Google Git
Sign in
go / vulndb / 29b7148a1c042a3b13dcfa28eb3e5270b22eb3b0
commit29b7148a1c042a3b13dcfa28eb3e5270b22eb3b0[log] [tgz]
authorRoland Shoemaker <roland@golang.org>Wed Apr 14 11:56:02 2021 -0700
committerRoland Shoemaker <bracewell@google.com>Wed Apr 14 18:57:23 2021 +0000
treecfcd5a47a01fdda3e2a5d7a19978e40e7969fb10
parent8b1e4d6fb84391dead513f8cbbe783fdc10cac57 [diff]
reports: add back additional_packages for go-yaml with no verions

Blergh, all incompatible version of github.com/go-yaml/yaml are vulnerable,
so add it back with an empty versions list.

Change-Id: I881192ea57e4be02fb534d7a1f2951a004c7e648
Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055920
Reviewed-by: Roland Shoemaker <bracewell@google.com>
2 files changed
tree: cfcd5a47a01fdda3e2a5d7a19978e40e7969fb10
  1. client/
  2. cmd/
  3. osv/
  4. report/
  5. reports/
  6. AUTHORS
  7. CONTRIBUTING.md
  8. CONTRIBUTORS
  9. format.md
  10. go.mod
  11. go.sum
  12. LICENSE
  13. new-vuln.sh
  14. PATENTS
  15. README.md
  16. template
  17. triaged-cve-list
README.md

The Go Vulnerability Database golang.org/x/vulndb

This repository is a prototype of the Go Vulnerability Database. Read the Draft Design.

Neither the code, nor the data, nor the existence of this repository is to be considered stable until an approved proposal.

Important: vulnerability entries in this repository are represented in an internal, unstable format that can and will change without notice. The database will also be available in an interoperable, stable JSON format soon.

Packages

Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.

  • report provides a package for parsing and linting TOML reports
  • osv provides a package for generating OSV-style JSON vulnerability entries from a report.Report
  • client contains a client for accessing HTTP/fs based vulnerability databases, as well as a minimal caching implementation
  • cmd/gendb provides a tool for converting TOML reports into JSON database
  • cmd/genhtml provides a tool for converting TOML reports into a HTML website
  • cmd/linter provides a tool for linting individual reports
  • cmd/report2cve provides a tool for converting TOML reports into JSON CVEs

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

The database contents in reports/ are distributed under the terms of the CC-BY 4.0 license.