Google Git
Sign in
go / vuln / e6fc6a57b514cd4675c390e837abbc3b7386edf6
commite6fc6a57b514cd4675c390e837abbc3b7386edf6[log] [tgz]
authorJonathan Amsterdam <jba@google.com>Tue May 17 07:46:02 2022 -0400
committerJonathan Amsterdam <jba@google.com>Mon May 23 18:07:29 2022 +0000
tree22a4d1f6900160ece58e93c36eae742b9b8d647c
parentf79b16e3b7a1c577c28af6d586f4f90228171d85 [diff]
cmd/govulncheck: add verbose mode

First attempt at verbose output for govulncheck, selected by
the -v flag.

The output is the same as default mode, except that instead of
summarized call stacks, we show full call stacks. Limit to
one per vulnerable symbol.

This required increasing the scope of the file path filter
in TestCommand, to include all output.

Change-Id: Ia5fc8db4906fc472a6ccf4ac87d440815f21ee26
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/406577
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Julie Qiu <julie@golang.org>
3 files changed
tree: 22a4d1f6900160ece58e93c36eae742b9b8d647c
  1. client/
  2. cmd/
  3. devtools/
  4. doc/
  5. internal/
  6. osv/
  7. vulncheck/
  8. .gitignore
  9. all_test.go
  10. AUTHORS
  11. checks.bash
  12. CONTRIBUTING.md
  13. CONTRIBUTORS
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

Go Vulnerability Management

Go Reference

This repository contains the following:

  • Package client: a client for interacting with the Go vulnerability database
  • Package vulncheck: an API for detecting vulnerabilities in Go packages
  • Command govulncheck: a CLI for detecting vulnerabilities in Go packages

The code in this repository is under active development and not to be considered stable.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.