Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln: expose vulnerability feed as rss #73031

Closed
eltonsv opened this issue Mar 25, 2025 · 5 comments
Closed

x/vuln: expose vulnerability feed as rss #73031

eltonsv opened this issue Mar 25, 2025 · 5 comments
Assignees
@zpavlinovic
Labels
FeatureRequest Issues asking for a new feature that does not need a proposal. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone
vuln/unplanned

Comments

@eltonsv
Copy link

eltonsv commented Mar 25, 2025

I was wondering if we could also utilize the updates from https://pkg.go.dev/vuln/ via RSS so that we are notified instantly of new CVEs pertaining to Go.
@gopherbot gopherbot added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Mar 25, 2025
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned Mar 25, 2025
@gabyhelp gabyhelp added the FeatureRequest Issues asking for a new feature that does not need a proposal. label Mar 25, 2025
@seankhliao seankhliao changed the title x/vuln: [Possible Feature] Extend https://pkg.go.dev/vuln/ Go Vulnerability Database as an RSS Feed x/vuln: expose vulnerability feed as rss Mar 25, 2025
@seankhliao
Copy link
Member

is this actually useful though? these are vulnerabilities for anything written in go, not just the things you actually use.

@dmitshur
Copy link
Contributor

CC @golang/vulndb.

@dmitshur dmitshur added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Mar 25, 2025
@zpavlinovic
Copy link
Contributor

Is this issue more appropriate for x/vulndb? I believe this is out of scope of both x/vuln and x/vulndb.

@zpavlinovic zpavlinovic added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Mar 27, 2025
@eltonsv
Copy link
Author

eltonsv commented Mar 28, 2025

Yeah, I agree; I feel its directed for the folks maintaining the website if its possible to expose the contents as an RSS feed;

I just felt the use case of knowing the latest go CVEs listed via RSS so that people can subscribe to it would make a broader set of folks also interested in the possible vulnerabilities, even if it might not be applicable in their codebase via govulncheck reporting them. But yeah, feel free to close this issue if the folks in the team feel its not an apt possible feature to address.

@dmitshur
Copy link
Contributor

dmitshur commented Apr 2, 2025

@zpavlinovic This issue is closed as "completed", is that the right status? Or should it be closed as "not planned"?

@zpavlinovic zpavlinovic self-assigned this Apr 3, 2025
@zpavlinovic zpavlinovic reopened this Apr 3, 2025
@zpavlinovic zpavlinovic closed this as not planned Won't fix, can't repro, duplicate, stale Apr 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zpavlinovic zpavlinovic

Labels
FeatureRequest Issues asking for a new feature that does not need a proposal. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
6 participants
@zpavlinovic @dmitshur @gopherbot @seankhliao @eltonsv @gabyhelp