MaineK00n
407407d306
fix(contrib/trivy-to-vuls): remove cvss/severity duplicates, list all severities ( #1929 )
2024-05-22 17:16:02 +09:00
MaineK00n
878c25bf5a
feat(detector, contrib/trivy-to-vuls): collect vendor severity and cvss ( #1921 )
2024-05-17 19:11:51 +09:00
tk007
be7b9114cc
feat(PackageURL):add package URL for library scan result ( #1862 )
...
* add: package url in model.Library
* feat(trivy-to-vuls): add purl for library scan result
* feat(scanner/library): add purl for lockfile scan result
* fix: model.Library test
* fix: trivy-to-vuls test data
* fix: panic case to generate purl
* fix: add blank line
* fix: trivy-to-vuls for using Trivy version 0.49.0 or earlier
* fix: remove comment
* fix: remove print
* fix: testcase for Package.Identifier does not exist version
* fix: add blank line
* fix: expected libs
* fix: PackageURL -> PURL
* fix: blank line
2024-03-07 16:21:15 +09:00
Shunichi Shinohara
351cf4f712
Update trivy from 0.35.0 to 0.49.1 ( #1806 )
...
* Update trivy 0.35.0->0.48.0
- Specify oras-go 1.2.4 in indirect dependencies
docker/docker changes a part of its API at 24.0
- registry: return concrete service type · moby/moby@7b3acdf
- 7b3acdff5d (diff-8325eae896b1149bf92c826d07fc29005b1b102000b766ffa5a238d791e0849bR18-R21)mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/jar.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/base.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Missing changes in name change
* Update models/github.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/base.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/base.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/jar.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Don't import fanal/types at github.go
* Rewrite code around java db initialization
* Add comment
* refactor
* Close java db client
* rename
* Let LibraryScanner have java db client
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* inline variable
* misc
* Fix typo
---------
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2024-02-28 14:25:58 +09:00
MaineK00n
7e91f5ef7e
fix(contrib/trivy): fix convert for src package ( #1842 )
2024-02-02 15:35:05 +09:00
dependabot[bot]
139f3a81b6
chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 ( #1494 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.27.1 to 0.30.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.27.1...v0.30.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore(deps): bump github.com/aquasecurity/trivy from 0.30.0 to 0.30.2
* fix(library): change fanal to trivy/pkg/fanal
* chore: update integration
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-07-25 16:47:57 +09:00
dependabot[bot]
c7eac4e7fe
chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 ( #1451 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.25.4 to 0.27.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.25.4...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix(library): support go.mod scan
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-04-27 12:46:47 +09:00
Satoru Nihei
ec31c54caf
chore: update trivy from 0.23.0 to 0.24.02 ( #1407 )
...
* chore: update trivy from 0.23.0 to 0.24.2
* chore: deal with changing structs
see: 11f4f81123
2022-03-04 16:00:08 +09:00
maito1201
1cfe155a3a
feat(fedora): support fedora ( #1367 )
...
* feat(fedora): support fedora
* fix(fedora): fix modular package scan
* fix(fedora): check needs-restarting, oval arch, add source link
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-02-09 09:30:44 +09:00
dependabot[bot]
43c05d06fc
chore(deps): bump github.com/aquasecurity/trivy from 0.20.0 to 0.22.0 ( #1350 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.20.0 to 0.22.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.20.0 to 0.22.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.20.0...v0.22.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix(library): trivy scan
* chore(integration): add lockfiles
* fix(library): support gobinary scan via trivy
* chore: add pom in IsTrivySupportedLib
* chore: fix LIBS
* fix(library): support trivy offline scan
* chore(integration): move vulsio/integration repository
* chore(integration): add integration as git submodule
* chore: update .gitignore
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-01-18 08:27:11 +09:00
Kota Kanbe
aac5ef1438
feat: update-trivy ( #1316 )
...
* feat: update-trivy
* add v2 parser
* implement v2
* refactor
* feat: add show version to future-vuls
* add test case for v2
* trivy v0.20.0
* support --list-all-pkgs
* fix lint err
* add test case for jar
* add a test case for gemspec in container
* remove v1 parser and change Library struct
* Changed the field name in the model struct LibraryScanner
* add comment
* fix comment
* fix comment
* chore
* add struct tag
2021-10-08 17:22:06 +09:00
