commit | 91bf12f5f8a408610d7769bc6196709b110cc15f | [log] [tgz] |
---|---|---|
author | Roland Shoemaker <roland@golang.org> | Tue Apr 13 10:50:27 2021 -0700 |
committer | Roland Shoemaker <bracewell@google.com> | Tue Apr 13 18:22:00 2021 +0000 |
tree | 9be30dc5bc240d79eb9a2b0285351ddd505eb0c5 | |
parent | 0cb7a210b0c522c6cbf57750b44e8579482962c1 [diff] |
reports: add a handful of CVEs Results of testing new CVE triaging tooling. Also adds a file which tracks which CVEs have been triaged. Still need to add all of the false positives, but would like to fine tune the triage tooling first to hopefully cut down the number of them. Change-Id: I7591b10f5abc5e73b6a3291beeaedca0032ad02f Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1053804 Reviewed-by: Roland Shoemaker <bracewell@google.com>
This repository contains a handful of prototypes for the Go vulnerability database, as well as a initial set of vulnerability reports. Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.
reports
contains TOML security reports, the format is described in format.md
report
provides a package for parsing and linting TOML reportsosv
provides a package for generating OSV-style JSON vulnerability entries from a report.Report
client
contains a client for accesing HTTP/fs based vulnerability databases, as well as a minimal caching implementationcmd/gendb
provides a tool for converting TOML reports into JSON databasecmd/genhtml
provides a tool for converting TOML reports into a HTML websitecmd/linter
provides a tool for linting individual reportscmd/report2cve
provides a tool for converting TOML reports into JSON CVEs