internal/worker: add modules mode to govulncheck pipeline

This is accomplished by using the newest version of govulncheck. The
tool now produces streaming JSON where it emits findings at every level
of precision (module, package, symbol) as it does work.

We thus collect all findings produced by govulncheck and convert them to
Vuln structure right before we save it rows. This simplifies matters. The
ecosystem metrics handler for govulncheck JSON is now trivial. The code
operates on govulncheck.Findings and lets vulnsForMode do the conversion
to Vuln in a single (last) step. Vuln also does not need Called field.

Change-Id: I73651a91b2707d9afd1e667ea4cedb371e763c73
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/562695
Reviewed-by: Maceo Thompson <maceothompson@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
9 files changed
tree: f1f629e2c8a00a10edb44d02590b03d08fbd4c65
  1. cmd/
  2. deploy/
  3. devtools/
  4. internal/
  5. terraform/
  6. .dockerignore
  7. .gitignore
  8. all_test.go
  9. checks.bash
  10. config.json.commented
  11. CONTRIBUTING.md
  12. go.mod
  13. go.sum
  14. LICENSE
  15. Makefile
  16. PATENTS
  17. README.md
  18. tools.go
README.md

pkgsite-metrics

This repository contains code that serves pkg.go.dev/metrics.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the time repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/pkgsite-metrics:” in the subject line, so it is easy to find.