Stage/vuls - vuls - Gitea: Git with a cup of tea

Stage/vuls

Author	SHA1	Message	Date
dependabot[bot]	139f3a81b6	chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 (#1494 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.27.1 to 0.30.0. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.27.1...v0.30.0) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump github.com/aquasecurity/trivy from 0.30.0 to 0.30.2 * fix(library): change fanal to trivy/pkg/fanal * chore: update integration Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-07-25 16:47:57 +09:00
sadayuki-matsuno	1c1e40058e	feat(library) output library type when err (#1460 )	2022-05-16 09:58:58 +09:00
dependabot[bot]	c7eac4e7fe	chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 (#1451 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.25.4 to 0.27.0. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.25.4...v0.27.0) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix(library): support go.mod scan Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-04-27 12:46:47 +09:00
MaineK00n	a1cc152e81	feat(library): add auto detect library (#1417 )	2022-03-17 18:08:40 +09:00
Kota Kanbe	77049d6cbb	feat(libscan): support trivy v0.23.0 (#1377 ) * feat(libscan): support trivy v0.23.0 * fix lint err * review	2022-02-01 10:40:16 +09:00
Kota Kanbe	aac5ef1438	feat: update-trivy (#1316 ) * feat: update-trivy * add v2 parser * implement v2 * refactor * feat: add show version to future-vuls * add test case for v2 * trivy v0.20.0 * support --list-all-pkgs * fix lint err * add test case for jar * add a test case for gemspec in container * remove v1 parser and change Library struct * Changed the field name in the model struct LibraryScanner * add comment * fix comment * fix comment * chore * add struct tag	2021-10-08 17:22:06 +09:00
Kota Kanbe	c73ed7f32f	chore: update find-lock file type (#1309 )	2021-09-24 16:23:23 +09:00
MaineK00n	591786fde6	feat(oval): support new goval-dictionary model (#1280 ) * feat(oval): support new goval-dictionary model * chore: fix lint err * chore: set len of slice to 0 * fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks * fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks * feat(report): do not add duplicate CveContent * chore: goval-dictionary update * chore: go mod tidy * fix(oval): preload Advisory.Cves for Ubuntu https://github.com/kotakanbe/goval-dictionary/pull/152 Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>	2021-09-13 10:19:59 +09:00
MaineK00n	96c3592db1	breaking-change(go-cve-dict): support new go-cve-dictionary (#1277 ) * feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent * fix(cpescan): use CveIDSource * chore: check Nvd, Jvn data * chore: go-cve-dictionary update * chore: add to cveDetails as is, since CveID is embedded in the response	2021-08-13 18:00:55 +09:00
Kota Kanbe	231c63cf62	fix(libscan): support empty LibraryFixedIn (#1252 )	2021-06-16 13:28:12 +09:00
Kota Kanbe	e8e3f4d138	feat(lib): support of Go (go.sum) scan (#1244 ) * chore: update trivy deps * fix(test): fix sort order in json * parse go.sum in scanning * feat(lib): support go.sum	2021-06-03 11:31:37 +09:00
Kota Kanbe	e553f8b4c5	feat(trivy): go mod update trivy v0.17.2 (#1235 ) * feat(trivy): go mod update trivy v0.17.2 * wg.Wait * fix reporting * fix test case * add gemfile.lock of redmine to integration test * fix(test): add Pipfile.lock * add poetry.lock to integration test * add composer.lock to integration test * add integration test case	2021-05-12 18:27:55 +09:00
Kota Kanbe	3f2ac45d71	Refactor logger (#1185 ) * refactor: logger * refactor: logging * refactor: rename func * refactor: logging * refactor: logging format	2021-02-26 10:36:58 +09:00
Kota Kanbe	b5506a1368	chore: go mod update (#1125 )	2021-01-13 11:56:35 +09:00
Kota Kanbe	0b55f94828	Improve implementation around config (#1122 ) * refactor config * fix saas config * feat(config): scanmodule for each server in config.toml * feat(config): enable to specify containersOnly in config.toml * add new keys of config.toml to discover.go * fix summary output, logging	2021-01-13 08:46:27 +09:00
Kota Kanbe	43ed904db1	fix(deps): update dependencies (#1094 ) * fix(dpes): update dependencies * update go ver * update go ver * update go * update go	2020-12-15 04:32:23 +09:00
Kota Kanbe	2fc3462d35	fix(libscan): update trivy deps (#1070 )	2020-11-05 15:38:12 +09:00
Kota Kanbe	58cf1f4c8e	refactor(typo): fix typos (#1041 )	2020-08-24 16:34:32 +09:00
Kota Kanbe	c11ba27509	fix(libscan): include a lockfile path of libs (#1012 )	2020-06-24 10:46:00 +09:00
Kota Kanbe	62c9409fe9	add a github actions config (#985 ) * add a github actions config * fix(log): Don't create a log dir when testing * remove a meaningless test case * Thanks for everything, Mr, Travys. * add golangci * add goreleaser.yml * add tidy.yml * add golang-ci * fix many lint warnings	2020-05-27 20:11:24 +09:00
Kota Kanbe	ebe5f858c8	update trivy, and unsupport image scanning feature (#971 ) * update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * fix(uuid): change uuid lib to go-uuid #929 (#969) * update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * unique ref links in TUI * download trivy DB only when lock file is specified in config.toml Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp>	2020-05-08 15:24:39 +09:00
Wagde Zabit	c0ebac305a	composer.lock insteaad of composer.json (#973 ) Co-authored-by: Wagde Zabit <wagde@orcasecurity.io>	2020-05-01 15:20:33 +09:00
Kota Kanbe	b7ca5e5590	feat(scan): add -wordpress-only and -libs-only flag (#898 )	2019-09-06 10:33:03 +09:00
Kota Kanbe	1fbd516b83	fix(report): fix too many variables while reporting (#888 )	2019-08-25 17:56:47 +09:00
Tomoya Amachi	abcea1a14d	add Library Scan (with image scan) (#829 ) * add static container image scan * server has many staticContainers * use go module * for staticContainer * fix typo * fix setErrs error * change name : StaticContainer -> Image * add scan -images-only flag * fix makefile * fix makefile for go module * use rpmcmd instead of rpm * add scrutinizer.yml * change scrutinizer.yml * fix scrutinizer.yml * fix scrutinizer.yml * fix scrutinizer.yml * fix scrutinizer.yml * delete scrutinizer * add report test * add sourcePackages and Arch * fix for sider * fix staticContainer -> image * init scan library * add library scan for servers * fix tui bug * fix lint error * divide WpPackageFixStats and LibraryPackageFixedIns * fix error * Delete libManager_test.go * stop use alpine os if err occurred in container * merge upstream/master * Delete libManager.go * update goval-dictionary * fix go.mod * update Readme * add feature : auto detect lockfiles	2019-06-12 18:50:07 +09:00

25 Commits