Kota Kanbe
a528362663
fix(saas): upload JSON if err occured during scan ( #1615 )
2023-03-01 14:52:03 +09:00
MaineK00n
ee97d98c39
feat: update EOL ( #1598 )
2023-02-22 16:00:05 +09:00
MaineK00n
4e486dae1d
style: fix typo ( #1592 )
...
* style: fix typo
* style: add comment
2023-02-22 15:59:47 +09:00
MaineK00n
897fef24a3
feat(detector/exploitdb): mod update and add more urls ( #1610 )
2023-02-22 15:58:24 +09:00
MaineK00n
73f0adad95
fix: use GetCveContentTypes instead of NewCveContentType ( #1603 )
2023-02-21 11:56:26 +09:00
Sinclair
704492963c
Revert: gost/Ubuntu.ConvertToModel() is public method now ( #1597 )
2023-02-08 11:36:36 +09:00
Sinclair
1927ed344c
fix(report): tidy dependencies for multiple repo on integration with GSA ( #1593 )
...
* initialize dependencyGraphManifests out of loop
* remove GitHubSecurityAlert.PackageName
* tidy dependency map for multi repo
* set repo name into SBOM components & purl for multi repo
2023-02-07 19:47:32 +09:00
MaineK00n
ad2edbb844
fix(ubuntu): vulnerability detection for kernel package ( #1591 )
...
* fix(ubuntu): vulnerability detection for kernel package
* feat(gost/ubuntu): update mod to treat status: deferred as unfixed
* feat(ubuntu): support 22.10
2023-02-03 15:56:58 +09:00
MaineK00n
bfe0db77b4
feat(cwe): add cwe-id for category and view ( #1578 )
2023-01-20 18:02:07 +09:00
MaineK00n
ff3b9cdc16
fix: add comment ( #1585 )
2023-01-20 18:01:10 +09:00
Sinclair
2deb1b9d32
chore: update version for golangci-lint ( #1586 )
2023-01-20 18:00:54 +09:00
kl-sinclair
ca64d7fc31
feat(report): Include dependencies into scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts ( #1584 )
...
* feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts
* derive ecosystem/version from dependency graph
* fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure
* fix miscs
* typo in error message
* fix ecosystem equally to trivy
* miscs
* refactoring
* recursive dependency graph pagination
* change var name && update comments
* omit map type of ghpkgToPURL in signatures
* fix vars name
* goimports
* make fmt
* fix comment
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2023-01-20 15:32:36 +09:00
Brian Prodoehl
554ecc437e
fix(report/email): add Critical to email summary ( #1565 )
...
* Add criticals to email summary
* chore(report/email): add Critical keys
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-12-20 11:56:07 +09:00
Kota Kanbe
f6cd4d9223
feat(libscan): support conan.lock C/C++ ( #1572 )
2022-12-20 11:22:36 +09:00
Kota Kanbe
03c59866d4
feat(libscan): support gradle.lockfile ( #1568 )
...
* feat(libscan): support gradle.lockfile
* add gradle.lockfile to integration test
* fix readme
* chore: update integration
* find *gradle.lockfile
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-12-20 08:52:45 +09:00
Kota Kanbe
1d97e91341
fix(libscan): delete map that keeps all file contents detected by FindLock to save memory ( #1556 )
...
* fix(libscan): delete Map that keeps all files detected by FindLock to save memory
* continue analyzing libs if err occurred
* FindLockDirs
* fix
* fix
2022-11-10 10:19:15 +09:00
MaineK00n
96333f38c9
chore(ubuntu): set Ubuntu 22.10 EOL ( #1552 )
2022-11-01 14:00:56 +09:00
MaineK00n
8b5d1c8e92
feat(cwe, cti): update dictionary ( #1553 )
...
* feat(cwe): update CWE dictionary
* feat(cti): update CTI dictionary
* fix(cwe): fix typo
2022-11-01 14:00:23 +09:00
MaineK00n
dea80f860c
feat(report): add cyclonedx format ( #1543 )
2022-11-01 13:58:31 +09:00
dependabot[bot]
6eb4c5a5fe
chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1 ( #1538 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.1
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.31.3 to 0.32.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.31.3...v0.32.1 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore(deps): bump github.com/aquasecurity/trivy 0.32.1 to 0.33.0
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-10-27 01:24:06 +09:00
Kota Kanbe
b219a8495e
fix(cpescan): match if affected version is NA ( #1548 )
...
https://github.com/vulsio/go-cve-dictionary/pull/283
2022-10-19 16:57:32 +09:00
Kota Kanbe
eb87d5d4e1
fix(saas): panic: runtime error: comparing uncomparable type config.PortScanConf ( #1537 )
2022-10-04 11:55:48 +09:00
tomofumi0003
6963442a5e
fix(report): send report to each slack channel ( #1530 )
...
* fix send report to each slack channel
* fix(report): use w.Cnf.Channel instead of channel
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-09-29 16:08:36 +09:00
Kota Kanbe
f7299b9dba
fix(scan): detect AL2 even when empty /etc/redhat-release ( #1536 )
2022-09-29 11:12:30 +09:00
Satoru Nihei
379fc8a1a1
fix: fix query ( #1534 )
2022-09-28 20:51:20 +09:00
MaineK00n
947fbbb29e
fix(ms): always sets isPkgCvesDetactable to true ( #1492 )
2022-09-07 12:05:16 +09:00
MaineK00n
06d2032c9c
docs: update slack invite URL ( #1524 )
2022-09-07 12:04:28 +09:00
dependabot[bot]
d055c48827
chore(deps): bump github.com/aquasecurity/trivy from 0.30.4 to 0.31.3 ( #1526 )
...
