Stage/vuls - vuls - Gitea: Git with a cup of tea

Stage/vuls

Author	SHA1	Message	Date
MaineK00n	e1df74cbc1	fix(amazon): use major version for checking eol, security advisories (#1873 )	2024-03-18 16:13:54 +09:00
MaineK00n	dc496468b9	refactor(config): move syslogconf to config/syslog package (#1865 )	2024-03-05 18:11:45 +09:00
Shunichi Shinohara	351cf4f712	Update trivy from 0.35.0 to 0.49.1 (#1806 ) * Update trivy 0.35.0->0.48.0 - Specify oras-go 1.2.4 in indirect dependencies docker/docker changes a part of its API at 24.0 - registry: return concrete service type · moby/moby@7b3acdf - `7b3acdff5d (diff-8325eae896b1149bf92c826d07fc29005b1b102000b766ffa5a238d791e0849bR18-R21)` oras-go 1.2.3 uses 23.0.1 and trivy transitively depends on docker/docker 24.y.z. There is a build error between oras-go and docker/dockr. - Update disabled analyzers - Update language scanners, enable all of them * move javadb init to scan.go * Add options for java db init() * Update scanner/base.go * Remove unused codes * Add some lock file names * Typo fix * Remove space character (0x20) * Add java-db options for integration scan * Minor fomartting fix * minor fix * conda is NOT supported by Trivy for library scan * Configure trivy log in report command too * Init trivy in scanner * Use trivy's jar.go and replace client which does almost nothing * mv jar.go * Add sha1 hash to result and add filepath for report phase * Undo added 'vuls scan' options * Update oras-go to 1.2.4 * Move Java DB related config items to report side * Add java db search in detect phase * filter top level jar only * Update trivy to 0.49.1 * go mod tidy * Update to newer interface * Refine lock file list, h/t MaineK00n * Avoid else clauses if possible, h/t MaineK00n * Avoid missing word for find and lang types, h/t MaineK00n * Add missing ecosystems, h/t MaineK00n * Add comments why to use custom jar analyzer, h/t MaineK00n * Misc * Misc * Misc * Include go-dep-parser's pares.go for modification * Move digest field from LibraryScanner to Library * Use inner jars sha1 for each * Add Seek to file head before handling zip file entry * Leave Digest feild empty for entries from pom.xml * Don't import python/pkg (don't look into package.json) * Make privete where private is sufficient * Remove duplicate after Java DB lookup * misc * go mod tidy * Comment out ruby/gemspec * misc * Comment out python/packaging * misc * Use custom jar * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/jar.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/base.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Missing changes in name change * Update models/github.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/base.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/base.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/jar.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Don't import fanal/types at github.go * Rewrite code around java db initialization * Add comment * refactor * Close java db client * rename * Let LibraryScanner have java db client * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * inline variable * misc * Fix typo --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-02-28 14:25:58 +09:00
hiroka-wada	76267a54fc	delete: cab validation (#1843 ) Co-authored-by: wadahiroka <wadahiroka@wadahirokanoMBP.AirPort>	2024-02-01 12:58:33 +09:00
MaineK00n	8e9d165e75	feat(os): add FreeBSD 14 (#1797 )	2023-11-25 08:29:29 +09:00
MaineK00n	cd8f6e1b8f	feat(os): add fedora 39 (#1788 )	2023-11-08 23:47:46 +09:00
MaineK00n	323f0aea3d	feat(windows): add Windows 11 23H2 (#1751 )	2023-11-07 09:27:39 +09:00
