Google Git
Sign in
go / vulndb / f8934e944ed632c47c87d0460b650976c637c38a
commitf8934e944ed632c47c87d0460b650976c637c38a[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Tue Nov 12 11:28:39 2024 -0500
committerTatiana Bradley <tatianabradley@google.com>Wed Nov 20 15:28:57 2024 +0000
treec744179ea1e1d2a50438da635e54d9a6a0cc218a
parentc5e69da6b7be3ee4af59fcdb1aceda8374592a6d [diff]
internal/report: add new status NEEDS_REVIEW

Add a new YAML report status, NEEDS_REVIEW, which indicates that
a report has been automatically generated but needs to be reviewed
by a human later.

The goal of this new status is to allow us to quickly publish initial
versions of *most* reports that will require review.

A report with status NEEDS_REVIEW has slightly stricter requirements
than UNREVIEWED reports:
    - NEEDS_REVIEW reports must have a fixed version for each affected module
    - NEEDS_REVIEW reports must not have any "unsupported_versions"

These stricter requirements prevent us from publishing low-information reports
that could affect many users. Auto-generated reports that do not meet these
requirements need to be manually reviewed by a human.

When a new NEEDS_REVIEW report is committed, the automatically generated
commit message includes "Updates #NNN" for the corresponding issue instead
of "Fixes #NNN", because additional action is still needed.

NEEDS_REVIEW is an internal status only - it is converted to UNREVIEWED
when published to OSV.

Change-Id: I340279f5a3f73e508b145f613d3d07d71e870aaa
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/626157
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
19 files changed
tree: c744179ea1e1d2a50438da635e54d9a6a0cc218a
  1. .github/
  2. cmd/
  3. data/
  4. deploy/
  5. devtools/
  6. doc/
  7. internal/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. checks.bash
  13. CONTRIBUTING.md
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.