Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,445 Commits 6 Branches 121 Tags
426eb53af546eea10d44699b225ade095f4f5c03
Commit Graph

193 Commits

Author SHA1 Message Date
dependabot[bot]
426eb53af5 chore(deps): bump github.com/jackc/pgx/v5 from 5.5.1 to 5.5.4 (#1872) 
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.1 to 5.5.4.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.5.1...v5.5.4)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-15 09:49:26 +09:00
dependabot[bot]
bda089b589 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#1871) 
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-14 15:13:37 +09:00
dependabot[bot]
02d1f6f59e chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#1868) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-12 04:02:19 +09:00
dependabot[bot]
54dae08f54 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#1861) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-05 15:45:01 +09:00
Shunichi Shinohara
d1f9233409 Avoid to use sync.Once inside trivy javadb Updater (#1859) 
* Avoid to use once inside trivy javadb Updater

Because detector package may be used as library-like way

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/javadb/javadb.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Avoid else if, unless necessary

* go mod tidy

* Add package comment

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-03-05 15:23:45 +09:00
dependabot[bot]
eed4328e2c chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.2 (#1856) 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.0 to 3.14.2.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.0...v3.14.2)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-28 16:38:43 +09:00
Shunichi Shinohara
351cf4f712 Update trivy from 0.35.0 to 0.49.1 (#1806) 
* Update trivy 0.35.0->0.48.0

- Specify oras-go 1.2.4 in indirect dependencies

  docker/docker changes a part of its API at 24.0
  - registry: return concrete service type · moby/moby@7b3acdf
    - 7b3acdff5d (diff-8325eae896b1149bf92c826d07fc29005b1b102000b766ffa5a238d791e0849bR18-R21)

  oras-go 1.2.3 uses 23.0.1 and trivy transitively depends on docker/docker 24.y.z.
  There is a build error between oras-go and docker/dockr.

- Update disabled analyzers
- Update language scanners, enable all of them

* move javadb init to scan.go

* Add options for java db init()

* Update scanner/base.go

* Remove unused codes

* Add some lock file names

* Typo fix

* Remove space character (0x20)

* Add java-db options for integration scan

* Minor fomartting fix

* minor fix

* conda is NOT supported by Trivy for library scan

* Configure trivy log in report command too

* Init trivy in scanner

* Use trivy's jar.go and replace client which does almost nothing

* mv jar.go

* Add sha1 hash to result and add filepath for report phase

* Undo added 'vuls scan' options

* Update oras-go to 1.2.4

* Move Java DB related config items to report side

* Add java db search in detect phase

* filter top level jar only

* Update trivy to 0.49.1

* go mod tidy

* Update to newer interface

* Refine lock file list, h/t MaineK00n

* Avoid else clauses if possible, h/t MaineK00n

* Avoid missing word for find and lang types, h/t MaineK00n

* Add missing ecosystems, h/t MaineK00n

* Add comments why to use custom jar analyzer, h/t MaineK00n

* Misc

* Misc

* Misc

* Include go-dep-parser's pares.go for modification

* Move digest field from LibraryScanner to Library

* Use inner jars sha1 for each

* Add Seek to file head before handling zip file entry

* Leave Digest feild empty for entries from pom.xml

* Don't import python/pkg (don't look into package.json)

* Make privete where private is sufficient

* Remove duplicate after Java DB lookup

* misc

* go mod tidy

* Comment out ruby/gemspec

* misc

* Comment out python/packaging

* misc

* Use custom jar

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/jar.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/base.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/parse.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Missing changes in name change

* Update models/github.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update models/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/base.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/base.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update scanner/trivy/jar/jar.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Don't import fanal/types at github.go

* Rewrite code around java db initialization

* Add comment

* refactor

* Close java db client

* rename

* Let LibraryScanner have java db client

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* Update detector/library.go

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

* inline variable

* misc

* Fix typo

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-02-28 14:25:58 +09:00
dependabot[bot]
d7e1e82299 chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#1854) 
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.8 to 1.3.9.
- [Release notes](https://github.com/etcd-io/bbolt/releases)
- [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.8...v1.3.9)

