Stage/vuls - vuls - Gitea: Git with a cup of tea

Stage/vuls

Author	SHA1	Message	Date
dependabot[bot]	d4f7550d66	chore(deps): bump github.com/aquasecurity/trivy from 0.52.2 to 0.53.0 (#1984 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.52.2 to 0.53.0 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.52.2 to 0.53.0. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.52.2...v0.53.0) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): fixed for trivy update * fix windows --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Shunichi Shinohara <shino.shun@gmail.com>	2024-07-05 09:08:36 +09:00
MaineK00n	cc9734d5e4	chore(deps): use github.com/Azure/azure-sdk-for-go/sdk/storage/azblob (#1661 )	2024-05-28 19:31:21 +09:00
MaineK00n	db2c502b4a	feat(reporter/s3): support minio (#1930 ) * feat(reporter/s3): support minio * feat(reporter/s3): disable config/credential: file and some providers	2024-05-28 10:13:39 +09:00
MaineK00n	d8bce94d8c	chore(deps): use aws-sdk-go-v2 (#1922 )	2024-05-24 19:08:38 +09:00
future-ryunosuketanai	a6cafabfb8	style(log) config.toml template docs url (#1894 ) * fix: config.toml template url * applied fixes to other places	2024-04-16 12:11:28 +09:00
dependabot[bot]	3cdd2e10d0	chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 (#1888 ) * chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.20.2 to 0.21.0. - [Release notes](https://github.com/emersion/go-smtp/releases) - [Commits](https://github.com/emersion/go-smtp/compare/v0.20.2...v0.21.0) --- updated-dependencies: - dependency-name: github.com/emersion/go-smtp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix(reporter/email): use DialStartTLS instead of StartTLS --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-04-05 17:41:41 +09:00
Konstantin Eremin	867bf63bb2	TLS insecure option adding (#1220 ) * TLS InsecureSkipVerify option added to sendMail * refactor(reporter/email): remove redundant if statement --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-04-05 13:12:47 +09:00
dependabot[bot]	5d5dcd5f41	chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 (#1885 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.49.1 to 0.50.1. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.49.1...v0.50.1) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * refactor(cmd/report): use trivy default for trivy-java-db-repository default value --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-03-28 13:09:49 +09:00
Shunichi Shinohara	351cf4f712	Update trivy from 0.35.0 to 0.49.1 (#1806 ) * Update trivy 0.35.0->0.48.0 - Specify oras-go 1.2.4 in indirect dependencies docker/docker changes a part of its API at 24.0 - registry: return concrete service type · moby/moby@7b3acdf - `7b3acdff5d (diff-8325eae896b1149bf92c826d07fc29005b1b102000b766ffa5a238d791e0849bR18-R21)` oras-go 1.2.3 uses 23.0.1 and trivy transitively depends on docker/docker 24.y.z. There is a build error between oras-go and docker/dockr. - Update disabled analyzers - Update language scanners, enable all of them * move javadb init to scan.go * Add options for java db init() * Update scanner/base.go * Remove unused codes * Add some lock file names * Typo fix * Remove space character (0x20) * Add java-db options for integration scan * Minor fomartting fix * minor fix * conda is NOT supported by Trivy for library scan * Configure trivy log in report command too * Init trivy in scanner * Use trivy's jar.go and replace client which does almost nothing * mv jar.go * Add sha1 hash to result and add filepath for report phase * Undo added 'vuls scan' options * Update oras-go to 1.2.4 * Move Java DB related config items to report side * Add java db search in detect phase * filter top level jar only * Update trivy to 0.49.1 * go mod tidy * Update to newer interface * Refine lock file list, h/t MaineK00n * Avoid else clauses if possible, h/t MaineK00n * Avoid