projectdiscovery
diff --git a/‎.github/dependabot.yml
+24-21 b/‎.github/dependabot.yml
+24-21
diff --git a/‎.github/workflows/compability-check.yaml
+13-4 b/‎.github/workflows/compability-check.yaml
+13-4
diff --git a/‎.github/workflows/dockerhub-push.yml
+5-5 b/‎.github/workflows/dockerhub-push.yml
+5-5
diff --git a/‎.github/workflows/govulncheck.yaml
+26 b/‎.github/workflows/govulncheck.yaml
+26
diff --git a/‎.github/workflows/perf-test.yaml
+13-3 b/‎.github/workflows/perf-test.yaml
+13-3
diff --git a/‎.github/workflows/tests.yaml
+37-4 b/‎.github/workflows/tests.yaml
+37-4
diff --git a/‎Dockerfile
+1-1 b/‎Dockerfile
+1-1
diff --git a/‎LICENSE.md
+1-1 b/‎LICENSE.md
+1-1
diff --git a/‎Makefile
+2-2 b/‎Makefile
+2-2
@@ -1,12 +1,5 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
-
-  # Maintain dependencies for go modules
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
@@ -15,23 +8,33 @@ updates:
     commit-message:
       prefix: "chore"
       include: "scope"
-    labels:
-      - "Type: Maintenance"
     allow:
       - dependency-name: "github.com/projectdiscovery/*"
+    groups:
+      modules:
+        patterns: ["github.com/projectdiscovery/*"]
+      security:
+        applies-to: "security-updates"
+        patterns: ["*"]
+        exclude-patterns: ["github.com/projectdiscovery/*"]
+    labels:
+      - "Type: Maintenance"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "dev"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    groups:
+      workflows:
+        patterns: ["*"]
+        exclude-patterns: ["projectdiscovery/actions/*"]
+    labels:
+      - "Type: Maintenance"
 
-#  # Maintain dependencies for GitHub Actions
-#  - package-ecosystem: "github-actions"
-#    directory: "/"
-#    schedule:
-#      interval: "weekly"
-#    target-branch: "dev"
-#    commit-message:
-#      prefix: "chore"
-#      include: "scope"
-#    labels:
-#      - "Type: Maintenance"
-#
 #  # Maintain dependencies for docker
 #  - package-ecosystem: "docker"
 #    directory: "/"
 
@@ -9,11 +9,20 @@ on:
 jobs:
   check:
     if: github.actor == 'dependabot[bot]'
-    strategy:
-      matrix:
-        os: [ubuntu-latest, windows-latest, macOS-latest]
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
+      - uses: projectdiscovery/actions/setup/git@v1
       - uses: projectdiscovery/actions/setup/go@v1
       - run: go mod download && go mod verify && go vet ./...
+      - name: Checks go.mod Integrity
+        run: |
+          git diff --exit-code go.mod >/dev/null || {
+            echo "::warning::go.mod is out of sync. Pushing changes to the branch."
+            git add go.{mod,sum}
+            git commit -m "chore(deps): go mod tidy"
+            git push origin $GITHUB_REF
+          }
+      - uses: projectdiscovery/actions/goreleaser@v1
@@ -20,27 +20,27 @@ jobs:
           curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
-        uses: docker/login-action@v2 
+        uses: docker/login-action@v3 
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64
           push: true
           tags: projectdiscovery/nuclei:latest,projectdiscovery/nuclei:${{ steps.meta.outputs.TAG }}
 
       - name: Update DockerHub Description
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}
 
