commit | 4d3e0cc221c0c5f3786513bab21b0cfefc0611bf | [log] [tgz] |
---|---|---|
author | Zvonimir Pavlinovic <zpavlinovic@google.com> | Thu Mar 18 12:17:17 2021 -0700 |
committer | Filippo Valsorda <valsorda@google.com> | Tue Apr 13 16:18:34 2021 +0200 |
tree | edeabbed474e609da9fd3879f10ca913b1af51ed | |
parent | 42b5a4503a5376834e93ca2d7f163a90d96cdf63 [diff] |
reports: sets github.com/dgrijalva/jwt-go as incompatible. github.com/dgrijalva/jwt-go is not module per se. Hence, its pkg versions require +incompatible annotation. Also, corresponding pkgs do not have /vX suffixes. Change-Id: I434b1a6af7ecd22b161d344a2ffe115fa9b883e9 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1027982 Reviewed-by: Roland Shoemaker <bracewell@google.com>
This repository contains a handful of prototypes for the Go vulnerability database, as well as a initial set of vulnerability reports. Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.
reports
contains TOML security reports, the format is described in format.md
report
provides a package for parsing and linting TOML reportsosv
provides a package for generating OSV-style JSON vulnerability entries from a report.Report
client
contains a client for accesing HTTP/fs based vulnerability databases, as well as a minimal caching implementationcmd/gendb
provides a tool for converting TOML reports into JSON databasecmd/genhtml
provides a tool for converting TOML reports into a HTML websitecmd/linter
provides a tool for linting individual reportscmd/report2cve
provides a tool for converting TOML reports into JSON CVEs