govulncheck integration #198
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
another-rex
requested review from
oliverchang
and removed request for
oliverchang
another-rex
force-pushed
the
govulncheck-integration
branch
from
0d6bd0e to
e60dbd4
Compare
oliverchang
reviewed
Feb 10, 2023
|
@another-rex is this still a draft, or is it ready for closer review? |
another-rex
commented
Feb 14, 2023
|
Still a draft at the moment, should be ready by end of today though. |
…if vulnerabilities are not called
another-rex
commented
Feb 22, 2023
| if err != nil { | ||
| return nil, err | ||
| } | ||
| vpkgs := vulncheck.Convert(pkgs) |
There was a problem hiding this comment.
@zpavlinovic Just want to confirm that this function and the returned vulncheck.Package will still be available (possibly migrated into govulncheck) after vulncheck goes internal/private?
oliverchang
reviewed
Feb 22, 2023
oliverchang
reviewed
Feb 22, 2023
oliverchang
reviewed
Feb 22, 2023
oliverchang
approved these changes
Feb 23, 2023
|
@julieqiu FYI |
oliverchang
approved these changes
Feb 27, 2023
hayleycd
pushed a commit
that referenced
this pull request
Mar 9, 2023
An initial attempt at integrating govulncheck's library with OSV-Scanner. TODOs before full PR: ~~- [ ] Add config options after design doc is finalized~~ ~~- [ ] Allow user to configure tags and go versions~~ - [x] Update table output for inactive/not called vulnerabilities - [x] Update exit code for not called vulnerabilities - [x] Update README with feature and the go dependency if they want the vulncheck feature - [x] Add go as dependency into osv-scanner docker containers.
julieqiu
pushed a commit
to julieqiu/osv-scanner
that referenced
this pull request
May 2, 2023
An initial attempt at integrating govulncheck's library with OSV-Scanner. TODOs before full PR: ~~- [ ] Add config options after design doc is finalized~~ ~~- [ ] Allow user to configure tags and go versions~~ - [x] Update table output for inactive/not called vulnerabilities - [x] Update exit code for not called vulnerabilities - [x] Update README with feature and the go dependency if they want the vulncheck feature - [x] Add go as dependency into osv-scanner docker containers.
julieqiu
pushed a commit
to julieqiu/osv-scanner
that referenced
this pull request
May 2, 2023
An initial attempt at integrating govulncheck's library with OSV-Scanner. TODOs before full PR: ~~- [ ] Add config options after design doc is finalized~~ ~~- [ ] Allow user to configure tags and go versions~~ - [x] Update table output for inactive/not called vulnerabilities - [x] Update exit code for not called vulnerabilities - [x] Update README with feature and the go dependency if they want the vulncheck feature - [x] Add go as dependency into osv-scanner docker containers.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
An initial attempt at integrating govulncheck's library with OSV-Scanner.
TODOs before full PR:
- [ ] Add config options after design doc is finalized- [ ] Allow user to configure tags and go versions