go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
[mirror] The Go Vulnerability Database
517 коммитов 1 ветка 0 Теги 50 MiB
Go 97.3%
Shell 1.1%
HCL 0.7%
HTML 0.6%
Dockerfile 0.2%
Перейти к файлу
Damien Neil 703236d8e9 all: update for OSV schema changes 
The OSV affected.package.name field is now the module path, not the
package import path. The affected.package.ecosystem_speficic.imports
field now contains a list of Go packages and symbols within those
packages.

Restructure the report YAML to match the OSV structure:
A report contains a list of modules, a module contains a list of
packages, a package contains a list of symbols.

Move GOOS/GOARCH to the package, rather than being report-global.

This change updates the canonical YAML format and changes the
OSV generation to the new form, but does not reformat data/reports.
The report loader rewrites the old report YAML into the new
style. Followup CLs will convert the reports and remove the
rewriter.

Change-Id: I71af994846721fdd43a8ee5c41574387ff781332
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/424895
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
 		2022-08-19 16:42:49 +00:00
.github/ISSUE_TEMPLATE x/vulndb: add Github issue form for external vulndb reports 2022-07-28 17:36:15 +00:00
cmd all: update for OSV schema changes 2022-08-19 16:42:49 +00:00
data all: update for OSV schema changes 2022-08-19 16:42:49 +00:00
deploy deploy/gcp-deploy.sh: always deploy the DB 2022-05-27 19:24:41 +00:00
devtools devtools/proxy_worker.sh: die early on bad arg 2022-04-27 21:19:21 +00:00
doc data/reports: add published date to all reports 2022-08-18 20:22:13 +00:00
internal all: update for OSV schema changes 2022-08-19 16:42:49 +00:00
terraform terraform: add cron job for module scanning 2022-03-21 17:39:49 +00:00
webconfig webconfig: add copyright page 2022-08-16 23:18:52 +00:00
.gitignore terraform: adjust worker config 2021-12-22 13:51:59 +00:00
CONTRIBUTING.md all: add license headers and CONTRIBUTING.md 2021-04-13 21:05:53 +00:00
LICENSE data: add LICENSE and NOTICES files 2022-08-16 16:59:20 +00:00
PATENTS all: add licensing boilerplate and update README 2021-04-13 20:32:20 +00:00
README.md data: add LICENSE and NOTICES files 2022-08-16 16:59:20 +00:00
all_test.go all: move reports/ and excluded/ to data/ directory 2022-08-12 21:03:42 +00:00
checks.bash go.mod: update golang.org/x/exp 2022-02-28 14:36:30 +00:00
go.mod all: update for OSV schema changes 2022-08-19 16:42:49 +00:00
go.sum all: update for OSV schema changes 2022-08-19 16:42:49 +00:00
tools_test.go checks.bash: replace all.bash 2021-12-20 22:06:07 +00:00

README.md

The Go Vulnerability Database

This repository contains the reports for the Go Vulnerability Database.

If you are interested accessing data from the Go Vulnerability Database, see x/vuln for information. This repository is only used for adding new vulnerabilities.

For more information on vulnerability management in the Go ecosystem, see https://go.dev/security/vulndb.

Reporting a vulnerability

We are not accepting new vulnerability reports at this time. We will update this README.md once we are ready to receive reports.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See x/vuln for information on how to access these entries.