This skill provides a step-by-step, reproducible workflow to find and remediate CVEs in Go-based Submariner repositories. It detects repository configuration, scans dependencies (using grype/container or local grype), locates vulnerable packages, updates go.mod or package versions, verifies fixes with a rescan, runs unit tests, and prepares a single PR with well-structured commit messages. It includes guidance for stdlib CVEs (updating the go directive) and for handling replace directives and build-image mismatches.
Use this skill when preparing a release branch or when CI/scan tools report vulnerabilities. Ideal for automated maintenance runs across multiple repositories/branches or for engineering teams needing a consistent, low-risk approach to dependency security fixes. It also supports multi-repo invocations and is tolerant of short branch-name formats (e.g. 0.23).
Best used by agents with Bash and repo access (agents that can run container commands, read files, and invoke git). The workflow assumes tooling like Docker/Podman, grype, and GitHub CLI for final PR steps.
This skill has not been reviewed by our automated audit pipeline yet.
