You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Nov 26, 2024. It is now read-only.
Copy file name to clipboardExpand all lines: README.md
+2-10Lines changed: 2 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
# Gobinsec
2
2
3
-
This tool parses Go binary dependencies and calls [NVD database](https://nvd.nist.gov/) to produce a vulnerability report.
3
+
This tool parses Go binary dependencies and calls [NVD database](https://nvd.nist.gov/) to produce a vulnerability report. Binaries must have been built with module support to be analyzed with Gobinsec.
4
4
5
5
## Table of Contents
6
6
@@ -220,15 +220,7 @@ Here is a list of sites where you can find information about vulnerabilities:
220
220
221
221
## How Gobinsec works
222
222
223
-
This tool first lists dependencies embedded in binary with `go version -m binary` command:
224
-
225
-
```
226
-
$ go version -m test/binary
227
-
test/binary: go1.17.3
228
-
path nancy-test
229
-
mod nancy-test (devel)
230
-
dep golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
231
-
```
223
+
This tool first lists dependencies embedded in binary using [buildinfo package](https://pkg.go.dev/debug/buildinfo).
232
224
233
225
Then, it calls [National Vulnerability Database](https://nvd.nist.gov/) to lists known vulnerabilities for embedded dependencies. You can find documentation on its API at <https://nvd.nist.gov/developers/vulnerabilities> and get an API key here: <https://nvd.nist.gov/developers/request-an-api-key>.
0 commit comments