Does anybody know if there are plans to integrate vulnerability checks into Go tools like go get, go mod download, or go mod tidy?
Right now, devs need to pull vuln information manually, either through running govulnchek or by visiting packages on pkg.go.dev and inspecting the package history for vuln tags. Integration into the toolchain would provide a semi-automated way of checking projects for security issues. (Side note: there is a govulncheck GitHub Action <https://github.com/marketplace/actions/govulncheck-action> available, but what I am looking for is a (semi-)automated mechanism that is independent of any software ecosystem.) -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/1c1be987-6f07-4a24-84b3-09d0f0bff71cn%40googlegroups.com.
