govulncheck mirror

[pboguslawski]

Is your feature request related to a problem? Please describe. Devs use local athens as proxy for module downloading/caching but cannot use it for module security audits.

Describe the solution you'd like Add option to allow athens to periodically (configurable cron-like schedule) mirror and serve Go Vunerability Database (govulncheck allows to use custom db using -db parameter).

[matt0x6F]

I like the idea, but I think it falls outside of the definition of a Go Module Proxy like Athens. Go's own vulnerability database is separate from their proxy (but maybe is informed by it?). It's browseable primarily through the pkgsite. It does look like the spec for the server is documented though.