Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/tools/gopls: add analyzer for vulnerability check #50577

Open
hyangah opened this issue Jan 12, 2022 · 0 comments
Open

x/tools/gopls: add analyzer for vulnerability check #50577

hyangah opened this issue Jan 12, 2022 · 0 comments

Comments

@hyangah
Copy link
Contributor

@hyangah hyangah commented Jan 12, 2022

References:

Experimental command line tool: https://pkg.go.dev/golang.org/x/exp/vulndb/govulncheck
Experimental API: https://pkg.go.dev/golang.org/x/exp/vulncheck
Vuln DB access API: https://pkg.go.dev/golang.org/x/vuln

  • Gopls will publish the analysis results as LSP diagnostics to help easy integration in other LSP-aware integration.
  • We may end up implementing additional custom command or notification to turn on/off the analysis easier or retrieve extra information about vulnerability details.
  • However, vulncheck requires a whole-program analysis so it requires handling slightly different from typical analyzers.

cc @julieqiu @zpavlinovic

@gopherbot gopherbot added this to the Unreleased milestone Jan 12, 2022
@suzmue suzmue removed this from the Unreleased milestone Jan 13, 2022
@suzmue suzmue added this to the gopls/unplanned milestone Jan 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants