### Install govulncheck Source: https://github.com/golang/vuln/blob/master/README.md Install the latest version of govulncheck using go install. This command fetches and installs the tool. ```bash go install golang.org/x/vuln/cmd/govulncheck@latest ``` -------------------------------- ### GET /$module.json Source: https://github.com/golang/vuln/blob/master/doc/vulndb.md Retrieves a list of all vulnerability entries for a specific module. ```APIDOC ## GET /$module.json ### Description Fetches all recorded vulnerability entries associated with a given Go module path. ### Method GET ### Endpoint `https://vuln.go.dev/$module.json` ### Parameters #### Path Parameters - **module** (string) - Required - The module path (e.g., `golang.org/x/crypto`). ### Response #### Success Response (200) - **vulnerabilities** (array) - A list of vulnerability objects. - **id** (string) - The unique identifier for the vulnerability. - **module** (string) - The module path affected by the vulnerability. - **published** (string) - The publication date of the vulnerability. - **summary** (string) - A brief summary of the vulnerability. - **details** (string) - Detailed description of the vulnerability. - **affected** (array) - List of affected versions. - **version** (string) - The affected version range. - **less** (string) - The upper bound of the affected version (exclusive). - **fixed** (string) - The version where the vulnerability is fixed. #### Response Example { "vulnerabilities": [ { "id": "GO-2021-1234", "module": "golang.org/x/crypto", "published": "2021-01-01T10:00:00Z", "summary": "A buffer overflow vulnerability.", "details": "Details about the buffer overflow.", "affected": [ { "version": "<1.5.0", "less": "1.5.0", "fixed": "1.5.0" } ] } ] } ``` -------------------------------- ### GET /ID/index.json Source: https://github.com/golang/vuln/blob/master/doc/vulndb.md Retrieves a list of all vulnerability entries in the database. ```APIDOC ## GET /ID/index.json ### Description Fetches a comprehensive list of all vulnerability entries available in the Go Vulnerability Database. ### Method GET ### Endpoint `https://vuln.go.dev/ID/index.json` ### Response #### Success Response (200) - **vulnerabilities** (array) - A list of vulnerability objects, similar to the response for `$base/$module.json`. #### Response Example { "vulnerabilities": [ { "id": "GO-2021-1234", "module": "golang.org/x/crypto", "published": "2021-01-01T10:00:00Z", "summary": "A buffer overflow vulnerability.", "details": "Details about the buffer overflow.", "affected": [ { "version": "<1.5.0", "less": "1.5.0", "fixed": "1.5.0" } ] }, { "id": "GO-2022-5678", "module": "golang.org/x/text", "published": "2022-02-15T11:00:00Z", "summary": "A denial-of-service vulnerability.", "details": "Details about the DoS vulnerability.", "affected": [ { "version": "<2.1.0", "less": "2.1.0", "fixed": "2.1.0" } ] } ] } ``` -------------------------------- ### GET /$vuln.json Source: https://github.com/golang/vuln/blob/master/doc/vulndb.md Retrieves a detailed report for an individual Go vulnerability. ```APIDOC ## GET /$vuln.json ### Description Fetches a detailed report for a specific Go vulnerability identified by its unique ID. ### Method GET ### Endpoint `https://vuln.go.dev/ID/$vuln.json` ### Parameters #### Path Parameters - **vuln** (string) - Required - The Go vulnerability ID (e.g., `GO-2021-1234`). ### Response #### Success Response (200) - **id** (string) - The unique identifier for the vulnerability. - **module** (string) - The module path affected by the vulnerability. - **published** (string) - The publication date of the vulnerability. - **summary** (string) - A brief summary of the vulnerability. - **details** (string) - Detailed description of the vulnerability. - **affected** (array) - List of affected versions. - **version** (string) - The affected version range. - **less** (string) - The upper bound of the affected version (exclusive). - **fixed** (string) - The version where the vulnerability is fixed. #### Response Example { "id": "GO-2021-1234", "module": "golang.org/x/crypto", "published": "2021-01-01T10:00:00Z", "summary": "A buffer overflow vulnerability.", "details": "Details about the buffer overflow.", "affected": [ { "version": "<1.5.0", "less": "1.5.0", "fixed": "1.5.0" } ] } ``` -------------------------------- ### GET /index.json Source: https://github.com/golang/vuln/blob/master/doc/vulndb.md Retrieves a list of module paths in the database mapped to their last modified timestamp. ```APIDOC ## GET /index.json ### Description Lists all module paths in the database along with their last modified timestamps. ### Method GET ### Endpoint `https://vuln.go.dev/index.json` ### Response #### Success Response (200) - **module_path** (string) - The path of the Go module. - **last_modified** (string) - The timestamp indicating when the module's data was last modified. #### Response Example { "golang.org/x/crypto": "2023-01-01T12:00:00Z", "golang.org/x/text": "2023-01-02T13:00:00Z" } ``` -------------------------------- ### Run govulncheck Source: https://github.com/golang/vuln/blob/master/README.md Execute govulncheck within your Go module to scan for vulnerabilities. The './...' argument scans all packages in the module. ```bash govulncheck ./... ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.