tk007
be7b9114cc
feat(PackageURL):add package URL for library scan result ( #1862 )
...
* add: package url in model.Library
* feat(trivy-to-vuls): add purl for library scan result
* feat(scanner/library): add purl for lockfile scan result
* fix: model.Library test
* fix: trivy-to-vuls test data
* fix: panic case to generate purl
* fix: add blank line
* fix: trivy-to-vuls for using Trivy version 0.49.0 or earlier
* fix: remove comment
* fix: remove print
* fix: testcase for Package.Identifier does not exist version
* fix: add blank line
* fix: expected libs
* fix: PackageURL -> PURL
* fix: blank line
2024-03-07 16:21:15 +09:00
MaineK00n
bf14b5f61f
fix(detector): library.Scan move to detector ( #1864 )
2024-03-06 16:59:06 +09:00
Shunichi Shinohara
d1f9233409
Avoid to use sync.Once inside trivy javadb Updater ( #1859 )
...
* Avoid to use once inside trivy javadb Updater
Because detector package may be used as library-like way
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/javadb/javadb.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Avoid else if, unless necessary
* go mod tidy
* Add package comment
---------
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2024-03-05 15:23:45 +09:00
Shunichi Shinohara
351cf4f712
Update trivy from 0.35.0 to 0.49.1 ( #1806 )
...
* Update trivy 0.35.0->0.48.0
- Specify oras-go 1.2.4 in indirect dependencies
docker/docker changes a part of its API at 24.0
- registry: return concrete service type · moby/moby@7b3acdf
- 7b3acdff5d (diff-8325eae896b1149bf92c826d07fc29005b1b102000b766ffa5a238d791e0849bR18-R21)mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/jar.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/base.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/parse.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Missing changes in name change
* Update models/github.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update models/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/base.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/base.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update scanner/trivy/jar/jar.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Don't import fanal/types at github.go
* Rewrite code around java db initialization
* Add comment
* refactor
* Close java db client
* rename
* Let LibraryScanner have java db client
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* Update detector/library.go
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
* inline variable
* misc
* Fix typo
---------
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2024-02-28 14:25:58 +09:00
Kota Kanbe
f6cd4d9223
feat(libscan): support conan.lock C/C++ ( #1572 )
2022-12-20 11:22:36 +09:00
Kota Kanbe
03c59866d4
feat(libscan): support gradle.lockfile ( #1568 )
...
* feat(libscan): support gradle.lockfile
* add gradle.lockfile to integration test
* fix readme
* chore: update integration
* find *gradle.lockfile
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-12-20 08:52:45 +09:00
MaineK00n
ab54266f9e
fix(library): fill libraryFixedIns{}.key in ftypes.Pnpm and ftypes.DotNetCore ( #1498 )
...
* fix(library): fill key in ftypes.Pnpm and ftypes.DotNetCore
* chore(library): change the data structure of LibraryMap
2022-07-26 13:53:50 +09:00
dependabot[bot]
139f3a81b6
chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 ( #1494 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.27.1 to 0.30.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.27.1...v0.30.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore(deps): bump github.com/aquasecurity/trivy from 0.30.0 to 0.30.2
* fix(library): change fanal to trivy/pkg/fanal
* chore: update integration
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-07-25 16:47:57 +09:00
sadayuki-matsuno
1c1e40058e
feat(library) output library type when err ( #1460 )
2022-05-16 09:58:58 +09:00
dependabot[bot]
c7eac4e7fe
chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 ( #1451 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.25.4 to 0.27.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.25.4...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix(library): support go.mod scan
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-04-27 12:46:47 +09:00
MaineK00n
a1cc152e81
feat(library): add auto detect library ( #1417 )
2022-03-17 18:08:40 +09:00
Kota Kanbe
77049d6cbb
feat(libscan): support trivy v0.23.0 ( #1377 )
...
* feat(libscan): support trivy v0.23.0
* fix lint err
* review
2022-02-01 10:40:16 +09:00
Kota Kanbe
aac5ef1438
feat: update-trivy ( #1316 )
...
* feat: update-trivy
* add v2 parser
* implement v2
* refactor
* feat: add show version to future-vuls
* add test case for v2
* trivy v0.20.0
* support --list-all-pkgs
* fix lint err
* add test case for jar
* add a test case for gemspec in container
* remove v1 parser and change Library struct
* Changed the field name in the model struct LibraryScanner
* add comment
* fix comment
* fix comment
* chore
* add struct tag
2021-10-08 17:22:06 +09:00
Kota Kanbe
c73ed7f32f
chore: update find-lock file type ( #1309 )
2021-09-24 16:23:23 +09:00
MaineK00n
591786fde6
feat(oval): support new goval-dictionary model ( #1280 )
...
* feat(oval): support new goval-dictionary model
* chore: fix lint err
* chore: set len of slice to 0
* fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks
* fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks
* feat(report): do not add duplicate CveContent
* chore: goval-dictionary update
* chore: go mod tidy
* fix(oval): preload Advisory.Cves for Ubuntu
https://github.com/kotakanbe/goval-dictionary/pull/152
Co-authored-by: Kota Kanbe <kotakanbe@gmail.com >
2021-09-13 10:19:59 +09:00
MaineK00n
96c3592db1
breaking-change(go-cve-dict): support new go-cve-dictionary ( #1277 )
...
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent
* fix(cpescan): use CveIDSource
* chore: check Nvd, Jvn data
* chore: go-cve-dictionary update
* chore: add to cveDetails as is, since CveID is embedded in the response
2021-08-13 18:00:55 +09:00
Kota Kanbe
231c63cf62
fix(libscan): support empty LibraryFixedIn ( #1252 )
2021-06-16 13:28:12 +09:00
Kota Kanbe
e8e3f4d138
feat(lib): support of Go (go.sum) scan ( #1244 )
...
* chore: update trivy deps
* fix(test): fix sort order in json
* parse go.sum in scanning
* feat(lib): support go.sum
2021-06-03 11:31:37 +09:00
Kota Kanbe
e553f8b4c5
feat(trivy): go mod update trivy v0.17.2 ( #1235 )
...
* feat(trivy): go mod update trivy v0.17.2
* wg.Wait
* fix reporting
* fix test case
* add gemfile.lock of redmine to integration test
* fix(test): add Pipfile.lock
* add poetry.lock to integration test
* add composer.lock to integration test
* add integration test case
2021-05-12 18:27:55 +09:00
Kota Kanbe
3f2ac45d71
Refactor logger ( #1185 )
...
* refactor: logger
* refactor: logging
* refactor: rename func
* refactor: logging
* refactor: logging format
2021-02-26 10:36:58 +09:00
Kota Kanbe
b5506a1368
chore: go mod update ( #1125 )
2021-01-13 11:56:35 +09:00
Kota Kanbe
0b55f94828
Improve implementation around config ( #1122 )
...
* refactor config
* fix saas config
* feat(config): scanmodule for each server in config.toml
* feat(config): enable to specify containersOnly in config.toml
* add new keys of config.toml to discover.go
* fix summary output, logging
2021-01-13 08:46:27 +09:00
Kota Kanbe
43ed904db1
fix(deps): update dependencies ( #1094 )
...
* fix(dpes): update dependencies
* update go ver
* update go ver
* update go
* update go
2020-12-15 04:32:23 +09:00
Kota Kanbe
2fc3462d35
fix(libscan): update trivy deps ( #1070 )
2020-11-05 15:38:12 +09:00
Kota Kanbe
58cf1f4c8e
refactor(typo): fix typos ( #1041 )
2020-08-24 16:34:32 +09:00
Kota Kanbe
c11ba27509
fix(libscan): include a lockfile path of libs ( #1012 )
2020-06-24 10:46:00 +09:00
Kota Kanbe
62c9409fe9
add a github actions config ( #985 )
...
* add a github actions config
* fix(log): Don't create a log dir when testing
* remove a meaningless test case
* Thanks for everything, Mr, Travys.
* add golangci
* add goreleaser.yml
* add tidy.yml
* add golang-ci
* fix many lint warnings
2020-05-27 20:11:24 +09:00
Kota Kanbe
ebe5f858c8
update trivy, and unsupport image scanning feature ( #971 )
...
* update trivy, fanal. unsupport image scanning
* Update models/library.go
Co-authored-by: Teppei Fukuda <teppei@elab.ic .i.u-tokyo.ac.jp>
* add -no-progress flag to report/tui cmd
* Display trivy vuln info to tui/report
* add detection method to vulninfo detected by trivy
* fix(uuid): change uuid lib to go-uuid #929 (#969 )
* update trivy, fanal. unsupport image scanning
* Update models/library.go
Co-authored-by: Teppei Fukuda <teppei@elab.ic .i.u-tokyo.ac.jp>
* add -no-progress flag to report/tui cmd
* Display trivy vuln info to tui/report
* add detection method to vulninfo detected by trivy
* unique ref links in TUI
* download trivy DB only when lock file is specified in config.toml
Co-authored-by: Teppei Fukuda <teppei@elab.ic .i.u-tokyo.ac.jp>
2020-05-08 15:24:39 +09:00
Wagde Zabit
c0ebac305a
composer.lock insteaad of composer.json ( #973 )
...
Co-authored-by: Wagde Zabit <wagde@orcasecurity.io >
2020-05-01 15:20:33 +09:00
Kota Kanbe
b7ca5e5590
feat(scan): add -wordpress-only and -libs-only flag ( #898 )
2019-09-06 10:33:03 +09:00
Kota Kanbe
1fbd516b83
fix(report): fix too many variables while reporting ( #888 )
2019-08-25 17:56:47 +09:00
Tomoya Amachi
abcea1a14d
add Library Scan (with image scan) ( #829 )
...
* add static container image scan
* server has many staticContainers
* use go module
* for staticContainer
* fix typo
* fix setErrs error
* change name : StaticContainer -> Image
* add scan -images-only flag
* fix makefile
* fix makefile for go module
* use rpmcmd instead of rpm
* add scrutinizer.yml
* change scrutinizer.yml
* fix scrutinizer.yml
* fix scrutinizer.yml
* fix scrutinizer.yml
* fix scrutinizer.yml
* delete scrutinizer
* add report test
* add sourcePackages and Arch
* fix for sider
* fix staticContainer -> image
* init scan library
* add library scan for servers
* fix tui bug
* fix lint error
* divide WpPackageFixStats and LibraryPackageFixedIns
* fix error
* Delete libManager_test.go
* stop use alpine os if err occurred in container
* merge upstream/master
* Delete libManager.go
* update goval-dictionary
* fix go.mod
* update Readme
* add feature : auto detect lockfiles
2019-06-12 18:50:07 +09:00
