go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
[mirror] The Go Vulnerability Database
57 коммитов 1 ветка 0 Теги 50 MiB
Go 97.3%
Shell 1.1%
HCL 0.7%
HTML 0.6%
Dockerfile 0.2%
Перейти к файлу
Julie Qiu 4d281770f7 report: moved to internal/report 
Package report is moved to internal/report, since that package is only
used by the vulndb module.

Change-Id: I773f6e00f4d99327ba65a28f8ba7ba4ed24d5bd6
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/355269
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
 		2021-10-15 20:00:17 +00:00
client client: update time stamp for non-changed index 2021-10-07 17:30:39 +00:00
cmd report: moved to internal/report 2021-10-15 20:00:17 +00:00
deploy deploy: add cloud build support 2021-07-28 16:44:26 +00:00
internal/report report: moved to internal/report 2021-10-15 20:00:17 +00:00
osv report: moved to internal/report 2021-10-15 20:00:17 +00:00
reports reports: add x/text/language report 2021-10-06 17:51:21 +00:00
AUTHORS all: add licensing boilerplate and update README 2021-04-13 20:32:20 +00:00
CONTRIBUTING.md all: add license headers and CONTRIBUTING.md 2021-04-13 21:05:53 +00:00
CONTRIBUTORS all: add licensing boilerplate and update README 2021-04-13 20:32:20 +00:00
LICENSE all: add licensing boilerplate and update README 2021-04-13 20:32:20 +00:00
PATENTS all: add licensing boilerplate and update README 2021-04-13 20:32:20 +00:00
README.md report: moved to internal/report 2021-10-15 20:00:17 +00:00
format.md all: change TOML references to YAML 2021-10-15 19:57:42 +00:00
go.mod client,cmd/gendb: structure database around modules 2021-08-12 20:31:54 +00:00
go.sum all: go mod tidy 2021-04-19 18:20:21 +00:00
lint_test.go report: moved to internal/report 2021-10-15 20:00:17 +00:00
new-vuln.sh all: change TOML references to YAML 2021-10-15 19:57:42 +00:00
template client,cmd/gendb: structure database around modules 2021-08-12 20:31:54 +00:00
triaged-cve-list reports: add remaining triaged CVEs 2021-04-14 00:37:40 +00:00

README.md

The Go Vulnerability Database golang.org/x/vulndb

This repository is a prototype of the Go Vulnerability Database. Read the Draft Design.

Neither the code, nor the data, nor the existence of this repository is to be considered stable until an approved proposal.

Important: vulnerability entries in this repository are represented in an internal, unstable format that can and will change without notice.

Consuming database entries

Database clients must not rely on the contents of this repository. Instead, they can access the tree of JSON entries rooted at

https://storage.googleapis.com/go-vulndb/

An index.json file maps module paths to last modified timestamps (link).

For each module, a NAME.json file contains a list of vulnerability entries (example).

Note that this path and format are provisional and likely to change until an approved proposal.

Packages

Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.

  • osv provides a package for generating OSV-style JSON vulnerability entries from a report.Report
  • client contains a client for accessing HTTP/fs based vulnerability databases, as well as a minimal caching implementation
  • cmd/dbdiff provides a tool for comparing two different versions of the vulnerability database
  • cmd/gendb provides a tool for converting YAML reports into JSON database
  • cmd/genhtml provides a tool for converting YAML reports into a HTML website
  • cmd/linter provides a tool for linting individual reports
  • cmd/report2cve provides a tool for converting YAML reports into JSON CVEs

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries available at https://storage.googleapis.com/go-vulndb/ are distributed under the terms of the CC-BY 4.0 license.