Binary detects presence of vulnerable symbols in bin and emits findings to handler.

FetchVulnerabilities fetches vulnerabilities that affect the supplied modules.

Source detects vulnerabilities in pkgs and emits the findings to handler.

Bin is an abstraction of Go binary containing minimal information needed by govulncheck.

A CallSite describes a function call.

A FuncNode describes a function in the call graph.

ModVulns groups vulnerabilities per module.

PackageGraph holds a complete module and package graph.

Result contains information on detected vulnerabilities.

StackEntry is an element of a call stack.

Vuln provides information on a detected vulnerability.

CallStack is a call stack starting with a client function or method and ending with a call to a vulnerable symbol.