commit | 8621c06babd739e8bbc86efe793e38daabd20baa | [log] [tgz] |
---|---|---|
author | Jonathan Amsterdam <jba@google.com> | Tue Mar 15 16:21:31 2022 -0400 |
committer | Jonathan Amsterdam <jba@google.com> | Wed Mar 16 22:37:40 2022 +0000 |
tree | ddb46391f99c3b9748b57af084849c3ea4a516d7 | |
parent | 1f59111d4218ed75a30eb135611d7d58900e6e00 [diff] |
internal/worker: scan modules for vulnerabilities This is the first CL for a new task for the vuln worker: to scan a selected set of modules for vulnerabilities. Establish a new server endpoint, /scan-modules, to do that. Currently visiting that endpoint scans the list of modules unconditionally. A future CL will skip the scan if the vuln DB hasn't changed. Hardcode a list of modules in the golang.org/x namespace. Fetch each one from the proxy, and run vulncheck on it. At present we just log any vulnerabilities we find. Later we'll file issues to a GitHub repo. Lastly, change the base image for the service to one that has the go toolchain, since go/packages requires it. Change-Id: I1de571d24d683b080542c5c40b55767967dbe8a5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/393174 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
This repository contains the reports for the Go Vulnerability Database.
If you are interested accessing data from the Go Vulnerability Database, see x/vuln for information. This repository is only used for adding new vulnerabilities.
We are not accepting new vulnerability reports at this time. We will update this README.md once we are ready to receive reports.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries are distributed under the terms of the CC-BY 4.0 license. See x/vuln for information on how to access these entries.