From 16def1ab73f1efd6d05c3836f6784045857ef2bf Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Fri, 1 May 2026 11:22:57 -0400
Subject: [PATCH] added makefile command for vulnerability checks (backport
 #577) (#580)

Co-authored-by: Zack Brady <zackbrady123@gmail.com>
---
 .gitignore | 1 +
 Makefile   | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 2167ce3..54e4319 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,4 @@ fileserver/
 cmd/hauler/binaries
 testdata/certs/
 coverage.out
+vulncheck.out
diff --git a/Makefile b/Makefile
index be54563..677b0e6 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,7 @@ SHELL=/bin/bash
 # set go variables
 GO_FILES=./...
 GO_COVERPROFILE=coverage.out
+GO_VULNCHECKS=vulncheck.out
 
 # set build variables
 BIN_DIRECTORY=bin
@@ -44,6 +45,10 @@ vet:
 test:
 	go test $(GO_FILES) -cover -race -covermode=atomic -coverprofile=$(GO_COVERPROFILE)
 
+# check for vulnerabilities
+vulns:
+	govulncheck $(GO_FILES) > $(GO_VULNCHECKS) 2>&1 || true
+
 # cleanup artifacts
 clean:
-	rm -rf $(BIN_DIRECTORY) $(DIST_DIRECTORY) $(GO_COVERPROFILE)
+	rm -rf $(BIN_DIRECTORY) $(DIST_DIRECTORY) $(GO_COVERPROFILE) $(GO_VULNCHECKS)