commit | ffcab83d2472b44d4ac95eb02c9662c83d6948e6 | [log] [tgz] |
---|---|---|
author | Zvonimir Pavlinovic <zpavlinovic@google.com> | Thu Feb 08 16:07:23 2024 +0000 |
committer | Zvonimir Pavlinovic <zpavlinovic@google.com> | Wed Feb 14 19:47:55 2024 +0000 |
tree | f1f629e2c8a00a10edb44d02590b03d08fbd4c65 | |
parent | 48fbea7e568da79d7794ff2313a786b4adbca48f [diff] |
internal/worker: add modules mode to govulncheck pipeline This is accomplished by using the newest version of govulncheck. The tool now produces streaming JSON where it emits findings at every level of precision (module, package, symbol) as it does work. We thus collect all findings produced by govulncheck and convert them to Vuln structure right before we save it rows. This simplifies matters. The ecosystem metrics handler for govulncheck JSON is now trivial. The code operates on govulncheck.Findings and lets vulnsForMode do the conversion to Vuln in a single (last) step. Vuln also does not need Called field. Change-Id: I73651a91b2707d9afd1e667ea4cedb371e763c73 Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/562695 Reviewed-by: Maceo Thompson <maceothompson@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
This repository contains code that serves pkg.go.dev/metrics.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.
The main issue tracker for the time repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/pkgsite-metrics:” in the subject line, so it is easy to find.