Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: include metadata about modules in binaries #28784

Closed
tsaarni opened this issue Nov 13, 2018 · 1 comment
Closed

proposal: include metadata about modules in binaries #28784

tsaarni opened this issue Nov 13, 2018 · 1 comment

Comments

@tsaarni
Copy link
Contributor

tsaarni commented Nov 13, 2018

There are many scanners for finding known vulnerabilities (CVEs). Typical scanner could be based on e.g. RPM index.

CVEs are reported also about go modules (see example here) but due to static linking it is difficult to recognize if a given binary has known vulnerability.

Go compiler could augment the binaries with metadata about included modules and their versions.
Implementers of vulnerability scanners could leverage this metadata for introducing support for go binary scanning.

@gopherbot gopherbot added this to the Proposal milestone Nov 13, 2018
@myitcv
Copy link
Member

myitcv commented Nov 13, 2018

Dup of #26404

https://go-review.googlesource.com/c/go/+/144220 has just been merged too

@myitcv myitcv closed this as completed Nov 13, 2018
@golang golang locked and limited conversation to collaborators Nov 13, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants