Documentation
¶
Overview ¶
Copyright 2023 The Go Authors. All rights reserved. Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.
Package ghsarepo provides a client and utilities for reading GitHub security advisories directly from the Git repo https://github.com/github/advisory-database.
This allows us to read GHSAs in OSV format instead of the SecurityAdvisory format output by the GraphQL API.
Index ¶
Constants ¶
const DirectURLPrefix = "https://raw.githubusercontent.com/github/advisory-database/main/advisories/github-reviewed"
const URL = "https://github.com/github/advisory-database"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClient ¶
NewClient returns a client that reads from the GHSA database in the given repo, which must follow the structure of https://github.com/github/advisory-database.
func NewDefaultClient ¶
NewDefaultClient returns a client to read from the GHSA database. It clones the Git repo at https://github.com/github/advisory-database, which can take around ~20 seconds.
func (*Client) ByCVE ¶
func (c *Client) ByCVE(cve string) []*genericosv.Entry
ByCVE returns the genericosv.Entry entries for the given CVE, or nil if none exist.
func (*Client) ByGHSA ¶
func (c *Client) ByGHSA(ghsa string) *genericosv.Entry
ByGHSA returns the genericosv.Entry entry for the given GHSA, or nil if none exists.
func (*Client) IDs ¶
IDs returns all the GHSA IDs in the GHSA database that affect Go and are not withdrawn.
func (*Client) List ¶
func (c *Client) List() []*genericosv.Entry
List returns all the genericosv.Entry entries in the GHSA database that affect Go and are not withdrawn.
Source Files