Stage/vuls - vuls - Gitea: Git with a cup of tea

Stage/vuls

Author	SHA1	Message	Date
MaineK00n	264a82e2f4	chore(deps): bump github.com/vulsio/gost to v0.4.6-0.20231027050036-c963bd83e7e5 (#1775 )	2023-10-27 14:26:05 +09:00
dependabot[bot]	fed731b0f2	chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#1774 ) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.2 to 1.58.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.58.2...v1.58.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-26 08:24:29 +09:00
dependabot[bot]	5e2ac5a0c4	chore(deps): bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (#1773 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.12.0 to 0.13.0. - [Commits](https://github.com/golang/oauth2/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-25 08:20:41 +09:00
MaineK00n	b9db5411cd	feat(scanner): revert lsof command for futurevuls users (#1770 ) v0.24.4	2023-10-20 12:07:20 +09:00
MaineK00n	a1c1f4ce60	fix(scanner): change lsof cmd that should succeed without password (#1769 )	2023-10-20 11:48:04 +09:00
MaineK00n	75e9883d8a	feat(ubuntu): add ubuntu 23.10(mantic) (#1750 )	2023-10-19 02:01:18 +09:00
dependabot[bot]	801b968f89	chore(deps): bump github.com/package-url/packageurl-go (#1754 ) Bumps [github.com/package-url/packageurl-go](https://github.com/package-url/packageurl-go) from 0.1.1-0.20220203205134-d70459300c8a to 0.1.2. - [Release notes](https://github.com/package-url/packageurl-go/releases) - [Commits](https://github.com/package-url/packageurl-go/commits/v0.1.2) --- updated-dependencies: - dependency-name: github.com/package-url/packageurl-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-17 23:18:36 +09:00
dependabot[bot]	37175066b1	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.7.2 (#1733 ) Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.7.1 to 0.7.2. - [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml) - [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.7.1...v0.7.2) --- updated-dependencies: - dependency-name: github.com/CycloneDX/cyclonedx-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-17 23:17:30 +09:00
MaineK00n	1a55cafc91	chore(deps): update dictionary (#1708 )	2023-10-17 23:04:27 +09:00
Kota Kanbe	57264e1765	fix(scan): fix nil poiter in needs-restarting (#1767 ) v0.24.3	2023-10-17 17:58:21 +09:00
dependabot[bot]	48ff5196f4	chore(deps): bump github.com/gosnmp/gosnmp from 1.35.0 to 1.36.1 (#1763 ) Bumps [github.com/gosnmp/gosnmp](https://github.com/gosnmp/gosnmp) from 1.35.0 to 1.36.1. - [Release notes](https://github.com/gosnmp/gosnmp/releases) - [Changelog](https://github.com/gosnmp/gosnmp/blob/master/CHANGELOG.md) - [Commits](https://github.com/gosnmp/gosnmp/compare/v1.35.0...v1.36.1) --- updated-dependencies: - dependency-name: github.com/gosnmp/gosnmp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-17 15:25:53 +09:00
hiroka-wada	738f275e50	fix(contrib/fvuls): Add flag to specify snmp community for future-vuls discover (#1762 ) * add: community option for discover command * fix: README --------- Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6> v0.24.2	2023-10-12 15:30:27 +09:00
dependabot[bot]	1c79cc5232	chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#1761 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.15.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-12 14:23:25 +09:00
orangekame3	73da85210a	chore: remove rand.Seed() (#1756 ) Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-10-12 14:17:34 +09:00
dependabot[bot]	3de546125f	chore(deps): bump golang.org/x/sync from 0.2.0 to 0.4.0 (#1757 ) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.2.0 to 0.4.0. - [Commits](https://github.com/golang/sync/compare/v0.2.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-12 14:12:32 +09:00
MaineK00n	d2ca56a515	chore(os): update EOL (#1749 )	2023-10-03 00:37:16 +09:00
guangwu	27df19f09d	chore: remove refs to deprecated io/ioutil (#1748 ) Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>	2023-10-01 18:51:53 +09:00
Eng Zer Jun	c1854a3a7b	refactor: remove redundant `len` check (#1743 ) `len` returns 0 if the slice is nil. From the Go specification [1]: "1. For a nil slice, the number of iterations is 0." Therefore, an additional `len(v) != 0` check for before the loop is unnecessary. [1]: https://go.dev/ref/spec#For_range Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2023-09-26 18:00:05 +09:00
