Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln: define format returned by -json flag #60496

Closed
VirrageS opened this issue May 30, 2023 · 3 comments
Closed

x/vuln: define format returned by -json flag #60496

VirrageS opened this issue May 30, 2023 · 3 comments
Labels
vulncheck or vulndb Issues for the x/vuln or x/vulndb repo WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone
vuln/unplanned

Comments

@VirrageS
Copy link

What version of Go are you using (go version)?

$ go version
go1.20.4

Feature request

I would like to request a definition of the format that is returned by -json. It is listed in #60165 but just wanted to make it explicit. The idea behind this request is that using govulncheck -json could be streamed to other tools to act on the vulnerabilities. It would be especially important to add descriptions to all the fields to know when to use which.
@VirrageS VirrageS added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label May 30, 2023
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned May 30, 2023
@mknyszek
Copy link
Contributor

CC @golang/vulndb

@mknyszek mknyszek added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label May 30, 2023
@ianthehat
Copy link

Does https://pkg.go.dev/golang.org/x/vuln@v0.1.0/internal/govulncheck have all the information you need?
The intent of that package it that it is also easy to copy those files if you are writing a tool that wants to consume the output, as well as documenting that output.

@ianthehat ianthehat added WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels May 30, 2023
@VirrageS
Copy link
Author

Oh, I totally missed that. That's definitely sufficient. Maybe some mention of it in the README would be appreciated :)) Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
vulncheck or vulndb Issues for the x/vuln or x/vulndb repo WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
4 participants
@ianthehat @mknyszek @VirrageS @gopherbot