The vuln worker triages incoming security advisories and scans selected modules for vulnerabilities.
The Go security team runs the worker on Google Cloud Platform‘s Cloud Run product. See the repo’s
terraform directory for more on the deployment setup.
The main program for the worker, in the repo‘s
cmd/worker directory, can also be used as a command-line tool for one-off executions of some of the server’s actions.
Accessing the worker server's home page from a browser requires authentication. We recommend cloud-run-proxy for painless browsing. Install it with
go install github.com/GoogleCloudPlatform/cloud-run-proxy@latest
If you have authenticated with
gcloud, you can run it with
cloud-run-proxy -host WORKER_CLOUD_RUN_URL
Otherwise, obtain a token on another machine that has authenticated with
gcloud auth print-identity-token
and pass the output to
cloud-run-proxy with the