Overview Repositories Revisions Requests Users Attributes Meta

govulncheck

Edit Package govulncheck
https://github.com/golang/vuln

govulncheck is a CLI tool to report known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application.

By default, govulncheck makes requests to the Go vulnerability database at https://vuln.go.dev. Requests to the vulnerability database contain only module paths, not code or other properties of your program. See https://vuln.go.dev/privacy.html for more. Use the -db flag to specify a different database, which must implement the specification at https://go.dev/security/vuln/database.

  • Developed at devel:languages:go
  • Sources inherited from project openSUSE:Factory
  • 2 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Factory:Rebuild/govulncheck && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
_service 0000000711 711 Bytes
_servicedata 0000000232 232 Bytes
govulncheck-1.1.3.tar.gz 0003868513 3.69 MB
govulncheck.changes 0000012991 12.7 KB
govulncheck.spec 0000002029 1.98 KB
vendor.tar.gz 0000845096 825 KB
Revision 9 (latest revision is 10)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1188076 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 9) 
- Update to version 1.1.3:
  * internal/openvex: update handler test
  * LICENSE: update per Google Legal
  * internal/vulncheck: add warning message for ancient binaries
  * all: remove build restrictions requiring go1.18
  * cmd/govulncheck: clarify unsafe/reflection limitations
  * cmd/govulncheck: update docs for old Go binaries
  * internal/openvex: omit vulns with no findings
  * cmd/govulncheck/integration: adjust k8s expectations
  * all: remove skipIfShort
  * all: remove unnecessary test lines for staticcheck
  * internal/vulncheck: avoid recomputing if module is known
  * go.mod: update golang.org/x dependencies
  * internal/buildinfo: add support for ancient Go binaries
  * internal/goversion: comment out a printing line
  * internal/goversion: add package as copy of rsc.io/goversion/version
  * cmd/govulncheck: remove line about go version requirements
  * internal/vulncheck: improve documentation
  * internal/vulncheck: use module info when looking for symbols
  * internal/vulncheck: handle symbols ending with .
  * cmd/govulncheck/integration: make expectation check more robust
  * all: require go1.21
- Packaging improvements:
  * Build PIE with pattern that may become recommended procedure:
    %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
    A go toolchain buildmode default config would be preferable
    but none exist at this time.
  * Update to BuildRequires: golang(API) >= 1.21 matching go.mod
  * Use name macro where applicable to normalize common lines
    across Go app packages. Also makes renaming binary easier when (forwarded request 1188075 from jfkw)
Comments 0
openSUSE Build Service is sponsored by
Places