---
updated-dependencies:
- dependency-name: go.etcd.io/bbolt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-27 09:57:43 +09:00
dependabot[bot]
6f63566b68 chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (#1849) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-13 03:53:42 +09:00
dependabot[bot]
d6589c2193 chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1837) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-31 05:32:51 +09:00
dependabot[bot]
6e07103036 chore(deps): bump github.com/emersion/go-smtp from 0.20.1 to 0.20.2 (#1838) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.20.1...v0.20.2)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-31 05:32:32 +09:00
dependabot[bot]
b7e5bb2fbb chore(deps): bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 (#1831) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-16 07:58:40 +09:00
dependabot[bot]
91ed76838e chore(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 (#1833) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.5.0 to 0.6.0.
- [Commits](https://github.com/golang/sync/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-16 07:49:21 +09:00
Sinclair
098f3089dd chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1829) 2024-01-12 14:17:12 +09:00
dependabot[bot]
0e04d21bef chore(deps): bump github.com/emersion/go-smtp from 0.20.0 to 0.20.1 (#1826) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.20.0 to 0.20.1.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.20.0...v0.20.1)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 23:40:33 +09:00
dependabot[bot]
f1005e5db3 chore(deps): bump github.com/emersion/go-smtp from 0.19.0 to 0.20.0 (#1824) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-04 15:32:17 +09:00
dependabot[bot]
1acc4d8e04 chore(deps): bump github.com/c-robinson/iplib from 1.0.7 to 1.0.8 (#1819) 
Bumps [github.com/c-robinson/iplib](https://github.com/c-robinson/iplib) from 1.0.7 to 1.0.8.
- [Release notes](https://github.com/c-robinson/iplib/releases)
- [Commits](https://github.com/c-robinson/iplib/compare/v1.0.7...v1.0.8)

---
updated-dependencies:
- dependency-name: github.com/c-robinson/iplib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-26 08:07:08 +09:00
dependabot[bot]
eee6441372 chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1818) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-19 13:51:19 +09:00
MaineK00n
bbf53c7639 chore(deps): bump dictionaries (#1815) 2023-12-18 05:41:46 +09:00
MaineK00n
d1224991a0 feat(models/nvd): group by source (#1805) 2023-12-08 19:36:26 +09:00
MaineK00n
7e12e9abc4 chore(deps): bump go-cve-dictionary to 0.10.0 (#1803) 2023-12-07 12:48:14 +09:00
dependabot[bot]
df960cc0f5 chore(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#1799) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 11:15:40 +09:00
dependabot[bot]
b0489785d0 chore(deps): bump github.com/gosnmp/gosnmp from 1.36.1 to 1.37.0 (#1798) 
Bumps [github.com/gosnmp/gosnmp](https://github.com/gosnmp/gosnmp) from 1.36.1 to 1.37.0.
- [Release notes](https://github.com/gosnmp/gosnmp/releases)
- [Changelog](https://github.com/gosnmp/gosnmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gosnmp/gosnmp/compare/v1.36.1...v1.37.0)

---
updated-dependencies:
- dependency-name: github.com/gosnmp/gosnmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 11:14:56 +09:00
dependabot[bot]
4ffa06770c chore(deps): bump github.com/emersion/go-smtp from 0.18.1 to 0.19.0 (#1790) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.18.1 to 0.19.0.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.18.1...v0.19.0)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-15 23:21:21 +09:00
dependabot[bot]
53317ee49b chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (#1789) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.4.0 to 0.5.0.
- [Commits](https://github.com/golang/sync/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-15 22:16:42 +09:00
dependabot[bot]
fc743569b7 chore(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 (#1791) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-15 22:09:59 +09:00
dependabot[bot]
f3f8e26ba5 chore(deps): bump github.com/emersion/go-smtp from 0.16.0 to 0.18.1 (#1771) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.16.0 to 0.18.1.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.16.0...v0.18.1)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-09 05:24:58 +09:00
dependabot[bot]
5d1c365a42 chore(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 (#1782) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-07 08:14:11 +09:00
dependabot[bot]
d8fa000b01 chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#1785) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-07 08:08:56 +09:00
dependabot[bot]
9f1e090597 chore(deps): bump github.com/docker/docker (#1777) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.4+incompatible to 24.0.7+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v23.0.4...v24.0.7)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-31 14:30:49 +09:00
dependabot[bot]
8d5765fcb0 chore(deps): bump go.etcd.io/bbolt from 1.3.7 to 1.3.8 (#1780) 
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.7 to 1.3.8.
- [Release notes](https://github.com/etcd-io/bbolt/releases)
- [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.7...v1.3.8)

---
updated-dependencies:
- dependency-name: go.etcd.io/bbolt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-31 14:30:11 +09:00
dependabot[bot]
3a5c3326b2 chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#1781) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-31 14:29:00 +09:00
MaineK00n
264a82e2f4 chore(deps): bump github.com/vulsio/gost to v0.4.6-0.20231027050036-c963bd83e7e5 (#1775) 2023-10-27 14:26:05 +09:00
dependabot[bot]
fed731b0f2 chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#1774) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.2 to 1.58.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.2...v1.58.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-26 08:24:29 +09:00
dependabot[bot]
5e2ac5a0c4 chore(deps): bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (#1773) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-25 08:20:41 +09:00
MaineK00n
75e9883d8a feat(ubuntu): add ubuntu 23.10(mantic) (#1750) 2023-10-19 02:01:18 +09:00
dependabot[bot]
801b968f89 chore(deps): bump github.com/package-url/packageurl-go (#1754) 
Bumps [github.com/package-url/packageurl-go](https://github.com/package-url/packageurl-go) from 0.1.1-0.20220203205134-d70459300c8a to 0.1.2.
- [Release notes](https://github.com/package-url/packageurl-go/releases)
- [Commits](https://github.com/package-url/packageurl-go/commits/v0.1.2)

