Stage/vuls - vuls - Gitea: Git with a cup of tea

Stage/vuls

Author	SHA1	Message	Date
MaineK00n	8b5d1c8e92	feat(cwe, cti): update dictionary (#1553 ) * feat(cwe): update CWE dictionary * feat(cti): update CTI dictionary * fix(cwe): fix typo	2022-11-01 14:00:23 +09:00
MaineK00n	dea80f860c	feat(report): add cyclonedx format (#1543 )	2022-11-01 13:58:31 +09:00
dependabot[bot]	6eb4c5a5fe	chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1 (#1538 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.31.3 to 0.32.1. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.31.3...v0.32.1) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump github.com/aquasecurity/trivy 0.32.1 to 0.33.0 Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-10-27 01:24:06 +09:00
Kota Kanbe	b219a8495e	fix(cpescan): match if affected version is NA (#1548 ) https://github.com/vulsio/go-cve-dictionary/pull/283	2022-10-19 16:57:32 +09:00
Kota Kanbe	eb87d5d4e1	fix(saas): panic: runtime error: comparing uncomparable type config.PortScanConf (#1537 ) v0.20.5	2022-10-04 11:55:48 +09:00
tomofumi0003	6963442a5e	fix(report): send report to each slack channel (#1530 ) * fix send report to each slack channel * fix(report): use w.Cnf.Channel instead of channel Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-09-29 16:08:36 +09:00
Kota Kanbe	f7299b9dba	fix(scan): detect AL2 even when empty /etc/redhat-release (#1536 ) v0.20.4	2022-09-29 11:12:30 +09:00
Satoru Nihei	379fc8a1a1	fix: fix query (#1534 )	2022-09-28 20:51:20 +09:00
MaineK00n	947fbbb29e	fix(ms): always sets isPkgCvesDetactable to true (#1492 )	2022-09-07 12:05:16 +09:00
MaineK00n	06d2032c9c	docs: update slack invite URL (#1524 )	2022-09-07 12:04:28 +09:00
dependabot[bot]	d055c48827	chore(deps): bump github.com/aquasecurity/trivy from 0.30.4 to 0.31.3 (#1526 ) Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.30.4 to 0.31.3. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.4...v0.31.3) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-09-07 12:02:08 +09:00
MaineK00n	2a00339da1	fix(lockfiles): fix privileges in lockfile scan (#1512 ) * fix(lockfiles): fix privileges in lockfile scan * style(fmt): add space in comment line v0.20.3	2022-09-02 18:18:00 +09:00
kidokidofire	2d959b3af8	Fix func to get EC2 instance ID by IMDSv2. (#1522 ) Co-authored-by: kido3160 <s.kido.fy@future.co.jp> v0.20.2	2022-08-25 14:31:48 +09:00
kidokidofire	595e26db41	Enable to get EC2 instance ID by IMDSv2. (#1520 ) Co-authored-by: kido3160 <s.kido.fy@future.co.jp> v0.20.1	2022-08-24 17:39:45 +09:00
Kota Kanbe	1e457320c5	chore: bump up version (#1511 ) v0.20.0	2022-08-08 16:55:31 +09:00
MaineK00n	a06e689502	feat(cwe): add cwe top25 2022 (#1504 )	2022-08-04 18:00:45 +09:00
MaineK00n	ca3f6b1dbf	feat(amazon): support Amazon Linux 2 Extra Repository (#1510 ) * feat(amazon): support Amazon Linux 2 Extra Repository * feat(amazon): set Amazon Linux EOL * feat(oracle): set Oracle Linux EOL	2022-08-04 17:52:42 +09:00
dependabot[bot]	f1c78e42a2	chore(deps): bump github.com/aquasecurity/trivy from 0.30.3 to 0.30.4 (#1507 ) Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.30.3 to 0.30.4. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.3...v0.30.4) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-08-03 09:53:08 +09:00
MaineK00n	2f3b8bf3cc	chore(rocky): set Rocky Linux 9 EOL (#1495 )	2022-07-27 02:48:10 +09:00
MaineK00n	ab54266f9e	fix(library): fill libraryFixedIns{}.key in ftypes.Pnpm and ftypes.DotNetCore (#1498 ) * fix(library): fill key in ftypes.Pnpm and ftypes.DotNetCore * chore(library): change the data structure of LibraryMap	2022-07-26 13:53:50 +09:00
dependabot[bot]	d79d138440	chore(deps): bump github.com/aquasecurity/trivy from 0.30.2 to 0.30.3 (#1499 ) Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.30.2 to 0.30.3. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.2...v0.30.3) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-07-26 04:52:32 +09:00
dependabot[bot]	139f3a81b6	chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 (#1494 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.27.1 to 0.30.0. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.27.1...v0.30.0) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump github.com/aquasecurity/trivy from 0.30.0 to 0.30.2 * fix(library): change fanal to trivy/pkg/fanal * chore: update integration Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-07-25 16:47:57 +09:00
MaineK00n	d1a617cfff	fix(ms): remove duplicate advisories (#1490 )	2022-07-14 09:26:30 +09:00
MaineK00n	48f7597bcf	feat(ms): import gost:MaineK00n/new-windows (#1481 ) * feat(ms): import gost:MaineK00n/new-windows * chore(discover): add CTI section * feat(ms): fill KB with VulnInfo.DistroAdvisories instead of CveContent.Optional * fix(ms): Change bitSize from 32 to 64 * fix(ms): delete KB prefix * chore(ms): change logger * fix(ms): fill in correct AdvisoryID Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com> v0.19.8	2022-07-04 14:26:41 +09:00
sadayuki-matsuno	93731311a1	feat(saas) add vuls tags from env (#1487 )	2022-07-04 12:00:02 +09:00
