MaineK00n
407407d306
fix(contrib/trivy-to-vuls): remove cvss/severity duplicates, list all severities ( #1929 )
2024-05-22 17:16:02 +09:00
MaineK00n
878c25bf5a
feat(detector, contrib/trivy-to-vuls): collect vendor severity and cvss ( #1921 )
2024-05-17 19:11:51 +09:00
future-ryunosuketanai
3f98fbc82c
style(log) fix trivy scan page link ( #1902 )
2024-04-25 19:20:42 +09:00
tk007
be7b9114cc
feat(PackageURL):add package URL for library scan result ( #1862 )
...
* add: package url in model.Library
* feat(trivy-to-vuls): add purl for library scan result
* feat(scanner/library): add purl for lockfile scan result
* fix: model.Library test
* fix: trivy-to-vuls test data
* fix: panic case to generate purl
* fix: add blank line
* fix: trivy-to-vuls for using Trivy version 0.49.0 or earlier
* fix: remove comment
* fix: remove print
* fix: testcase for Package.Identifier does not exist version
* fix: add blank line
* fix: expected libs
* fix: PackageURL -> PURL
* fix: blank line
2024-03-07 16:21:15 +09:00
Shunichi Shinohara
351cf4f712
Update trivy from 0.35.0 to 0.49.1 ( #1806 )
...
* Update trivy 0.35.0->0.48.0
- Specify oras-go 1.2.4 in indirect dependencies
docker/docker changes a part of its API at 24.0
- registry: return concrete service type · moby/moby@7b3acdf
- 7b3acdff5d (diff-8325eae896b1149bf92c826d07fc29005b1b102000b766ffa5a238d791e0849bR18-R21)mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/jar.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/base.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Missing changes in name change
* Update models/github.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/base.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/base.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/jar.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Don't import fanal/types at github.go
* Rewrite code around java db initialization
* Add comment
* refactor
* Close java db client
* rename
* Let LibraryScanner have java db client
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* inline variable
* misc
* Fix typo
---------
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2024-02-28 14:25:58 +09:00
MaineK00n
7e91f5ef7e
fix(contrib/trivy): fix convert for src package ( #1842 )
2024-02-02 15:35:05 +09:00
hiroka-wada
dea9ed7709
fix: errorlog future-vuls trivy-to-vuls ( #1739 )
...
Co-authored-by: 和田皓翔 <wadahiroka@192.168 .0.6>
2023-09-22 17:25:57 +09:00
hiroka-wada
80b48fcbaa
feat(contrib/fvuls) Add commands to obtained CPE information of network devices by executing snmp2cpe and upload to Fvuls server ( #1721 )
...
* add: README.md
* add: commands(discover,add-server,add-cpe)
* add: implements(discover,add-server,add-cpe)
* fix: changed os.Exit(1) in main.go to return an error
* fix: lint error
* delete: trivy-to-vuls stdIn
* fix: Incomprehesible error logs
* fix: according to review
* add: function converts old config to latest one
* delete: add-server
* fix: lint error
* fix
* fix: remote scan error in Windows
* fix: lint error
* fix
* fix: lint error
* fix: lint error
* fix: lint error
* add: scanner/scanner.go test normalizeHomeDirForWindows()
* fix
* fix
* fix
* fix
* fix
* fix
* fix: lint error
* fix: error log
* fix
* refactor(fvuls)
* Refactor (#2 )
refactor
---------
Co-authored-by: 和田皓翔 <wadahiroka@192.168 .0.6>
* Refactor (#3 )
fix
---------
Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com >
Co-authored-by: 和田皓翔 <wadahiroka@192.168 .0.6>
* fix
* fix: lint error
* fix
---------
Co-authored-by: 和田皓翔 <wadahiroka@192.168 .0.4>
Co-authored-by: 和田皓翔 <wadahiroka@192.168 .0.10>
Co-authored-by: 和田皓翔 <wadahiroka@192.168 .0.6>
Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com >
2023-09-21 15:55:05 +09:00
dependabot[bot]
139f3a81b6
chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 ( #1494 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.27.1 to 0.30.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.27.1...v0.30.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore(deps): bump github.com/aquasecurity/trivy from 0.30.0 to 0.30.2
* fix(library): change fanal to trivy/pkg/fanal
* chore: update integration
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-07-25 16:47:57 +09:00
MaineK00n
5234306ded
feat(cti): add Cyber Threat Intelligence info ( #1442 )
...
* feat(cti): add Cyber Threat Intelligence info
* chore: replace io/ioutil as it is deprecated
* chore: remove --format-csv in stdout writer
* chore(deps): go get go-cti@v0.0.1
* feat(cti): update cti dict(support MITRE ATT&CK v11.1)
* chore(deps): go get go-cti@master
2022-06-15 17:08:12 +09:00
sadayuki-matsuno
2aca2e4352
feat(contrib/trivy) fill image info into scan results ( #1475 )
...
