golangci · sayboras · Sep 21, 2020 · Sep 20, 2020 · sayboras · Sep 20, 2020
diff --git a/.github/workflows/pr-extra.yml b/.github/workflows/pr-extra.yml
@@ -13,7 +13,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
-      # We cannot use nancy-github-action because it is outdated, so it's better to use the latest
-      # docker image for the validation
-      - name: nancy
-        run: go list -json -m all | docker run -i sonatypecommunity/nancy:v0.3
+      - name: Run go list
+        run: go list -json -m all > go.list
+      - name: Nancy
+        uses: sonatype-nexus-community/nancy-github-action@master
diff --git a/.nancy-ignore b/.nancy-ignore
@@ -0,0 +1,11 @@
+# Skip for golang/golang.org/x/[email protected]
+CVE-2018-17848
+CVE-2018-17143
+CVE-2018-17847
+CVE-2018-17142
+CVE-2018-17846
+
+# Skip for indirect dependency github.com/coreos/[email protected]
+CVE-2020-15114
+CVE-2020-15115
+CVE-2020-15136