In tools for programming language go implemented the possibility of tracking vulnerabilities in libraries. To verify their projects for the availability of modules with incorporate vulnerabilities, the utility is proposed “ govulncheck “, which analyzes the code base of the project and displays a report on the appeal to vulnerable functions. Additionally, a package of vulncheck , providing an API to build verification into various projects and utilities.
The check is carried out according to the specially created vulnerability base , which is overseas GO Security Team. In the database there are information about known vulnerabilities in publicly distributed modules in the language of GO. Data is collected from different sources, including from the reports cve and GHSA (Github Advisory Database), as well as on the basis of information that accompanying packages send. To automate the data request from the database, it is proposed library , Web Api and web interface .