How to Setup Scan Action for Private Repository Dependency
quentinlesceller opened this issue · comments
Hi everyone,
I'm trying to use Saulus on my repository. However since the go repo rely on another private repository I'm getting error such as:
{
[187](https://github.com/PRIVATEREPO/runs/6010499370?check_suite_focus=true#step:5:187)
"line": 12,
[188](https://github.com/REPO/runs/6010499370?check_suite_focus=true#step:5:188)
"column": 2,
[189](https://github.com/PRIVATEREPO/runs/6010499370?check_suite_focus=true#step:5:189)
"error": "could not import github.com/PRIVATEREPO/server (invalid package name: \"\
[190](https://github.com/PRIVATEREPO/runs/6010499370?check_suite_focus=true#step:5:190)
")"
Is there a way to set up setup that such that Gosec passes? Something like:
- name: Configure git for private modules
env:
TOKEN: ${{ secrets.GH_TOKEN }}
run: git config --global url."https://USER:${TOKEN}@github.com".insteadOf "https://github.com"
Thank you.
For people curious about this. Add this step before salus:
- name: Configure git for private modules
env:
TOKEN: ${{ secrets.GH_TOKEN }}
run: git config --global url."https://quentinlesceller:${TOKEN}@github.com".insteadOf "https://github.com"