govulncheck

[Colton Freeman]

good day all,

i am not a developer and have just recently stumbled upon the `govulncheck` tool from golang. 

i am curious how accurate this tool is and if it should be used in a scan report for vulnerabilities?

do we need to run this on the main.go and reference the go.mod file in the project?

another question would be about the go.mod. does this tool only scan go packages `gopkg.in/yaml.v3 v3.0.1` or is it anything listed in the go.mod `github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0`

if you need more info or have questions please feel free to ask. 

W/r 

Colton.

[Colton Freeman]

Disregard. Figured out the tool (a little better). Would still love to chat with some that has in depth experience with it though. 

--
You received this message because you are subscribed to a topic in the Google Groups "golang-nuts" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/golang-nuts/K3PZCxo_XvY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/2fca01b6-5bc8-49ee-bb21-eba166063d35n%40googlegroups.com.

[Volker Dobler]

What exactly beside the information in https://go.dev/blog/govulncheck

and especially https://go.dev/doc/tutorial/govulncheck do you want

to discuss?

V