commit | f4619b1028c9b9f4fe6ee86f0c040484c459d36a | [log] [tgz] |
---|---|---|
author | Tatiana Bradley <tatiana@golang.org> | Fri Apr 15 16:34:49 2022 -0400 |
committer | Tatiana Bradley <tatiana@golang.org> | Tue Apr 26 18:58:23 2022 +0000 |
tree | 1421ccd98e4efc3687ad446e84e85100aad51ff4 | |
parent | 7540a44a85a0f40c5b0564820fa10a5d28d04ceb [diff] |
x/vulndb: support issues keyed by GHSA in `vulnreport create` Command `vulnreport create` can now be run on Github issues of the form `x/vulndb: potential Go vuln in some/pkg: GHSA-some-ghsa-id`. Introduces new function in `internal/ghsa` to fetch security advisories by GHSA id via Github API, which re-uses some factored out logic from existing `List` function. Moves (and extends) functionality to convert security advisories into reports from `internal/worker` to `internal/report` so it can be used by both the worker and the vulnreport command. Fixes golang/go#52361 Change-Id: I6902e8db4801245908b4a112b047ca5cc62db996 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/400495 Reviewed-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com>
This repository contains the reports for the Go Vulnerability Database.
If you are interested accessing data from the Go Vulnerability Database, see x/vuln for information. This repository is only used for adding new vulnerabilities.
We are not accepting new vulnerability reports at this time. We will update this README.md once we are ready to receive reports.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries are distributed under the terms of the CC-BY 4.0 license. See x/vuln for information on how to access these entries.