hiroka-wada	cef4ce4f9f	chore(config):Modification of AmazonLinux 1 maintenance deadline (#1776 )	2023-10-27 23:19:16 +09:00
MaineK00n	75e9883d8a	feat(ubuntu): add ubuntu 23.10(mantic) (#1750 )	2023-10-19 02:01:18 +09:00
MaineK00n	d2ca56a515	chore(os): update EOL (#1749 )	2023-10-03 00:37:16 +09:00
guangwu	27df19f09d	chore: remove refs to deprecated io/ioutil (#1748 ) Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>	2023-10-01 18:51:53 +09:00
Eng Zer Jun	c1854a3a7b	refactor: remove redundant `len` check (#1743 ) `len` returns 0 if the slice is nil. From the Go specification [1]: "1. For a nil slice, the number of iterations is 0." Therefore, an additional `len(v) != 0` check for before the loop is unnecessary. [1]: https://go.dev/ref/spec#For_range Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2023-09-26 18:00:05 +09:00
hiroka-wada	9d8e510c0d	add: json tag (#1746 ) Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>	2023-09-26 15:50:18 +09:00
MaineK00n	1832b4ee3a	feat(macos): support macOS (#1712 )	2023-09-25 16:51:09 +09:00
hiroka-wada	f6509a5376	feat(config): Auto-upgrade Windows config.toml from v1 to v2 (#1726 ) * add: README.md * add: commands(discover,add-server,add-cpe) * add: implements(discover,add-server,add-cpe) * fix: changed os.Exit(1) in main.go to return an error * fix: lint error * delete: trivy-to-vuls stdIn * fix: Incomprehesible error logs * fix: according to review * add: function converts old config to latest one * delete: add-server * fix: lint error * fix * fix: remote scan error in Windows * fix: lint error * fix * fix: lint error * fix: lint error * add: scanner/scanner.go test normalizeHomeDirForWindows() * fix * fix * fix * fix: remove pointless assignment * fix --------- Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.4> Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.10> Co-authored-by: 和田皓翔 <wadahiroka@192.168.0.6>	2023-09-21 16:48:35 +09:00
Atsushi Watanabe	97cf033ed6	feat(os): add Fedora 38 EOL date (#1689 ) * feat: add Fedora 38 EOL date * Update EOL date based on https://fedorapeople.org/groups/schedule/f-38/f-38-key-tasks.html * Fix test case name Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-06-13 17:23:11 +09:00
Wagde Zabit	b2c5b79672	feat(os): support debian 12 (#1676 ) * feat(os): support debian 12 * chore(scanner/debian): remove unneeded warn log --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-05-13 01:04:31 +09:00
MaineK00n	6787ab45c5	feat(ubuntu): add ubuntu 23.04 (#1647 )	2023-04-27 03:26:59 +09:00
MaineK00n	d4d33fc81d	fix(scanner/dpkg): Fix false-negative in Debian and Ubuntu (#1646 ) * fix(scanner/dpkg): fix dpkg-query and not remove src pkgs * refactor(gost): remove unnecesary field and fix typo * refactor(detector/debian): detect using only SrcPackage	2023-04-20 11:42:53 +09:00
kurita0	e506125017	feat(wp): support csh, no sudo scan (#1523 ) Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-03-28 21:07:10 +09:00
MaineK00n	947d668452	feat(windows): support Windows (#1581 ) * chore(deps): mod update * fix(scanner): do not attach tty because there is no need to enter ssh password * feat(windows): support Windows	2023-03-28 19:00:33 +09:00
MaineK00n	6682232b5c	feat(os): support Amazon Linux 2023 (#1621 )	2023-03-16 17:31:57 +09:00
MaineK00n	ee97d98c39	feat: update EOL (#1598 )	2023-02-22 16:00:05 +09:00
MaineK00n	ad2edbb844	fix(ubuntu): vulnerability detection for kernel package (#1591 ) * fix(ubuntu): vulnerability detection for kernel package * feat(gost/ubuntu): update mod to treat status: deferred as unfixed * feat(ubuntu): support 22.10	2023-02-03 15:56:58 +09:00
