commit	571ff30a41d13c7bd7bc17cb21600ff0f003e468	[log] [tgz]
author	Zvonimir Pavlinovic <zpavlinovic@google.com>	Tue Jun 07 14:10:48 2022 -0700
committer	Zvonimir Pavlinovic <zpavlinovic@google.com>	Wed Jun 08 21:12:15 2022 +0000
tree	8fd5a836daf95c5161766fe70d59b36771026cb4
parent	b5c0ef50b98894e819e250417cdf3b6c535e130a [diff]

vulncheck: remove additional meaningless string sorting for stacks

String ordering on stacks was employed for deterministic output which
cannot happen anyhow since the initial slice of stacks is not
determinstic. The string comparison is expensive, especially for large
vulnerability graphs.

This shaves off approx. 15-20 seconds for k8s and vault projects.

Change-Id: I3c4502b948eb32ebf2c4705097c70e3928bbf3de
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/410897
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>

vulncheck/witness.go[diff]

1 file changed

tree: 8fd5a836daf95c5161766fe70d59b36771026cb4

README.md

Go Vulnerability Management

This repository contains the following:

Package client: a client for interacting with the Go vulnerability database
Package vulncheck: an API for detecting vulnerabilities in Go packages
Command govulncheck: a CLI for detecting vulnerabilities in Go packages

The code in this repository is under active development and not to be considered stable.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.