vulncheck: add link to vulncheck overview on golang.org
Change-Id: I93c8b838a5d0839e4a22e1d1a9e5d540f4763bdb
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/408254
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/vulncheck/doc.go b/vulncheck/doc.go
index dba7374..95be8b6 100644
--- a/vulncheck/doc.go
+++ b/vulncheck/doc.go
@@ -2,55 +2,57 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package vulncheck detects uses of known vulnerabilities
-// in Go programs. The two main APIs of vulncheck, Source
-// and Binary, allow vulnerability detection in Go source
-// code and binaries, respectively.
-//
-// vulncheck identifies vulnerability uses in Go programs
-// at the level of call graph, package import graph, and module
-// requires graph. For instance, vulncheck identifies which
-// vulnerable functions and methods are transitively called
-// from the program entry points. vulncheck also detects
-// transitively imported packages and required modules that
-// contain known vulnerable functions and methods.
-//
-// TODO(zpavlinovic): add a link to a more detailed overview of vulncheck
-//
-// Inputs
-//
-// Source accepts a list of vulncheck.Package objects, which
-// are a trimmed version of packages.Package objects to reduce
-// memory consumption. Binary accepts a path to a Go binary file
-// that must have been compiled with Go 1.18 or greater. Otherwise,
-// the list of modules used by the binary is unavailable and
-// vulncheck hence might miss vulnerabilities present in the binary.
-//
-// Both Source and Binary require information about known
-// vulnerabilities in the form of a vulnerability database
-// https://golang.org/x/vuln/client#Client. The vulnerabilities
-// are modeled using the shared https://golang.org/x/vuln/osv format.
-//
-// Results
-//
-// The result of vulncheck are slices of the call graph, package
-// imports graph, and module requires graph leading to the use
-// of an identified vulnerability. Parts of these graphs not
-// related to any vulnerabilities are omitted.
-//
-// Vulnerability Witnesses
-//
-// CallStacks and ImportChains APIs search the returned slices
-// for user-friendly representative call stacks and import chains.
-// Clients of vulncheck can use these stacks and chains as a
-// witness of a vulnerability use during, for instance, security
-// review.
-//
-// Limitations
-//
-// Note that since statically constructing an exact call graph of
-// a program is impossible, the produced call graph information
-// is over-approximate: the results might contain call stacks not
-// realizable in practice. On the other hand, vulncheck might
-// miss some call graph edges in the presence of unsafe and reflect.
+/*
+Package vulncheck detects uses of known vulnerabilities
+in Go programs. The two main APIs of vulncheck, Source
+and Binary, allow vulnerability detection in Go source
+code and binaries, respectively.
+
+vulncheck identifies vulnerability uses in Go programs
+at the level of call graph, package import graph, and module
+requires graph. For instance, vulncheck identifies which
+vulnerable functions and methods are transitively called
+from the program entry points. vulncheck also detects
+transitively imported packages and required modules that
+contain known vulnerable functions and methods.
+
+A broader overview of vulncheck can be found at https://go.dev/security/vulncheck.
+
+Inputs
+
+Source accepts a list of vulncheck.Package objects, which
+are a trimmed version of packages.Package objects to reduce
+memory consumption. Binary accepts a path to a Go binary file
+that must have been compiled with Go 1.18 or greater. Otherwise,
+the list of modules used by the binary is unavailable and
+vulncheck hence might miss vulnerabilities present in the binary.
+
+Both Source and Binary require information about known
+vulnerabilities in the form of a vulnerability database
+https://golang.org/x/vuln/client#Client. The vulnerabilities
+are modeled using the shared https://golang.org/x/vuln/osv format.
+
+Results
+
+The result of vulncheck are slices of the call graph, package
+imports graph, and module requires graph leading to the use
+of an identified vulnerability. Parts of these graphs not
+related to any vulnerabilities are omitted.
+
+Vulnerability Witnesses
+
+CallStacks and ImportChains APIs search the returned slices
+for user-friendly representative call stacks and import chains.
+Clients of vulncheck can use these stacks and chains as a
+witness of a vulnerability use during, for instance, security
+review.
+
+Limitations
+
+Note that since statically constructing an exact call graph of
+a program is impossible, the produced call graph information
+is over-approximate: the results might contain call stacks not
+realizable in practice. On the other hand, vulncheck might
+miss some call graph edges in the presence of unsafe and reflect.
+*/
package vulncheck
