ghsa

package

v0.1.3 Latest Latest Go to latest Published: Feb 16, 2026 License: MIT Imports: 9 Imported by: 0

Details

Package ghsa provides a vulnerability source backed by the GitHub Security Advisory API.

View Source

const (
	DefaultAPIURL  = "https://api.github.com"
	DefaultTimeout = 30 * time.Second
)

This section is empty.

This section is empty.

type Option func(*Source)

Option configures a Source.

func WithBaseURL(url string) Option

WithBaseURL sets a custom API base URL.

func WithHTTPClient(c *http.Client) Option

WithHTTPClient sets a custom HTTP client.

func WithToken(token string) Option

WithToken sets the GitHub API token. Optional for public advisory data, but recommended to avoid rate limits.

type Source struct {
	// contains filtered or unexported fields
}

Source implements vulns.Source using the GitHub Security Advisory API.

func New(opts ...Option) *Source

New creates a new GHSA source.

func (s *Source) Get(ctx context.Context, id string) (*vulns.Vulnerability, error)

Get fetches a specific vulnerability by ID.

func (s *Source) Name() string

Name returns "ghsa".

func (s *Source) Query(ctx context.Context, p *purl.PURL) ([]vulns.Vulnerability, error)

Query returns vulnerabilities affecting the package identified by the PURL.

func (s *Source) QueryBatch(ctx context.Context, purls []*purl.PURL) ([][]vulns.Vulnerability, error)

QueryBatch queries multiple packages. GHSA doesn't have a batch API, so this makes individual requests.