* feat(oval): support new goval-dictionary model
* chore: fix lint err
* chore: set len of slice to 0
* fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks
* fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks
* feat(report): do not add duplicate CveContent
* chore: goval-dictionary update
* chore: go mod tidy
* fix(oval): preload Advisory.Cves for Ubuntu
https://github.com/kotakanbe/goval-dictionary/pull/152
Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
* chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves()
* review comment
* chore: go mod update go-cve
* feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN
* add NvdExactVersionMatch andd NvdRoughVersionMatch
* add confidence-over option to report
* sort CveContetens
* fix integration-test
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent
* fix(cpescan): use CveIDSource
* chore: check Nvd, Jvn data
* chore: go-cve-dictionary update
* chore: add to cveDetails as is, since CveID is embedded in the response
* fix(cpescan): CpeVendorProductMatch not set when Redis Backend
* fix(integration): deprecated CPE URI
* fix(integration-test): add a test case for CpeVendorProductMatch
* fix review
* update deps go-cve-dict v0.6.2
* feat(trivy): go mod update trivy v0.17.2
* wg.Wait
* fix reporting
* fix test case
* add gemfile.lock of redmine to integration test
* fix(test): add Pipfile.lock
* add poetry.lock to integration test
* add composer.lock to integration test
* add integration test case
* fix(oracle): false-positive(handle arch of pkgs)
* fix(oracle): false positive kernel-related CVEs
* add a test case for ksplice1
* fix(scan): handle uek kernel for Oracle linux
* fix(scan): hanlde uek kernel for reboot required
* fix(oracle): false-positive for redis-backend
* refactor config
* fix saas config
* feat(config): scanmodule for each server in config.toml
* feat(config): enable to specify containersOnly in config.toml
* add new keys of config.toml to discover.go
* fix summary output, logging
* feat(report): Add NVD as a src for mitigations.
* feat(report): display "Vendor Advisory" URL in NVD
* feat(report): display patch urls in report, tui
* change: never refer to ChangeLog
* change raspberry pi os use debian oval at report
* change do not use r.Family
* change gost do not use r.Family
* change use r.Family because family has a large impact
* change replace MaineK00n/goval-dictionary@raspberrypi-oval
* note Raspbian Scan Policy
* add Raspbian Changelog support policy
* change grep Package for Raspbian at fast-scan mode
* add changelog preprocessing for Raspbian
* add take note of TODO
* change Changelog fetch part to function
* change error handling
* change solve one TODO
* change make ChangelogDir once
* add comment
* fix oval support Amazon Linux :refs #824
* change to useScannedCves from ovalSupproted
* change confidence for Raspbian
* change skip package for raspbian in OVAL DB
* change separate raspbian implementation from util
* change error, log format
* change print format
* change log format(delete newline)
* change support changelog.(Debian.)gz
* Revert "change support changelog.(Debian.)gz"
This reverts commit 2265a72c67.
* change test chnage.(Debian.)gz
* change support raspbian package(*raspberry*)
* change error format
* fix regexp pattern
* fix typo
* fix changelog cache
* change rename function name
* add TestParseChangelog
* change changelog lenient match for raspbian
* fix test case
* change clog dir support symbolic link, clog save dir name append suffix
* change remove more package for raspberry pi
* fix error handling
* change module update
* change refactoring around identifying raspbian package
* update go module
* update scan image
* update scan image
* change clarify scan mode
* change raspiPackNamePattern and add test case
