Skip to content

x/vuln: How is this tool intended to be used in an air-gapped development environment? #65230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tpihl opened this issue Jan 23, 2024 · 2 comments
Closed

x/vuln: How is this tool intended to be used in an air-gapped development environment? #65230

tpihl opened this issue Jan 23, 2024 · 2 comments
Assignees
@zpavlinovic @tatianab
Labels
FrozenDueToAge vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@tpihl
Copy link

tpihl commented Jan 23, 2024

govulncheck version

N/A

Does this issue reproduce at the latest version of golang.org/x/vuln?

N/A

Output of go env in your module/workspace:

N/A

What did you do?

N/A

What did you see happen?

N/A

What did you expect to see?

Documentation on how to bring the db and tooling into a usb-stick and how to set up and run it as similar for the isolated development environment (with no access to internet).
@tpihl tpihl added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Jan 23, 2024
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned Jan 23, 2024
@zpavlinovic zpavlinovic self-assigned this Jan 23, 2024
@zpavlinovic
Copy link
Contributor

govulncheck documentation states that one can "use the -db flag to specify a different database...." This information is also available through govulncheck -help and by following the documentation links on the database.

So if you have a local database at /path/to/db, you can run govulncheck -db file:///path/to/db.

We'll provide instructions on how to download the Go vulnerability database locally soon.

@tatianab
Copy link

Hello, we have just released a new feature that allows bulk download of the Go vulnerability database. It is available at https://vuln.go.dev/vulndb.zip.

For example, to download and unzip the database, and run govulncheck with it:

$ curl https://vuln.go.dev/vulndb.zip -s --output vulndb.zip
$ unzip -qq vulndb.zip -d vulndb
$ govulncheck -db file://$PWD/vulndb -version ./...

@golang golang locked and limited conversation to collaborators Jan 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@zpavlinovic zpavlinovic

@tatianab tatianab

Labels
FrozenDueToAge vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
4 participants
@tpihl @zpavlinovic @tatianab @gopherbot