gobin

package
v1.5.49 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2026 License: Apache-2.0 Imports: 21 Imported by: 3

Documentation

Overview

Package gobin implements a package scanner that pulls go runtime and dependency information out of a compiled executable.

Main module versioning

The go toolchain before go1.24 only fills in version information for modules obtained as a module. Most go executables are built from source checkouts, meaning they are not in module form pre-go1.24. Accordingly, claircore cannot report advisories for main modules built pre-go1.24. See relevant go commit: https://cs.opensource.google/go/go/+/8aa2eed8fb90303c0876e51e097105eca7299734

Index

Constants

View Source 
const (
	// PURLType is the type of package URL for go binaries.
	PURLType = "golang"
)

Variables

View Source 
var (
	ErrInvalidSemVer = errors.New("invalid semantic version")
)
View Source 
var (
	Repository = claircore.Repository{
		Name: "go",
		URI:  "https://pkg.go.dev/",
	}
)

Functions

func GeneratePURL added in v1.5.49 

func GeneratePURL(ctx context.Context, ir *claircore.IndexRecord) (packageurl.PackageURL, error)

GeneratePURL generates a Go binary PURL for a given claircore.IndexRecord. Example: pkg:golang/google.golang.org/genproto#googleapis/api/annotations?arch=x86_64

func NewEcosystem 

func NewEcosystem(ctx context.Context) *indexer.Ecosystem

NewEcosystem provides the ecosystem for handling go binaries.

func ParsePURL added in v1.5.49 

func ParsePURL(ctx context.Context, purl packageurl.PackageURL) ([]*claircore.IndexRecord, error)

ParsePURL parses a Go binary PURL into a list of [claircore.IndexRecord]s. The matcher needs the NormalizedVersion to be set and to be semver.

func ParseVersion added in v1.5.22 

func ParseVersion(ver string) (c claircore.Version, err error)

ParseVersion will return a claircore.Version of type semver given a valid semantic version. If the string is not a valid semver it will return an ErrInvalidSemVer.

Types

type Detector 

type Detector struct{}

Detector detects go binaries and reports the packages used to build them.

func (Detector) DefaultRepository added in v1.5.6 

func (Detector) DefaultRepository(ctx context.Context) *claircore.Repository

DefaultRepository implements indexer.DefaultRepoScanner.

func (Detector) Kind 

func (Detector) Kind() string

Kind implements indexer.PackageScanner.

func (Detector) Name 

func (Detector) Name() string

Name implements indexer.PackageScanner.

func (Detector) Scan 

func (Detector) Scan(ctx context.Context, l *claircore.Layer) ([]*claircore.Package, error)

Scan implements indexer.PackageScanner.

func (Detector) Version 

func (Detector) Version() string

Version implements indexer.PackageScanner.

type Matcher added in v1.5.3 

type Matcher struct{}

Matcher matches discovered go packages against advisories provided via OSV.

func (*Matcher) Filter added in v1.5.3 

func (matcher *Matcher) Filter(record *claircore.IndexRecord) bool

Filter implements driver.Matcher.

func (*Matcher) Name added in v1.5.3 

func (m *Matcher) Name() string

Name implements driver.Matcher.

func (*Matcher) Query added in v1.5.3 

func (matcher *Matcher) Query() []driver.MatchConstraint

Query implements driver.Matcher.

func (*Matcher) VersionAuthoritative added in v1.5.6 

func (matcher *Matcher) VersionAuthoritative() bool

func (*Matcher) VersionFilter added in v1.5.6 

func (matcher *Matcher) VersionFilter()

func (*Matcher) Vulnerable added in v1.5.3 

func (matcher *Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error)

Vulnerable implements driver.Matcher.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.