vulncheck

package

v0.14.0-pre.3 Latest Latest Go to latest Published: Oct 11, 2023 License: BSD-3-Clause Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

cs.opensource.google/go/x/tools

Links

Report a Vulnerability

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AnalysisMode ¶ added in v0.14.0

type AnalysisMode string

const (
	ModeInvalid     AnalysisMode = "" // zero value
	ModeGovulncheck AnalysisMode = "govulncheck"
	ModeImports     AnalysisMode = "imports"
)

type Result ¶ added in v0.14.0

type Result struct {
	// Entries contains all vulnerabilities that are called or imported by
	// the analyzed module. Keys are Entry.IDs.
	Entries map[string]*osv.Entry
	// Findings are vulnerabilities found by vulncheck or import-based analysis.
	// Ordered by the OSV IDs and the package names.
	Findings []*gvc.Finding

	// Mode contains the source of the vulnerability info.
	// Clients of the gopls.fetch_vulncheck_result command may need
	// to interpret the vulnerabilities differently based on the
	// analysis mode. For example, Vuln without callstack traces
	// indicate a vulnerability that is not used if the result was
	// from 'govulncheck' analysis mode. On the other hand, Vuln
	// without callstack traces just implies the package with the
	// vulnerability is known to the workspace and we do not know
	// whether the vulnerable symbols are actually used or not.
	Mode AnalysisMode `json:",omitempty"`

	// AsOf describes when this Result was computed using govulncheck.
	// It is valid only with the govulncheck analysis mode.
	AsOf time.Time `json:",omitempty"`
}

Result is the result of vulnerability scanning.

Source Files ¶

View all Source files

types.go

Directories ¶

Path	Synopsis
govulncheck Package govulncheck contains the JSON output structs for govulncheck.	Package govulncheck contains the JSON output structs for govulncheck.
osv Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields.	Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields.
scan
semver Package semver provides shared utilities for manipulating Go semantic versions.	Package semver provides shared utilities for manipulating Go semantic versions.
vulntest Package vulntest provides helpers for vulncheck functionality testing.	Package vulntest provides helpers for vulncheck functionality testing.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL