Stage/vuls - vuls - Gitea: Git with a cup of tea

Stage/vuls

Author	SHA1	Message	Date
dependabot[bot]	ef5ab8eaf0	chore(deps): bump golang.org/x/oauth2 from 0.1.0 to 0.7.0 (#1662 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.1.0 to 0.7.0. - [Release notes](https://github.com/golang/oauth2/releases) - [Commits](https://github.com/golang/oauth2/compare/v0.1.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 05:42:57 +09:00
dependabot[bot]	c8daa5c982	chore(deps): bump github.com/Ullaakut/nmap/v2 (#1665 ) Bumps [github.com/Ullaakut/nmap/v2](https://github.com/Ullaakut/nmap) from 2.1.2-0.20210406060955-59a52fe80a4f to 2.2.2. - [Release notes](https://github.com/Ullaakut/nmap/releases) - [Commits](https://github.com/Ullaakut/nmap/commits/v2.2.2) --- updated-dependencies: - dependency-name: github.com/Ullaakut/nmap/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 05:41:49 +09:00
dependabot[bot]	9309081b3d	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.249 to 1.44.251 (#1660 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.249 to 1.44.251. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.249...v1.44.251) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 04:01:42 +09:00
dependabot[bot]	f541c32d1f	chore(deps): bump github.com/c-robinson/iplib from 1.0.3 to 1.0.6 (#1659 ) Bumps [github.com/c-robinson/iplib](https://github.com/c-robinson/iplib) from 1.0.3 to 1.0.6. - [Release notes](https://github.com/c-robinson/iplib/releases) - [Commits](https://github.com/c-robinson/iplib/compare/v1.0.3...v1.0.6) --- updated-dependencies: - dependency-name: github.com/c-robinson/iplib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:51:34 +09:00
dependabot[bot]	79a8b62105	chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#1657 ) Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.6 to 1.3.7. - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.6...v1.3.7) --- updated-dependencies: - dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:50:53 +09:00
dependabot[bot]	74c91a5a21	chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1658 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:36:46 +09:00
MaineK00n	6787ab45c5	feat(ubuntu): add ubuntu 23.04 (#1647 )	2023-04-27 03:26:59 +09:00
dependabot[bot]	f631e9e603	chore(deps): bump github.com/emersion/go-smtp from 0.14.0 to 0.16.0 (#1580 ) Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.14.0 to 0.16.0. - [Release notes](https://github.com/emersion/go-smtp/releases) - [Commits](https://github.com/emersion/go-smtp/compare/v0.14.0...v0.16.0) --- updated-dependencies: - dependency-name: github.com/emersion/go-smtp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:25:41 +09:00
dependabot[bot]	2ab48afe47	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.136 to 1.44.249 (#1656 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.136 to 1.44.249. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.136...v1.44.249) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:24:53 +09:00
dependabot[bot]	53ccd61687	chore(deps): bump github.com/Azure/azure-sdk-for-go (#1588 ) Bumps [github.com/Azure/azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) from 66.0.0+incompatible to 68.0.0+incompatible. - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v66.0.0...v68.0.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:20:58 +09:00
Sinclair	b91a7b75e2	fix(detector/github): Github dependency graph API request will be retried on error (#1650 ) * fix: Github dependency graph API request will be retried on error * fix: github dependency graph: error handling * github dependency graph: fix retry max v0.23.1	2023-04-24 12:46:29 +09:00
Wagde Zabit	333eae06ea	fix order in identifying amazon linux version (#1652 )	2023-04-21 10:35:19 +09:00
MaineK00n	93d401c70c	chore(integration): update commit (#1649 )	2023-04-20 14:09:21 +09:00
MaineK00n	99dc8e892f	feat(gost/ubuntu): check kernel source package more strictly (#1599 )	2023-04-20 13:05:41 +09:00
MaineK00n	fb904f0543	refactor(reporter): refactoring TelegramWriter, GoogleChatWriter (#1628 ) * style: remove unnecessary line break * style: use regexp.MatchString instead of regexp.Match * refactor(reporter): refactoring TelegramWriter, GoogleChatWriter	2023-04-20 11:53:31 +09:00
MaineK00n	d4d33fc81d	fix(scanner/dpkg): Fix false-negative in Debian and Ubuntu (#1646 ) * fix(scanner/dpkg): fix dpkg-query and not remove src pkgs * refactor(gost): remove unnecesary field and fix typo * refactor(detector/debian): detect using only SrcPackage	2023-04-20 11:42:53 +09:00
Kota Kanbe	a1d3fbf66f	fix(scan): false positives in Debian Pkg for CVE-IDs already detected by Trivy (#1639 ) * fix(scan): false positives in Debian Pkg for CVE-IDs already detected by Trivy * fix * Add detectionMethod only when detected by gost	2023-04-17 09:21:30 +09:00
Sinclair	2cdfbe3bb4	fix: dependency graph using small query at once to avoid timeout (#1642 )	2023-04-14 14:46:31 +09:00
MaineK00n	ac8290119d	fix(configtest): amazon linux 2022, 2023 require dnf-utils (#1635 )	2023-04-10 10:16:03 +09:00
MaineK00n	abdb081af7	feat(scanner): skip ssh config validation if G option is unknown option (#1632 ) v0.23.0	2023-04-04 18:50:17 +09:00
