| commit | 0c24a58b384b7439cdcbf7f84c9635672ab89c89 | [log] [tgz] |
|---|---|---|
| author | Maceo Thompson <maceothompson@google.com> | Tue Feb 06 14:20:01 2024 -0500 |
| committer | Maceo Thompson <maceothompson@google.com> | Mon Feb 12 19:14:08 2024 +0000 |
| tree | ec3e1b0b07562e60f5dd6f89773c1bc57279e664 | |
| parent | 225ca85d5ff4cf5eb09beeeb49a69b9f8267445f [diff] |
cmd/vulnreport: add -update flag to vulnreport symbols Adds an -update flag to the vulnreport symbols command. Previously, vulnreport would automatically add all fix links that resulted in vulnerable symbols for a given module to that module's FixLinks field. Now, if the FixLinks field is populated it is considered the source of truth, and vulnreport symbols will use only the links in that field. If FixLinks is empty, vulnreport will derive fix links from the report's References field and use those to find vulnerable symbols. Change-Id: Ibab159987b60d445707083885a56ce6dc0e45302 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/562236 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.
Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.
Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.
The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.