Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,360 Commits 6 Branches 121 Tags
fa5b875c349e5b10a8bf03ea5e089df91f5778b8
Commit Graph

1360 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
fa5b875c34 chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 (#1692) 
Bumps [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) from 1.2.1 to 1.3.2.
- [Release notes](https://github.com/BurntSushi/toml/releases)
- [Commits](https://github.com/BurntSushi/toml/compare/v1.2.1...v1.3.2)

---
updated-dependencies:
- dependency-name: github.com/BurntSushi/toml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-22 21:38:04 +09:00
sadayuki-matsuno
f9276a7ea8 feat(windows) export DetectKBsFromKernelVersion (#1703) 2023-07-13 10:14:49 +09:00
MaineK00n
457a3a9627 feat(scanner/windows): update release info (#1696) v0.23.3 2023-06-29 14:05:10 +09:00
MaineK00n
4253550c99 chore(scanner): do not show logs when lsof: no Internet files located (#1688) 2023-06-23 16:08:49 +09:00
Atsushi Watanabe
97cf033ed6 feat(os): add Fedora 38 EOL date (#1689) 
* feat: add Fedora 38 EOL date

* Update EOL date

based on https://fedorapeople.org/groups/schedule/f-38/f-38-key-tasks.html

* Fix test case name

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-06-13 17:23:11 +09:00
Kota Kanbe
5a6980436a feat(ubuntu): Support Ubuntu 14.04 and 16.04 ESM (#1682) 
* feat(ubuntu): Support Ubuntu ESM

* Sort PackageFixStatuses to resolve the diff in integrationTest

* go mod update gost
 2023-05-31 09:27:43 +09:00
Sinclair
6271ec522e fix(detector/github): Enhance the dependency graph API call on the big repository (#1681) 
* fix: Reduce the number of data to be fetched per page, when retrying after a timeout failure on Dependency Graph API

* check rate limit on dependency graph API

* comment
 2023-05-26 14:39:02 +09:00
dependabot[bot]
83681ad4f0 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.259 to 1.44.263 (#1677) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.259 to 1.44.263.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.259...v1.44.263)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-18 10:17:34 +09:00
dependabot[bot]
779833872b chore(deps): bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#1678) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-18 10:16:54 +09:00
Sinclair
5c79720f56 fix(detector/github): Dependency graph API touches fewer data per page than before (#1654) 
* fix: Github dependency graph API touches fewer data per page than before

* fix: logging on Github API access failure

* fix: the previous errors persist upon retrying dependency graph
 2023-05-15 19:41:04 +09:00
Wagde Zabit
b2c5b79672 feat(os): support debian 12 (#1676) 
* feat(os): support debian 12

* chore(scanner/debian): remove unneeded warn log

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-05-13 01:04:31 +09:00
dependabot[bot]
b0cc908b73 chore(deps): bump github.com/docker/distribution (#1675) 
Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-12 08:56:46 +09:00
MaineK00n
ea3d8a6d0b test: sort []cveContent by CVEID (#1674) v0.23.2 2023-05-11 00:53:22 +09:00
MaineK00n
7475b27f6a chore(deps): update dictionary tools, Vuls is now CGO free (#1667) 
* chore(deps): update dictionary tools, Vuls is now CGO free

* chore(integration): update commit
 2023-05-11 00:28:51 +09:00
dependabot[bot]
ef80838ddd chore(deps): bump github.com/aws/aws-sdk-go from 1.44.254 to 1.44.259 (#1672) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.254 to 1.44.259.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.254...v1.44.259)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-09 08:09:49 +09:00
dependabot[bot]
b445b71ca5 chore(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 (#1673) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.2.0.
- [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-09 08:09:26 +09:00
dependabot[bot]
1ccc5f031a chore(deps): bump github.com/aws/aws-sdk-go from 1.44.251 to 1.44.254 (#1669) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.251 to 1.44.254.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.251...v1.44.254)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-02 12:17:14 +09:00
MaineK00n
8356e976c4 chore(deps): update goval-dictionary v0.8.3 (#1671) 2023-05-02 12:14:43 +09:00
MaineK00n
3cc7e92ce5 fix(saas): remove current directory part (#1666) 2023-04-27 12:09:34 +09:00
dependabot[bot]
046a29467b chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.0 to 0.7.1 (#1663) 
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.7.0...v0.7.1)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 05:54:41 +09:00
dependabot[bot]
ef5ab8eaf0 chore(deps): bump golang.org/x/oauth2 from 0.1.0 to 0.7.0 (#1662) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.1.0 to 0.7.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.1.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 05:42:57 +09:00
dependabot[bot]
c8daa5c982 chore(deps): bump github.com/Ullaakut/nmap/v2 (#1665) 
Bumps [github.com/Ullaakut/nmap/v2](https://github.com/Ullaakut/nmap) from 2.1.2-0.20210406060955-59a52fe80a4f to 2.2.2.
- [Release notes](https://github.com/Ullaakut/nmap/releases)
- [Commits](https://github.com/Ullaakut/nmap/commits/v2.2.2)

---
updated-dependencies:
- dependency-name: github.com/Ullaakut/nmap/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 05:41:49 +09:00
dependabot[bot]
9309081b3d chore(deps): bump github.com/aws/aws-sdk-go from 1.44.249 to 1.44.251 (#1660) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.249 to 1.44.251.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.249...v1.44.251)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 04:01:42 +09:00
dependabot[bot]
f541c32d1f chore(deps): bump github.com/c-robinson/iplib from 1.0.3 to 1.0.6 (#1659) 
Bumps [github.com/c-robinson/iplib](https://github.com/c-robinson/iplib) from 1.0.3 to 1.0.6.
- [Release notes](https://github.com/c-robinson/iplib/releases)
- [Commits](https://github.com/c-robinson/iplib/compare/v1.0.3...v1.0.6)

