Not understanding the difference between this and something like cargo audit[0]. I suppose it has something to do with "static analysis of vulnerabilities" but I don't see any of that from a quick google search of govulncheck.

[0]https://crates.io/crates/cargo-audit

govulncheck analyzes symbol usage and only warns if your code reaches the affected symbol(s).

I’m not sure about cargo audit specifically, but most other security advisories are package scoped and will warn if your code transitively references the package, regardless of which symbols your code uses.