Add latest CVES count to each version as `gobrew ls --cves` && `gobrew ls-remote --cves`

kevincobain2000 / gobrew

Go version manager, written in Go. Super simple tool to install and manage Go versions. Install go without root. Gobrew doesn't require shell rehash.

https://medium.com/web-developer/go-version-manager-gobrew-c8750157dfe6

MIT License

364 stars 24 forks source link

Add latest CVES count to each version as `gobrew ls --cves` && `gobrew ls-remote --cves` #111

Closed kevincobain2000 closed 1 year ago

juev commented 1 year ago

Hi! What do you mean? What is it CVES?

kevincobain2000 commented 1 year ago

Sorry https://www.cvedetails.com/vulnerability-list/vendor_id-14185/product_id-29205/Golang-GO.html

juev commented 1 year ago

When a new version of golang is released, I only use Gobrew to install it and switch to it. What can information about existing vulnerabilities in the version be used for?

kevincobain2000 commented 1 year ago

Mostly the use case I imagined was to have it on the CI, similar to dependabot. As many of projects don’t update their versions on CI and go.mod upon EOL. I wanted those CI to fail when a limit of cve score has crossed.

It was just an idea at the moment.