-
Notifications
You must be signed in to change notification settings - Fork 17.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vuln/cmd/govulncheck: umbrella issue for govulncheck updates #56207
Comments
Change https://go.dev/cl/461646 mentions this issue: |
Change https://go.dev/cl/463099 mentions this issue: |
Instead of showing results per each package whose symbols are called, we now show vulnerabilities instead. We also break each vulnerability by modules whose symbols have been exercised. Explicit package info is omitted as it can be deduced from the shown call stacks. This also fixes the issue of incorrect vulnerability counting. Other change involve keeping things consistent between the main part and Informational. Updates golang/go#56207 Fixes golang/go#56177 Change-Id: I4cc12881443938cd3eb4f581e6689e53daeb28c7 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/461646 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
There are two progress output messages: one for source and one for binaries. The latter one is simpler since the binary analysis is almost instantaneous. Fixes golang/go#56501 Updates golang/go#56207 Change-Id: I381c8ef3b7db9c87c52ef6b2132b79be940b8b3d Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463099 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>
Change https://go.dev/cl/463105 mentions this issue: |
Otherwise, the JSON output is corrupted. Updates golang/go#56501 Updates golang/go#56207 Change-Id: I97a7dff99f1a06d001280079ccccc2fed211de70 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463105 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Zvonimir Pavlinovic <zpavlinovic@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>
Change https://go.dev/cl/463106 mentions this issue: |
We define environment as Go version at PATH (showed only for source mode), govulncheck version (effectively x/vuln version), and list of vulnerability databases with their timestamp. The CL also moves some code around. Fixes golang/go#56097 Fixes golang/go#56514 Updates golang/go#56207 Change-Id: I2e2f179a5421b3dfc1e1f1e4bd0ed13d16735364 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463106 Reviewed-by: Jonathan Amsterdam <jba@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
Instead of showing results per each package whose symbols are called, we now show vulnerabilities instead. We also break each vulnerability by modules whose symbols have been exercised. Explicit package info is omitted as it can be deduced from the shown call stacks. This also fixes the issue of incorrect vulnerability counting. Other change involve keeping things consistent between the main part and Informational. Updates golang/go#56207 Fixes golang/go#56177 Change-Id: I4cc12881443938cd3eb4f581e6689e53daeb28c7 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/461646 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
There are two progress output messages: one for source and one for binaries. The latter one is simpler since the binary analysis is almost instantaneous. Fixes golang/go#56501 Updates golang/go#56207 Change-Id: I381c8ef3b7db9c87c52ef6b2132b79be940b8b3d Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463099 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>
Otherwise, the JSON output is corrupted. Updates golang/go#56501 Updates golang/go#56207 Change-Id: I97a7dff99f1a06d001280079ccccc2fed211de70 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463105 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Zvonimir Pavlinovic <zpavlinovic@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>
We define environment as Go version at PATH (showed only for source mode), govulncheck version (effectively x/vuln version), and list of vulnerability databases with their timestamp. The CL also moves some code around. Fixes golang/go#56097 Fixes golang/go#56514 Updates golang/go#56207 Change-Id: I2e2f179a5421b3dfc1e1f1e4bd0ed13d16735364 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463106 Reviewed-by: Jonathan Amsterdam <jba@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
Instead of showing results per each package whose symbols are called, we now show vulnerabilities instead. We also break each vulnerability by modules whose symbols have been exercised. Explicit package info is omitted as it can be deduced from the shown call stacks. This also fixes the issue of incorrect vulnerability counting. Other change involve keeping things consistent between the main part and Informational. Updates golang/go#56207 Fixes golang/go#56177 Change-Id: I4cc12881443938cd3eb4f581e6689e53daeb28c7 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/461646 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
There are two progress output messages: one for source and one for binaries. The latter one is simpler since the binary analysis is almost instantaneous. Fixes golang/go#56501 Updates golang/go#56207 Change-Id: I381c8ef3b7db9c87c52ef6b2132b79be940b8b3d Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463099 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>
Otherwise, the JSON output is corrupted. Updates golang/go#56501 Updates golang/go#56207 Change-Id: I97a7dff99f1a06d001280079ccccc2fed211de70 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463105 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Zvonimir Pavlinovic <zpavlinovic@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>
We define environment as Go version at PATH (showed only for source mode), govulncheck version (effectively x/vuln version), and list of vulnerability databases with their timestamp. The CL also moves some code around. Fixes golang/go#56097 Fixes golang/go#56514 Updates golang/go#56207 Change-Id: I2e2f179a5421b3dfc1e1f1e4bd0ed13d16735364 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463106 Reviewed-by: Jonathan Amsterdam <jba@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
Instead of showing results per each package whose symbols are called, we now show vulnerabilities instead. We also break each vulnerability by modules whose symbols have been exercised. Explicit package info is omitted as it can be deduced from the shown call stacks. This also fixes the issue of incorrect vulnerability counting. Other change involve keeping things consistent between the main part and Informational. Updates golang/go#56207 Fixes golang/go#56177 Change-Id: I4cc12881443938cd3eb4f581e6689e53daeb28c7 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/461646 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
There are two progress output messages: one for source and one for binaries. The latter one is simpler since the binary analysis is almost instantaneous. Fixes golang/go#56501 Updates golang/go#56207 Change-Id: I381c8ef3b7db9c87c52ef6b2132b79be940b8b3d Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463099 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>
Otherwise, the JSON output is corrupted. Updates golang/go#56501 Updates golang/go#56207 Change-Id: I97a7dff99f1a06d001280079ccccc2fed211de70 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463105 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Zvonimir Pavlinovic <zpavlinovic@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>
We define environment as Go version at PATH (showed only for source mode), govulncheck version (effectively x/vuln version), and list of vulnerability databases with their timestamp. The CL also moves some code around. Fixes golang/go#56097 Fixes golang/go#56514 Updates golang/go#56207 Change-Id: I2e2f179a5421b3dfc1e1f1e4bd0ed13d16735364 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/463106 Reviewed-by: Jonathan Amsterdam <jba@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
This issue is not needed anymore as the new version of govulncheck has been released (and only 6 is now left to do). |
This is the umbrella issue for an upcoming changes to govulncheck:
/cc @golang/vulndb
The text was updated successfully, but these errors were encountered: