Brian Prodoehl
554ecc437e
fix(report/email): add Critical to email summary ( #1565 )
...
* Add criticals to email summary
* chore(report/email): add Critical keys
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-12-20 11:56:07 +09:00
Kota Kanbe
f6cd4d9223
feat(libscan): support conan.lock C/C++ ( #1572 )
2022-12-20 11:22:36 +09:00
Kota Kanbe
03c59866d4
feat(libscan): support gradle.lockfile ( #1568 )
...
* feat(libscan): support gradle.lockfile
* add gradle.lockfile to integration test
* fix readme
* chore: update integration
* find *gradle.lockfile
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-12-20 08:52:45 +09:00
Kota Kanbe
1d97e91341
fix(libscan): delete map that keeps all file contents detected by FindLock to save memory ( #1556 )
...
* fix(libscan): delete Map that keeps all files detected by FindLock to save memory
* continue analyzing libs if err occurred
* FindLockDirs
* fix
* fix
2022-11-10 10:19:15 +09:00
MaineK00n
96333f38c9
chore(ubuntu): set Ubuntu 22.10 EOL ( #1552 )
2022-11-01 14:00:56 +09:00
MaineK00n
8b5d1c8e92
feat(cwe, cti): update dictionary ( #1553 )
...
* feat(cwe): update CWE dictionary
* feat(cti): update CTI dictionary
* fix(cwe): fix typo
2022-11-01 14:00:23 +09:00
MaineK00n
dea80f860c
feat(report): add cyclonedx format ( #1543 )
2022-11-01 13:58:31 +09:00
dependabot[bot]
6eb4c5a5fe
chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1 ( #1538 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.31.3 to 0.32.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.31.3...v0.32.1 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore(deps): bump github.com/aquasecurity/trivy 0.32.1 to 0.33.0
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-10-27 01:24:06 +09:00
Kota Kanbe
b219a8495e
fix(cpescan): match if affected version is NA ( #1548 )
...
https://github.com/vulsio/go-cve-dictionary/pull/283
2022-10-19 16:57:32 +09:00
Kota Kanbe
eb87d5d4e1
fix(saas): panic: runtime error: comparing uncomparable type config.PortScanConf ( #1537 )
2022-10-04 11:55:48 +09:00
tomofumi0003
6963442a5e
fix(report): send report to each slack channel ( #1530 )
...
* fix send report to each slack channel
* fix(report): use w.Cnf.Channel instead of channel
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-09-29 16:08:36 +09:00
Kota Kanbe
f7299b9dba
fix(scan): detect AL2 even when empty /etc/redhat-release ( #1536 )
2022-09-29 11:12:30 +09:00
Satoru Nihei
379fc8a1a1
fix: fix query ( #1534 )
2022-09-28 20:51:20 +09:00
MaineK00n
947fbbb29e
fix(ms): always sets isPkgCvesDetactable to true ( #1492 )
2022-09-07 12:05:16 +09:00
MaineK00n
06d2032c9c
docs: update slack invite URL ( #1524 )
2022-09-07 12:04:28 +09:00
dependabot[bot]
d055c48827
chore(deps): bump github.com/aquasecurity/trivy from 0.30.4 to 0.31.3 ( #1526 )
...
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.30.4 to 0.31.3.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.4...v0.31.3 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-07 12:02:08 +09:00
MaineK00n
2a00339da1
fix(lockfiles): fix privileges in lockfile scan ( #1512 )
...
* fix(lockfiles): fix privileges in lockfile scan
* style(fmt): add space in comment line
2022-09-02 18:18:00 +09:00
kidokidofire
2d959b3af8
Fix func to get EC2 instance ID by IMDSv2. ( #1522 )
...
Co-authored-by: kido3160 <s.kido.fy@future.co.jp >
2022-08-25 14:31:48 +09:00
kidokidofire
595e26db41
Enable to get EC2 instance ID by IMDSv2. ( #1520 )
...
Co-authored-by: kido3160 <s.kido.fy@future.co.jp >
2022-08-24 17:39:45 +09:00
Kota Kanbe
1e457320c5
chore: bump up version ( #1511 )
2022-08-08 16:55:31 +09:00
MaineK00n
a06e689502
feat(cwe): add cwe top25 2022 ( #1504 )
2022-08-04 18:00:45 +09:00
MaineK00n
ca3f6b1dbf
feat(amazon): support Amazon Linux 2 Extra Repository ( #1510 )
...
* feat(amazon): support Amazon Linux 2 Extra Repository
* feat(amazon): set Amazon Linux EOL
* feat(oracle): set Oracle Linux EOL
2022-08-04 17:52:42 +09:00
dependabot[bot]
f1c78e42a2
chore(deps): bump github.com/aquasecurity/trivy from 0.30.3 to 0.30.4 ( #1507 )
...
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.30.3 to 0.30.4.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.3...v0.30.4 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-03 09:53:08 +09:00
MaineK00n
2f3b8bf3cc
chore(rocky): set Rocky Linux 9 EOL ( #1495 )
2022-07-27 02:48:10 +09:00
MaineK00n
ab54266f9e
fix(library): fill libraryFixedIns{}.key in ftypes.Pnpm and ftypes.DotNetCore ( #1498 )
...
* fix(library): fill key in ftypes.Pnpm and ftypes.DotNetCore
* chore(library): change the data structure of LibraryMap
2022-07-26 13:53:50 +09:00
dependabot[bot]
d79d138440
chore(deps): bump github.com/aquasecurity/trivy from 0.30.2 to 0.30.3 ( #1499 )
...
