commit	5dfa2879d5f7d93fa23a6c0f6d7261fd2b800e68	[log] [tgz]
author	Jonathan Amsterdam <jba@google.com>	Tue Apr 12 11:35:53 2022 -0400
committer	Jonathan Amsterdam <jba@google.com>	Wed Apr 13 17:56:39 2022 +0000
tree	f56886e24f9a52359fbc3013a3439b4f2a0c132d
parent	aa4967e02e3e66c0404a0e4acca84fe684e66775 [diff]

vulncheck: return the module list

As a convenience, have vulncheck return the list of modules it found
in the binary or source.

When vulcheck is run on source, this information duplicates information
in the requires graph, although in a simpler form.

When it is run on a binary, the requires graph is nil, so this
information is new.

The list of modules and their versions can be found in other ways in
both cases, but it would require duplicating work that vulncheck
already does.

This list will be used by the govulncheck command to display the
versions currently in use.

Change-Id: I35fe10a456ca7d5265340314a2aba402e648af10
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/399934
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>

6 files changed

tree: f56886e24f9a52359fbc3013a3439b4f2a0c132d

README.md

Go Vulnerability Management

This repository contains the following:

Package client: a client for interacting with the Go vulnerability database
Package vulncheck: an API for detecting vulnerabilities in Go packages
Command govulncheck: a CLI for detecting vulnerabilities in Go packages

The code in this repository is under active development and not to be considered stable.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.