commit | 0aeb78bd3e1e219ff1dab725284f52676aeb277a | [log] [tgz] |
---|---|---|
author | Hana (Hyang-Ah) Kim <hyangah@gmail.com> | Fri Sep 30 17:03:59 2022 -0400 |
committer | Hyang-Ah Hana Kim <hyangah@gmail.com> | Sun Oct 02 13:39:02 2022 +0000 |
tree | d99cc200449448598680eef57dafec57dcfc2552 | |
parent | d16fc2264ea583fe2c4c3cc6888b95ec7d953a48 [diff] |
exp/govulncheck: add part of experimental govulncheck API Gopls wants to invoke the govulncheck command line tool to get high-level summary of vulnerability scanning. Then it will translate any findings to LSP messages. The govulncheck command line tool is under active development and there is no stable API built around it yet. While govulncheck is evolving, it can break the assumption a released version of gopls made any time. When users independently install gopls and govulncheck, it is hard to keep them compatible. There could be many different ways of solving this problem, but we think it is the easiest to embed the govulncheck logic in the gopls. This is basically equivalent to pin the version of govulncheck. We will evaluate different approaches (e.g. invoke govulncheck found from PATH and hope it works) as the govulncheck command line tool interface becomes stable. Main is a wrapper of govulncheck command's main. This never returns. Change-Id: I050cf114827bde3f3450e06909d1501f381804c3 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/435902 Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Julie Qiu <julie@golang.org>
This repository contains packages for accessing and analyzing data from the Go Vulnerability Database. It contains the following:
Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.
The privacy policy for govulncheck
can be found at https://vuln.go.dev/privacy.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.