Go programming language arrives at security warnings that are useful

2022-09-06 22:40

The open source Go programming language, developed by Google, has added support for vulnerability management in a way designed to preserve programmers' patience.

Dev to host a selection of known vulnerabilities in packages that can be imported from public Go modules.

These chosen vulnerabilities have been curated and reviewed by the Go security team, based on CVEs, GitHub Security Advisories, and reports from maintainers.

Back in 2018, before its acquisition by GitHub, npm introduced an audit command, to find and identify npm packages with known vulnerabilities in apps that rely on npm for package management.

Dev serves as "a low-noise, reliable way for Go users to learn about known vulnerabilities that may affect their projects."

This should be a significant improvement over the way current Go vulnerability scanners rely on go.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/06/go_govulncheck_vulnerability_tool/

#security