Attachment #260283 for bug #285627

Lines 197-202 Link Here

(-)b/security/Makefile (+1 lines)
197	SUBDIR += gosec	197	SUBDIR += gosec
198	SUBDIR += gost-engine	198	SUBDIR += gost-engine
199	SUBDIR += gostsum	199	SUBDIR += gostsum
		200	SUBDIR += govulncheck
200	SUBDIR += gpa	201	SUBDIR += gpa
201	SUBDIR += gpg-gui	202	SUBDIR += gpg-gui
202	SUBDIR += gpg-tui	203	SUBDIR += gpg-tui




PORTNAME=	govulncheck
DISTVERSIONPREFIX=	v
DISTVERSION=	1.1.4
CATEGORIES=	security

MAINTAINER=	einar@isnic.is
COMMENT=	Database client and tools for the Go vulnerability database
WWW=		https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck

LICENSE=	BSD3CLAUSE
LICENSE_FILE=	${WRKSRC}/LICENSE

USES=		go:1.24,modules,run

GO_MODULE=	golang.org/x/vuln
GO_TARGET=	./cmd/govulncheck

post-patch:
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/scan/util.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/all_test.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/scan/run.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/test/packages.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/test/testenv.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/testenv/testenv.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/vulncheck/packages.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/telemetry/internal/configstore/download.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/telemetry/internal/telemetry/dir.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/go/packages/packagestest/export.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/gocommand/invoke.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/goroot/importcfg.go
	@${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/testenv/testenv.go

.include <bsd.port.mk>

Added Link Here

(-)b/security/govulncheck/distinfo (+5 lines)
1	TIMESTAMP = 1742556049
2	SHA256 (go/security_govulncheck/govulncheck-v1.1.4/v1.1.4.mod) = 40e5fa329adbfd7dad2476465ba340d2531b4d33640b82c81c34ac90f36cbd2a
3	SIZE (go/security_govulncheck/govulncheck-v1.1.4/v1.1.4.mod) = 387
4	SHA256 (go/security_govulncheck/govulncheck-v1.1.4/v1.1.4.zip) = 115ff76fba8f73b27106eb2e59e3f30696f4f7faaeed55471b5b65c3994b503d
5	SIZE (go/security_govulncheck/govulncheck-v1.1.4/v1.1.4.zip) = 853384

Added Link Here

(-)b/security/govulncheck/files/patch-all__test.go (+11 lines)
1	--- all_test.go.orig 2025-05-08 09:17:55 UTC
2	+++ all_test.go
3	@@ -84,7 +84,7 @@ func rungo(t *testing.T, args ...string) {
4	t.Helper()
5	testenv.NeedsGoBuild(t)
6
7	- cmd := exec.Command("go", args...)
8	+ cmd := exec.Command("%%GO_CMD%%", args...)
9	if output, err := cmd.CombinedOutput(); err != nil {
10	if ee := (*exec.ExitError)(nil); errors.As(err, &ee) && len(ee.Stderr) > 0 {
11	t.Fatalf("%v: %v\n%s", cmd, err, ee.Stderr)

Added Link Here

(-)b/security/govulncheck/files/patch-internal_buildinfo_additions__scan__test.go (+11 lines)
1	--- internal/buildinfo/additions_scan_test.go.orig 2025-05-08 09:20:20 UTC
2	+++ internal/buildinfo/additions_scan_test.go
3	@@ -145,7 +145,7 @@ func Vuln() {
4	})
5	defer e.Cleanup()
6
7	- cmd := exec.Command("go", "build", "-o", "entry")
8	+ cmd := exec.Command("%%GO_CMD%%", "build", "-o", "entry")
9	cmd.Dir = e.Config.Dir
10	cmd.Env = e.Config.Env
11	out, err := cmd.CombinedOutput()

Added Link Here

(-)b/security/govulncheck/files/patch-internal_scan_run.go (+11 lines)
1	--- internal/scan/run.go.orig 2025-05-08 09:21:10 UTC
2	+++ internal/scan/run.go
3	@@ -87,7 +87,7 @@ func prepareConfig(ctx context.Context, cfg *config, c
4	}
5	}
6	if cfg.GoVersion == "" {
7	- if out, err := exec.Command("go", "env", "GOVERSION").Output(); err == nil {
8	+ if out, err := exec.Command("%%GO_CMD%%", "env", "GOVERSION").Output(); err == nil {
9	cfg.GoVersion = strings.TrimSpace(string(out))
10	}
11	}

