govulncheck for go ports

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Einar_Bjarni_Halldórsson <einar_at_isnic.is>
Date: Tue, 25 Mar 2025 10:27:53 UTC

Hi,

I sent a mail to ports@freebsd.org asking if running `govulncheck` as part of
`make test` would be advisable.

I maintain two go ports, and I’ve recently started using `govulncheck` for other
projects. It’s a tool that scans used modules for known vulnerabilities and
warns if your code is calling vulnerable code. 

https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck

Instead of running govulncheck as part of `make test`, it was suggested to add
a new parameter:

> I'd rather make it an argument of USES=go, something like USES=go:vulncheck
> 
> This would allow Go ports to opt-in into the feature.

Is this something you think is interesting?

My PR to add govulncheck to ports is https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285627

.einar