missing word for find and lang types, h/t MaineK00n * Add missing ecosystems, h/t MaineK00n * Add comments why to use custom jar analyzer, h/t MaineK00n * Misc * Misc * Misc * Include go-dep-parser's pares.go for modification * Move digest field from LibraryScanner to Library * Use inner jars sha1 for each * Add Seek to file head before handling zip file entry * Leave Digest feild empty for entries from pom.xml * Don't import python/pkg (don't look into package.json) * Make privete where private is sufficient * Remove duplicate after Java DB lookup * misc * go mod tidy * Comment out ruby/gemspec * misc * Comment out python/packaging * misc * Use custom jar * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/jar.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/base.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Missing changes in name change * Update models/github.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/base.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/base.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/jar.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Don't import fanal/types at github.go * Rewrite code around java db initialization * Add comment * refactor * Close java db client * rename * Let LibraryScanner have java db client * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * inline variable * misc * Fix typo --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-02-28 14:25:58 +09:00
MaineK00n	3cc7e92ce5	fix(saas): remove current directory part (#1666 )	2023-04-27 12:09:34 +09:00
kurita0	e506125017	feat(wp): support csh, no sudo scan (#1523 ) Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-03-28 21:07:10 +09:00
MaineK00n	947d668452	feat(windows): support Windows (#1581 ) * chore(deps): mod update * fix(scanner): do not attach tty because there is no need to enter ssh password * feat(windows): support Windows	2023-03-28 19:00:33 +09:00
Kota Kanbe	a528362663	fix(saas): upload JSON if err occured during scan (#1615 )	2023-03-01 14:52:03 +09:00
Kota Kanbe	1d97e91341	fix(libscan): delete map that keeps all file contents detected by FindLock to save memory (#1556 ) * fix(libscan): delete Map that keeps all files detected by FindLock to save memory * continue analyzing libs if err occurred * FindLockDirs * fix * fix	2022-11-10 10:19:15 +09:00
MaineK00n	dea80f860c	feat(report): add cyclonedx format (#1543 )	2022-11-01 13:58:31 +09:00
MaineK00n	48f7597bcf	feat(ms): import gost:MaineK00n/new-windows (#1481 ) * feat(ms): import gost:MaineK00n/new-windows * chore(discover): add CTI section * feat(ms): fill KB with VulnInfo.DistroAdvisories instead of CveContent.Optional * fix(ms): Change bitSize from 32 to 64 * fix(ms): delete KB prefix * chore(ms): change logger * fix(ms): fill in correct AdvisoryID Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com>	2022-07-04 14:26:41 +09:00
MaineK00n	5234306ded	feat(cti): add Cyber Threat Intelligence info (#1442 ) * feat(cti): add Cyber Threat Intelligence info * chore: replace io/ioutil as it is deprecated * chore: remove --format-csv in stdout writer * chore(deps): go get go-cti@v0.0.1 * feat(cti): update cti dict(support MITRE ATT&CK v11.1) * chore(deps): go get go-cti@master	2022-06-15 17:08:12 +09:00
MaineK00n	86b60e1478	feat(config): support CIDR (#1415 )	2022-06-10 18:24:25 +09:00
MaineK00n	a1cc152e81	feat(library): add auto detect library (#1417 )	2022-03-17 18:08:40 +09:00
MaineK00n	7d8a24ee1a	refactor(detector): standardize db.NewDB to db.CloseDB (#1380 ) * feat(subcmds/report,server): read environment variables when configPath is "" * refactor: standardize db.NewDB to db.CloseDB * chore: clean up import * chore: error wrap * chore: update goval-dictionary * fix(oval): return Pseudo instead of nil for client * chore: fix comment * fix: lint error	2022-02-19 09:20:45 +09:00