dependabot[bot]	b43c1b9984	chore(deps): bump github.com/c-robinson/iplib from 1.0.6 to 1.0.7 (#1745 ) Bumps [github.com/c-robinson/iplib](https://github.com/c-robinson/iplib) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/c-robinson/iplib/releases) - [Commits](https://github.com/c-robinson/iplib/compare/v1.0.6...v1.0.7) --- updated-dependencies: - dependency-name: github.com/c-robinson/iplib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-26 17:57:16 +09:00
hiroka-wada	9d8e510c0d	add: json tag (#1746 ) Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6> v0.24.1	2023-09-26 15:50:18 +09:00
MaineK00n	1832b4ee3a	feat(macos): support macOS (#1712 ) v0.24.0	2023-09-25 16:51:09 +09:00
MaineK00n	78b52d6a7f	feat(detector/cve): new support for fortinet data feed (#1736 )	2023-09-25 16:19:10 +09:00
sadayuki-matsuno	048e204b33	fix(contrib/future-vuls) output detail of loading toml error (#1741 )	2023-09-24 21:45:33 +09:00
MaineK00n	70fd968910	fix(server): add filter cves (#1707 ) v0.23.4	2023-09-22 17:45:45 +09:00
MaineK00n	01441351c3	feat(contrib/snmp2cpe): add other fortinet products (#1636 )	2023-09-22 17:43:04 +09:00
MaineK00n	4a28722e4a	fix(scanner): fix socket file name length of SSH ControlPath (#1714 )	2023-09-22 17:31:26 +09:00
hiroka-wada	dea9ed7709	fix: errorlog future-vuls trivy-to-vuls (#1739 ) Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>	2023-09-22 17:25:57 +09:00
hiroka-wada	f6509a5376	feat(config): Auto-upgrade Windows config.toml from v1 to v2 (#1726 ) * add: README.md * add: commands(discover,add-server,add-cpe) * add: implements(discover,add-server,add-cpe) * fix: changed os.Exit(1) in main.go to return an error * fix: lint error * delete: trivy-to-vuls stdIn * fix: Incomprehesible error logs * fix: according to review * add: function converts old config to latest one * delete: add-server * fix: lint error * fix * fix: remote scan error in Windows * fix: lint error * fix * fix: lint error * fix: lint error * add: scanner/scanner.go test normalizeHomeDirForWindows() * fix * fix * fix * fix: remove pointless assignment * fix --------- Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.4> Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.10> Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>	2023-09-21 16:48:35 +09:00
hiroka-wada	80b48fcbaa	feat(contrib/fvuls) Add commands to obtained CPE information of network devices by executing snmp2cpe and upload to Fvuls server (#1721 ) * add: README.md * add: commands(discover,add-server,add-cpe) * add: implements(discover,add-server,add-cpe) * fix: changed os.Exit(1) in main.go to return an error * fix: lint error * delete: trivy-to-vuls stdIn * fix: Incomprehesible error logs * fix: according to review * add: function converts old config to latest one * delete: add-server * fix: lint error * fix * fix: remote scan error in Windows * fix: lint error * fix * fix: lint error * fix: lint error * fix: lint error * add: scanner/scanner.go test normalizeHomeDirForWindows() * fix * fix * fix * fix * fix * fix * fix: lint error * fix: error log * fix * refactor(fvuls) * Refactor (#2) refactor --------- Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6> * Refactor (#3) fix --------- Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com> Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6> * fix * fix: lint error * fix --------- Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.4> Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.10> Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6> Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com>	2023-09-21 15:55:05 +09:00
dependabot[bot]	3f2dbe3b6d	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.300 to 1.45.6 (#1730 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.300 to 1.45.6. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.300...v1.45.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-12 20:54:00 +09:00
dependabot[bot]	5ffd620868	chore(deps): bump golang.org/x/oauth2 from 0.8.0 to 0.12.0 (#1731 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.8.0 to 0.12.0. - [Commits](https://github.com/golang/oauth2/compare/v0.8.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-12 20:53:43 +09:00
dependabot[bot]	a23abf48fd	chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#1687 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-22 21:47:35 +09:00
