Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,529 Commits 6 Branches 121 Tags
master
Commit Graph

242 Commits

Author SHA1 Message Date
Kota Kanbe
5a6980436a feat(ubuntu): Support Ubuntu 14.04 and 16.04 ESM (#1682) 
* feat(ubuntu): Support Ubuntu ESM

* Sort PackageFixStatuses to resolve the diff in integrationTest

* go mod update gost
 2023-05-31 09:27:43 +09:00
dependabot[bot]
83681ad4f0 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.259 to 1.44.263 (#1677) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.259 to 1.44.263.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.259...v1.44.263)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-18 10:17:34 +09:00
dependabot[bot]
779833872b chore(deps): bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#1678) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-18 10:16:54 +09:00
dependabot[bot]
b0cc908b73 chore(deps): bump github.com/docker/distribution (#1675) 
Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-12 08:56:46 +09:00
MaineK00n
7475b27f6a chore(deps): update dictionary tools, Vuls is now CGO free (#1667) 
* chore(deps): update dictionary tools, Vuls is now CGO free

* chore(integration): update commit
 2023-05-11 00:28:51 +09:00
dependabot[bot]
ef80838ddd chore(deps): bump github.com/aws/aws-sdk-go from 1.44.254 to 1.44.259 (#1672) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.254 to 1.44.259.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.254...v1.44.259)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-09 08:09:49 +09:00
dependabot[bot]
b445b71ca5 chore(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 (#1673) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.2.0.
- [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-09 08:09:26 +09:00
dependabot[bot]
1ccc5f031a chore(deps): bump github.com/aws/aws-sdk-go from 1.44.251 to 1.44.254 (#1669) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.251 to 1.44.254.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.251...v1.44.254)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-02 12:17:14 +09:00
MaineK00n
8356e976c4 chore(deps): update goval-dictionary v0.8.3 (#1671) 2023-05-02 12:14:43 +09:00
dependabot[bot]
046a29467b chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.0 to 0.7.1 (#1663) 
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.7.0...v0.7.1)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 05:54:41 +09:00
dependabot[bot]
ef5ab8eaf0 chore(deps): bump golang.org/x/oauth2 from 0.1.0 to 0.7.0 (#1662) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.1.0 to 0.7.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.1.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 05:42:57 +09:00
dependabot[bot]
c8daa5c982 chore(deps): bump github.com/Ullaakut/nmap/v2 (#1665) 
Bumps [github.com/Ullaakut/nmap/v2](https://github.com/Ullaakut/nmap) from 2.1.2-0.20210406060955-59a52fe80a4f to 2.2.2.
- [Release notes](https://github.com/Ullaakut/nmap/releases)
- [Commits](https://github.com/Ullaakut/nmap/commits/v2.2.2)

---
updated-dependencies:
- dependency-name: github.com/Ullaakut/nmap/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 05:41:49 +09:00
dependabot[bot]
9309081b3d chore(deps): bump github.com/aws/aws-sdk-go from 1.44.249 to 1.44.251 (#1660) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.249 to 1.44.251.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.249...v1.44.251)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 04:01:42 +09:00
dependabot[bot]
f541c32d1f chore(deps): bump github.com/c-robinson/iplib from 1.0.3 to 1.0.6 (#1659) 
Bumps [github.com/c-robinson/iplib](https://github.com/c-robinson/iplib) from 1.0.3 to 1.0.6.
- [Release notes](https://github.com/c-robinson/iplib/releases)
- [Commits](https://github.com/c-robinson/iplib/compare/v1.0.3...v1.0.6)

---
updated-dependencies:
- dependency-name: github.com/c-robinson/iplib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:51:34 +09:00
dependabot[bot]
79a8b62105 chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#1657) 
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.6 to 1.3.7.
- [Release notes](https://github.com/etcd-io/bbolt/releases)
- [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.6...v1.3.7)

---
updated-dependencies:
- dependency-name: go.etcd.io/bbolt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:50:53 +09:00
MaineK00n
6787ab45c5 feat(ubuntu): add ubuntu 23.04 (#1647) 2023-04-27 03:26:59 +09:00
dependabot[bot]
f631e9e603 chore(deps): bump github.com/emersion/go-smtp from 0.14.0 to 0.16.0 (#1580) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.14.0 to 0.16.0.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.14.0...v0.16.0)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:25:41 +09:00
dependabot[bot]
2ab48afe47 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.136 to 1.44.249 (#1656) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.136 to 1.44.249.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.136...v1.44.249)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:24:53 +09:00
dependabot[bot]
53ccd61687 chore(deps): bump github.com/Azure/azure-sdk-for-go (#1588) 
Bumps [github.com/Azure/azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) from 66.0.0+incompatible to 68.0.0+incompatible.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v66.0.0...v68.0.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:20:58 +09:00
Sinclair
2cdfbe3bb4 fix: dependency graph using small query at once to avoid timeout (#1642) 2023-04-14 14:46:31 +09:00
MaineK00n
947d668452 feat(windows): support Windows (#1581) 
* chore(deps): mod update

* fix(scanner): do not attach tty because there is no need to enter ssh password

* feat(windows): support Windows
 2023-03-28 19:00:33 +09:00
MaineK00n
db21149f00 feat(contrib): add snmp2cpe (#1625) 2023-03-28 18:56:28 +09:00
dependabot[bot]
7f35f4e661 chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1606) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.2 to 1.7.0.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-17 05:04:48 +09:00
MaineK00n
897fef24a3 feat(detector/exploitdb): mod update and add more urls (#1610) 2023-02-22 15:58:24 +09:00
MaineK00n
ad2edbb844 fix(ubuntu): vulnerability detection for kernel package (#1591) 
* fix(ubuntu): vulnerability detection for kernel package

* feat(gost/ubuntu): update mod to treat status: deferred as unfixed

* feat(ubuntu): support 22.10
 2023-02-03 15:56:58 +09:00
Kota Kanbe
03c59866d4 feat(libscan): support gradle.lockfile (#1568) 
* feat(libscan): support gradle.lockfile

* add gradle.lockfile to integration test

* fix readme

* chore: update integration

* find *gradle.lockfile

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2022-12-20 08:52:45 +09:00
MaineK00n
dea80f860c feat(report): add cyclonedx format (#1543) 2022-11-01 13:58:31 +09:00
dependabot[bot]
6eb4c5a5fe chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1 (#1538) 
* chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.31.3 to 0.32.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.31.3...v0.32.1)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/aquasecurity/trivy 0.32.1 to 0.33.0

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2022-10-27 01:24:06 +09:00
Kota Kanbe
b219a8495e fix(cpescan): match if affected version is NA (#1548) 
https://github.com/vulsio/go-cve-dictionary/pull/283
 2022-10-19 16:57:32 +09:00
dependabot[bot]
d055c48827 chore(deps): bump github.com/aquasecurity/trivy from 0.30.4 to 0.31.3 (#1526) 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.30.4 to 0.31.3.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.4...v0.31.3)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-07 12:02:08 +09:00
Kota Kanbe
1e457320c5 chore: bump up version (#1511) 2022-08-08 16:55:31 +09:00
MaineK00n
ca3f6b1dbf feat(amazon): support Amazon Linux 2 Extra Repository (#1510) 
* feat(amazon): support Amazon Linux 2 Extra Repository

* feat(amazon): set Amazon Linux EOL

* feat(oracle): set Oracle Linux EOL
 2022-08-04 17:52:42 +09:00
dependabot[bot]
f1c78e42a2 chore(deps): bump github.com/aquasecurity/trivy from 0.30.3 to 0.30.4 (#1507) 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.30.3 to 0.30.4.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.3...v0.30.4)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-03 09:53:08 +09:00
dependabot[bot]
d79d138440 chore(deps): bump github.com/aquasecurity/trivy from 0.30.2 to 0.30.3 (#1499) 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.30.2 to 0.30.3.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.2...v0.30.3)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-26 04:52:32 +09:00
dependabot[bot]
139f3a81b6 chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 (#1494) 
* chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.27.1 to 0.30.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.27.1...v0.30.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/aquasecurity/trivy from 0.30.0 to 0.30.2

* fix(library): change fanal to trivy/pkg/fanal

* chore: update integration

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2022-07-25 16:47:57 +09:00
MaineK00n
48f7597bcf feat(ms): import gost:MaineK00n/new-windows (#1481) 
* feat(ms): import gost:MaineK00n/new-windows

* chore(discover): add CTI section

* feat(ms): fill KB with VulnInfo.DistroAdvisories instead of CveContent.Optional