MaineK00n	07335617d3	fix(configtest,scan): support SSH config file (#1388 ) * fix(configtest,scan): support SSH config file * chore(subcmds): remove askKeyPassword flag	2022-02-12 21:50:56 +09:00
MaineK00n	89d94ad85a	feat(detector): add known exploited vulnerabilities (#1331 ) * feat(kevuln): add known exploited vulnerabilities * chore: transfer repository owner * feat: show CISA on top of CERT * chore: rename var * chore: rename var * chore: fix review * chore: fix message	2021-11-19 15:06:17 +09:00
Kota Kanbe	f047a6fe0c	breaking-change: Update vuls-dictionaries (#1307 ) * chore: udpate dictionaries * update gost * chore: update gost * chore(go-cve-dict): use v0.8.1 * chore: change linter from golint to revive * chore(linter): set revive config * chore: fix commands and update golangci-lint version * fix: lint errs * chore: update gost Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2021-09-21 05:10:29 +09:00
Kota Kanbe	3e67f04fe4	breaking-change(cpescan): Improve Cpe scan (#1290 ) * chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves() * review comment * chore: go mod update go-cve * feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN * add NvdExactVersionMatch andd NvdRoughVersionMatch * add confidence-over option to report * sort CveContetens * fix integration-test	2021-09-07 16:18:59 +09:00
Kota Kanbe	1003f62212	chore: update go-cve-dictionary (#1292 )	2021-08-26 13:45:40 +09:00
Shigechika AIKAWA	1c8e074c9d	Feat report googlechat (#1257 ) (#1258 ) * feat: Support Ubuntu21 * feat(report): Send report via Google Chat * feat(report): Send report via Google Chat * Snip too long message as (The rest is omitted). * sorry for mixed feat-ubuntu21 branch. exlucded it * append diff, attack vector and exploits info * add ServerName filter by regexp * rename variables and rewrite validators * fix renaming miss * fix renaming miss, again	2021-07-02 05:32:00 +09:00
Norihiro NAKAOKA	7eb77f5b51	feat(scan): support external port scanner(nmap) in host machine (#1207 ) * feat(scan): load portscan settings from config.toml * feat(scan): support external port scanner:nmap * style: rename variable * feat(scan): logging apply options * feat(scan): remove spoof ip address option * feat(scan): more validate port scan config * style: change comment * fix: parse port number as uint16 * feat(discover): add portscan section * feat(discover): change default scanTechniques * feat(docker): add nmap and version update * feat(scan): nmap module upgrade * fix: wrap err using %w * feat(scan): print cmd using external port scanner * feat(scan): more details external port scan command * feat(scan): add capability check in validation * fix(scanner): format error * chore: change format	2021-05-26 09:35:28 +09:00
otuki	a7b0ce1c85	refactor(git-conf): config template in github section changed (#1229 )	2021-04-28 14:53:11 +09:00
otuki	dc9c0edece	refactor(git-conf): Specifing ignoreGitHubDismissed per repository (#1224 ) * refactor(git-conf): Specifing ignoreGitHubDismissed per repository with config.toml * refactor(git-conf): change json tag into camelCase * refactor(git-conf): change first char of json tag into lowercase	2021-04-28 13:41:38 +09:00
otuki	e7ca491a94	fix(report): Avoid http reports error (#1216 )	2021-04-21 10:00:58 +09:00
Kota Kanbe	27b3e17b79	feat(saas): delete json dir automatically after upload (#1212 ) * feat(saas): delete json dir automatically after upload * fix lint err	2021-04-15 05:58:41 +09:00
Kota Kanbe	740781af56	feat(logging): add -log-to-file and don't output to file by default (#1209 ) * feat(logging): add -log-to-file and don't output to file by default * update go-cve-dict * fix lint err	2021-04-05 17:41:07 +09:00
