Google Git
Sign in
go / vuln / refs/heads/master
commitff5c0046886fb6c339f4b0c00ce6bfb119f00006[log] [tgz]
authorEthan Lee <ethanalee@google.com>Tue Jan 13 19:46:58 2026 +0000
committerGopher Robot <gobot@golang.org>Tue Jan 13 13:25:18 2026 -0800
tree85020e15bb12eee7209a9b7329d60b65add0a782
parent6698294903005319aedf73447119a0fe4d74952d [diff]
internal/scan: improve error message for govulncheck

- Previously, an error was not returned if the govulncheck function was
  called without any patterns.
- Now if patterns are not included, then an explicit error is returned
  indicating to users that they should specify patterns or simply use
  `govulncheck ./...`.

Fixes golang/go#77167

Change-Id: I539246a6f18b50937068ce9c984d0d3e4973c534
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/736180
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Ethan Lee <ethanalee@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
3 files changed
tree: 85020e15bb12eee7209a9b7329d60b65add0a782
  1. cmd/
  2. doc/
  3. internal/
  4. scan/
  5. .gitignore
  6. all_test.go
  7. CONTRIBUTING.md
  8. go.mod
  9. go.sum
  10. LICENSE
  11. PATENTS
  12. README.md
README.md

Go Vulnerability Management

Go Reference

Go's support for vulnerability management includes tooling for analyzing your codebase and binaries to surface known vulnerabilities in your dependencies. This tooling is backed by the Go vulnerability database, which is curated by the Go security team. Go’s tooling reduces noise in your results by only surfacing vulnerabilities in functions that your code is actually calling.

You can install the latest version of govulncheck using go install

go install golang.org/x/vuln/cmd/govulncheck@latest

Then, run govulncheck inside your module:

govulncheck ./...

See the govulncheck tutorial to get started, and https://go.dev/security/vuln for more information about Go's support for vulnerability management. The API documentation can be found at https://pkg.go.dev/golang.org/x/vuln/scan.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.