tree: 4934bd5f339986980150435f766b6ab42a87e8f2 [path history] [tgz]
  1. log/
  2. static/
  3. store/
  4. config.go
  5. false_positive_records.gen.go
  6. false_positives.go
  7. false_positives_test.go
  8. gen_false_positives.go
  9. module_proxy.go
  10. module_proxy_test.go
  11. paths.go
  12. paths_test.go
  13. README.md
  14. scan_modules.go
  15. scan_modules_test.go
  16. server.go
  17. server_test.go
  18. triage.go
  19. triage_test.go
  20. update.go
  21. update_test.go
  22. util.go
  23. worker.go
  24. worker_test.go
internal/worker/README.md

Go Vulnerability Worker

The vuln worker triages incoming security advisories and scans selected modules for vulnerabilities.

The Go security team runs the worker on Google Cloud Platform‘s Cloud Run product. See the repo’s terraform directory for more on the deployment setup.

The main program for the worker, in the repo‘s cmd/worker directory, can also be used as a command-line tool for one-off executions of some of the server’s actions.

Browsing the worker

Accessing the worker server's home page from a browser requires authentication. We recommend cloud-run-proxy for painless browsing. Install it with

go install github.com/GoogleCloudPlatform/cloud-run-proxy@latest

If you have authenticated with gcloud, you can run it with

cloud-run-proxy -host WORKER_CLOUD_RUN_URL

Otherwise, obtain a token on another machine that has authenticated with

gcloud auth print-identity-token

and pass the output to cloud-run-proxy with the -token flag.