Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,343 Commits 6 Branches 121 Tags
8356e976c43d3b0b8fbb211b4735d612dcfa3ab3
Commit Graph

1343 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
MaineK00n
8356e976c4 chore(deps): update goval-dictionary v0.8.3 (#1671) 2023-05-02 12:14:43 +09:00
MaineK00n
3cc7e92ce5 fix(saas): remove current directory part (#1666) 2023-04-27 12:09:34 +09:00
dependabot[bot]
046a29467b chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.0 to 0.7.1 (#1663) 
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.7.0...v0.7.1)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 05:54:41 +09:00
dependabot[bot]
ef5ab8eaf0 chore(deps): bump golang.org/x/oauth2 from 0.1.0 to 0.7.0 (#1662) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.1.0 to 0.7.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.1.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 05:42:57 +09:00
dependabot[bot]
c8daa5c982 chore(deps): bump github.com/Ullaakut/nmap/v2 (#1665) 
Bumps [github.com/Ullaakut/nmap/v2](https://github.com/Ullaakut/nmap) from 2.1.2-0.20210406060955-59a52fe80a4f to 2.2.2.
- [Release notes](https://github.com/Ullaakut/nmap/releases)
- [Commits](https://github.com/Ullaakut/nmap/commits/v2.2.2)

---
updated-dependencies:
- dependency-name: github.com/Ullaakut/nmap/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 05:41:49 +09:00
dependabot[bot]
9309081b3d chore(deps): bump github.com/aws/aws-sdk-go from 1.44.249 to 1.44.251 (#1660) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.249 to 1.44.251.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.249...v1.44.251)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 04:01:42 +09:00
dependabot[bot]
f541c32d1f chore(deps): bump github.com/c-robinson/iplib from 1.0.3 to 1.0.6 (#1659) 
Bumps [github.com/c-robinson/iplib](https://github.com/c-robinson/iplib) from 1.0.3 to 1.0.6.
- [Release notes](https://github.com/c-robinson/iplib/releases)
- [Commits](https://github.com/c-robinson/iplib/compare/v1.0.3...v1.0.6)

---
updated-dependencies:
- dependency-name: github.com/c-robinson/iplib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:51:34 +09:00
dependabot[bot]
79a8b62105 chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#1657) 
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.6 to 1.3.7.
- [Release notes](https://github.com/etcd-io/bbolt/releases)
- [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.6...v1.3.7)

---
updated-dependencies:
- dependency-name: go.etcd.io/bbolt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:50:53 +09:00
dependabot[bot]
74c91a5a21 chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1658) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:36:46 +09:00
MaineK00n
6787ab45c5 feat(ubuntu): add ubuntu 23.04 (#1647) 2023-04-27 03:26:59 +09:00
dependabot[bot]
f631e9e603 chore(deps): bump github.com/emersion/go-smtp from 0.14.0 to 0.16.0 (#1580) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.14.0 to 0.16.0.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.14.0...v0.16.0)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:25:41 +09:00
dependabot[bot]
2ab48afe47 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.136 to 1.44.249 (#1656) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.136 to 1.44.249.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.136...v1.44.249)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:24:53 +09:00
dependabot[bot]
53ccd61687 chore(deps): bump github.com/Azure/azure-sdk-for-go (#1588) 
Bumps [github.com/Azure/azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) from 66.0.0+incompatible to 68.0.0+incompatible.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v66.0.0...v68.0.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:20:58 +09:00
Sinclair
b91a7b75e2 fix(detector/github): Github dependency graph API request will be retried on error (#1650) 
* fix: Github dependency graph API request will be retried on error

* fix: github dependency graph: error handling

* github dependency graph: fix retry max
v0.23.1 		2023-04-24 12:46:29 +09:00
Wagde Zabit
333eae06ea fix order in identifying amazon linux version (#1652) 2023-04-21 10:35:19 +09:00
MaineK00n
93d401c70c chore(integration): update commit (#1649) 2023-04-20 14:09:21 +09:00
MaineK00n
99dc8e892f feat(gost/ubuntu): check kernel source package more strictly (#1599) 2023-04-20 13:05:41 +09:00
MaineK00n
fb904f0543 refactor(reporter): refactoring TelegramWriter, GoogleChatWriter (#1628) 
* style: remove unnecessary line break

* style: use regexp.MatchString instead of regexp.Match

* refactor(reporter): refactoring TelegramWriter, GoogleChatWriter
 2023-04-20 11:53:31 +09:00
MaineK00n
d4d33fc81d fix(scanner/dpkg): Fix false-negative in Debian and Ubuntu (#1646) 
* fix(scanner/dpkg): fix dpkg-query and not remove src pkgs

* refactor(gost): remove unnecesary field and fix typo

* refactor(detector/debian): detect using only SrcPackage
 2023-04-20 11:42:53 +09:00
Kota Kanbe
a1d3fbf66f fix(scan): false positives in Debian Pkg for CVE-IDs already detected by Trivy (#1639) 
* fix(scan): false positives in Debian Pkg for CVE-IDs already detected by Trivy

* fix

* Add detectionMethod only when detected by gost
 2023-04-17 09:21:30 +09:00
Sinclair
2cdfbe3bb4 fix: dependency graph using small query at once to avoid timeout (#1642) 2023-04-14 14:46:31 +09:00
MaineK00n
ac8290119d fix(configtest): amazon linux 2022, 2023 require dnf-utils (#1635) 2023-04-10 10:16:03 +09:00
MaineK00n
abdb081af7 feat(scanner): skip ssh config validation if G option is unknown option (#1632) v0.23.0 2023-04-04 18:50:17 +09:00
kurita0
e506125017 feat(wp): support csh, no sudo scan (#1523) 
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-03-28 21:07:10 +09:00
MaineK00n
8ccaa8c3ef fix(scanner/windows): support installationType Domain Controller (#1627) 2023-03-28 21:04:17 +09:00
MaineK00n
de1ed8ecaa feat(ci): add windows for snmp2cpe (#1626) 2023-03-28 19:20:03 +09:00
MaineK00n
947d668452 feat(windows): support Windows (#1581) 
* chore(deps): mod update

* fix(scanner): do not attach tty because there is no need to enter ssh password

* feat(windows): support Windows
 2023-03-28 19:00:33 +09:00
MaineK00n
db21149f00 feat(contrib): add snmp2cpe (#1625) 2023-03-28 18:56:28 +09:00
dependabot[bot]
7f35f4e661 chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1606) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.2 to 1.7.0.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-17 05:04:48 +09:00
MaineK00n
6682232b5c feat(os): support Amazon Linux 2023 (#1621) v0.22.2 2023-03-16 17:31:57 +09:00
sadayuki-matsuno
984debe929 fix(detector/github) change timeout 10s to 10m (#1616) 2023-03-01 16:58:11 +09:00
Kota Kanbe
a528362663 fix(saas): upload JSON if err occured during scan (#1615) v0.22.1 2023-03-01 14:52:03 +09:00
MaineK00n
ee97d98c39 feat: update EOL (#1598) 2023-02-22 16:00:05 +09:00
MaineK00n
4e486dae1d style: fix typo (#1592) 
* style: fix typo

* style: add comment
 2023-02-22 15:59:47 +09:00
MaineK00n
897fef24a3 feat(detector/exploitdb): mod update and add more urls (#1610) 2023-02-22 15:58:24 +09:00
MaineK00n
73f0adad95 fix: use GetCveContentTypes instead of NewCveContentType (#1603) 2023-02-21 11:56:26 +09:00
Sinclair
704492963c Revert: gost/Ubuntu.ConvertToModel() is public method now (#1597) 2023-02-08 11:36:36 +09:00
Sinclair
1927ed344c fix(report): tidy dependencies for multiple repo on integration with GSA (#1593) 
* initialize dependencyGraphManifests out of loop

* remove GitHubSecurityAlert.PackageName

* tidy dependency map for multi repo

* set repo name into SBOM components & purl for multi repo
 2023-02-07 19:47:32 +09:00
MaineK00n
ad2edbb844 fix(ubuntu): vulnerability detection for kernel package (#1591) 
* fix(ubuntu): vulnerability detection for kernel package

* feat(gost/ubuntu): update mod to treat status: deferred as unfixed

* feat(ubuntu): support 22.10
 2023-02-03 15:56:58 +09:00
MaineK00n
bfe0db77b4 feat(cwe): add cwe-id for category and view (#1578) 2023-01-20 18:02:07 +09:00
MaineK00n
ff3b9cdc16 fix: add comment (#1585) 2023-01-20 18:01:10 +09:00
Sinclair
2deb1b9d32 chore: update version for golangci-lint (#1586) 2023-01-20 18:00:54 +09:00
kl-sinclair
ca64d7fc31 feat(report): Include dependencies into scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts (#1584) 
* feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts

* derive ecosystem/version from dependency graph

* fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure

* fix miscs

* typo in error message

* fix ecosystem equally to trivy

* miscs

* refactoring

* recursive dependency graph pagination

* change var name && update comments

* omit map type of ghpkgToPURL in signatures

* fix vars name

* goimports

* make fmt

* fix comment

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-01-20 15:32:36 +09:00
Brian Prodoehl
554ecc437e fix(report/email): add Critical to email summary (#1565) 
* Add criticals to email summary

* chore(report/email): add Critical keys

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
v0.22.0 		2022-12-20 11:56:07 +09:00
Kota Kanbe
f6cd4d9223 feat(libscan): support conan.lock C/C++ (#1572) 2022-12-20 11:22:36 +09:00
Kota Kanbe
03c59866d4 feat(libscan): support gradle.lockfile (#1568) 
* feat(libscan): support gradle.lockfile

* add gradle.lockfile to integration test

* fix readme

* chore: update integration

* find *gradle.lockfile

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2022-12-20 08:52:45 +09:00
Kota Kanbe
1d97e91341 fix(libscan): delete map that keeps all file contents detected by FindLock to save memory (#1556) 
* fix(libscan): delete Map that keeps all files detected by FindLock to save memory

* continue analyzing libs if err occurred

* FindLockDirs

* fix

* fix
v0.21.1 		2022-11-10 10:19:15 +09:00
MaineK00n
96333f38c9 chore(ubuntu): set Ubuntu 22.10 EOL (#1552) v0.21.0 2022-11-01 14:00:56 +09:00
MaineK00n
8b5d1c8e92 feat(cwe, cti): update dictionary (#1553) 
* feat(cwe): update CWE dictionary

* feat(cti): update CTI dictionary

* fix(cwe): fix typo
 2022-11-01 14:00:23 +09:00
MaineK00n
dea80f860c feat(report): add cyclonedx format (#1543) 2022-11-01 13:58:31 +09:00