Google Git
Sign in
go / vulndb / 988b93d5f1bef0155d0d69f5b7cdb2dbd723fb5b
commit988b93d5f1bef0155d0d69f5b7cdb2dbd723fb5b[log] [tgz]
authorFilippo Valsorda <valsorda@google.com>Tue Apr 13 22:28:30 2021 +0200
committerFilippo Valsorda <valsorda@google.com>Tue Apr 13 20:32:20 2021 +0000
tree25731c554816e5446d9e9ee89dbcead5571728e1
parent91bf12f5f8a408610d7769bc6196709b110cc15f [diff]
all: add licensing boilerplate and update README

Change-Id: I79bcdc1d868fccbb778ccdef23a4ad7389cf5bfe
Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1054183
Reviewed-by: Filippo Valsorda <valsorda@google.com>
5 files changed
tree: 25731c554816e5446d9e9ee89dbcead5571728e1
  1. client/
  2. cmd/
  3. osv/
  4. report/
  5. reports/
  6. AUTHORS
  7. CONTRIBUTORS
  8. format.md
  9. go.mod
  10. go.sum
  11. LICENSE
  12. new-vuln.sh
  13. PATENTS
  14. README.md
  15. template
  16. triaged-cve-list
README.md

The Go Vulnerability Database golang.org/x/vulndb

This repository is a prototype of the Go Vulnerability Database. Read the Draft Design.

Neither the code, nor the data, nor the existence of this repository is to be considered stable until an approved proposal.

Important: vulnerability entries in this repository are represented in an internal, unstable format that can and will change without notice. The database will also be available in an interoperable, stable JSON format soon.

Packages

Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.

  • report provides a package for parsing and linting TOML reports
  • osv provides a package for generating OSV-style JSON vulnerability entries from a report.Report
  • client contains a client for accessing HTTP/fs based vulnerability databases, as well as a minimal caching implementation
  • cmd/gendb provides a tool for converting TOML reports into JSON database
  • cmd/genhtml provides a tool for converting TOML reports into a HTML website
  • cmd/linter provides a tool for linting individual reports
  • cmd/report2cve provides a tool for converting TOML reports into JSON CVEs

Contributing

To report a new public vulnerability, open an issue or send a PR. Please read the Contribution Guidelines before sending patches.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

The database contents in reports/ are distributed under the terms of the CC-BY 4.0 license.