commit | 3d1b62a5367405fcde41ba30fd114b0964d51ac7 | [log] [tgz] |
---|---|---|
author | Tatiana Bradley <tatianabradley@google.com> | Tue Dec 05 14:33:41 2023 -0500 |
committer | Tatiana Bradley <tatianabradley@google.com> | Wed Dec 06 18:54:04 2023 +0000 |
tree | 7d0a64baba9dd1f9453e5e4cd720712db4ff3070 | |
parent | 3a13be048fa65244163b458d1ac980812da45968 [diff] |
cmd/vulnreport,internal/cveclient: use cve v5 in vulnreport The vulnreport command now fetches CVE records in JSON 5.0 format instead of the legacy 4.0 format. This change also adds a new function, Fetch, which makes an unauthenticated HTTP request to the CVE5 database to grab a CVE record. This function is used in vulnreport instead of the much-slower cvelistrepo.FetchCVE (which clones the whole cvelistrepo). Change-Id: Ic255e98d7c1a52301810dc53712fc2ab4a648e70 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/547560 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.
Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.
Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.
The privacy policy for govulncheck
can be found at https://vuln.go.dev/privacy.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.