Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln: improve vulnerability checking when PCLN table is not available but buildinfo is #59731

Closed
julieqiu opened this issue Apr 20, 2023 · 1 comment
Closed

x/vuln: improve vulnerability checking when PCLN table is not available but buildinfo is #59731

julieqiu opened this issue Apr 20, 2023 · 1 comment
Assignees
@zpavlinovic
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@julieqiu
Copy link
Member

From https://github.com/golang/vuln/blob/9268f8338db8b8377d58c92d7168aa495cc5b9c6/internal/vulncheck/internal/buildinfo/additions_scan.go#L76-L77:

If we have build information, but not PCLN table, we should be able to fall back to much higher granularity vulnerability checking
@julieqiu julieqiu added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Apr 20, 2023
@julieqiu julieqiu added this to the vuln/unplanned milestone Apr 20, 2023
@prattmic prattmic added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 21, 2023
@zpavlinovic zpavlinovic self-assigned this Feb 1, 2024
@gopherbot
Copy link

Change https://go.dev/cl/560375 mentions this issue: internal/buildinfo: do module-level analysis with no PCLN table

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zpavlinovic zpavlinovic

Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
4 participants
@zpavlinovic @prattmic @julieqiu @gopherbot