---
updated-dependencies:
- dependency-name: github.com/package-url/packageurl-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-17 23:18:36 +09:00
dependabot[bot]
37175066b1 chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.7.2 (#1733) 
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.7.1...v0.7.2)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-17 23:17:30 +09:00
MaineK00n
1a55cafc91 chore(deps): update dictionary (#1708) 2023-10-17 23:04:27 +09:00
dependabot[bot]
48ff5196f4 chore(deps): bump github.com/gosnmp/gosnmp from 1.35.0 to 1.36.1 (#1763) 
Bumps [github.com/gosnmp/gosnmp](https://github.com/gosnmp/gosnmp) from 1.35.0 to 1.36.1.
- [Release notes](https://github.com/gosnmp/gosnmp/releases)
- [Changelog](https://github.com/gosnmp/gosnmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gosnmp/gosnmp/compare/v1.35.0...v1.36.1)

---
updated-dependencies:
- dependency-name: github.com/gosnmp/gosnmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-17 15:25:53 +09:00
dependabot[bot]
1c79cc5232 chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#1761) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.15.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-12 14:23:25 +09:00
dependabot[bot]
3de546125f chore(deps): bump golang.org/x/sync from 0.2.0 to 0.4.0 (#1757) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.2.0 to 0.4.0.
- [Commits](https://github.com/golang/sync/compare/v0.2.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-12 14:12:32 +09:00
dependabot[bot]
b43c1b9984 chore(deps): bump github.com/c-robinson/iplib from 1.0.6 to 1.0.7 (#1745) 
Bumps [github.com/c-robinson/iplib](https://github.com/c-robinson/iplib) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/c-robinson/iplib/releases)
- [Commits](https://github.com/c-robinson/iplib/compare/v1.0.6...v1.0.7)

---
updated-dependencies:
- dependency-name: github.com/c-robinson/iplib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-26 17:57:16 +09:00
MaineK00n
78b52d6a7f feat(detector/cve): new support for fortinet data feed (#1736) 2023-09-25 16:19:10 +09:00
hiroka-wada
80b48fcbaa feat(contrib/fvuls) Add commands to obtained CPE information of network devices by executing snmp2cpe and upload to Fvuls server (#1721) 
* add: README.md

* add: commands(discover,add-server,add-cpe)

* add: implements(discover,add-server,add-cpe)

* fix: changed os.Exit(1) in main.go to return an error

* fix: lint error

* delete: trivy-to-vuls stdIn

* fix: Incomprehesible error logs

* fix: according to review

* add: function converts old config to latest one

* delete: add-server

* fix: lint error

* fix

* fix: remote scan error in Windows

* fix: lint error

* fix

* fix: lint error

* fix: lint error

* fix: lint error

* add: scanner/scanner.go test normalizeHomeDirForWindows()

* fix

* fix

* fix

* fix

* fix

* fix

* fix: lint error

* fix: error log

* fix

* refactor(fvuls)

* Refactor (#2)

refactor
---------

Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>

* Refactor (#3)

 fix

---------

Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com>
Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>

* fix

* fix: lint error

* fix

---------

Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.4>
Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.10>
Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>
Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com>
 2023-09-21 15:55:05 +09:00
dependabot[bot]
3f2dbe3b6d chore(deps): bump github.com/aws/aws-sdk-go from 1.44.300 to 1.45.6 (#1730) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.300 to 1.45.6.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.300...v1.45.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-12 20:54:00 +09:00
dependabot[bot]
5ffd620868 chore(deps): bump golang.org/x/oauth2 from 0.8.0 to 0.12.0 (#1731) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.8.0 to 0.12.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.8.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-12 20:53:43 +09:00
dependabot[bot]
a23abf48fd chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#1687) 
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.3)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-22 21:47:35 +09:00
dependabot[bot]
6e14a2dee6 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.263 to 1.44.300 (#1706) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.263 to 1.44.300.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.263...v1.44.300)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-22 21:47:19 +09:00
dependabot[bot]
e12fa0ba64 chore(deps): bump google.golang.org/grpc from 1.52.0 to 1.53.0 (#1699) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.0 to 1.53.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.52.0...v1.53.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-22 21:42:06 +09:00