Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
checkdb
Command checkdb validates Go vulnerability databases.
|
Command checkdb validates Go vulnerability databases. |
checkdeploy
Command checkdeploy validates that it is safe to deploy a new vulnerability database.
|
Command checkdeploy validates that it is safe to deploy a new vulnerability database. |
cve
Command cve provides utilities for managing CVE IDs and CVE Records via the MITRE CVE Services API.
|
Command cve provides utilities for managing CVE IDs and CVE Records via the MITRE CVE Services API. |
forks
Command forks determines if Go modules are similar.
|
Command forks determines if Go modules are similar. |
gendb
Command gendb provides a tool for converting YAML reports into JSON Go vulnerability databases.
|
Command gendb provides a tool for converting YAML reports into JSON Go vulnerability databases. |
indexdb
Command indexdb provides a tool for creating a v1 vulnerability database from a folder containing OSV JSON files.
|
Command indexdb provides a tool for creating a v1 vulnerability database from a folder containing OSV JSON files. |
inspect
Command inspect provides insights into the current contents of vulndb.
|
Command inspect provides insights into the current contents of vulndb. |
issue
Command issue provides a tool for creating an issue on the x/vulndb issue tracker.
|
Command issue provides a tool for creating an issue on the x/vulndb issue tracker. |
modinfo
Command modinfo displays module info from the pkgsite database.
|
Command modinfo displays module info from the pkgsite database. |
modinfo/internal/pkgsitedb
Package pkgsitedb provides functionality for connecting to the pkgsite database.
|
Package pkgsitedb provides functionality for connecting to the pkgsite database. |
priority
Command priority gives direct access to the module prioritization code used by vulnreport triage.
|
Command priority gives direct access to the module prioritization code used by vulnreport triage. |
triage
Command triage provides direct access to the triage algorithm in internal/triage (used by the worker), which determines whether an external vuln likely affects Go or not.
|
Command triage provides direct access to the triage algorithm in internal/triage (used by the worker), which determines whether an external vuln likely affects Go or not. |
vulnreport
Command vulnreport provides a tool for creating a YAML vulnerability report for x/vulndb.
|
Command vulnreport provides a tool for creating a YAML vulnerability report for x/vulndb. |
worker
Command worker runs the vuln worker server.
|
Command worker runs the vuln worker server. |
devtools
|
|
Package internal contains functionality for x/vulndb.
|
Package internal contains functionality for x/vulndb. |
cve4
package cve4 contains the schema for a CVE, as derived from https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema.
|
package cve4 contains the schema for a CVE, as derived from https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema. |
cve5
package cve5 contains the schema for a CVE Record in CVE JSON 5.0 format.
|
package cve5 contains the schema for a CVE Record in CVE JSON 5.0 format. |
cvelistrepo
Package cvelistrepo supports working with the repo containing the list of CVEs.
|
Package cvelistrepo supports working with the repo containing the list of CVEs. |
database
Package database provides functionality for reading, writing, and validating Go vulnerability databases according to the v1 schema.
|
Package database provides functionality for reading, writing, and validating Go vulnerability databases according to the v1 schema. |
derrors
Package derrors defines internal error values to categorize the different types error semantics supported by x/vulndb.
|
Package derrors defines internal error values to categorize the different types error semantics supported by x/vulndb. |
genai/gen_examples
Command gen_examples generates and stores examples that can be used to create prompts / training inputs for Google's Generative AI APIs.
|
Command gen_examples generates and stores examples that can be used to create prompts / training inputs for Google's Generative AI APIs. |
genericosv
File copied from github.com/google/osv-scanner@v1.8.0/pkg/models/constants.go
|
File copied from github.com/google/osv-scanner@v1.8.0/pkg/models/constants.go |
ghsa
Package ghsa supports GitHub security advisories.
|
Package ghsa supports GitHub security advisories. |
gitrepo
Package gitrepo provides operations on git repos.
|
Package gitrepo provides operations on git repos. |
idstr
Package idstr provides utilities for working with vulnerability identifier strings.
|
Package idstr provides utilities for working with vulnerability identifier strings. |
issues
Package issues provides a general way to interact with issues, and a client for interacting with the GitHub issues API.
|
Package issues provides a general way to interact with issues, and a client for interacting with the GitHub issues API. |
issues/githubtest
Package githubtest provides a test client and server for testing the GitHub API client.
|
Package githubtest provides a test client and server for testing the GitHub API client. |
observe
Package observe provides metric and tracing support for Go servers.
|
Package observe provides metric and tracing support for Go servers. |
osv
Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields.
|
Package osv implements the Go OSV vulnerability format (https://go.dev/security/vuln/database#schema), which is a subset of the OSV shared vulnerability format (https://ossf.github.io/osv-schema), with database and ecosystem-specific meanings and fields. |
osvutils
Package osvutils provides utilities for working with Go OSV entries.
|
Package osvutils provides utilities for working with Go OSV entries. |
proxy
Package proxy provides a client and utilities for accessing the Go module proxy.
|
Package proxy provides a client and utilities for accessing the Go module proxy. |
report
Package report contains functionality for parsing and linting YAML reports in reports/.
|
Package report contains functionality for parsing and linting YAML reports in reports/. |
stdlib
Package stdlib contains functionality relevant to the Go Standard Library.
|
Package stdlib contains functionality relevant to the Go Standard Library. |
triage/priority
Package priority contains utilities for prioritizing vulnerability reports.
|
Package priority contains utilities for prioritizing vulnerability reports. |
version
Package version provides shared utilities for manipulating Go semantic versions with no prefix.
|
Package version provides shared utilities for manipulating Go semantic versions with no prefix. |
worker/log
Package log implements event handlers for logging.
|
Package log implements event handlers for logging. |
worker/store
Package store supports permanent data storage for the vuln worker.
|
Package store supports permanent data storage for the vuln worker. |
Click to show internal directories.
Click to hide internal directories.