Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,529 Commits 6 Branches 121 Tags
master
Commit Graph

212 Commits

Author SHA1 Message Date
Shunichi Shinohara
86d3681d8d fix(config/os): Fix EOL date of ubuntu 23.10 (#1972) 
cf. https://lists.ubuntu.com/archives/ubuntu-announce/2024-June/000302.html
 2024-06-18 16:20:48 +09:00
MaineK00n
436341a4a5 feat: update EOL and Windows KB list (#1971) 
* feat(os): update EOL

* feat(scanner/windows): update kb list
 2024-06-18 16:13:59 +09:00
MaineK00n
7f79b8eadf feat(config/os): add alpine 3.19, 3.20 EOL (#1965) 2024-06-12 17:18:20 +09:00
MaineK00n
cc9734d5e4 chore(deps): use github.com/Azure/azure-sdk-for-go/sdk/storage/azblob (#1661) 2024-05-28 19:31:21 +09:00
MaineK00n
db2c502b4a feat(reporter/s3): support minio (#1930) 
* feat(reporter/s3): support minio

* feat(reporter/s3): disable config/credential: file and some providers
 2024-05-28 10:13:39 +09:00
MaineK00n
d8bce94d8c chore(deps): use aws-sdk-go-v2 (#1922) 2024-05-24 19:08:38 +09:00
MaineK00n
f3f667138d feat(ubuntu): add 24.04 noble (#1878) 2024-05-02 16:56:42 +09:00
future-ryunosuketanai
a6cafabfb8 style(log) config.toml template docs url (#1894) 
* fix: config.toml template url

* applied fixes to other places
 2024-04-16 12:11:28 +09:00
dependabot[bot]
3cdd2e10d0 chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 (#1888) 
* chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0

Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.20.2 to 0.21.0.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.20.2...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(reporter/email): use DialStartTLS instead of StartTLS

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-04-05 17:41:41 +09:00
Konstantin Eremin
867bf63bb2 TLS insecure option adding (#1220) 
* TLS InsecureSkipVerify option added to sendMail

* refactor(reporter/email): remove redundant if statement

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-04-05 13:12:47 +09:00
MaineK00n
e1df74cbc1 fix(amazon): use major version for checking eol, security advisories (#1873) 2024-03-18 16:13:54 +09:00
MaineK00n
dc496468b9 refactor(config): move syslogconf to config/syslog package (#1865) 2024-03-05 18:11:45 +09:00
Shunichi Shinohara
351cf4f712 Update trivy from 0.35.0 to 0.49.1 (#1806) 
* Update trivy 0.35.0->0.48.0

- Specify oras-go 1.2.4 in indirect dependencies

  docker/docker changes a part of its API at 24.0
  - registry: return concrete service type · moby/moby@7b3acdf
    - 7b3acdff5d (diff-8325eae896b1149bf92c826d07fc29005b1b102000b766ffa5a238d791e0849bR18-R21)

  oras-go 1.2.3 uses 23.0.1 and trivy transitively depends on docker/docker 24.y.z.
  There is a build error between oras-go and docker/dockr.

- Update disabled analyzers
- Update language scanners, enable all of them

* move javadb init to scan.go

* Add options for java db init()

* Update scanner/base.go

* Remove unused codes

* Add some lock file names

* Typo fix

* Remove space character (0x20)

* Add java-db options for integration scan

* Minor fomartting fix

* minor fix

* conda is NOT supported by Trivy for library scan

* Configure trivy log in report command too

* Init trivy in scanner

* Use trivy's jar.go and replace client which does almost nothing

* mv jar.go

* Add sha1 hash to result and add filepath for report phase

* Undo added 'vuls scan' options

* Update oras-go to 1.2.4

* Move Java DB related config items to report side

* Add java db search in detect phase

* filter top level jar only

* Update trivy to 0.49.1

* go mod tidy

* Update to newer interface

* Refine lock file list, h/t MaineK00n

* Avoid else clauses if possible, h/t MaineK00n

* Avoid missing word for find and lang types, h/t MaineK00n

* Add missing ecosystems, h/t MaineK00n

* Add comments why to use custom jar analyzer, h/t MaineK00n

* Misc

* Misc

* Misc

* Include go-dep-parser's pares.go for modification

* Move digest field from LibraryScanner to Library

* Use inner jars sha1 for each

* Add Seek to file head before handling zip file entry

* Leave Digest feild empty for entries from pom.xml

* Don't import python/pkg (don't look into package.json)

* Make privete where private is sufficient

* Remove duplicate after Java DB lookup

* misc

* go mod tidy

* Comment out ruby/gemspec

* misc

* Comment out python/packaging

* misc

* Use custom jar

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/jar.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/base.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Missing changes in name change

* Update models/github.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/base.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/base.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/jar.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Don't import fanal/types at github.go

* Rewrite code around java db initialization

* Add comment

* refactor

* Close java db client

* rename

* Let LibraryScanner have java db client

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* inline variable

* misc

* Fix typo

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-02-28 14:25:58 +09:00
hiroka-wada
76267a54fc delete: cab validation (#1843) 
Co-authored-by: wadahiroka <wadahiroka@wadahirokanoMBP.AirPort>
 2024-02-01 12:58:33 +09:00
MaineK00n
8e9d165e75 feat(os): add FreeBSD 14 (#1797) 2023-11-25 08:29:29 +09:00
MaineK00n
cd8f6e1b8f feat(os): add fedora 39 (#1788) 2023-11-08 23:47:46 +09:00
MaineK00n
323f0aea3d feat(windows): add Windows 11 23H2 (#1751) 2023-11-07 09:27:39 +09:00
hiroka-wada
cef4ce4f9f chore(config):Modification of AmazonLinux 1 maintenance deadline (#1776) 2023-10-27 23:19:16 +09:00
MaineK00n
75e9883d8a feat(ubuntu): add ubuntu 23.10(mantic) (#1750) 2023-10-19 02:01:18 +09:00
MaineK00n
d2ca56a515 chore(os): update EOL (#1749) 2023-10-03 00:37:16 +09:00
guangwu
27df19f09d chore: remove refs to deprecated io/ioutil (#1748) 
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
 2023-10-01 18:51:53 +09:00
Eng Zer Jun
c1854a3a7b refactor: remove redundant len check (#1743) 
`len` returns 0 if the slice is nil. From the Go specification [1]:

  "1. For a nil slice, the number of iterations is 0."

Therefore, an additional `len(v) != 0` check for before the loop is
unnecessary.

[1]: https://go.dev/ref/spec#For_range

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2023-09-26 18:00:05 +09:00
hiroka-wada
9d8e510c0d add: json tag (#1746) 
Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>
 2023-09-26 15:50:18 +09:00
MaineK00n
1832b4ee3a feat(macos): support macOS (#1712) 2023-09-25 16:51:09 +09:00
hiroka-wada
f6509a5376 feat(config): Auto-upgrade Windows config.toml from v1 to v2 (#1726) 
* add: README.md

* add: commands(discover,add-server,add-cpe)

* add: implements(discover,add-server,add-cpe)

* fix: changed os.Exit(1) in main.go to return an error

* fix: lint error

* delete: trivy-to-vuls stdIn

* fix: Incomprehesible error logs

* fix: according to review

* add: function converts old config to latest one

* delete: add-server

* fix: lint error

* fix

* fix: remote scan error in Windows

* fix: lint error

* fix

* fix: lint error

* fix: lint error

* add: scanner/scanner.go test normalizeHomeDirForWindows()

* fix

* fix

* fix

* fix: remove pointless assignment

* fix

---------

Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.4>
Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.10>
Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>
 2023-09-21 16:48:35 +09:00
Atsushi Watanabe
97cf033ed6 feat(os): add Fedora 38 EOL date (#1689) 
* feat: add Fedora 38 EOL date

* Update EOL date

based on https://fedorapeople.org/groups/schedule/f-38/f-38-key-tasks.html

* Fix test case name

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-06-13 17:23:11 +09:00
Wagde Zabit
b2c5b79672 feat(os): support debian 12 (#1676) 
* feat(os): support debian 12

* chore(scanner/debian): remove unneeded warn log

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-05-13 01:04:31 +09:00
MaineK00n
6787ab45c5 feat(ubuntu): add ubuntu 23.04 (#1647) 2023-04-27 03:26:59 +09:00
MaineK00n
d4d33fc81d fix(scanner/dpkg): Fix false-negative in Debian and Ubuntu (#1646) 
* fix(scanner/dpkg): fix dpkg-query and not remove src pkgs

* refactor(gost): remove unnecesary field and fix typo

* refactor(detector/debian): detect using only SrcPackage
 2023-04-20 11:42:53 +09:00
kurita0
e506125017 feat(wp): support csh, no sudo scan (#1523) 
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-03-28 21:07:10 +09:00
MaineK00n
947d668452 feat(windows): support Windows (#1581) 
* chore(deps): mod update

* fix(scanner): do not attach tty because there is no need to enter ssh password

* feat(windows): support Windows
 2023-03-28 19:00:33 +09:00
MaineK00n
6682232b5c feat(os): support Amazon Linux 2023 (#1621) 2023-03-16 17:31:57 +09:00
MaineK00n
ee97d98c39 feat: update EOL (#1598) 2023-02-22 16:00:05 +09:00
MaineK00n
ad2edbb844 fix(ubuntu): vulnerability detection for kernel package (#1591) 
* fix(ubuntu): vulnerability detection for kernel package