kurita0	e506125017	feat(wp): support csh, no sudo scan (#1523 ) Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-03-28 21:07:10 +09:00
MaineK00n	8ccaa8c3ef	fix(scanner/windows): support installationType Domain Controller (#1627 )	2023-03-28 21:04:17 +09:00
MaineK00n	de1ed8ecaa	feat(ci): add windows for snmp2cpe (#1626 )	2023-03-28 19:20:03 +09:00
MaineK00n	947d668452	feat(windows): support Windows (#1581 ) * chore(deps): mod update * fix(scanner): do not attach tty because there is no need to enter ssh password * feat(windows): support Windows	2023-03-28 19:00:33 +09:00
MaineK00n	db21149f00	feat(contrib): add snmp2cpe (#1625 )	2023-03-28 18:56:28 +09:00
dependabot[bot]	7f35f4e661	chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1606 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.2 to 1.7.0. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-17 05:04:48 +09:00
MaineK00n	6682232b5c	feat(os): support Amazon Linux 2023 (#1621 ) v0.22.2	2023-03-16 17:31:57 +09:00
sadayuki-matsuno	984debe929	fix(detector/github) change timeout 10s to 10m (#1616 )	2023-03-01 16:58:11 +09:00
Kota Kanbe	a528362663	fix(saas): upload JSON if err occured during scan (#1615 ) v0.22.1	2023-03-01 14:52:03 +09:00
MaineK00n	ee97d98c39	feat: update EOL (#1598 )	2023-02-22 16:00:05 +09:00
MaineK00n	4e486dae1d	style: fix typo (#1592 ) * style: fix typo * style: add comment	2023-02-22 15:59:47 +09:00
MaineK00n	897fef24a3	feat(detector/exploitdb): mod update and add more urls (#1610 )	2023-02-22 15:58:24 +09:00
MaineK00n	73f0adad95	fix: use GetCveContentTypes instead of NewCveContentType (#1603 )	2023-02-21 11:56:26 +09:00
Sinclair	704492963c	Revert: gost/Ubuntu.ConvertToModel() is public method now (#1597 )	2023-02-08 11:36:36 +09:00
Sinclair	1927ed344c	fix(report): tidy dependencies for multiple repo on integration with GSA (#1593 ) * initialize dependencyGraphManifests out of loop * remove GitHubSecurityAlert.PackageName * tidy dependency map for multi repo * set repo name into SBOM components & purl for multi repo	2023-02-07 19:47:32 +09:00
MaineK00n	ad2edbb844	fix(ubuntu): vulnerability detection for kernel package (#1591 ) * fix(ubuntu): vulnerability detection for kernel package * feat(gost/ubuntu): update mod to treat status: deferred as unfixed * feat(ubuntu): support 22.10	2023-02-03 15:56:58 +09:00
MaineK00n	bfe0db77b4	feat(cwe): add cwe-id for category and view (#1578 )	2023-01-20 18:02:07 +09:00
MaineK00n	ff3b9cdc16	fix: add comment (#1585 )	2023-01-20 18:01:10 +09:00
Sinclair	2deb1b9d32	chore: update version for golangci-lint (#1586 )	2023-01-20 18:00:54 +09:00
kl-sinclair	ca64d7fc31	feat(report): Include dependencies into scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts (#1584 ) * feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts * derive ecosystem/version from dependency graph * fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure * fix miscs * typo in error message * fix ecosystem equally to trivy * miscs * refactoring * recursive dependency graph pagination * change var name && update comments * omit map type of ghpkgToPURL in signatures * fix vars name * goimports * make fmt * fix comment Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-01-20 15:32:36 +09:00
Brian Prodoehl	554ecc437e	fix(report/email): add Critical to email summary (#1565 ) * Add criticals to email summary * chore(report/email): add Critical keys Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> v0.22.0	2022-12-20 11:56:07 +09:00
Kota Kanbe	f6cd4d9223	feat(libscan): support conan.lock C/C++ (#1572 )	2022-12-20 11:22:36 +09:00
Kota Kanbe	03c59866d4	feat(libscan): support gradle.lockfile (#1568 ) * feat(libscan): support gradle.lockfile * add gradle.lockfile to integration test * fix readme * chore: update integration * find *gradle.lockfile Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-12-20 08:52:45 +09:00
Kota Kanbe	1d97e91341	fix(libscan): delete map that keeps all file contents detected by FindLock to save memory (#1556 ) * fix(libscan): delete Map that keeps all files detected by FindLock to save memory * continue analyzing libs if err occurred * FindLockDirs * fix * fix v0.21.1	2022-11-10 10:19:15 +09:00
MaineK00n	96333f38c9	chore(ubuntu): set Ubuntu 22.10 EOL (#1552 ) v0.21.0	2022-11-01 14:00:56 +09:00
MaineK00n	8b5d1c8e92	feat(cwe, cti): update dictionary (#1553 ) * feat(cwe): update CWE dictionary * feat(cti): update CTI dictionary * fix(cwe): fix typo	2022-11-01 14:00:23 +09:00
MaineK00n	dea80f860c	feat(report): add cyclonedx format (#1543 )	2022-11-01 13:58:31 +09:00
dependabot[bot]	6eb4c5a5fe	chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1 (#1538 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.31.3 to 0.32.1. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.31.3...v0.32.1) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump github.com/aquasecurity/trivy 0.32.1 to 0.33.0 Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-10-27 01:24:06 +09:00
Kota Kanbe	b219a8495e	fix(cpescan): match if affected version is NA (#1548 ) https://github.com/vulsio/go-cve-dictionary/pull/283	2022-10-19 16:57:32 +09:00
Kota Kanbe	eb87d5d4e1	fix(saas): panic: runtime error: comparing uncomparable type config.PortScanConf (#1537 ) v0.20.5	2022-10-04 11:55:48 +09:00

... 2 3 4 5 6 ...

1490 Commits