kl-sinclair	ca64d7fc31	feat(report): Include dependencies into scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts (#1584 ) * feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts * derive ecosystem/version from dependency graph * fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure * fix miscs * typo in error message * fix ecosystem equally to trivy * miscs * refactoring * recursive dependency graph pagination * change var name && update comments * omit map type of ghpkgToPURL in signatures * fix vars name * goimports * make fmt * fix comment Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-01-20 15:32:36 +09:00
Kota Kanbe	1d97e91341	fix(libscan): delete map that keeps all file contents detected by FindLock to save memory (#1556 ) * fix(libscan): delete Map that keeps all files detected by FindLock to save memory * continue analyzing libs if err occurred * FindLockDirs * fix * fix	2022-11-10 10:19:15 +09:00
MaineK00n	96333f38c9	chore(ubuntu): set Ubuntu 22.10 EOL (#1552 )	2022-11-01 14:00:56 +09:00
MaineK00n	ca3f6b1dbf	feat(amazon): support Amazon Linux 2 Extra Repository (#1510 ) * feat(amazon): support Amazon Linux 2 Extra Repository * feat(amazon): set Amazon Linux EOL * feat(oracle): set Oracle Linux EOL	2022-08-04 17:52:42 +09:00
MaineK00n	2f3b8bf3cc	chore(rocky): set Rocky Linux 9 EOL (#1495 )	2022-07-27 02:48:10 +09:00
MaineK00n	847d820af7	feat(os): support Alpine Linux 3.16 (#1479 )	2022-06-15 17:08:40 +09:00
MaineK00n	5234306ded	feat(cti): add Cyber Threat Intelligence info (#1442 ) * feat(cti): add Cyber Threat Intelligence info * chore: replace io/ioutil as it is deprecated * chore: remove --format-csv in stdout writer * chore(deps): go get go-cti@v0.0.1 * feat(cti): update cti dict(support MITRE ATT&CK v11.1) * chore(deps): go get go-cti@master	2022-06-15 17:08:12 +09:00
MaineK00n	86b60e1478	feat(config): support CIDR (#1415 )	2022-06-10 18:24:25 +09:00
MaineK00n	42fdc08933	feat(os): support RHEL 9, CentOS Stream 9, Alma Linux 9 (#1465 ) * feat(os): support RHEL 9 * feat(os): support CentOS Stream9, AlmaLinux 9	2022-06-09 06:39:16 +09:00
MaineK00n	cc63a0eccf	feat(ubuntu): add Jammy Jellyfish(22.04) (#1431 ) * feat(ubuntu): add Jammy Jellyfish(22.04) * chore(deps): gost update * chore(oval/ubuntu): fill kernel package name temporarily	2022-04-27 11:04:00 +09:00
MaineK00n	787604de6a	fix(suse): fix openSUSE, openSUSE Leap, SLES, SLED scan (#1384 ) * fix(suse): fix openSUSE, openSUSE Leap scan * docs: update README * fix: unknown CveContent.Type * fix: tui reporting * fix: listening port was duplicated in format-full-text * fix .gitignore * fix: add EOL data for SLES12.5 Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>	2022-02-15 17:11:54 +09:00
MaineK00n	07335617d3	fix(configtest,scan): support SSH config file (#1388 ) * fix(configtest,scan): support SSH config file * chore(subcmds): remove askKeyPassword flag	2022-02-12 21:50:56 +09:00
maito1201	1cfe155a3a	feat(fedora): support fedora (#1367 ) * feat(fedora): support fedora * fix(fedora): fix modular package scan * fix(fedora): check needs-restarting, oval arch, add source link Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2022-02-09 09:30:44 +09:00
MaineK00n	2923cbc645	fix(centos): identify CentOS and CentOS Stream (#1360 )	2022-02-03 05:32:03 +09:00
MaineK00n	84fa4ce432	feat(alpine): add Alpine 3.14, 3.15 EOL (#1359 ) * feat(alpine): add Alpine 3.14, 3.15 EOL * fix(alpine): change test case	2022-02-02 06:46:52 +09:00
MaineK00n	2b7294a504	feat(amazon): support amazon linux 2022 (#1338 )	2021-12-09 11:06:44 +09:00
MaineK00n	89d94ad85a	feat(detector): add known exploited vulnerabilities (#1331 ) * feat(kevuln): add known exploited vulnerabilities * chore: transfer repository owner * feat: show CISA on top of CERT * chore: rename var * chore: rename var * chore: fix review * chore: fix message	2021-11-19 15:06:17 +09:00
