neild
commented
2 years ago Is there a simple, reliable way to map from a module name and version to a useful link?
We could perhaps say that if the module name begins with github.com, we link to https://${MODULE}/releases/tag/${VERSION}, but does that link reliably exist? And in the example here, does the page https://github.com/crypto-org-chain/cronos/releases/tag/v0.8.0 really contain that much useful information?
For example, for https://github.com/golang/vulndb/issues/829, there was no commit link in the GHSA. It would be helpful to include this link in the issue for triaging:
https://github.com/crypto-org-chain/cronos/releases/tag/v0.8.0