cpedict/cpedict.go (4 lines):
	- line 51: // TODO: implement
	- line 57: // TODO: implement
	- line 99: // TODO: implement ProvenanceRecord
	- line 114: // TODO: not implemented


providers/nvd/cve.go (2 lines):
	- line 367: defer os.Remove(dataFile.Name()) // TODO: delet?
	- line 371: defer os.Remove(dataFile.Name()) // TODO: delet?


cpedict/lookup.go (1 line):
	- line 58: // TODO: optimise the performance -- now it's O(n) to O(n^2), it should be easy enough to make it O(log n)


providers/rustsec/rustsec.go (1 line):
	- line 126: // TODO: Add CVSS score: https://github.com/RustSec/advisory-db/issues/20


providers/rbs/schema/convert.go (1 line):
	- line 136: // TODO they don't have cvss vectors. they do have parts of it so we could construct them


vulndb/vendor.go (1 line):
	- line 424: DeleteLatestVersion bool // TODO: support keeping up to N versions


vulndb/cve.go (1 line):
	- line 105: // TODO: handle multi-language descriptions.


rpm/rpm2wfn.go (1 line):
	- line 47: attr.Part = "a" // TODO: figure out the way to properly detect os packages (linux_kernel or smth)


cvefeed/cvecache.go (1 line):
	- line 157: c.mu.Lock() // TODO: XXX: ugly, consider using atomic.Value instead


cvefeed/feed.go (1 line):
	- line 83: // TODO: maybe support .zip


providers/vfeed/schema/providers.go (1 line):
	- line 25: // TODO: move this file to its own package in the future, to implement a common


providers/rbs/api/client.go (1 line):
	- line 44: // TODO this might not work anymore, since c should be a *http.Client


providers/snyk/schema/convert.go (1 line):
	- line 35: DataType:    "CVE", // TODO: maybe set this to SNYK-$LANG ?


providers/lib/client/config.go (1 line):
	- line 40: // TODO implement exponential backoff (for some statuses?)