govulncheck
https://github.com/golang/vuln
govulncheck is a CLI tool to report known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application.
By default, govulncheck makes requests to the Go vulnerability database at https://vuln.go.dev. Requests to the vulnerability database contain only module paths, not code or other properties of your program. See https://vuln.go.dev/privacy.html for more. Use the -db flag to specify a different database, which must implement the specification at https://go.dev/security/vuln/database.
- Developed at devel:languages:go
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:Rebuild/govulncheck && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
_service | 0000000711 711 Bytes | |
_servicedata | 0000000232 232 Bytes | |
govulncheck-1.0.4.tar.gz | 0001893692 1.81 MB | |
govulncheck.changes | 0000006525 6.37 KB | |
govulncheck.spec | 0000002004 1.96 KB | |
vendor.tar.gz | 0000431539 421 KB |
Revision 5 (latest revision is 7)
Dominique Leuenberger (dimstar_suse)
accepted
request 1155753
from
Jeff Kowalczyk (jfkw)
(revision 5)
- Update to version 1.0.4: * cmd/govulncheck: mask line numbers and columns * internal/scan: remove redundant new lines * internal/vulncheck: add position for sinks in findings' trace * internal/scan: put -show <option> into single quotes * internal/buildinfo: do module-level analysis with no PCLN table * internal/scan: add a newline after summary * internal/test: add more info on GoBuild failures * internal/scan: remove extra dot in a comment * cmd/govulncheck: fix vendor test * internal/vulncheck: refactor a loop with an append * cmd/govulncheck: fix stripped bin test * cmd/govulncheck: update vendor tests * cmd/govulncheck: add more tests and reorganize them * internal/vulncheck: add package and module mode for binaries * internal/scan: replace Source with Symbol in text output * internal/scan: fix error statuses for scan={package|module} * internal/scan: add -show verbose flag * internal/scan: overhaul text output * internal/scan: simplify redundant error checking * internal/scan: add scan level to testdata * cmd/govulncheck/integration: update expectations for stackrox * internal/vulncheck: support osv entries with no pkg info * internal/vulncheck: remove redundant symbol check * internal/vulncheck: simplify vulnerability detection - Update to version 1.0.3: * internal/scan: add binary extract mode * internal/scan, vulncheck: use packages.load for mod info * internal/govulncheck: briefly explain streaming JSON
Comments 0