good day all, i am not a developer and have just recently stumbled upon the `govulncheck` tool from golang. i am curious how accurate this tool is and if it should be used in a scan report for vulnerabilities? do we need to run this on the main.go and reference the go.mod file in the project? another question would be about the go.mod. does this tool only scan go packages `gopkg.in/yaml.v3 v3.0.1` or is it anything listed in the go.mod `github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0`
if you need more info or have questions please feel free to ask. W/r Colton. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/2fca01b6-5bc8-49ee-bb21-eba166063d35n%40googlegroups.com.
