Sun. Sep 25th, 2022


Google has added the support for a vulnerability-management tool to make development projects safe.

The Go development team created the vuln.go.dev website to host vulnerable package types that can be imported from public Go modules. The security team selected the vulnerabilities and verified the security teams, with CVEs, GitHub security reports and reports from their supervisors.

A high quality database is being created because of non-essential problems.

Go has implemented the govulncheck command package, which, combined with vuln.go.dev, is a reliable way for Go users to learn about known vulnerabilities that could affect their projects.

A similar package, vulncheck, is also developed. GoLVNCheck exports the functionality in a yago API, and uses a security tool.

Govulncheck features are that it analyses your codebase and only detects vulnerabilities that actually affect the project, in case the features in your code are causing the error. That means fewer false statements.

In the Go documentation, the code conservative approach to function and interface pointer calls might lead to false positives or errors in call stacks.

By anupam

Leave a Reply

Your email address will not be published.