Google Git
Sign in
go / vuln / 4d3e0cc221c0c5f3786513bab21b0cfefc0611bf
commit4d3e0cc221c0c5f3786513bab21b0cfefc0611bf[log] [tgz]
authorZvonimir Pavlinovic <zpavlinovic@google.com>Thu Mar 18 12:17:17 2021 -0700
committerFilippo Valsorda <valsorda@google.com>Tue Apr 13 16:18:34 2021 +0200
treeedeabbed474e609da9fd3879f10ca913b1af51ed
parent42b5a4503a5376834e93ca2d7f163a90d96cdf63 [diff]
reports: sets github.com/dgrijalva/jwt-go as incompatible.

github.com/dgrijalva/jwt-go is not module per se. Hence, its pkg
versions require +incompatible annotation. Also, corresponding pkgs do
not have /vX suffixes.

Change-Id: I434b1a6af7ecd22b161d344a2ffe115fa9b883e9
Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1027982
Reviewed-by: Roland Shoemaker <bracewell@google.com>
1 file changed
tree: edeabbed474e609da9fd3879f10ca913b1af51ed
  1. client/
  2. cmd/
  3. osv/
  4. report/
  5. reports/
  6. format.md
  7. go.mod
  8. go.sum
  9. new-vuln.sh
  10. README.md
  11. template
README.md

This repository contains a handful of prototypes for the Go vulnerability database, as well as a initial set of vulnerability reports. Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.

  • reports contains TOML security reports, the format is described in format.md
  • report provides a package for parsing and linting TOML reports
  • osv provides a package for generating OSV-style JSON vulnerability entries from a report.Report
  • client contains a client for accesing HTTP/fs based vulnerability databases, as well as a minimal caching implementation
  • cmd/gendb provides a tool for converting TOML reports into JSON database
  • cmd/genhtml provides a tool for converting TOML reports into a HTML website
  • cmd/linter provides a tool for linting individual reports
  • cmd/report2cve provides a tool for converting TOML reports into JSON CVEs