Added Link Here

(-)b/security/govulncheck/files/patch-internal_scan_util.go (+11 lines)
1	--- internal/scan/util.go.orig 1979-11-30 00:00:00 UTC
2	+++ internal/scan/util.go
3	@@ -50,7 +50,7 @@ func gomodExists(dir string) bool {
4	}
5
6	func gomodExists(dir string) bool {
7	- cmd := exec.Command("go", "env", "GOMOD")
8	+ cmd := exec.Command("%%GO_CMD%%", "env", "GOMOD")
9	cmd.Dir = dir
10	out, err := cmd.Output()
11	output := strings.TrimSpace(string(out))

Added Link Here

(-)b/security/govulncheck/files/patch-internal_test_packages.go (+11 lines)
1	--- internal/test/packages.go.orig 2025-05-08 09:19:24 UTC
2	+++ internal/test/packages.go
3	@@ -13,7 +13,7 @@ func VerifyImports(t *testing.T, allowed ...string) {
4	)
5
6	func VerifyImports(t *testing.T, allowed ...string) {
7	- if _, err := exec.LookPath("go"); err != nil {
8	+ if _, err := exec.LookPath("%%GO_CMD%%"); err != nil {
9	t.Skipf("skipping: %v", err)
10	}
11	cfg := &packages.Config{Mode: packages.NeedImports \| packages.NeedDeps}

Added Link Here

(-)b/security/govulncheck/files/patch-internal_test_testenv.go (+11 lines)
1	--- internal/test/testenv.go.orig 2025-05-08 09:18:33 UTC
2	+++ internal/test/testenv.go
3	@@ -14,7 +14,7 @@ func NeedsGoEnv(t testing.TB) {
4	func NeedsGoEnv(t testing.TB) {
5	t.Helper()
6
7	- if _, err := exec.LookPath("go"); err != nil {
8	+ if _, err := exec.LookPath("%%GO_CMD%%"); err != nil {
9	t.Skip("skipping test: can't run go env")
10	}
11	}

Added Link Here

(-)b/security/govulncheck/files/patch-internal_testenv_testenv.go (+11 lines)
1	--- internal/testenv/testenv.go.orig 2025-05-08 09:21:55 UTC
2	+++ internal/testenv/testenv.go
3	@@ -100,7 +100,7 @@ func NeedsGoBuild(t testing.TB) {
4	if err := os.WriteFile(mainGo, []byte("package main\nfunc main() {}\n"), 0644); err != nil {
5	t.Fatal(err)
6	}
7	- cmd := exec.Command("go", "build", "-o", os.DevNull, mainGo)
8	+ cmd := exec.Command("%%GO_CMD%%", "build", "-o", os.DevNull, mainGo)
9	cmd.Dir = dir
10	if err := cmd.Run(); err != nil {
11	goBuildErr = fmt.Errorf("%v: %v", cmd, err)

Added Link Here

(-)b/security/govulncheck/files/patch-internal_vulncheck_packages.go (+11 lines)
1	--- internal/vulncheck/packages.go.orig 2025-05-08 09:26:39 UTC
2	+++ internal/vulncheck/packages.go
3	@@ -34,7 +34,7 @@ func NewPackageGraph(goVersion string) *PackageGraph {
4	}
5
6	goRoot := ""
7	- if out, err := exec.Command("go", "env", "GOROOT").Output(); err == nil {
8	+ if out, err := exec.Command("%%GO_CMD%%", "env", "GOROOT").Output(); err == nil {
9	goRoot = strings.TrimSpace(string(out))
10	}
11	stdlibModule := &packages.Module{

Added Link Here

(-)b/security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_configstore_download.go (+11 lines)
1	--- vendor/golang.org/x/telemetry/internal/configstore/download.go.orig 2025-05-08 09:35:28 UTC
2	+++ vendor/golang.org/x/telemetry/internal/configstore/download.go
3	@@ -36,7 +36,7 @@ func Download(version string, envOverlay []string) (*t
4	}
5	modVer := ModulePath + "@" + version
6	var stdout, stderr bytes.Buffer
7	- cmd := exec.Command("go", "mod", "download", "-json", modVer)
8	+ cmd := exec.Command("%%GO_CMD%%", "mod", "download", "-json", modVer)
9	cmd.Env = append(os.Environ(), envOverlay...)
10	cmd.Stdout = &stdout
11	cmd.Stderr = &stderr

