Skip to content

Commit f2a1768

Browse files
committed
doc: document vulnreport failures in triage
Change-Id: I3c031d93c4a1beda829fe3f00debcdb6810bd29f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461635 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tim King <taking@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
1 parent 9d185d8 commit f2a1768

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

doc/triage.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,3 +181,21 @@ to update the existing report.
181181
182182
In that case, reopen the issue for the report to discuss the change, rather
183183
than create a new issue.
184+
185+
## Frequent issues during triage
186+
187+
This section describes frequent issues that come up when triaging vulndb reports.
188+
189+
### vulnreport cgo failures
190+
191+
When `vulnreport fix` fails with an error message like
192+
```
193+
/path/to/package@v1.2.3/foo.go:1:2: could not import C (no metadata for C)
194+
````
195+
a frequent cause is the local machine missing `C` library headers causing
196+
typechecking of cgo packages to fail. The easiest workaround is to use
197+
a machine with the development headers installed or to install them.
198+
199+
Commonly missing packages include:
200+
* libgpgme-dev
201+
* libdevmapper-dev

0 commit comments

Comments
 (0)