mirror of
https://github.com/opentffoundation/opentf.git
synced 2026-05-15 22:00:38 -04:00
ffb64bbd16
Advisories in the Go vulnerability database often identify specific Go packages or even specific symbols within Go packages that the advisory applies to. Therefore when we are evaluating the impact of an advisory on OpenTofu we often need to ask the question "what parts of OpenTofu are using that affected package?" This new tool is a small wrapper around the "go list" command which takes a package path of interest and returns all of the packages in OpenTofu's package import graph that directly import the given package. The results can include both OpenTofu's own packages and packages from upstream modules or the Go standard library. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>