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.30.4 to 0.31.3.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.4...v0.31.3 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-07 12:02:08 +09:00
MaineK00n
2a00339da1
fix(lockfiles): fix privileges in lockfile scan ( #1512 )
...
* fix(lockfiles): fix privileges in lockfile scan
* style(fmt): add space in comment line
2022-09-02 18:18:00 +09:00
kidokidofire
2d959b3af8
Fix func to get EC2 instance ID by IMDSv2. ( #1522 )
...
Co-authored-by: kido3160 <s.kido.fy@future.co.jp >
2022-08-25 14:31:48 +09:00
kidokidofire
595e26db41
Enable to get EC2 instance ID by IMDSv2. ( #1520 )
...
Co-authored-by: kido3160 <s.kido.fy@future.co.jp >
2022-08-24 17:39:45 +09:00
Kota Kanbe
1e457320c5
chore: bump up version ( #1511 )
2022-08-08 16:55:31 +09:00
MaineK00n
a06e689502
feat(cwe): add cwe top25 2022 ( #1504 )
2022-08-04 18:00:45 +09:00
MaineK00n
ca3f6b1dbf
feat(amazon): support Amazon Linux 2 Extra Repository ( #1510 )
...
* feat(amazon): support Amazon Linux 2 Extra Repository
* feat(amazon): set Amazon Linux EOL
* feat(oracle): set Oracle Linux EOL
2022-08-04 17:52:42 +09:00
dependabot[bot]
f1c78e42a2
chore(deps): bump github.com/aquasecurity/trivy from 0.30.3 to 0.30.4 ( #1507 )
...
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.30.3 to 0.30.4.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.3...v0.30.4 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-03 09:53:08 +09:00
MaineK00n
2f3b8bf3cc
chore(rocky): set Rocky Linux 9 EOL ( #1495 )
2022-07-27 02:48:10 +09:00
MaineK00n
ab54266f9e
fix(library): fill libraryFixedIns{}.key in ftypes.Pnpm and ftypes.DotNetCore ( #1498 )
...
* fix(library): fill key in ftypes.Pnpm and ftypes.DotNetCore
* chore(library): change the data structure of LibraryMap
2022-07-26 13:53:50 +09:00
dependabot[bot]
d79d138440
chore(deps): bump github.com/aquasecurity/trivy from 0.30.2 to 0.30.3 ( #1499 )
...
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.30.2 to 0.30.3.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.30.2...v0.30.3 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-26 04:52:32 +09:00
dependabot[bot]
139f3a81b6
chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 ( #1494 )
...
* chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy ) from 0.27.1 to 0.30.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases )
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml )
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.27.1...v0.30.0 )
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore(deps): bump github.com/aquasecurity/trivy from 0.30.0 to 0.30.2
* fix(library): change fanal to trivy/pkg/fanal
* chore: update integration
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com >
2022-07-25 16:47:57 +09:00
MaineK00n
d1a617cfff
fix(ms): remove duplicate advisories ( #1490 )
2022-07-14 09:26:30 +09:00
MaineK00n
48f7597bcf
feat(ms): import gost:MaineK00n/new-windows ( #1481 )
...
* feat(ms): import gost:MaineK00n/new-windows
* chore(discover): add CTI section
* feat(ms): fill KB with VulnInfo.DistroAdvisories instead of CveContent.Optional
* fix(ms): Change bitSize from 32 to 64
* fix(ms): delete KB prefix
* chore(ms): change logger
* fix(ms): fill in correct AdvisoryID
Co-authored-by: Sadayuki Matsuno <sadayuki.matsuno@gmail.com >
2022-07-04 14:26:41 +09:00
sadayuki-matsuno
93731311a1
feat(saas) add vuls tags from env ( #1487 )
2022-07-04 12:00:02 +09:00
MaineK00n
999529a05b
feat(scanner): detect host key change ( #1406 )
...
* feat(scanner): detect host key change
* chore(scanner): add testcase
2022-07-04 10:57:43 +09:00
MaineK00n
847d820af7
feat(os): support Alpine Linux 3.16 ( #1479 )
2022-06-15 17:08:40 +09:00
MaineK00n
5234306ded
feat(cti): add Cyber Threat Intelligence info ( #1442 )
...
* feat(cti): add Cyber Threat Intelligence info
* chore: replace io/ioutil as it is deprecated
* chore: remove --format-csv in stdout writer
* chore(deps): go get go-cti@v0.0.1
* feat(cti): update cti dict(support MITRE ATT&CK v11.1)
* chore(deps): go get go-cti@master
2022-06-15 17:08:12 +09:00
MaineK00n
86b60e1478
feat(config): support CIDR ( #1415 )
2022-06-10 18:24:25 +09:00
MaineK00n
42fdc08933
feat(os): support RHEL 9, CentOS Stream 9, Alma Linux 9 ( #1465 )
...
* feat(os): support RHEL 9
* feat(os): support CentOS Stream9, AlmaLinux 9
2022-06-09 06:39:16 +09:00
MaineK00n
38b1d622f6
feat(cwe): update CWE dictionary ( #1443 )
2022-06-09 06:36:54 +09:00
MaineK00n
2477f9a8f8
chore: tidy go.mod, add arm64 and workflows update ( #1461 )
...
* chore: tidy go.mod
* chore(gh): add arm64 and workflows update
* chore: disable staticcheck SA1019 for xerrors.Errorf
* chore: fix github.com/boltdb/bolt switch to github.com/etcd-io/bbolt? #1457
2022-06-09 06:10:07 +09:00
kurita0
ec6e90acd3
fix getting wp core version string via ssh ( #1344 )
...
* fix getting wp core version string via ssh
* check DocRoot
2022-06-09 06:05:15 +09:00
