-
Notifications
You must be signed in to change notification settings - Fork 17.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vuln/cmd/govulncheck: output a final result in json mode #62340
Comments
What would be the easiest way for us to reproduce this? |
It is also not clear what is being suggested here. The govulncheck command provides streaming json containing the result section. Could it just be that govulncheck did not find anything for your project? |
Use the command 'govulncheck-json. /... 'Reproduce. |
It is hoped that a key value in the json result of govulncheck can clearly indicate whether there is any vulnerability in the detection result. The current version does not have this key/value, so it cannot be integrated into CI for automation. |
Closing. |
Like the following? If the finding property is in, there is a vulnerability; otherwise, there is no vulnerability
|
Yes, and you can have multiple findings. Each finding will give you the information needed to interpret it. Above, you can see that you have a trace of multiple If the trace has only one entry whose We plan to write up more detailed documentation about json output. |
ok, thanks |
What version of Go are you using (
go version
)?What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
执行了以下命令检查漏洞
# govulncheck -json ./...
What did you expect to see?
{
"config": {
"protocol_version": "v1.0.0",
"scanner_name": "govulncheck",
"scanner_version": "v1.0.1",
"db": "https://vuln.go.dev",
"db_last_modified": "2023-08-23T14:38:50Z",
"go_version": "go1.21.0",
"scan_level": "symbol"
}
}
{
"progress": {
"message": "Scanning your code and 48 packages across 1 dependent module for known vulnerabilities..."
}
}
{
"result": {
"status": true
}
}
What did you see instead?
{
"config": {
"protocol_version": "v1.0.0",
"scanner_name": "govulncheck",
"scanner_version": "v1.0.1",
"db": "https://vuln.go.dev",
"db_last_modified": "2023-08-23T14:38:50Z",
"go_version": "go1.21.0",
"scan_level": "symbol"
}
}
{
"progress": {
"message": "Scanning your code and 48 packages across 1 dependent module for known vulnerabilities..."
}
}
The text was updated successfully, but these errors were encountered: