Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln: Missing output message when no vulnerabilities are found #61328

Closed
samstride opened this issue Jul 12, 2023 · 1 comment
Closed

x/vuln: Missing output message when no vulnerabilities are found #61328

samstride opened this issue Jul 12, 2023 · 1 comment
Assignees
@ianthehat
Labels
FrozenDueToAge vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@samstride
Copy link

What version of Go are you using (go version)?

$ go version go1.20.6 linux/arm64

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="arm64"
GOBIN=""
GOCACHE="/home/vscode/.cache/go-build"
GOENV="/home/vscode/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="arm64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_arm64"
GOVCS=""
GOVERSION="go1.20.6"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/workspaces/"
GOWORK="/workspaces//go.work"
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1204719484=/tmp/go-build -gno-record-gcc-switches"

govulncheck v0.1.0 outputs the message No vulnerabilities found. when no vulnerabilities are found.

go install golang.org/x/vuln/cmd/govulncheck@v0.1.0

govulncheck ./...
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Using go1.20.6 and govulncheck@v0.0.0 with
vulnerability data from https://vuln.go.dev (last modified 2023-07-11 19:19:08 +0000 UTC).

Scanning your code and 326 packages across 40 dependent modules for known vulnerabilities...
No vulnerabilities found.

govulncheck v0.2.0 does not output the message No vulnerabilities found. when no vulnerabilities are found.

go install golang.org/x/vuln/cmd/govulncheck@v0.2.0

govulncheck ./...
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Using go1.20.6
 and govulncheck@v0.2.0 with vulnerability data from https://vuln.go.dev (last modified 2023-07-11 19:19:08 +0000 UTC).

Scanning your code and 326 packages across 40 dependent modules for known vulnerabilities...

Just checking to see if this is the expected behaviour of v0.2.0?

Thanks.
@samstride samstride added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Jul 12, 2023
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned Jul 12, 2023
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/508920 mentions this issue: internal/scan: print the summary even when there are no findings

@gabyhelp gabyhelp mentioned this issue Jun 24, 2024
Open
This was referenced Jul 4, 2024
Closed
Closed
@golang golang locked and limited conversation to collaborators Jul 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ianthehat ianthehat

Labels
FrozenDueToAge vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
3 participants
@ianthehat @gopherbot @samstride