| commit | c9514b27c8c6641f197f17387c43feb58cb6d7e5 | [log] [tgz] |
|---|---|---|
| author | Tatiana Bradley <tatianabradley@google.com> | Tue Sep 20 11:54:50 2022 -0400 |
| committer | Tatiana Bradley <tatiana@golang.org> | Wed Sep 21 19:28:18 2022 +0000 |
| tree | f1f0a4d6f358fa493fdcf9172bb14b47583db82c | |
| parent | 58a610ac68550f158773c67e71608ce16764a9f0 [diff] |
internal/worker: do not skip GHSAs that have CVEs The worker was missing some GHSAs because it always filtered out GHSAs with CVEs (and sometimes CVEs are miscategorized as not Go vulns, aren't published yet, etc). This change modifies the logic to look at all GHSAs and create an issue if there is not yet an issue for the associated CVE. Note that this leaves a gap (which will be fixed in a subsequent CL) in which a CVE that is later found by the worker will have a duplicate issue created for it. Change-Id: I54008c2b2772ee6de9ece2f129de8668e80bed27 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/432095 Run-TryBot: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>
This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.
If you are interested accessing data from the Go Vulnerability Database, see x/vuln.
Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.
Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.
The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries are distributed under the terms of the CC-BY-4.0 license. See x/vuln for information on how to access these entries.