Go Vulnerability Database: integration into Go toolchain?

[Christoph Berger]

Does anybody know if there are plans to integrate vulnerability checks into Go tools like go get, go mod download, or go mod tidy?

Right now, devs need to pull vuln information manually, either through running govulnchek or by visiting packages on pkg.go.dev and inspecting the package history for vuln tags.

Integration into the toolchain would provide a semi-automated way of checking projects for security issues.

(Side note: there is a govulncheck GitHub Action available, but what I am looking for is a (semi-)automated mechanism that is independent of any software ecosystem.)