---
updated-dependencies:
- dependency-name: github.com/c-robinson/iplib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:51:34 +09:00
dependabot[bot]
79a8b62105 chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#1657) 
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.6 to 1.3.7.
- [Release notes](https://github.com/etcd-io/bbolt/releases)
- [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.6...v1.3.7)

---
updated-dependencies:
- dependency-name: go.etcd.io/bbolt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:50:53 +09:00
dependabot[bot]
74c91a5a21 chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1658) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:36:46 +09:00
MaineK00n
6787ab45c5 feat(ubuntu): add ubuntu 23.04 (#1647) 2023-04-27 03:26:59 +09:00
dependabot[bot]
f631e9e603 chore(deps): bump github.com/emersion/go-smtp from 0.14.0 to 0.16.0 (#1580) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.14.0 to 0.16.0.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.14.0...v0.16.0)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:25:41 +09:00
dependabot[bot]
2ab48afe47 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.136 to 1.44.249 (#1656) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.136 to 1.44.249.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.136...v1.44.249)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:24:53 +09:00
dependabot[bot]
53ccd61687 chore(deps): bump github.com/Azure/azure-sdk-for-go (#1588) 
Bumps [github.com/Azure/azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) from 66.0.0+incompatible to 68.0.0+incompatible.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v66.0.0...v68.0.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-27 03:20:58 +09:00
Sinclair
b91a7b75e2 fix(detector/github): Github dependency graph API request will be retried on error (#1650) 
* fix: Github dependency graph API request will be retried on error

* fix: github dependency graph: error handling

* github dependency graph: fix retry max
v0.23.1 		2023-04-24 12:46:29 +09:00
Wagde Zabit
333eae06ea fix order in identifying amazon linux version (#1652) 2023-04-21 10:35:19 +09:00
MaineK00n
93d401c70c chore(integration): update commit (#1649) 2023-04-20 14:09:21 +09:00
MaineK00n
99dc8e892f feat(gost/ubuntu): check kernel source package more strictly (#1599) 2023-04-20 13:05:41 +09:00
MaineK00n
fb904f0543 refactor(reporter): refactoring TelegramWriter, GoogleChatWriter (#1628) 
* style: remove unnecessary line break

* style: use regexp.MatchString instead of regexp.Match

* refactor(reporter): refactoring TelegramWriter, GoogleChatWriter
 2023-04-20 11:53:31 +09:00
MaineK00n
d4d33fc81d fix(scanner/dpkg): Fix false-negative in Debian and Ubuntu (#1646) 
* fix(scanner/dpkg): fix dpkg-query and not remove src pkgs

* refactor(gost): remove unnecesary field and fix typo

* refactor(detector/debian): detect using only SrcPackage
 2023-04-20 11:42:53 +09:00
Kota Kanbe
a1d3fbf66f fix(scan): false positives in Debian Pkg for CVE-IDs already detected by Trivy (#1639) 
* fix(scan): false positives in Debian Pkg for CVE-IDs already detected by Trivy

* fix

* Add detectionMethod only when detected by gost
 2023-04-17 09:21:30 +09:00
Sinclair
2cdfbe3bb4 fix: dependency graph using small query at once to avoid timeout (#1642) 2023-04-14 14:46:31 +09:00
MaineK00n
ac8290119d fix(configtest): amazon linux 2022, 2023 require dnf-utils (#1635) 2023-04-10 10:16:03 +09:00
MaineK00n
abdb081af7 feat(scanner): skip ssh config validation if G option is unknown option (#1632) v0.23.0 2023-04-04 18:50:17 +09:00
kurita0
e506125017 feat(wp): support csh, no sudo scan (#1523) 
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2023-03-28 21:07:10 +09:00
MaineK00n
8ccaa8c3ef fix(scanner/windows): support installationType Domain Controller (#1627) 2023-03-28 21:04:17 +09:00
MaineK00n
de1ed8ecaa feat(ci): add windows for snmp2cpe (#1626) 2023-03-28 19:20:03 +09:00
MaineK00n
947d668452 feat(windows): support Windows (#1581) 
* chore(deps): mod update

* fix(scanner): do not attach tty because there is no need to enter ssh password

* feat(windows): support Windows
 2023-03-28 19:00:33 +09:00
MaineK00n
db21149f00 feat(contrib): add snmp2cpe (#1625) 2023-03-28 18:56:28 +09:00
dependabot[bot]
7f35f4e661 chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1606) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.2 to 1.7.0.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-17 05:04:48 +09:00
MaineK00n
6682232b5c feat(os): support Amazon Linux 2023 (#1621) v0.22.2 2023-03-16 17:31:57 +09:00
sadayuki-matsuno
984debe929 fix(detector/github) change timeout 10s to 10m (#1616) 2023-03-01 16:58:11 +09:00
Kota Kanbe
a528362663 fix(saas): upload JSON if err occured during scan (#1615) v0.22.1 2023-03-01 14:52:03 +09:00
MaineK00n
ee97d98c39 feat: update EOL (#1598) 2023-02-22 16:00:05 +09:00