vulndb

module

v0.0.0-...-e796110 Latest Latest Go to latest Published: May 10, 2024 License: BSD-3-Clause, CC-BY-4.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

go.googlesource.com/vulndb

Links

README ¶

The Go Vulnerability Database

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
cmd
checkdb Command checkdb validates Go vulnerability databases.	Command checkdb validates Go vulnerability databases.
checkdeploy Command checkdeploy validates that it is safe to deploy a new vulnerability database.	Command checkdeploy validates that it is safe to deploy a new vulnerability database.
cve Command cve provides utilities for managing CVE IDs and CVE Records via the MITRE CVE Services API.	Command cve provides utilities for managing CVE IDs and CVE Records via the MITRE CVE Services API.
forks Command forks determines if Go modules are similar.	Command forks determines if Go modules are similar.
gendb Command gendb provides a tool for converting YAML reports into JSON Go vulnerability databases.	Command gendb provides a tool for converting YAML reports into JSON Go vulnerability databases.
indexdb Command indexdb provides a tool for creating a v1 vulnerability database from a folder containing OSV JSON files.	Command indexdb provides a tool for creating a v1 vulnerability database from a folder containing OSV JSON files.
inspect Command inspect provides insights into the current contents of vulndb.	Command inspect provides insights into the current contents of vulndb.
issue Command issue provides a tool for creating an issue on the x/vulndb issue tracker.	Command issue provides a tool for creating an issue on the x/vulndb issue tracker.
modinfo Command modinfo displays module info from the pkgsite database.	Command modinfo displays module info from the pkgsite database.
modinfo/internal/pkgsitedb Package pkgsitedb provides functionality for connecting to the pkgsite database.	Package pkgsitedb provides functionality for connecting to the pkgsite database.
vulnreport Command vulnreport provides a tool for creating a YAML vulnerability report for x/vulndb.	Command vulnreport provides a tool for creating a YAML vulnerability report for x/vulndb.
vulnreport/color
vulnreport/log
worker Command worker runs the vuln worker server.	Command worker runs the vuln worker server.
devtools
cmd/populate_firestore
internal Package internal contains functionality for x/vulndb.	Package internal contains functionality for x/vulndb.
cveclient Package cveclient implements a client for interacting with MITRE CVE Services API as described at https://cveawg.mitre.org/api-docs/openapi.json.	Package cveclient implements a client for interacting with MITRE CVE Services API as described at https://cveawg.mitre.org/api-docs/openapi.json.
cvelistrepo Package cvelistrepo supports working with the repo containing the list of CVEs.	Package cvelistrepo supports working with the repo containing the list of CVEs.
cveschema Package cveschema contains the schema for a CVE, as derived from https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema.	Package cveschema contains the schema for a CVE, as derived from https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema.
cveschema5 Package cveschema5 contains the schema for a CVE Record in CVE JSON 5.0 format.	Package cveschema5 contains the schema for a CVE Record in CVE JSON 5.0 format.
cveutils
database Package database provides functionality for reading, writing, and validating Go vulnerability databases according to the v1 schema.	Package database provides functionality for reading, writing, and validating Go vulnerability databases according to the v1 schema.
derrors Package derrors defines internal error values to categorize the different types error semantics supported by x/vulndb.	Package derrors defines internal error values to categorize the different types error semantics supported by x/vulndb.
genai
genai/gen_examples Command gen_examples generates and stores examples that can be used to create prompts / training inputs for Google's Generative AI APIs.	Command gen_examples generates and stores examples that can be used to create prompts / training inputs for Google's Generative AI APIs.
genericosv
ghsa Package ghsa supports GitHub security advisories.	Package ghsa supports GitHub security advisories.
ghsarepo
gitrepo Package gitrepo provides operations on git repos.	Package gitrepo provides operations on git repos.
issues Package issues provides a general way to interact with issues, and a client for interacting with the GitHub issues API.	Package issues provides a general way to interact with issues, and a client for interacting with the GitHub issues API.
issues/githubtest Package githubtest provides a test client and server for testing the GitHub API client.	Package githubtest provides a test client and server for testing the GitHub API client.
observe Package observe provides metric and tracing support for Go servers.	Package observe provides metric and tracing support for Go servers.
osv Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields.	Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields.
osvutils Package osvutils provides utilities for working with Go OSV entries.	Package osvutils provides utilities for working with Go OSV entries.
pkgsite
proxy Package proxy provides a client and utilities for accessing the Go module proxy.	Package proxy provides a client and utilities for accessing the Go module proxy.
report Package report contains functionality for parsing and linting YAML reports in reports/.	Package report contains functionality for parsing and linting YAML reports in reports/.
stdlib Package stdlib contains functionality relevant to the Go Standard Library.	Package stdlib contains functionality relevant to the Go Standard Library.
symbols
test
version Package version provides shared utilities for manipulating Go semantic versions with no prefix.	Package version provides shared utilities for manipulating Go semantic versions with no prefix.
worker
worker/log Package log implements event handlers for logging.	Package log implements event handlers for logging.
worker/store Package store supports permanent data storage for the vuln worker.	Package store supports permanent data storage for the vuln worker.