Kota Kanbe	9bfe0627ae	refactor: don't use global Config in private func (#1197 ) * refactor: cve_client.go * refactor: don't use global Config in private func * remove import alias for config * refactor: dbclient * refactor: resultDir * refactor: resultsDir * refactor * refactor: gost * refactor: db client * refactor: cveDB * refactor: cvedb * refactor: exploitDB * refactor: remove detector/dbclient.go * refactor: writer * refactor: syslog writer * refactor: ips * refactor: ensureResultDir * refactor: proxy * fix(db): call CloseDB * add integration test * feat(report): sort array in json * sort func for json diff * add build-int to makefile * add int-rds-redis to makefile * fix: test case, makefile * fix makefile * show cve count after diff * make diff * diff -c * sort exploits in json for diff * sort metasploit, exploit	2021-04-01 13:36:24 +09:00
Kota Kanbe	5d47adb5c9	fix(report): prioritize env vars over config.toml (#1194 )	2021-03-10 07:39:58 +09:00
Kota Kanbe	2a8ee4b22b	refactor(report): azure and aws writer (#1190 )	2021-03-04 07:42:38 +09:00
Kota Kanbe	1ec31d7be9	fix(configtest): all servers in the config if no args #1184 (#1189 )	2021-03-03 12:51:07 +09:00
Kota Kanbe	02286b0c59	fix(scan): scan all servers in the config if no args #1184 (#1188 )	2021-03-03 12:30:30 +09:00
Kota Kanbe	1c4a12c4b7	refactor(report): initialize DB connection (#1186 )	2021-03-02 06:34:46 +09:00
Kota Kanbe	3f2ac45d71	Refactor logger (#1185 ) * refactor: logger * refactor: logging * refactor: rename func * refactor: logging * refactor: logging format	2021-02-26 10:36:58 +09:00
Kota Kanbe	518f4dc039	refactor: VulnDict (#1183 )	2021-02-25 10:13:51 +09:00
Kota Kanbe	03579126fd	refactor(config): localize config used like a global variable (#1179 ) * refactor(report): LocalFileWriter * refactor -format-json * refacotr: -format-one-email * refactor: -format-csv * refactor: -gzip * refactor: -format-full-text * refactor: -format-one-line-text * refactor: -format-list * refacotr: remove -to-* from config * refactor: IgnoreGitHubDismissed * refactor: GitHub * refactor: IgnoreUnsocred * refactor: diff * refacotr: lang * refacotr: cacheDBPath * refactor: Remove config references * refactor: ScanResults * refacotr: constant pkg * chore: comment * refactor: scanner * refactor: scanner * refactor: serverapi.go * refactor: serverapi * refactor: change pkg structure * refactor: serverapi.go * chore: remove emtpy file * fix(scan): remove -ssh-native-insecure option * fix(scan): remove the deprecated option `keypassword`	2021-02-25 05:54:17 +09:00
Kota Kanbe	e3c27e1817	fix(saas): Don't overwrite config.toml if UUID already set (#1180 ) * fix(saas): Don't overwrite config.toml if UUID already set * add a test case	2021-02-19 06:42:22 +09:00
kazuminn	4c04acbd9e	feat(report) : Differences between vulnerability patched items (#1157 ) * add plusDiff() and minusDiff() * add plusDiff minusDiff test Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>	2021-02-10 06:55:48 +09:00
Kota Kanbe	d4af341b0f	fix(report): remove duplicated refreshing logic when report with -diff (#1160 )	2021-02-03 07:37:19 +09:00
Kota Kanbe	88899f0e89	refactor: around CheckHTTPHealth (#1139 )	2021-01-20 07:41:29 +09:00
Kota Kanbe	d6435d2885	fix(xml): remove -format-xml #1068 (#1134 )	2021-01-18 04:38:00 +09:00
Kota Kanbe	705ed0a0ac	fix(discover): change config.toml template (#1132 )	2021-01-16 07:58:46 +09:00
Kota Kanbe	0b55f94828	Improve implementation around config (#1122 ) * refactor config * fix saas config * feat(config): scanmodule for each server in config.toml * feat(config): enable to specify containersOnly in config.toml * add new keys of config.toml to discover.go * fix summary output, logging	2021-01-13 08:46:27 +09:00
Kota Kanbe	6eff6a9329	feat(report): display EOL information to scan summary (#1120 ) * feat(report): display EOL information to scan summary * detect Amazon linux EOL	2021-01-09 07:58:55 +09:00
Kota Kanbe	aaea15e516	refactor(report): remove Integration.apply (#1105 ) * refactor(report): remove Integration.apply * add an err check	2020-12-29 06:59:48 +09:00

1 2

55 Commits