Added Link Here

(-)b/security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_telemetry_dir.go (+11 lines)
1	--- vendor/golang.org/x/telemetry/internal/telemetry/dir.go.orig 2025-05-08 09:35:02 UTC
2	+++ vendor/golang.org/x/telemetry/internal/telemetry/dir.go
3	@@ -52,7 +52,7 @@ func init() {
4	if err != nil {
5	return
6	}
7	- Default = NewDir(filepath.Join(cfgDir, "go", "telemetry"))
8	+ Default = NewDir(filepath.Join(cfgDir, "%%GO_CMD%%", "telemetry"))
9	}
10
11	func (d Dir) Dir() string {

Added Link Here

(-)b/security/govulncheck/files/patch-vendor_golang.org_x_tools_go_gcexportdata_gcexportdata.go (+11 lines)
1	--- vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go.orig 2025-05-08 09:27:42 UTC
2	+++ vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
3	@@ -87,7 +87,7 @@ func Find(importPath, srcDir string) (filename, path s
4	// Deprecated: Use the higher-level API in golang.org/x/tools/go/packages,
5	// which is more efficient.
6	func Find(importPath, srcDir string) (filename, path string) {
7	- cmd := exec.Command("go", "list", "-json", "-export", "--", importPath)
8	+ cmd := exec.Command("%%GO_CMD%%", "list", "-json", "-export", "--", importPath)
9	cmd.Dir = srcDir
10	out, err := cmd.Output()
11	if err != nil {

Added Link Here

(-)b/security/govulncheck/files/patch-vendor_golang.org_x_tools_go_packages_packagestest_export.go (+11 lines)
1	--- vendor/golang.org/x/tools/go/packages/packagestest/export.go.orig 2025-05-08 09:28:42 UTC
2	+++ vendor/golang.org/x/tools/go/packages/packagestest/export.go
3	@@ -37,7 +37,7 @@ the 'go list' command on the specified modules:
4	})
5	defer e.Cleanup()
6
7	- cmd := exec.Command("go", "list", "gopher.example/...")
8	+ cmd := exec.Command("%%GO_CMD%%", "list", "gopher.example/...")
9	cmd.Dir = e.Config.Dir
10	cmd.Env = e.Config.Env
11	out, err := cmd.Output()

Added Link Here

(-)b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gcimporter_exportdata.go (+11 lines)
1	--- vendor/golang.org/x/tools/internal/gcimporter/exportdata.go.orig 2025-05-08 09:32:45 UTC
2	+++ vendor/golang.org/x/tools/internal/gcimporter/exportdata.go
3	@@ -392,7 +392,7 @@ func lookupGorootExport(pkgDir string) (string, error)
4	)
5	f, _ = exportMap.LoadOrStore(pkgDir, func() (string, error) {
6	listOnce.Do(func() {
7	- cmd := exec.Command(filepath.Join(build.Default.GOROOT, "bin", "go"), "list", "-export", "-f", "{{.Export}}", pkgDir)
8	+ cmd := exec.Command(filepath.Join(build.Default.GOROOT, "bin", "%%GO_CMD%%"), "list", "-export", "-f", "{{.Export}}", pkgDir)
9	cmd.Dir = build.Default.GOROOT
10	cmd.Env = append(os.Environ(), "PWD="+cmd.Dir, "GOROOT="+build.Default.GOROOT)
11	var output []byte

Added Link Here

(-)b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gocommand_invoke.go (+11 lines)
1	--- vendor/golang.org/x/tools/internal/gocommand/invoke.go.orig 2025-05-08 09:34:03 UTC
2	+++ vendor/golang.org/x/tools/internal/gocommand/invoke.go
3	@@ -245,7 +245,7 @@ func (i *Invocation) run(ctx context.Context, stdout,
4	appendOverlayFlag()
5	goArgs = append(goArgs, i.Args...)
6	}
7	- cmd := exec.Command("go", goArgs...)
8	+ cmd := exec.Command("%%GO_CMD%%", goArgs...)
9	cmd.Stdout = stdout
10	cmd.Stderr = stderr
11