@@ -0,0 +1,26 @@
+name: 🐛 govulncheck
+
+on:
+  schedule:
+    - cron: '0 0 * * 0' # Weekly
+  workflow_dispatch:
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei'
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    env:
+      OUTPUT: "/tmp/results.sarif"
+    steps:
+      - uses: actions/checkout@v4
+      - uses: projectdiscovery/actions/setup/go@v1
+      - run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      - run: govulncheck -scan package -format sarif ./... > $OUTPUT
+      - uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "${{ env.OUTPUT }}"
+          category: "govulncheck"
@@ -10,16 +10,26 @@ jobs:
     strategy:
       matrix:
         count: [50, 100, 150]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-16-cores
     if: github.repository == 'projectdiscovery/nuclei'
     env:
       LIST_FILE: "/tmp/targets-${{ matrix.count }}.txt"
+      PROFILE_MEM: "/tmp/nuclei-perf-test-${{ matrix.count }}"
     steps:
       - uses: actions/checkout@v4
       - uses: projectdiscovery/actions/setup/go@v1
       - run: make verify
       - name: Generate list
         run: for i in {1..${{ matrix.count }}}; do echo "https://scanme.sh/?_=${i}" >> "${LIST_FILE}"; done
-      - run: go run -race . -l "${LIST_FILE}"
+      - run: NUCLEI_ARGS=host-error-stats go run . -l "${LIST_FILE}" -profile-mem="${PROFILE_MEM}"
         working-directory: cmd/nuclei/
-
+      - uses: projectdiscovery/actions/flamegraph@v1
+        id: flamegraph
+        with:
+          profile: "${{ env.PROFILE_MEM }}.prof"
+          name: "nuclei-perf-test-${{ matrix.count }}"
+        continue-on-error: true
+      - if: ${{ steps.flamegraph.outputs.message == '' }}
+        run: echo "::notice::${FLAMEGRAPH_URL}"
+        env:
+          FLAMEGRAPH_URL: ${{ steps.flamegraph.outputs.url }}
@@ -74,7 +74,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: projectdiscovery/actions/setup/go@v1
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.10'
       - run: bash run.sh "${{ matrix.os }}"
@@ -119,11 +119,11 @@ jobs:
       security-events: write
     steps:
       - uses: actions/checkout@v4
-      - uses: github/codeql-action/init@v2
+      - uses: github/codeql-action/init@v3
         with:
           languages: 'go'
-      - uses: github/codeql-action/autobuild@v2
-      - uses: github/codeql-action/analyze@v2
+      - uses: github/codeql-action/autobuild@v3
+      - uses: github/codeql-action/analyze@v3
 
   release:
     name: "Release test"
@@ -133,3 +133,36 @@ jobs:
       - uses: actions/checkout@v4
       - uses: projectdiscovery/actions/setup/go@v1
       - uses: projectdiscovery/actions/goreleaser@v1
+
+  flamegraph:
+    name: "Flamegraph"
+    needs: ["tests"]
+    env:
+      PROFILE_MEM: "/tmp/nuclei"
+      TARGET_URL: "http://scanme.sh/a/?b=c"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: make build
+      - name: "Setup environment (push)"
+        if: ${{ github.event_name == 'push' }}
+        run: |
+          echo "PROFILE_MEM=${PROFILE_MEM}-${GITHUB_REF_NAME}-${GITHUB_SHA}" >> $GITHUB_ENV
+          echo "FLAMEGRAPH_NAME=nuclei-${GITHUB_REF_NAME} (${GITHUB_SHA})" >> $GITHUB_ENV
+      - name: "Setup environment (pull_request)"
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          echo "PROFILE_MEM=${PROFILE_MEM}-pr-${{ github.event.number }}" >> $GITHUB_ENV
+          echo "FLAMEGRAPH_NAME=nuclei (PR #${{ github.event.number }})" >> $GITHUB_ENV
+      - run: ./bin/nuclei -silent -update-templates
+      - run: ./bin/nuclei -silent -u "${TARGET_URL}" -profile-mem="${PROFILE_MEM}"
+      - uses: projectdiscovery/actions/flamegraph@master
+        id: flamegraph
+        with:
+          profile: "${{ env.PROFILE_MEM }}.prof"
+          name: "${{ env.FLAMEGRAPH_NAME }}"
+        continue-on-error: true
+      - if: ${{ steps.flamegraph.outputs.message == '' }}
+        run: echo "::notice::${FLAMEGRAPH_URL}"
+        env:
+          FLAMEGRAPH_URL: ${{ steps.flamegraph.outputs.url }}
@@ -1,5 +1,5 @@
 # Build
-FROM golang:1.21-alpine AS build-env
+FROM golang:1.22-alpine AS build-env
 RUN apk add build-base
 WORKDIR /app
 COPY . /app
 
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 ProjectDiscovery, Inc.
+Copyright (c) 2025 ProjectDiscovery, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 
@@ -137,5 +137,5 @@ dsl-docs:
 template-validate: build
 template-validate:
 	./bin/nuclei -ut
-	./bin/nuclei -validate
-	./bin/nuclei -validate -w workflows
+	./bin/nuclei -validate -et http/technologies
+	./bin/nuclei -validate -w workflows -et http/technologies