* fix: Github dependency graph API touches fewer data per page than before
* fix: logging on Github API access failure
* fix: the previous errors persist upon retrying dependency graph
* fix(scanner/dpkg): fix dpkg-query and not remove src pkgs
* refactor(gost): remove unnecesary field and fix typo
* refactor(detector/debian): detect using only SrcPackage
* initialize dependencyGraphManifests out of loop
* remove GitHubSecurityAlert.PackageName
* tidy dependency map for multi repo
* set repo name into SBOM components & purl for multi repo
* fix(ubuntu): vulnerability detection for kernel package
* feat(gost/ubuntu): update mod to treat status: deferred as unfixed
* feat(ubuntu): support 22.10
* feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts
* derive ecosystem/version from dependency graph
* fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure
* fix miscs
* typo in error message
* fix ecosystem equally to trivy
* miscs
* refactoring
* recursive dependency graph pagination
* change var name && update comments
* omit map type of ghpkgToPURL in signatures
* fix vars name
* goimports
* make fmt
* fix comment
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
* feat(cti): add Cyber Threat Intelligence info
* chore: replace io/ioutil as it is deprecated
* chore: remove --format-csv in stdout writer
* chore(deps): go get go-cti@v0.0.1
* feat(cti): update cti dict(support MITRE ATT&CK v11.1)
* chore(deps): go get go-cti@master
* feat(kevuln): add known exploited vulnerabilities
* chore: transfer repository owner
* feat: show CISA on top of CERT
* chore: rename var
* chore: rename var
* chore: fix review
* chore: fix message
* feat: update-trivy
* add v2 parser
* implement v2
* refactor
* feat: add show version to future-vuls
* add test case for v2
* trivy v0.20.0
* support --list-all-pkgs
* fix lint err
* add test case for jar
* add a test case for gemspec in container
* remove v1 parser and change Library struct
* Changed the field name in the model struct LibraryScanner
* add comment
* fix comment
* fix comment
* chore
* add struct tag
* feat(oval): support new goval-dictionary model
* chore: fix lint err
* chore: set len of slice to 0
* fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks
* fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks
* feat(report): do not add duplicate CveContent
* chore: goval-dictionary update
* chore: go mod tidy
* fix(oval): preload Advisory.Cves for Ubuntu
https://github.com/kotakanbe/goval-dictionary/pull/152
Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
* chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves()
* review comment
* chore: go mod update go-cve
* feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN
* add NvdExactVersionMatch andd NvdRoughVersionMatch
* add confidence-over option to report
* sort CveContetens
* fix integration-test
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent
* fix(cpescan): use CveIDSource
* chore: check Nvd, Jvn data
* chore: go-cve-dictionary update
* chore: add to cveDetails as is, since CveID is embedded in the response
* fix(cpescan): CpeVendorProductMatch not set when Redis Backend
* fix(integration): deprecated CPE URI
* fix(integration-test): add a test case for CpeVendorProductMatch
* fix review
* update deps go-cve-dict v0.6.2
