x/vulndb: add link to importers of a package in new automated issues The worker now includes a link in the automated issue description to pkg.go.dev/?tab=importedby for the affected module, as a starting point in detecting false positive vulnerability reports. For golang/go#51944 Change-Id: I3caaaba69c07e7a3e24977cf5ea5e92559ce8628 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/402394 Reviewed-by: Julie Qiu <julieqiu@google.com>

commit: 421e78b1885ec4a2ffd279d1ababc302a6b17a63 [log] [tgz]
author: Tatiana Bradley <tatiana@golang.org> Tue Apr 26 14:30:06 2022 -0400
committer: Tatiana Bradley <tatiana@golang.org> Tue Apr 26 19:05:50 2022 +0000
tree: 9c16756aaba5cd4ff92b02082b31fc914135d981
parent: f4619b1028c9b9f4fe6ee86f0c040484c459d36a [diff]
diff --git a/internal/worker/worker.go b/internal/worker/worker.go
index a2e9b7b..d4768dd 100644
--- a/internal/worker/worker.go
+++ b/internal/worker/worker.go

@@ -301,6 +301,7 @@
 	if r.Links.PR != "" {
 		fmt.Fprintf(&intro, "\n- PR: %s", r.Links.PR)
 	}
+	fmt.Fprintf(&intro, "\n- Imported by: https://pkg.go.dev/%s?tab=importedby", cr.Module)
 	for _, l := range r.Links.Context {
 		fmt.Fprintf(&intro, "\n- %s", l)
 	}

diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go
index 13531a7..a036f9d 100644
--- a/internal/worker/worker_test.go
+++ b/internal/worker/worker_test.go

@@ -227,6 +227,7 @@
 Links:
 - NIST: https://nvd.nist.gov/vuln/detail/ID1
 - JSON: https://github.com/CVEProject/cvelist/tree//
+- Imported by: https://pkg.go.dev/a.Module?tab=importedby
 
 See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.
commit	421e78b1885ec4a2ffd279d1ababc302a6b17a63	[log] [tgz]
author	Tatiana Bradley <tatiana@golang.org>	Tue Apr 26 14:30:06 2022 -0400
committer	Tatiana Bradley <tatiana@golang.org>	Tue Apr 26 19:05:50 2022 +0000
tree	9c16756aaba5cd4ff92b02082b31fc914135d981
parent	f4619b1028c9b9f4fe6ee86f0c040484c459d36a [diff]