Start ingesting Go Vulnerabilities
Problem to solve
We want to offer Dependency Scanning for Go, but first we need to have Go vulnerabilities in the database so that the scan can find items.
Intended users
Proposal
This issue is focused on adding Go support to gemnasium-db
. We are starting with the addition of advisories related to 3rd party packages because supporting them does not require any changes to the structure of gemnasium-db
or the schema (MVC).
What does success look like, and how can we measure that?
First go-related advisories are present in gemnasium-db
.
What is the type of buyer?
Links / references
/cc @fcatteau @plafoucriere @NicoleSchwartz @brytannia
Implementation Plan
-
Create MRs related to Go standard packages -
Update the Yaml schema validation CI-job that is running on gemnasium-db
to validate incoming Go advisories -
Update gemnasium-db
documentation with respect to the newly added package type
@NicoleSchwartz
Product Management -- no Release Post - until scanning and more vulns - reach out direct via account managers.
Current state
Alpha - limited vulnerabilities are ingested and we are working toward ingesting new ones as they arrive but we need users to move forward with go dependency scanning and start providing feedback to help us move from alpha.
Edited by Nicole Schwartz