1 files changed, 19 insertions, 0 deletions

diff --git a/security/govulncheck/pkg-descr b/security/govulncheck/pkg-descr
new file mode 100644
index 000000000000..5759881efc1c
--- /dev/null
+++ b/security/govulncheck/pkg-descr
@@ -0,0 +1,19 @@
+Govulncheck reports known vulnerabilities that affect Go code.
+It uses static analysis of source code or a binary's symbol table
+to narrow down reports to only those that could affect the
+application.
+
+By default, govulncheck makes requests to the Go vulnerability
+database at https://vuln.go.dev. Requests to the vulnerability
+database contain only module paths with vulnerabilities already
+known to the database, not code or other properties of your
+program. See https://vuln.go.dev/privacy.html for more.
+Use the -db flag to specify a different database, which must
+implement the specification at https://go.dev/security/vuln/database.
+
+Govulncheck looks for vulnerabilities in Go programs using a specific
+build configuration. For analyzing source code, that configuration is
+the Go version specified by the "go" command found on the PATH. For
+binaries, the build configuration is the one used to build the binary.
+Note that different build configurations may have different known
+vulnerabilities.