The vuln worker triages incoming security advisories and scans selected modules for vulnerabilities.
The Go security team runs the worker on Google Cloud Platform‘s Cloud Run product. See the repo’s terraform
directory for more on the deployment setup.
The main program for the worker, in the repo‘s cmd/worker
directory, can also be used as a command-line tool for one-off executions of some of the server’s actions.
Accessing the worker server's home page from a browser requires authentication. We recommend cloud-run-proxy for painless browsing. Install it with
go install github.com/GoogleCloudPlatform/cloud-run-proxy@latest
If you have authenticated with gcloud
, you can run it with
cloud-run-proxy -host WORKER_CLOUD_RUN_URL
Otherwise, obtain a token on another machine that has authenticated with
gcloud auth print-identity-token
and pass the output to cloud-run-proxy
with the -token
flag.