The proposed counters will allow us to better understand how people are using and interacting with govulncheck, which should help us with work prioritization and improvement of services. For instance, govulncheck/show:traces will tell us how often are users inspecting call stacks in detail. This in turn can help us plan for better call stack heuristics down the road.
Do the counters carry sensitive user information?
No.
Version
Starting with govulncheck v1.1.1.
Proposed Graph Config
counter: govulncheck/scan:{symbol,package,module}
title: Scan Level Distribution
description: measure govulncheck scan level distribution
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]
counter: govulncheck/mode:{source,binary,extract,query,convert}
title: Scan Mode Distribution
description: measure govulncheck scan mode distribution
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]
counter: govulncheck/format:{text,json,sarif,openvex}
title: Output Format Distribution
description: measure govulncheck output format distribution
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]
counter: govulncheck/show:{none,traces,color,verbose,version}
title: Show Options Distribution
description: measure govulncheck show flag distribution
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]
govulncheck/assumptions:{multi-patterns, no-binary-platform, no-relative-path, no-go-root, local-replace, unknown-pkg-mod-path}
title: Code Invariants Distribution
description: measure distribution of failed govulncheck internal assumptions
type: partition
program: golang.org/x/vuln/cmd/govulncheck
version: [1.1.1-]
Proposal Details
Counter Names
govulncheck/level:{symbol, package, module} govulncheck/mode:{source, binary, extract, query, convert} govulncheck/format:{text, json, sarif, openvex} govulncheck/show:{none, traces, color, verbose, version} govulncheck/assumptions:{multi-patterns, no-binary-platform, no-relative-path, no-go-root, local-replace, unknown-pkg-mod-path} govulncheck/vulns: {reviewed,unreviewed}
Description
See proposed config change.
Rationale
The proposed counters will allow us to better understand how people are using and interacting with govulncheck, which should help us with work prioritization and improvement of services. For instance, govulncheck/show:traces will tell us how often are users inspecting call stacks in detail. This in turn can help us plan for better call stack heuristics down the road.
Do the counters carry sensitive user information?
No.
Version
Starting with govulncheck v1.1.1.
Proposed Graph Config