* fix(ms): Change bitSize from 32 to 64

* fix(ms): delete KB prefix

* chore(ms): change logger

* fix(ms): fill in correct AdvisoryID

Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com>
 2022-07-04 14:26:41 +09:00
MaineK00n
5234306ded feat(cti): add Cyber Threat Intelligence info (#1442) 
* feat(cti): add Cyber Threat Intelligence info

* chore: replace io/ioutil as it is deprecated

* chore: remove --format-csv in stdout writer

* chore(deps): go get go-cti@v0.0.1

* feat(cti): update cti dict(support MITRE ATT&CK v11.1)

* chore(deps): go get go-cti@master
 2022-06-15 17:08:12 +09:00
MaineK00n
86b60e1478 feat(config): support CIDR (#1415) 2022-06-10 18:24:25 +09:00
MaineK00n
2477f9a8f8 chore: tidy go.mod, add arm64 and workflows update (#1461) 
* chore: tidy go.mod

* chore(gh): add arm64 and workflows update

* chore: disable staticcheck SA1019 for xerrors.Errorf

* chore: fix github.com/boltdb/bolt switch to github.com/etcd-io/bbolt? #1457
 2022-06-09 06:10:07 +09:00
MaineK00n
91ed318c5d chore(deps): update trivy v0.27.1 (#1453) 
* chore(deps): update trivy v0.27.1

* chore: add gosum
 2022-04-27 15:43:23 +09:00
MaineK00n
bfc3828ce1 chore(deps): update goval-dictionary and gost (#1452) 2022-04-27 13:03:11 +09:00
dependabot[bot]
c7eac4e7fe chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 (#1451) 
* chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.25.4 to 0.27.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.25.4...v0.27.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(library): support go.mod scan

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2022-04-27 12:46:47 +09:00
MaineK00n
cc63a0eccf feat(ubuntu): add Jammy Jellyfish(22.04) (#1431) 
* feat(ubuntu): add Jammy Jellyfish(22.04)

* chore(deps): gost update

* chore(oval/ubuntu): fill kernel package name temporarily
 2022-04-27 11:04:00 +09:00
Satoru Nihei
fd18df1dd4 feat: parse OS version from result of trivy-scan (#1444) 
* chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.4

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.24.2 to 0.25.4.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.24.2...v0.25.4)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* test: add testcase

* feat: parse metadata

* refactor: change detect logic

* refactor: change parsing logic

* refactor: refactor check logic before detect

* fix: impl without reuseScannedCves

* feat: complement :latest tag

* Update contrib/trivy/parser/v2/parser.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2022-04-27 10:28:20 +09:00
dependabot[bot]
a9f29a6c5d chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.1 (#1436) 
* chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.0

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.24.2...v0.25.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump up Go to 1.18 and trivy v0.25.1

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2022-04-05 13:27:49 +09:00
MaineK00n
3dfbd6b616 chore(mod): update go-exploitdb module (#1428) 
* chore(mod): update go-exploitdb module

* docs: add inthewild datasource

* Unique because URLs sometimes duplicate on GitHub and InTheWild

Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
 2022-03-26 05:26:06 +09:00
MaineK00n
7500f41655 chore(mod): update go-kev module (#1425) 2022-03-25 06:15:06 +09:00
Satoru Nihei
ec31c54caf chore: update trivy from 0.23.0 to 0.24.02 (#1407) 
* chore: update trivy from 0.23.0 to 0.24.2

* chore: deal with changing structs

see: 11f4f81123
 2022-03-04 16:00:08 +09:00
MaineK00n
7d8a24ee1a refactor(detector): standardize db.NewDB to db.CloseDB (#1380) 
* feat(subcmds/report,server): read environment variables when configPath is ""

* refactor: standardize db.NewDB to db.CloseDB

* chore: clean up import

* chore: error wrap

* chore: update goval-dictionary

* fix(oval): return Pseudo instead of nil for client

* chore: fix comment

* fix: lint error
 2022-02-19 09:20:45 +09:00
MaineK00n
787604de6a fix(suse): fix openSUSE, openSUSE Leap, SLES, SLED scan (#1384) 
* fix(suse): fix openSUSE, openSUSE Leap scan

* docs: update README

* fix: unknown CveContent.Type

* fix: tui reporting

* fix: listening port was duplicated in format-full-text

* fix .gitignore

* fix: add EOL data for SLES12.5

Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
 2022-02-15 17:11:54 +09:00