Oh wow, that’s a gem. Thank you!
I was overhappy to see how it’s easy to configure and added to my repositories right after I read half of the article.
(in case someone will ask https://github.com/cristalhq/.github/blob/main/.github/workflows/vuln.yml)
It seems like the only problem that needs to be solved is to have some CI code that checks if the Go patch version is available and, if not, skip the vulnerability checker or mark it was a know failure since it’s not possible to correctly test it.