ghsarepo

package

v0.0.0-...-210767f Latest Latest Go to latest Published: Oct 24, 2023 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Package ghsarepo provides a client and utilities for reading GitHub security advisories directly from the Git repo https://github.com/github/advisory-database.

This allows us to read GHSAs in OSV format instead of the SecurityAdvisory format output by the GraphQL API.

This section is empty.

This section is empty.

This section is empty.

type Client struct {
	// contains filtered or unexported fields
}

func NewClient() (*Client, error)

NewClient returns a client to read from the GHSA database. It clones the Git repo at https://github.com/github/advisory-database, which can take around ~20 seconds.

func NewClientFromRepo(repo *git.Repository) (*Client, error)

NewClient returns a client that reads from the GHSA database in the given repo, which must follow the structure of https://github.com/github/advisory-database.

func (c *Client) ByCVE(cve string) []*genericosv.Entry

ByCVE returns the genericosv.Entry entries for the given CVE, or nil if none exist.

func (c *Client) ByGHSA(ghsa string) *genericosv.Entry

ByGHSA returns the genericosv.Entry entry for the given GHSA, or nil if none exists.

func (c *Client) IDs() []string

IDs returns all the GHSA IDs in the GHSA database.

func (c *Client) List() []*genericosv.Entry

List returns all the genericosv.Entry entries in the GHSA database.