mirror of
https://github.com/lukaszraczylo/gohoarder.git
synced 2026-07-17 05:34:09 +00:00
d5979a8b88
Go module metadata files (.mod and .info) are not actual packages and should not be scanned for vulnerabilities. Only .zip files contain the actual module code. Changes: - Added .mod and .info suffix checks to isMetadataEntry filter - These files are now excluded from database storage - Scanner won't attempt to scan them during rescan cycles This fixes OSV scanner 404 errors for metadata files like: - github.com/mattn/go-isatty/@v/v0.0.20.mod - github.com/clipperhouse/stringish/@v/v0.1.1.info Resolves: OSV API errors "The current request is not defined by this API" for Go module metadata files