x/vulndb/cmd/vulnreport: include a link to the release for GHSA reports #54901

julieqiu · 2022-09-06T19:39:18Z

For example, for golang/vulndb#829, there was no commit link in the GHSA. It would be helpful to include this link in the issue for triaging:

https://github.com/crypto-org-chain/cronos/releases/tag/v0.8.0

neild · 2022-09-23T19:06:33Z

Is there a simple, reliable way to map from a module name and version to a useful link?

We could perhaps say that if the module name begins with github.com, we link to https://${MODULE}/releases/tag/${VERSION}, but does that link reliably exist? And in the example here, does the page https://github.com/crypto-org-chain/cronos/releases/tag/v0.8.0 really contain that much useful information?

julieqiu added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Sep 6, 2022

gopherbot added this to the Unreleased milestone Sep 6, 2022

julieqiu modified the milestones: Unreleased, vuln/2022 Sep 6, 2022

mknyszek added the NeedsFix The path to resolution is known, but the work has not been done. label Sep 6, 2022

julieqiu added this to Go Security Sep 8, 2022

tatianab assigned neild Sep 12, 2022

julieqiu modified the milestones: vuln/2022, vuln/unplanned Apr 7, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb/cmd/vulnreport: include a link to the release for GHSA reports #54901

x/vulndb/cmd/vulnreport: include a link to the release for GHSA reports #54901

julieqiu commented Sep 6, 2022

neild commented Sep 23, 2022

x/vulndb/cmd/vulnreport: include a link to the release for GHSA reports #54901

x/vulndb/cmd/vulnreport: include a link to the release for GHSA reports #54901

Comments

julieqiu commented Sep 6, 2022

neild commented Sep 23, 2022