vuln
module
This package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Report a Vulnerability
Open Source Insights
README¶
Go Vulnerability Management
Go's support for vulnerability management includes tooling for analyzing yourcodebase and binaries to surface known vulnerabilities in your dependencies.This tooling is backed by the Go vulnerability database, which is curated bythe Go security team. Go’s tooling reduces noise in your results by onlysurfacing vulnerabilities in functions that your code is actually calling.
You can install the latest version of govulncheck usinggo install
go install golang.org/x/vuln/cmd/govulncheck@latestThen, run govulncheck inside your module:
govulncheck ./...Seethe govulncheck tutorial to getstarted, andhttps://go.dev/security/vuln formore information about Go's support for vulnerability management. The APIdocumentation can be found athttps://pkg.go.dev/golang.org/x/vuln/scan.
Privacy Policy
The privacy policy forgovulncheck can be found athttps://vuln.go.dev/privacy.
License
Unless otherwise noted, the Go source files are distributed under the BSD-stylelicense found in the LICENSE file.
Database entries available athttps://vuln.go.dev are distributed under theterms of theCC-BY 4.0 license.
Directories¶
| Path | Synopsis |
|---|---|
cmd | |
govulncheckcommand Govulncheck reports known vulnerabilities that affect Go code. | Govulncheck reports known vulnerabilities that affect Go code. |
govulncheck/integration/k8scommand | |
Package internal contains functionality for x/vuln. | Package internal contains functionality for x/vuln. |
client Package client provides an interface for accessing vulnerability databases, via either HTTP or local filesystem access. | Package client provides an interface for accessing vulnerability databases, via either HTTP or local filesystem access. |
derrors Package derrors defines internal error values to categorize the different types error semantics supported by x/vuln. | Package derrors defines internal error values to categorize the different types error semantics supported by x/vuln. |
gosym Package gosym implements access to the Go symbol and line number tables embedded in Go binaries generated by the gc compilers. | Package gosym implements access to the Go symbol and line number tables embedded in Go binaries generated by the gc compilers. |
goversion Package goversion reports the Go version used to build program executables. | Package goversion reports the Go version used to build program executables. |
govulncheck Package govulncheck contains the JSON output structs for govulncheck. | Package govulncheck contains the JSON output structs for govulncheck. |
openvex Package vex defines the Vulnerability EXchange Format (VEX) types supported by govulncheck. | Package vex defines the Vulnerability EXchange Format (VEX) types supported by govulncheck. |
osv Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields. | Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields. |
sarif Package sarif defines Static Analysis Results Interchange Format (SARIF) types supported by govulncheck. | Package sarif defines Static Analysis Results Interchange Format (SARIF) types supported by govulncheck. |
semver Package semver provides shared utilities for manipulating Go semantic versions. | Package semver provides shared utilities for manipulating Go semantic versions. |
vulncheck Package vulncheck detects uses of known vulnerabilities in Go programs. | Package vulncheck detects uses of known vulnerabilities in Go programs. |
Package scan provides functionality for running govulncheck. | Package scan provides functionality for running govulncheck. |