Can C/C++ package managers scan my go code for vulnerabilities?
This post is so absurd.
First of all, you cannot add packages without version information into go.mod file. That’s an error and will signalize on go mod tidy command, so you won’t be able to vendor nada.
It’s called govulncheck since we are writing in golang and would like to see security issues with the code in this language, not with fancy dependencies on C code. If someone imports C into their go-code, it’s their responsibility to know exactly what they are importing. Not the task for go toolchain.