search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.15k stars 347 forks source link

Add go binary scanning #1011

Closed another-rex closed 3 months ago

another-rex commented 4 months ago

Add go binary scanning extractor, and use it in image scanning.

This shows quite a few false positives that can be resolved with call analysis, which will be implemented in a followup PR.

codecov-commenter commented 4 months ago

Codecov Report

Attention: Patch coverage is 84.52381% with 13 lines in your changes missing coverage. Please review.

Project coverage is 65.25%. Comparing base (8fd553a) to head (6d68a3c).

Files Patch % Lines
pkg/lockfile/go-binary.go 82.00% 6 Missing and 3 partials :warning:
internal/image/extractor.go 87.87% 3 Missing and 1 partial :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1011 +/- ## ========================================== + Coverage 65.14% 65.25% +0.11% ========================================== Files 149 150 +1 Lines 12338 12401 +63 ========================================== + Hits 8037 8092 +55 - Misses 3849 3855 +6 - Partials 452 454 +2 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.