Added Link Here

(-)b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_goroot_importcfg.go (+11 lines)
1	--- vendor/golang.org/x/tools/internal/goroot/importcfg.go.orig 2025-05-08 09:33:18 UTC
2	+++ vendor/golang.org/x/tools/internal/goroot/importcfg.go
3	@@ -47,7 +47,7 @@ func PkgfileMap() (map[string]string, error) {
4	func PkgfileMap() (map[string]string, error) {
5	once.Do(func() {
6	m := make(map[string]string)
7	- output, err := exec.Command("go", "list", "-export", "-e", "-f", "{{.ImportPath}} {{.Export}}", "std", "cmd").Output()
8	+ output, err := exec.Command("%%GO_CMD%%", "list", "-export", "-e", "-f", "{{.ImportPath}} {{.Export}}", "std", "cmd").Output()
9	if err != nil {
10	stdlibPkgfileErr = err
11	}




--- vendor/golang.org/x/tools/internal/testenv/testenv.go.orig	2025-05-08 09:30:00 UTC
+++ vendor/golang.org/x/tools/internal/testenv/testenv.go
@@ -115,7 +115,7 @@ func HasTool(tool string) error {
 				checkGoBuild.err = err
 				return
 			}
-			cmd := exec.Command("go", "build", "-o", os.DevNull, mainGo)
+			cmd := exec.Command("%%GO_CMD%%", "build", "-o", os.DevNull, mainGo)
 			cmd.Dir = dir
 			if out, err := cmd.CombinedOutput(); err != nil {
 				if len(out) > 0 {
@@ -145,7 +145,7 @@ func cgoEnabled(bypassEnvironment bool) (bool, error) 
 }
 
 func cgoEnabled(bypassEnvironment bool) (bool, error) {
-	cmd := exec.Command("go", "env", "CGO_ENABLED")
+	cmd := exec.Command("%%GO_CMD%%", "env", "CGO_ENABLED")
 	if bypassEnvironment {
 		cmd.Env = append(append([]string(nil), os.Environ()...), "CGO_ENABLED=")
 	}
@@ -444,7 +444,7 @@ func findGOROOT() (string, error) {
 			return
 		}
 
-		cmd := exec.Command("go", "env", "GOROOT")
+		cmd := exec.Command("%%GO_CMD%%", "env", "GOROOT")
 		out, err := cmd.Output()
 		if err != nil {
 			gorootErr = fmt.Errorf("%v: %v", cmd, err)
@@ -480,7 +480,7 @@ func NeedsLocalXTools(t testing.TB) {
 
 	NeedsTool(t, "go")
 
-	cmd := Command(t, "go", "list", "-f", "{{with .Replace}}{{.Dir}}{{end}}", "-m", "golang.org/x/tools")
+	cmd := Command(t, "%%GO_CMD%%", "list", "-f", "{{with .Replace}}{{.Dir}}{{end}}", "-m", "golang.org/x/tools")
 	out, err := cmd.Output()
 	if err != nil {
 		if ee, ok := err.(*exec.ExitError); ok && len(ee.Stderr) > 0 {




Govulncheck reports known vulnerabilities that affect Go code.
It uses static analysis of source code or a binary's symbol table
to narrow down reports to only those that could affect the
application.

By default, govulncheck makes requests to the Go vulnerability
database at https://vuln.go.dev. Requests to the vulnerability
database contain only module paths with vulnerabilities already
known to the database, not code or other properties of your
program. See https://vuln.go.dev/privacy.html for more.
Use the -db flag to specify a different database, which must
implement the specification at https://go.dev/security/vuln/database.

Govulncheck looks for vulnerabilities in Go programs using a specific
build configuration. For analyzing source code, that configuration is
the Go version specified by the "go" command found on the PATH. For
binaries, the build configuration is the one used to build the binary.
Note that different build configurations may have different known
vulnerabilities.