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.30.2 to 0.30.3.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.2...v0.30.3 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-26 04:52:32 +09:00
dependabot[bot]
139f3a81b6
chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 ( #1494 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.27.1 to 0.30.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.27.1...v0.30.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore(deps): bump github.com/aquasecurity/trivy from 0.30.0 to 0.30.2
* fix(library): change fanal to trivy/pkg/fanal
* chore: update integration
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-07-25 16:47:57 +09:00
MaineK00n
d1a617cfff
fix(ms): remove duplicate advisories ( #1490 )
2022-07-14 09:26:30 +09:00
MaineK00n
48f7597bcf
feat(ms): import gost:MaineK00n/new-windows ( #1481 )
...
* feat(ms): import gost:MaineK00n/new-windows
* chore(discover): add CTI section
* feat(ms): fill KB with VulnInfo.DistroAdvisories instead of CveContent.Optional
* fix(ms): Change bitSize from 32 to 64
* fix(ms): delete KB prefix
* chore(ms): change logger
* fix(ms): fill in correct AdvisoryID
Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com >
2022-07-04 14:26:41 +09:00
sadayuki-matsuno
93731311a1
feat(saas) add vuls tags from env ( #1487 )
2022-07-04 12:00:02 +09:00
MaineK00n
999529a05b
feat(scanner): detect host key change ( #1406 )
...
* feat(scanner): detect host key change
* chore(scanner): add testcase
2022-07-04 10:57:43 +09:00
MaineK00n
847d820af7
feat(os): support Alpine Linux 3.16 ( #1479 )
2022-06-15 17:08:40 +09:00
MaineK00n
5234306ded
feat(cti): add Cyber Threat Intelligence info ( #1442 )
...
* feat(cti): add Cyber Threat Intelligence info
* chore: replace io/ioutil as it is deprecated
* chore: remove --format-csv in stdout writer
* chore(deps): go get go-cti@v0.0.1
* feat(cti): update cti dict(support MITRE ATT&CK v11.1)
* chore(deps): go get go-cti@master
2022-06-15 17:08:12 +09:00
MaineK00n
86b60e1478
feat(config): support CIDR ( #1415 )
2022-06-10 18:24:25 +09:00
MaineK00n
42fdc08933
feat(os): support RHEL 9, CentOS Stream 9, Alma Linux 9 ( #1465 )
...
* feat(os): support RHEL 9
* feat(os): support CentOS Stream9, AlmaLinux 9
2022-06-09 06:39:16 +09:00
MaineK00n
38b1d622f6
feat(cwe): update CWE dictionary ( #1443 )
2022-06-09 06:36:54 +09:00
MaineK00n
2477f9a8f8
chore: tidy go.mod, add arm64 and workflows update ( #1461 )
...
* chore: tidy go.mod
* chore(gh): add arm64 and workflows update
* chore: disable staticcheck SA1019 for xerrors.Errorf
* chore: fix github.com/boltdb/bolt switch to github.com/etcd-io/bbolt? #1457
2022-06-09 06:10:07 +09:00
kurita0
ec6e90acd3
fix getting wp core version string via ssh ( #1344 )
...
* fix getting wp core version string via ssh
* check DocRoot
2022-06-09 06:05:15 +09:00
sadayuki-matsuno
2aca2e4352
feat(contrib/trivy) fill image info into scan results ( #1475 )
...
* feat(contrib/trivy) fill image info into scan results
* fix match size
* fix match size
2022-06-08 17:00:32 +09:00
sadayuki-matsuno
14518d925e
fix(contriv/fvuls) initialize optional map ( #1469 )
2022-05-30 12:46:53 +09:00
sadayuki-matsuno
948f8c0751
add VULS_TAGS env into contiriv future-vuls ( #1466 )
2022-05-24 13:46:28 +09:00
sadayuki-matsuno
1c1e40058e
feat(library) output library type when err ( #1460 )
2022-05-16 09:58:58 +09:00
Satoru Nihei
2158fc6cb1
fix: judge by scannedVia ( #1456 )
2022-05-06 09:38:38 +09:00
MaineK00n
91ed318c5d
chore(deps): update trivy v0.27.1 ( #1453 )
...
* chore(deps): update trivy v0.27.1
* chore: add gosum
2022-04-27 15:43:23 +09:00
MaineK00n
bfc3828ce1
chore(deps): update goval-dictionary and gost ( #1452 )
2022-04-27 13:03:11 +09:00
dependabot[bot]
c7eac4e7fe
chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 ( #1451 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.25.4 to 0.27.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.25.4...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix(library): support go.mod scan
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-04-27 12:46:47 +09:00
MaineK00n
cc63a0eccf
feat(ubuntu): add Jammy Jellyfish(22.04) ( #1431 )
...
* feat(ubuntu): add Jammy Jellyfish(22.04)
* chore(deps): gost update
* chore(oval/ubuntu): fill kernel package name temporarily
2022-04-27 11:04:00 +09:00
Satoru Nihei
fd18df1dd4
feat: parse OS version from result of trivy-scan ( #1444 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.4
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.24.2 to 0.25.4.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.24.2...v0.25.4 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* test: add testcase
* feat: parse metadata
* refactor: change detect logic
* refactor: change parsing logic
* refactor: refactor check logic before detect
* fix: impl without reuseScannedCves
* feat: complement :latest tag
* Update contrib/trivy/parser/v2/parser.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-04-27 10:28:20 +09:00
MaineK00n
8775b5efdf
chore: fix lint error ( #1438 )
...
* chore: fix lint: revive error
* chore: golanci-lint uses go 1.18
* chore: refactor tasks in GNUmakefile
* chore: add trivy binary in fvuls image
2022-04-15 18:12:13 +09:00
dependabot[bot]
a9f29a6c5d
chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.1 ( #1436 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.24.2...v0.25.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore(deps): bump up Go to 1.18 and trivy v0.25.1
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-04-05 13:27:49 +09:00
