govulncheck

CLI tool to report known CVE vulnerabilities in Go source code and binaries

govulncheck is a CLI tool to report known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application. By default, govulncheck makes requests to the Go vulnerability database at <a href="https://vuln.go.dev">https://vuln.go.dev</a> . Requests to the vulnerability database contain only module paths, not code or other properties of your program. See <a href="https://vuln.go.dev/privacy.html">https://vuln.go.dev/privacy.html</a> for more. Use the -db flag to specify a different database, which must implement the specification at <a href="https://go.dev/security/vuln/database">https://go.dev/security/vuln/database</a> .