reports: add back additional_packages for go-yaml with no verions

Blergh, all incompatible version of github.com/go-yaml/yaml are vulnerable,
so add it back with an empty versions list.

Change-Id: I881192ea57e4be02fb534d7a1f2951a004c7e648
Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055920
Reviewed-by: Roland Shoemaker <bracewell@google.com>
2 files changed
tree: cfcd5a47a01fdda3e2a5d7a19978e40e7969fb10
  1. client/
  2. cmd/
  3. osv/
  4. report/
  5. reports/
  6. AUTHORS
  7. CONTRIBUTING.md
  8. CONTRIBUTORS
  9. format.md
  10. go.mod
  11. go.sum
  12. LICENSE
  13. new-vuln.sh
  14. PATENTS
  15. README.md
  16. template
  17. triaged-cve-list
README.md

The Go Vulnerability Database golang.org/x/vulndb

This repository is a prototype of the Go Vulnerability Database. Read the Draft Design.

Neither the code, nor the data, nor the existence of this repository is to be considered stable until an approved proposal.

Important: vulnerability entries in this repository are represented in an internal, unstable format that can and will change without notice. The database will also be available in an interoperable, stable JSON format soon.

Packages

Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.

  • report provides a package for parsing and linting TOML reports
  • osv provides a package for generating OSV-style JSON vulnerability entries from a report.Report
  • client contains a client for accessing HTTP/fs based vulnerability databases, as well as a minimal caching implementation
  • cmd/gendb provides a tool for converting TOML reports into JSON database
  • cmd/genhtml provides a tool for converting TOML reports into a HTML website
  • cmd/linter provides a tool for linting individual reports
  • cmd/report2cve provides a tool for converting TOML reports into JSON CVEs

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

The database contents in reports/ are distributed under the terms of the CC-BY 4.0 license.