Kota Kanbe	f047a6fe0c	breaking-change: Update vuls-dictionaries (#1307 ) * chore: udpate dictionaries * update gost * chore: update gost * chore(go-cve-dict): use v0.8.1 * chore: change linter from golint to revive * chore(linter): set revive config * chore: fix commands and update golangci-lint version * fix: lint errs * chore: update gost Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2021-09-21 05:10:29 +09:00
MaineK00n	9ed5f2cac5	feat(debian): support Debian 11(bullseye) (#1298 ) * feat(debian): support bullseye * fix(debian): fix test case	2021-09-08 10:47:34 +09:00
Kota Kanbe	3e67f04fe4	breaking-change(cpescan): Improve Cpe scan (#1290 ) * chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves() * review comment * chore: go mod update go-cve * feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN * add NvdExactVersionMatch andd NvdRoughVersionMatch * add confidence-over option to report * sort CveContetens * fix integration-test	2021-09-07 16:18:59 +09:00
kazuminn	ff83cadd6e	feat(os) : support Alma Linux (#1261 ) * support Alma Linux * fix miss * feat(os) : support Rocky linux (#1260) * support rocky linux scan * fix miss * lint * fix : like #1266 and error Failed to parse CentOS * pass make test * fix miss * fix pointed out with comment * fix golangci-lint error	2021-08-02 04:36:43 +09:00
Norihiro NAKAOKA	0bf12412d6	fix(rocky): fix Scan in Rocky Linux (#1266 ) * fix(rocky): fix OVAL scan in Rocky Linux * chore: add FreeBSD13 EOL, fix #1245 * chore(rocky): add Rocky Linux EOL tests * feat(rocky): implement with reference to CentOS * feat(raspbian): add Raspbian to Server mode * feat(rocky): support gost scan * fix(rocky): rocky support lessThan * chore: update doc and comment	2021-07-08 05:39:48 +09:00
Shigechika AIKAWA	1c8e074c9d	Feat report googlechat (#1257 ) (#1258 ) * feat: Support Ubuntu21 * feat(report): Send report via Google Chat * feat(report): Send report via Google Chat * Snip too long message as (The rest is omitted). * sorry for mixed feat-ubuntu21 branch. exlucded it * append diff, attack vector and exploits info * add ServerName filter by regexp * rename variables and rewrite validators * fix renaming miss * fix renaming miss, again	2021-07-02 05:32:00 +09:00
Shigechika AIKAWA	3086e2760f	fix Ubuntu 20.10 End of Life on July 22 2021 (#1256 )	2021-06-23 08:14:38 +09:00
Norihiro NAKAOKA	7eb77f5b51	feat(scan): support external port scanner(nmap) in host machine (#1207 ) * feat(scan): load portscan settings from config.toml * feat(scan): support external port scanner:nmap * style: rename variable * feat(scan): logging apply options * feat(scan): remove spoof ip address option * feat(scan): more validate port scan config * style: change comment * fix: parse port number as uint16 * feat(discover): add portscan section * feat(discover): change default scanTechniques * feat(docker): add nmap and version update * feat(scan): nmap module upgrade * fix: wrap err using %w * feat(scan): print cmd using external port scanner * feat(scan): more details external port scan command * feat(scan): add capability check in validation * fix(scanner): format error * chore: change format	2021-05-26 09:35:28 +09:00
otuki	dc9c0edece	refactor(git-conf): Specifing ignoreGitHubDismissed per repository (#1224 ) * refactor(git-conf): Specifing ignoreGitHubDismissed per repository with config.toml * refactor(git-conf): change json tag into camelCase * refactor(git-conf): change first char of json tag into lowercase	2021-04-28 13:41:38 +09:00

1 2 3 4 5

202 Commits