Google Git
Sign in
go / pkgsite-metrics / ffcab83d2472b44d4ac95eb02c9662c83d6948e6
commitffcab83d2472b44d4ac95eb02c9662c83d6948e6[log] [tgz]
authorZvonimir Pavlinovic <zpavlinovic@google.com>Thu Feb 08 16:07:23 2024 +0000
committerZvonimir Pavlinovic <zpavlinovic@google.com>Wed Feb 14 19:47:55 2024 +0000
treef1f629e2c8a00a10edb44d02590b03d08fbd4c65
parent48fbea7e568da79d7794ff2313a786b4adbca48f [diff]
internal/worker: add modules mode to govulncheck pipeline

This is accomplished by using the newest version of govulncheck. The
tool now produces streaming JSON where it emits findings at every level
of precision (module, package, symbol) as it does work.

We thus collect all findings produced by govulncheck and convert them to
Vuln structure right before we save it rows. This simplifies matters. The
ecosystem metrics handler for govulncheck JSON is now trivial. The code
operates on govulncheck.Findings and lets vulnsForMode do the conversion
to Vuln in a single (last) step. Vuln also does not need Called field.

Change-Id: I73651a91b2707d9afd1e667ea4cedb371e763c73
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/562695
Reviewed-by: Maceo Thompson <maceothompson@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
9 files changed
tree: f1f629e2c8a00a10edb44d02590b03d08fbd4c65
  1. cmd/
  2. deploy/
  3. devtools/
  4. internal/
  5. terraform/
  6. .dockerignore
  7. .gitignore
  8. all_test.go
  9. checks.bash
  10. config.json.commented
  11. CONTRIBUTING.md
  12. go.mod
  13. go.sum
  14. LICENSE
  15. Makefile
  16. PATENTS
  17. README.md
  18. tools.go
README.md

pkgsite-metrics

This repository contains code that serves pkg.go.dev/metrics.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the time repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/pkgsite-metrics:” in the subject line, so it is easy to find.