* feat(contrib/trivy) fill image info into scan results
* fix match size
* fix match size
2022-06-08 17:00:32 +09:00
dependabot[bot]
c7eac4e7fe
chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 ( #1451 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.25.4 to 0.27.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.25.4...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix(library): support go.mod scan
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-04-27 12:46:47 +09:00
Satoru Nihei
fd18df1dd4
feat: parse OS version from result of trivy-scan ( #1444 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.4
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.24.2 to 0.25.4.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.24.2...v0.25.4 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* test: add testcase
* feat: parse metadata
* refactor: change detect logic
* refactor: change parsing logic
* refactor: refactor check logic before detect
* fix: impl without reuseScannedCves
* feat: complement :latest tag
* Update contrib/trivy/parser/v2/parser.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-04-27 10:28:20 +09:00
Satoru Nihei
ec31c54caf
chore: update trivy from 0.23.0 to 0.24.02 ( #1407 )
...
* chore: update trivy from 0.23.0 to 0.24.2
* chore: deal with changing structs
see: 11f4f81123
2022-03-04 16:00:08 +09:00
Satoru Nihei
2f05864813
fix: handling when image contains no trivy-target ( #1405 )
...
* fix: handling when image contains no trivy-target
* refactor: use scanResult.Optional
* fix: add suppoted list to error message
2022-03-02 06:13:26 +09:00
maito1201
1cfe155a3a
feat(fedora): support fedora ( #1367 )
...
* feat(fedora): support fedora
* fix(fedora): fix modular package scan
* fix(fedora): check needs-restarting, oval arch, add source link
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-02-09 09:30:44 +09:00
dependabot[bot]
43c05d06fc
chore(deps): bump github.com/aquasecurity/trivy from 0.20.0 to 0.22.0 ( #1350 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.20.0 to 0.22.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.20.0 to 0.22.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.20.0...v0.22.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix(library): trivy scan
* chore(integration): add lockfiles
* fix(library): support gobinary scan via trivy
* chore: add pom in IsTrivySupportedLib
* chore: fix LIBS
* fix(library): support trivy offline scan
* chore(integration): move vulsio/integration repository
* chore(integration): add integration as git submodule
* chore: update .gitignore
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-01-18 08:27:11 +09:00
Kota Kanbe
aac5ef1438
feat: update-trivy ( #1316 )
...
* feat: update-trivy
* add v2 parser
* implement v2
* refactor
* feat: add show version to future-vuls
* add test case for v2
* trivy v0.20.0
* support --list-all-pkgs
* fix lint err
* add test case for jar
* add a test case for gemspec in container
* remove v1 parser and change Library struct
* Changed the field name in the model struct LibraryScanner
* add comment
* fix comment
* fix comment
* chore
* add struct tag
2021-10-08 17:22:06 +09:00
Kota Kanbe
47e6ea249d
chore: fix lint warning ( #1301 )
2021-09-12 20:35:56 +09:00
Kota Kanbe
4a72295de7
feat(saas): support for library-only scanning ( #1300 )
2021-09-10 15:38:35 +09:00
MaineK00n
96c3592db1
breaking-change(go-cve-dict): support new go-cve-dictionary ( #1277 )
...
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent
* fix(cpescan): use CveIDSource
* chore: check Nvd, Jvn data
* chore: go-cve-dictionary update
* chore: add to cveDetails as is, since CveID is embedded in the response
2021-08-13 18:00:55 +09:00
Tomoya Amachi
0179f4299a
fix(trivy-to-vuls): converts even if null vulnerabilities ( #1201 )
2021-03-22 19:32:08 +09:00
Kota Kanbe
64a6222bf9
fix(report): set created_at and updated_at of trivy to json ( #1162 )
2021-02-03 17:52:44 +09:00
sadayuki-matsuno
89f49b0e29
Fix trivy parser test ( #1014 )
...
* fix trivy parser test
* fixed parser data
2020-06-24 17:14:43 +09:00
sadayuki-matsuno
4ae87cc36c
Fix releaser ( #988 )
...
* fix releaser
* fix releaser
* fix releaser
* fix releaser
* add 32 bit releaser and add exit code in cmd
* delete 32 bit releaser
* fix
2020-06-05 15:04:06 +09:00
sadayuki-matsuno
d18e7a751d
add trivy parser ( #981 )
...
* add trivy parser
* fix test
* format
* add title and summary
* add trivy parse command
* add uploader
* set args by env
* add README
* add err check
* fix
* fix
* fix
* fix test
* update trivy
* refactor
* delete require uuid
* delete uuid from trivy parser
Co-authored-by: Kota Kanbe <kotakanbe@gmail.com >
2020-05-29 18:06:45 +09:00
