x/vuln contains the database client and tools for the Go vulnerability database

Clone this repo:

Branches

  1. 14f9a01 vulncheck: improve loading error handling in tests by Zvonimir Pavlinovic · 35 hours ago master
  2. 7a5ec79 vulncheck: make call stack search faster while preserving determinism by Zvonimir Pavlinovic · 3 weeks ago
  3. 4eb5ba4 cmd/govulncheck: address staticheck warnings by Zvonimir Pavlinovic · 3 weeks ago
  4. 6e36fb3 cmd/govulncheck: add new line between non-reachable vulnerabilities by Zvonimir Pavlinovic · 3 weeks ago
  5. c3a8524 vulncheck: include call graph edges that could be missed due to recursion by Zvonimir Pavlinovic · 4 weeks ago

Go Vulnerability Management

Go Reference

This repository contains the following:

  • Package client: a client for interacting with the Go vulnerability database
  • Package vulncheck: an API for detecting vulnerabilities in Go packages
  • Command govulncheck: a CLI for detecting vulnerabilities in Go packages

The code in this repository is under active development and not to be considered stable.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.