Google Git
Sign in
go / website / 9e1b9c76f9733857e6f323dd435ee0bd1f9a6e6e^! / .
commit9e1b9c76f9733857e6f323dd435ee0bd1f9a6e6e[log] [tgz]
authorJulie Qiu <julie@golang.org>Wed May 04 10:03:13 2022 -0400
committerJulie Qiu <julie@golang.org>Mon May 23 22:16:50 2022 +0000
treed184a457005838db55b626aaec0ef15fdaca8c31
parent9faf03bf18ade6f2b994e4542cd7ad50492bf209 [diff]
_content/security/vulndb: add initial landing page

An initial version of the Go vulnerability database landing page is
added.

Change-Id: I4dd8ebb0301fb06b999ec071fbb2d07efa57a803
Reviewed-on: https://go-review.googlesource.com/c/website/+/404034
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>

diff --git a/_content/security/vulndb/index.html b/_content/security/vulndb/index.html
new file mode 100644
index 0000000..49c7fb7
--- /dev/null
+++ b/_content/security/vulndb/index.html

@@ -0,0 +1,78 @@
+<!--{
+	"Title": "Go Vulnerability Database",
+	"layout": "article"
+}-->
+
+<strong>This page is a work in progress.</strong>
+
+<h2 id="overview">Overview</h2>
+<p>
+The Go vulnerability database is a curated database of public Go security
+vulnerabilities, maintained by the Go Security team.
+</p>
+
+<h2 id="protocol">Protocol</h2>
+<p>
+The Go vulnerability database is rooted at <code>https://vuln.go.dev</code> and
+provides data as JSON. We recommend using
+<a href="https://pkg.go.dev/golang.org/x/vuln/client#Client">client.Client</a>
+to read data from the Go vulnerability database.
+</p>
+
+<p>
+Do not rely on the contents of the x/vulndb repository. The YAML files in that
+repository are maintained using an internal format that is subject to change
+without warning.
+</p>
+
+<p>
+The endpoints in the table below are supported. For each path:
+</p>
+
+<ul>
+  <li><code>$base</code> is the path portion of a Go vulnerability database URL (<code>https://vuln.go.dev</code>).</li>
+  <li><code>$module</code> is a module path</li>
+  <li><code>$vuln</code> is a Go vulnerabilitiy ID (for example, <code>GO-2021-1234</code>)</li>
+</ul>
+
+
+<table>
+  <thead>
+    <tr>
+      <th>Path</th>
+      <th>Description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><code>$base/index.json</code></td>
+      <td>
+        List of module paths in the database mapped to its last modified
+        timestamp (<a href="https://vuln.go.dev/index.json">link</a>).
+      </td>
+    </tr>
+    <tr>
+      <td><code>$base/$module.json</code></td>
+      <td>
+        List of vulnerability entries for that module (<a href="https://vuln.go.dev/golang.org/x/crypto.json">example</a>).
+      </td>
+    </tr>
+    <tr>
+      <td><code>$base/ID/index.json</code></td>
+      <td>
+        List of all the vulnerability entries in the database.
+      </td>
+    </tr>
+    <tr>
+      <td><code>$base/ID/$vuln.json</code></td>
+      <td>
+        An individual Go vulnerability report.
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+<p>
+Note that these paths and format are provisional and likely to change until an
+approved proposal.
+</p>