vulncheck

package
v0.17.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2024 License: BSD-3-Clause Imports: 3 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AnalysisMode added in v0.14.0

type AnalysisMode string
const (
	ModeInvalid     AnalysisMode = "" // zero value
	ModeGovulncheck AnalysisMode = "govulncheck"
	ModeImports     AnalysisMode = "imports"
)

type Result added in v0.14.0

type Result struct {
	// Entries contains all vulnerabilities that are called or imported by
	// the analyzed module. Keys are Entry.IDs.
	Entries map[string]*osv.Entry
	// Findings are vulnerabilities found by vulncheck or import-based analysis.
	// Ordered by the OSV IDs and the package names.
	Findings []*gvc.Finding

	// Mode contains the source of the vulnerability info.
	// Clients of the gopls.fetch_vulncheck_result command may need
	// to interpret the vulnerabilities differently based on the
	// analysis mode. For example, Vuln without callstack traces
	// indicate a vulnerability that is not used if the result was
	// from 'govulncheck' analysis mode. On the other hand, Vuln
	// without callstack traces just implies the package with the
	// vulnerability is known to the workspace and we do not know
	// whether the vulnerable symbols are actually used or not.
	Mode AnalysisMode `json:",omitempty"`

	// AsOf describes when this Result was computed using govulncheck.
	// It is valid only with the govulncheck analysis mode.
	AsOf time.Time `json:",omitempty"`
}

Result is the result of vulnerability scanning.

Directories

Path Synopsis
Package govulncheck contains the JSON output structs for govulncheck.
Package govulncheck contains the JSON output structs for govulncheck.
Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields.
Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields.
Package semver provides shared utilities for manipulating Go semantic versions.
Package semver provides shared utilities for manipulating Go semantic versions.
Package vulntest provides helpers for vulncheck functionality testing.
Package vulntest provides helpers for vulncheck functionality testing.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL