internal/osvutils: don't require references in OSV

Individual lint checks cover the cases in which certain references
are required, so the check for having references is not needed.

(For example, standard library reports have certain requirements,
and reports with no description must list an advisory).

In some limited cases, such as when a report is the first
public reference to a vulnerability, it can be appropriate to
have no references at all.

Change-Id: Ide58fd1422c06eb44b83ae6c3f74b49e3fdf5b48
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/602136
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
2 files changed
tree: 66d97aca4f5fe0b566bd6ae0209d6089052fc8c1
  1. .github/
  2. cmd/
  3. data/
  4. deploy/
  5. devtools/
  6. doc/
  7. internal/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. checks.bash
  13. CONTRIBUTING.md
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.