1.22.3
| Global options:  
| 2024-05-11T04:53:25Z  INFO    Need to update DB
| 2024-05-11T04:53:25Z  INFO    Downloading DB...       repository="ghcr.io/aquasecurity/trivy-db:2"
| 
| 2024-05-11T04:53:42Z  INFO    Vulnerability scanning is enabled
| 2024-05-11T04:53:42Z  INFO    Secret scanning is enabled
| 2024-05-11T04:53:42Z  INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
| 2024-05-11T04:53:42Z  INFO    Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
| 2024-05-11T04:54:11Z  INFO    [python] License acquired from METADATA classifiers may be subject to additional terms name="mercurial" version="6.3.2"
| 2024-05-11T04:54:14Z  INFO    Number of language-specific files       num=20
| 2024-05-11T04:54:14Z  INFO    [gobinary] Detecting vulnerabilities...
| 2024-05-11T04:54:14Z  INFO    [node-pkg] Detecting vulnerabilities...
[Run Trivy scanner for Go version vulnerabilities/Build]   ✅  Success - Main Run Trivy scanner for Go version vulnerabilities
[Run Trivy scanner for Go version vulnerabilities/Build] Cleaning up container for job Build
[Run Trivy scanner for Go version vulnerabilities/Build] 🏁  Job succeeded

Go version vulnerabilities check(Go 1.22.2)

``` [Run Trivy scanner for Go version vulnerabilities/Build] 🚀 Start image=catthehacker/ubuntu:act-latest [Run Trivy scanner for Go version vulnerabilities/Build] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true [Run Trivy scanner for Go version vulnerabilities/Build] 🐳 docker create image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host" [Run Trivy scanner for Go version vulnerabilities/Build] 🐳 docker run image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host" [Run Trivy scanner for Go version vulnerabilities/Build] ☁ git clone 'https://github.com/aquasecurity/trivy-action' # ref=master [Run Trivy scanner for Go version vulnerabilities/Build] ⭐ Run Main Checkout code [Run Trivy scanner for Go version vulnerabilities/Build] 🐳 docker cp src=/Users/daikihayakawa/go/src/github.com/bells17/csi-release-tools/. dst=/Users/daikihayakawa/go/src/github.com/bells17/csi-release-tools [Run Trivy scanner for Go version vulnerabilities/Build] ✅ Success - Main Checkout code [Run Trivy scanner for Go version vulnerabilities/Build] ⭐ Run Main Get Go version [Run Trivy scanner for Go version vulnerabilities/Build] 🐳 docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/go-version] user= workdir= [Run Trivy scanner for Go version vulnerabilities/Build] ✅ Success - Main Get Go version [Run Trivy scanner for Go version vulnerabilities/Build] ⚙ ::set-output:: version=1.22.2 [Run Trivy scanner for Go version vulnerabilities/Build] ⭐ Run Main Run Trivy scanner for Go version vulnerabilities [Run Trivy scanner for Go version vulnerabilities/Build] 🐳 docker build -t act-aquasecurity-trivy-action-master-dockeraction:latest /Users/daikihayakawa/.cache/act/aquasecurity-trivy-action@master/ [Run Trivy scanner for Go version vulnerabilities/Build] 🐳 docker pull image=act-aquasecurity-trivy-action-master-dockeraction:latest platform= username= forcePull=false [Run Trivy scanner for Go version vulnerabilities/Build] 🐳 docker create image=act-aquasecurity-trivy-action-master-dockeraction:latest platform= entrypoint=[] cmd=["-a image" "-b table" "-c " "-d 1" "-e true" "-f library" "-g CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN" "-h " "-i golang:1.22.2" "-j ." "-k " "-l " "-m " "-n " "-o " "-p " "-q " "-r false" "-s " "-t " "-u " "-v " "-x " "-z " "-y "] network="container:act-Run-Trivy-scanner-for-Go-version-vulnerabilities-Build-5869f5292cedc807e22de517281353b9c8ad4d9a3d02fcc0851170da64e58ef4" [Run Trivy scanner for Go version vulnerabilities/Build] 🐳 docker run image=act-aquasecurity-trivy-action-master-dockeraction:latest platform= entrypoint=[] cmd=["-a image" "-b table" "-c " "-d 1" "-e true" "-f library" "-g CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN" "-h " "-i golang:1.22.2" "-j ." "-k " "-l " "-m " "-n " "-o " "-p " "-q " "-r false" "-s " "-t " "-u " "-v " "-x " "-z " "-y "] network="container:act-Run-Trivy-scanner-for-Go-version-vulnerabilities-Build-5869f5292cedc807e22de517281353b9c8ad4d9a3d02fcc0851170da64e58ef4" | Running trivy with options: trivy image --format table --exit-code 1 --ignore-unfixed --vuln-type library --severity CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN golang:1.22.2 | Global options: | 2024-05-11T04:55:09Z INFO Need to update DB | 2024-05-11T04:55:09Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2" | | 2024-05-11T04:55:24Z INFO Vulnerability scanning is enabled | 2024-05-11T04:55:24Z INFO Secret scanning is enabled | 2024-05-11T04:55:24Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning | 2024-05-11T04:55:24Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection | 2024-05-11T04:55:51Z INFO [python] License acquired from METADATA classifiers may be subject to additional terms name="mercurial" version="6.3.2" | 2024-05-11T04:55:53Z INFO Number of language-specific files num=20 | 2024-05-11T04:55:53Z INFO [gobinary] Detecting vulnerabilities... | 2024-05-11T04:55:53Z INFO [node-pkg] Detecting vulnerabilities... | | usr/local/go/bin/go (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/bin/gofmt (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/addr2line (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/asm (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/buildid (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/cgo (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/compile (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/covdata (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/cover (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/doc (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/fix (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/link (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/nm (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/objdump (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/pack (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/pprof (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/test2json (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/trace (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ | | usr/local/go/pkg/tool/linux_amd64/vet (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ | │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ | ├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ | │ stdlib │ CVE-2024-24788 │ HIGH │ fixed │ 1.22.2 │ 1.22.3 │ golang: net: malformed DNS message can cause infinite loop │ | │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24788 │ | └─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ [Run Trivy scanner for Go version vulnerabilities/Build] ❌ Failure - Main Run Trivy scanner for Go version vulnerabilities [Run Trivy scanner for Go version vulnerabilities/Build] exit with `FAILURE`: 1 [Run Trivy scanner for Go version vulnerabilities/Build] 🏁 Job failed Error: Job 'Build' failed ⋊> ~/g/s/g/b/csi-release-tools on add-github-actions ⨯ 13:55:54 ```

kubernetes-csi / csi-release-tools

Add GitHub Actions workflows #254