Added Link Here

(-)b/security/govulncheck/pkg-plist (-1 / +1 lines)
0	-	1	bin/govulncheck

Return to bug 285627

Added Link Here

(-)b/security/govulncheck/Makefile (+35 lines)
1	PORTNAME= govulncheck
2	DISTVERSIONPREFIX= v
3	DISTVERSION= 1.1.4
4	CATEGORIES= security
5
6	MAINTAINER= einar@isnic.is
7	COMMENT= Database client and tools for the Go vulnerability database
8	WWW= https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
9
10	LICENSE= BSD3CLAUSE
11	LICENSE_FILE= ${WRKSRC}/LICENSE
12
13	USES= go:1.24,modules,run
14
15	GO_MODULE= golang.org/x/vuln
16	GO_TARGET= ./cmd/govulncheck
17
18	post-patch:
19	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/internal/scan/util.go
20	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/all_test.go
21	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/internal/scan/run.go
22	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/internal/test/packages.go
23	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/internal/test/testenv.go
24	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/internal/testenv/testenv.go
25	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/internal/vulncheck/packages.go
26	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/vendor/golang.org/x/telemetry/internal/configstore/download.go
27	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/vendor/golang.org/x/telemetry/internal/telemetry/dir.go
28	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
29	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/vendor/golang.org/x/tools/go/packages/packagestest/export.go
30	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go
31	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/gocommand/invoke.go
32	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/goroot/importcfg.go
33	@${REINPLACE_CMD} -e 's\|%%GO_CMD%%\|${GO_CMD}\|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/testenv/testenv.go
34
35	.include <bsd.port.mk>

Added Link Here

(-)b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_testenv_testenv.go (+38 lines)
1	--- vendor/golang.org/x/tools/internal/testenv/testenv.go.orig 2025-05-08 09:30:00 UTC
2	+++ vendor/golang.org/x/tools/internal/testenv/testenv.go
3	@@ -115,7 +115,7 @@ func HasTool(tool string) error {
4	checkGoBuild.err = err
5	return
6	}
7	- cmd := exec.Command("go", "build", "-o", os.DevNull, mainGo)
8	+ cmd := exec.Command("%%GO_CMD%%", "build", "-o", os.DevNull, mainGo)
9	cmd.Dir = dir
10	if out, err := cmd.CombinedOutput(); err != nil {
11	if len(out) > 0 {
12	@@ -145,7 +145,7 @@ func cgoEnabled(bypassEnvironment bool) (bool, error)
13	}
14
15	func cgoEnabled(bypassEnvironment bool) (bool, error) {
16	- cmd := exec.Command("go", "env", "CGO_ENABLED")
17	+ cmd := exec.Command("%%GO_CMD%%", "env", "CGO_ENABLED")
18	if bypassEnvironment {
19	cmd.Env = append(append([]string(nil), os.Environ()...), "CGO_ENABLED=")
20	}
21	@@ -444,7 +444,7 @@ func findGOROOT() (string, error) {
22	return
23	}
24
25	- cmd := exec.Command("go", "env", "GOROOT")
26	+ cmd := exec.Command("%%GO_CMD%%", "env", "GOROOT")
27	out, err := cmd.Output()
28	if err != nil {
29	gorootErr = fmt.Errorf("%v: %v", cmd, err)
30	@@ -480,7 +480,7 @@ func NeedsLocalXTools(t testing.TB) {
31
32	NeedsTool(t, "go")
33
34	- cmd := Command(t, "go", "list", "-f", "{{with .Replace}}{{.Dir}}{{end}}", "-m", "golang.org/x/tools")
35	+ cmd := Command(t, "%%GO_CMD%%", "list", "-f", "{{with .Replace}}{{.Dir}}{{end}}", "-m", "golang.org/x/tools")
36	out, err := cmd.Output()
37	if err != nil {
38	if ee, ok := err.(*exec.ExitError); ok && len(ee.Stderr) > 0 {

Added Link Here

(-)b/security/govulncheck/pkg-descr (+19 lines)
1	Govulncheck reports known vulnerabilities that affect Go code.
2	It uses static analysis of source code or a binary's symbol table
3	to narrow down reports to only those that could affect the
4	application.
5
6	By default, govulncheck makes requests to the Go vulnerability
7	database at https://vuln.go.dev. Requests to the vulnerability
8	database contain only module paths with vulnerabilities already
9	known to the database, not code or other properties of your
10	program. See https://vuln.go.dev/privacy.html for more.
11	Use the -db flag to specify a different database, which must
12	implement the specification at https://go.dev/security/vuln/database.
13
14	Govulncheck looks for vulnerabilities in Go programs using a specific
15	build configuration. For analyzing source code, that configuration is
16	the Go version specified by the "go" command found on the PATH. For
17	binaries, the build configuration is the one used to build the binary.
18	Note that different build configurations may have different known
19	vulnerabilities.