commit | 2992f259b81505bc4075411a0e423d3936f2deca | [log] [tgz] |
---|---|---|
author | Roland Shoemaker <roland@golang.org> | Mon Mar 22 18:34:02 2021 -0700 |
committer | Filippo Valsorda <valsorda@google.com> | Tue Apr 13 16:18:34 2021 +0200 |
tree | afc402849a4b523652473f4762e5836b482f6754 | |
parent | 4d3e0cc221c0c5f3786513bab21b0cfefc0611bf [diff] |
all: use the proxy for report linting Check the proxy to determine valid versions and canonical module import paths. This should provent rogue database entries that do not cleanly apply to real go.mod files. Change-Id: Iea1b531fe5bed7a0825102c6ac877a515f24c0f5 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1032616 Reviewed-by: Roland Shoemaker <bracewell@google.com>
This repository contains a handful of prototypes for the Go vulnerability database, as well as a initial set of vulnerability reports. Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.
reports
contains TOML security reports, the format is described in format.md
report
provides a package for parsing and linting TOML reportsosv
provides a package for generating OSV-style JSON vulnerability entries from a report.Report
client
contains a client for accesing HTTP/fs based vulnerability databases, as well as a minimal caching implementationcmd/gendb
provides a tool for converting TOML reports into JSON databasecmd/genhtml
provides a tool for converting TOML reports into a HTML websitecmd/linter
provides a tool for linting individual reportscmd/report2cve
provides a tool for converting TOML reports into JSON CVEs