MaineK00n	999529a05b	feat(scanner): detect host key change (#1406 ) * feat(scanner): detect host key change * chore(scanner): add testcase	2022-07-04 10:57:43 +09:00
MaineK00n	847d820af7	feat(os): support Alpine Linux 3.16 (#1479 )	2022-06-15 17:08:40 +09:00
MaineK00n	5234306ded	feat(cti): add Cyber Threat Intelligence info (#1442 ) * feat(cti): add Cyber Threat Intelligence info * chore: replace io/ioutil as it is deprecated * chore: remove --format-csv in stdout writer * chore(deps): go get go-cti@v0.0.1 * feat(cti): update cti dict(support MITRE ATT&CK v11.1) * chore(deps): go get go-cti@master	2022-06-15 17:08:12 +09:00
MaineK00n	86b60e1478	feat(config): support CIDR (#1415 )	2022-06-10 18:24:25 +09:00
MaineK00n	42fdc08933	feat(os): support RHEL 9, CentOS Stream 9, Alma Linux 9 (#1465 ) * feat(os): support RHEL 9 * feat(os): support CentOS Stream9, AlmaLinux 9	2022-06-09 06:39:16 +09:00
MaineK00n	38b1d622f6	feat(cwe): update CWE dictionary (#1443 )	2022-06-09 06:36:54 +09:00
MaineK00n	2477f9a8f8	chore: tidy go.mod, add arm64 and workflows update (#1461 ) * chore: tidy go.mod * chore(gh): add arm64 and workflows update * chore: disable staticcheck SA1019 for xerrors.Errorf * chore: fix github.com/boltdb/bolt switch to github.com/etcd-io/bbolt? #1457	2022-06-09 06:10:07 +09:00
kurita0	ec6e90acd3	fix getting wp core version string via ssh (#1344 ) * fix getting wp core version string via ssh * check DocRoot	2022-06-09 06:05:15 +09:00
sadayuki-matsuno	2aca2e4352	feat(contrib/trivy) fill image info into scan results (#1475 ) * feat(contrib/trivy) fill image info into scan results * fix match size * fix match size	2022-06-08 17:00:32 +09:00
sadayuki-matsuno	14518d925e	fix(contriv/fvuls) initialize optional map (#1469 )	2022-05-30 12:46:53 +09:00
sadayuki-matsuno	948f8c0751	add VULS_TAGS env into contiriv future-vuls (#1466 )	2022-05-24 13:46:28 +09:00
sadayuki-matsuno	1c1e40058e	feat(library) output library type when err (#1460 )	2022-05-16 09:58:58 +09:00
Satoru Nihei	2158fc6cb1	fix: judge by scannedVia (#1456 )	2022-05-06 09:38:38 +09:00
MaineK00n	91ed318c5d	chore(deps): update trivy v0.27.1 (#1453 ) * chore(deps): update trivy v0.27.1 * chore: add gosum v0.19.7	2022-04-27 15:43:23 +09:00
MaineK00n	bfc3828ce1	chore(deps): update goval-dictionary and gost (#1452 ) v0.19.6	2022-04-27 13:03:11 +09:00
dependabot[bot]	c7eac4e7fe	chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 (#1451 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.25.4 to 0.27.0. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.25.4...v0.27.0) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix(library): support go.mod scan Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-04-27 12:46:47 +09:00
MaineK00n	cc63a0eccf	feat(ubuntu): add Jammy Jellyfish(22.04) (#1431 ) * feat(ubuntu): add Jammy Jellyfish(22.04) * chore(deps): gost update * chore(oval/ubuntu): fill kernel package name temporarily	2022-04-27 11:04:00 +09:00
Satoru Nihei	fd18df1dd4	feat: parse OS version from result of trivy-scan (#1444 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.4 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.24.2 to 0.25.4. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.24.2...v0.25.4) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * test: add testcase * feat: parse metadata * refactor: change detect logic * refactor: change parsing logic * refactor: refactor check logic before detect * fix: impl without reuseScannedCves * feat: complement :latest tag * Update contrib/trivy/parser/v2/parser.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-04-27 10:28:20 +09:00
MaineK00n	8775b5efdf	chore: fix lint error (#1438 ) * chore: fix lint: revive error * chore: golanci-lint uses go 1.18 * chore: refactor tasks in GNUmakefile * chore: add trivy binary in fvuls image	2022-04-15 18:12:13 +09:00
dependabot[bot]	a9f29a6c5d	chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.1 (#1436 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.24.2 to 0.25.0 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.24.2 to 0.25.0. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.24.2...v0.25.0) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump up Go to 1.18 and trivy v0.25.1 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-04-05 13:27:49 +09:00
Satoru Nihei	05fdde48f9	feat: support server scan for suse with text/plain (#1433 )	2022-04-04 12:45:44 +09:00
MaineK00n	3dfbd6b616	chore(mod): update go-exploitdb module (#1428 ) * chore(mod): update go-exploitdb module * docs: add inthewild datasource * Unique because URLs sometimes duplicate on GitHub and InTheWild Co-authored-by: Kota Kanbe <kotakanbe@gmail.com> v0.19.5	2022-03-26 05:26:06 +09:00
MaineK00n	04f246cf8b	chore: add fvuls image (#1426 )	2022-03-25 06:17:33 +09:00
MaineK00n	7500f41655	chore(mod): update go-kev module (#1425 )	2022-03-25 06:15:06 +09:00
MaineK00n	a1cc152e81	feat(library): add auto detect library (#1417 )	2022-03-17 18:08:40 +09:00

1 2 3 4 5 ...

1295 Commits