From ecbe0bdaf6e0381c38b1c68db5b3b7b509ef9fe7 Mon Sep 17 00:00:00 2001
From: Matheus Macabu <macabu.matheus@gmail.com>
Date: Mon, 11 Aug 2025 15:29:46 +0200
Subject: [PATCH] Build: Add -buildvcs=false flag to go build

---
 pkg/build/cmd.go                       | 4 ++++
 pkg/build/daggerbuild/backend/build.go | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/pkg/build/cmd.go b/pkg/build/cmd.go
index 226bd15245f..1bad7828946 100644
--- a/pkg/build/cmd.go
+++ b/pkg/build/cmd.go
@@ -203,6 +203,10 @@ func doBuild(binaryName, pkg string, opts BuildOpts) error {
 		args = append(args, "-race")
 	}
 
+	// We should not publish Grafana as a Go module, disabling vcs changes the version to (devel)
+	// and works better with SBOM and Vulnerability Scanners.
+	args = append(args, "-buildvcs=false")
+
 	args = append(args, "-o", binary)
 	args = append(args, pkg)
 
diff --git a/pkg/build/daggerbuild/backend/build.go b/pkg/build/daggerbuild/backend/build.go
index 4b0f69d9fa5..a80862770ab 100644
--- a/pkg/build/daggerbuild/backend/build.go
+++ b/pkg/build/daggerbuild/backend/build.go
@@ -34,6 +34,9 @@ func GoLDFlags(flags []LDFlag) string {
 // GoBuildCommand returns the arguments for go build to be used in 'WithExec'.
 func GoBuildCommand(output string, ldflags []LDFlag, tags []string, main string) []string {
 	args := []string{"go", "build",
+		// We should not publish Grafana as a Go module, disabling vcs changes the version to (devel)
+		// and works better with SBOM and Vulnerability Scanners.
+		"-buildvcs=false",
 		fmt.Sprintf("-ldflags=\"%s\"", GoLDFlags(ldflags)),
 		fmt.Sprintf("-o=%s", output),
 		"-trimpath",