dependabot[bot]	6e14a2dee6	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.263 to 1.44.300 (#1706 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.263 to 1.44.300. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.263...v1.44.300) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-22 21:47:19 +09:00
dependabot[bot]	e12fa0ba64	chore(deps): bump google.golang.org/grpc from 1.52.0 to 1.53.0 (#1699 ) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.0 to 1.53.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.52.0...v1.53.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-22 21:42:06 +09:00
dependabot[bot]	fa5b875c34	chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 (#1692 ) Bumps [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) from 1.2.1 to 1.3.2. - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](https://github.com/BurntSushi/toml/compare/v1.2.1...v1.3.2) --- updated-dependencies: - dependency-name: github.com/BurntSushi/toml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-22 21:38:04 +09:00
sadayuki-matsuno	f9276a7ea8	feat(windows) export DetectKBsFromKernelVersion (#1703 )	2023-07-13 10:14:49 +09:00
MaineK00n	457a3a9627	feat(scanner/windows): update release info (#1696 ) v0.23.3	2023-06-29 14:05:10 +09:00
MaineK00n	4253550c99	chore(scanner): do not show logs when lsof: no Internet files located (#1688 )	2023-06-23 16:08:49 +09:00
Atsushi Watanabe	97cf033ed6	feat(os): add Fedora 38 EOL date (#1689 ) * feat: add Fedora 38 EOL date * Update EOL date based on https://fedorapeople.org/groups/schedule/f-38/f-38-key-tasks.html * Fix test case name Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-06-13 17:23:11 +09:00
Kota Kanbe	5a6980436a	feat(ubuntu): Support Ubuntu 14.04 and 16.04 ESM (#1682 ) * feat(ubuntu): Support Ubuntu ESM * Sort PackageFixStatuses to resolve the diff in integrationTest * go mod update gost	2023-05-31 09:27:43 +09:00
Sinclair	6271ec522e	fix(detector/github): Enhance the dependency graph API call on the big repository (#1681 ) * fix: Reduce the number of data to be fetched per page, when retrying after a timeout failure on Dependency Graph API * check rate limit on dependency graph API * comment	2023-05-26 14:39:02 +09:00
dependabot[bot]	83681ad4f0	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.259 to 1.44.263 (#1677 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.259 to 1.44.263. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.259...v1.44.263) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-18 10:17:34 +09:00
dependabot[bot]	779833872b	chore(deps): bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#1678 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-18 10:16:54 +09:00
Sinclair	5c79720f56	fix(detector/github): Dependency graph API touches fewer data per page than before (#1654 ) * fix: Github dependency graph API touches fewer data per page than before * fix: logging on Github API access failure * fix: the previous errors persist upon retrying dependency graph	2023-05-15 19:41:04 +09:00
Wagde Zabit	b2c5b79672	feat(os): support debian 12 (#1676 ) * feat(os): support debian 12 * chore(scanner/debian): remove unneeded warn log --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-05-13 01:04:31 +09:00
dependabot[bot]	b0cc908b73	chore(deps): bump github.com/docker/distribution (#1675 ) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-12 08:56:46 +09:00
MaineK00n	ea3d8a6d0b	test: sort []cveContent by CVEID (#1674 ) v0.23.2	2023-05-11 00:53:22 +09:00
MaineK00n	7475b27f6a	chore(deps): update dictionary tools, Vuls is now CGO free (#1667 ) * chore(deps): update dictionary tools, Vuls is now CGO free * chore(integration): update commit	2023-05-11 00:28:51 +09:00
dependabot[bot]	ef80838ddd	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.254 to 1.44.259 (#1672 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.254 to 1.44.259. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.254...v1.44.259) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-09 08:09:49 +09:00
dependabot[bot]	b445b71ca5	chore(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 (#1673 ) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.2.0. - [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-09 08:09:26 +09:00

1 2 3 4 5 ...

1394 Commits