* feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts
* derive ecosystem/version from dependency graph
* fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure
* fix miscs
* typo in error message
* fix ecosystem equally to trivy
* miscs
* refactoring
* recursive dependency graph pagination
* change var name && update comments
* omit map type of ghpkgToPURL in signatures
* fix vars name
* goimports
* make fmt
* fix comment
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
* feat(kevuln): add known exploited vulnerabilities
* chore: transfer repository owner
* feat: show CISA on top of CERT
* chore: rename var
* chore: rename var
* chore: fix review
* chore: fix message
* chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves()
* review comment
* chore: go mod update go-cve
* feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN
* add NvdExactVersionMatch andd NvdRoughVersionMatch
* add confidence-over option to report
* sort CveContetens
* fix integration-test
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent
* fix(cpescan): use CveIDSource
* chore: check Nvd, Jvn data
* chore: go-cve-dictionary update
* chore: add to cveDetails as is, since CveID is embedded in the response
* feat(trivy): go mod update trivy v0.17.2
* wg.Wait
* fix reporting
* fix test case
* add gemfile.lock of redmine to integration test
* fix(test): add Pipfile.lock
* add poetry.lock to integration test
* add composer.lock to integration test
* add integration test case
* fix(oracle): false-positive(handle arch of pkgs)
* fix(oracle): false positive kernel-related CVEs
* add a test case for ksplice1
* fix(scan): handle uek kernel for Oracle linux
* fix(scan): hanlde uek kernel for reboot required
* fix(oracle): false-positive for redis-backend
* refactor config
* fix saas config
* feat(config): scanmodule for each server in config.toml
* feat(config): enable to specify containersOnly in config.toml
* add new keys of config.toml to discover.go
* fix summary output, logging
* change: never refer to ChangeLog
* change raspberry pi os use debian oval at report
* change do not use r.Family
* change gost do not use r.Family
* change use r.Family because family has a large impact
* change replace MaineK00n/goval-dictionary@raspberrypi-oval
* note Raspbian Scan Policy
* add Raspbian Changelog support policy
* change grep Package for Raspbian at fast-scan mode
* add changelog preprocessing for Raspbian
* add take note of TODO
* change Changelog fetch part to function
* change error handling
* change solve one TODO
* change make ChangelogDir once
* add comment
* fix oval support Amazon Linux :refs #824
* change to useScannedCves from ovalSupproted
* change confidence for Raspbian
* change skip package for raspbian in OVAL DB
* change separate raspbian implementation from util
* change error, log format
* change print format
* change log format(delete newline)
* change support changelog.(Debian.)gz
* Revert "change support changelog.(Debian.)gz"
This reverts commit 2265a72c67.
* change test chnage.(Debian.)gz
* change support raspbian package(*raspberry*)
* change error format
* fix regexp pattern
* fix typo
* fix changelog cache
* change rename function name
* add TestParseChangelog
* change changelog lenient match for raspbian
* fix test case
* change clog dir support symbolic link, clog save dir name append suffix
* change remove more package for raspberry pi
* fix error handling
* change module update
* change refactoring around identifying raspbian package
* update go module
* update scan image
* update scan image
* change clarify scan mode
* change raspiPackNamePattern and add test case
* add a github actions config
* fix(log): Don't create a log dir when testing
* remove a meaningless test case
* Thanks for everything, Mr, Travys.
* add golangci
* add goreleaser.yml
* add tidy.yml
* add golang-ci
* fix many lint warnings
* fix(report): fill cert alerts from NVD and JVN feeds
* fix import alias cve to cvemodels
* fix import alias cve to cvemodels
* remove unnecessary func
* fix(tui): show JPCERT Alert URL in TUI
* feat(tui): show `!` when the CVE-ID corresponds to USCERT or JPCERT alert
* feat(report): display cert alert info to stdout report
* fix(report): Display CVEs detected by CPEs with -ignore-unfixed flag
