Description
Golang uses static linking of sources which are downloaded during build, so the final rpm has bundled affected code which can be found out only via inspecting SBOM of the package. Every package which uses statically linked languages are affected by this.
Benefit
More precise triage results of agent for golang CVEs triage process.
Importance
Many new projects use statically linked languages, so CVE triage of them by Ymir is rendered useless for such CVEs.
Workaround
Participation
Description
Golang uses static linking of sources which are downloaded during build, so the final rpm has bundled affected code which can be found out only via inspecting SBOM of the package. Every package which uses statically linked languages are affected by this.
Benefit
More precise triage results of agent for golang CVEs triage process.
Importance
Many new projects use statically linked languages, so CVE triage of them by Ymir is rendered useless for such CVEs.
Workaround
Participation