* feat(gost/ubuntu): update mod to treat status: deferred as unfixed

* feat(ubuntu): support 22.10
 2023-02-03 15:56:58 +09:00
kl-sinclair
ca64d7fc31 feat(report): Include dependencies into scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts (#1584) 
* feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts

* derive ecosystem/version from dependency graph

* fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure

* fix miscs

* typo in error message

* fix ecosystem equally to trivy

* miscs

* refactoring

* recursive dependency graph pagination

* change var name && update comments

* omit map type of ghpkgToPURL in signatures

* fix vars name

* goimports

* make fmt

* fix comment

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-01-20 15:32:36 +09:00
Kota Kanbe
1d97e91341 fix(libscan): delete map that keeps all file contents detected by FindLock to save memory (#1556) 
* fix(libscan): delete Map that keeps all files detected by FindLock to save memory

* continue analyzing libs if err occurred

* FindLockDirs

* fix

* fix
 2022-11-10 10:19:15 +09:00
MaineK00n
96333f38c9 chore(ubuntu): set Ubuntu 22.10 EOL (#1552) 2022-11-01 14:00:56 +09:00
MaineK00n
ca3f6b1dbf feat(amazon): support Amazon Linux 2 Extra Repository (#1510) 
* feat(amazon): support Amazon Linux 2 Extra Repository

* feat(amazon): set Amazon Linux EOL

* feat(oracle): set Oracle Linux EOL
 2022-08-04 17:52:42 +09:00
MaineK00n
2f3b8bf3cc chore(rocky): set Rocky Linux 9 EOL (#1495) 2022-07-27 02:48:10 +09:00
MaineK00n
847d820af7 feat(os): support Alpine Linux 3.16 (#1479) 2022-06-15 17:08:40 +09:00
MaineK00n
5234306ded feat(cti): add Cyber Threat Intelligence info (#1442) 
* feat(cti): add Cyber Threat Intelligence info

* chore: replace io/ioutil as it is deprecated

* chore: remove --format-csv in stdout writer

* chore(deps): go get go-cti@v0.0.1

* feat(cti): update cti dict(support MITRE ATT&CK v11.1)

* chore(deps): go get go-cti@master
 2022-06-15 17:08:12 +09:00
MaineK00n
86b60e1478 feat(config): support CIDR (#1415) 2022-06-10 18:24:25 +09:00
MaineK00n
42fdc08933 feat(os): support RHEL 9, CentOS Stream 9, Alma Linux 9 (#1465) 
* feat(os): support RHEL 9

* feat(os): support CentOS Stream9, AlmaLinux 9
 2022-06-09 06:39:16 +09:00
MaineK00n
cc63a0eccf feat(ubuntu): add Jammy Jellyfish(22.04) (#1431) 
* feat(ubuntu): add Jammy Jellyfish(22.04)

* chore(deps): gost update

* chore(oval/ubuntu): fill kernel package name temporarily
 2022-04-27 11:04:00 +09:00
MaineK00n
787604de6a fix(suse): fix openSUSE, openSUSE Leap, SLES, SLED scan (#1384) 
* fix(suse): fix openSUSE, openSUSE Leap scan

* docs: update README

* fix: unknown CveContent.Type

* fix: tui reporting

* fix: listening port was duplicated in format-full-text

* fix .gitignore

* fix: add EOL data for SLES12.5

Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
 2022-02-15 17:11:54 +09:00
MaineK00n
07335617d3 fix(configtest,scan): support SSH config file (#1388) 
* fix(configtest,scan): support SSH config file

* chore(subcmds): remove askKeyPassword flag
 2022-02-12 21:50:56 +09:00
maito1201
1cfe155a3a feat(fedora): support fedora (#1367) 
* feat(fedora): support fedora

* fix(fedora): fix modular package scan

* fix(fedora): check needs-restarting, oval arch, add source link

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2022-02-09 09:30:44 +09:00
MaineK00n
2923cbc645 fix(centos): identify CentOS and CentOS Stream (#1360) 2022-02-03 05:32:03 +09:00
MaineK00n
84fa4ce432 feat(alpine): add Alpine 3.14, 3.15 EOL (#1359) 
* feat(alpine): add Alpine 3.14, 3.15 EOL

* fix(alpine): change test case
 2022-02-02 06:46:52 +09:00
MaineK00n
2b7294a504 feat(amazon): support amazon linux 2022 (#1338) 2021-12-09 11:06:44 +09:00