* fix(ubuntu): vulnerability detection for kernel package
* feat(gost/ubuntu): update mod to treat status: deferred as unfixed
* feat(ubuntu): support 22.10
* feat(oval): support new goval-dictionary model
* chore: fix lint err
* chore: set len of slice to 0
* fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks
* fix(oval): avoid contamination of AffectedPackages by writing directly to defPacks
* feat(report): do not add duplicate CveContent
* chore: goval-dictionary update
* chore: go mod tidy
* fix(oval): preload Advisory.Cves for Ubuntu
https://github.com/kotakanbe/goval-dictionary/pull/152
Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent
* fix(cpescan): use CveIDSource
* chore: check Nvd, Jvn data
* chore: go-cve-dictionary update
* chore: add to cveDetails as is, since CveID is embedded in the response
* change: never refer to ChangeLog
* change raspberry pi os use debian oval at report
* change do not use r.Family
* change gost do not use r.Family
* change use r.Family because family has a large impact
* change replace MaineK00n/goval-dictionary@raspberrypi-oval
* note Raspbian Scan Policy
* add Raspbian Changelog support policy
* change grep Package for Raspbian at fast-scan mode
* add changelog preprocessing for Raspbian
* add take note of TODO
* change Changelog fetch part to function
* change error handling
* change solve one TODO
* change make ChangelogDir once
* add comment
* fix oval support Amazon Linux :refs #824
* change to useScannedCves from ovalSupproted
* change confidence for Raspbian
* change skip package for raspbian in OVAL DB
* change separate raspbian implementation from util
* change error, log format
* change print format
* change log format(delete newline)
* change support changelog.(Debian.)gz
* Revert "change support changelog.(Debian.)gz"
This reverts commit 2265a72c67.
* change test chnage.(Debian.)gz
* change support raspbian package(*raspberry*)
* change error format
* fix regexp pattern
* fix typo
* fix changelog cache
* change rename function name
* add TestParseChangelog
* change changelog lenient match for raspbian
* fix test case
* change clog dir support symbolic link, clog save dir name append suffix
* change remove more package for raspberry pi
* fix error handling
* change module update
* change refactoring around identifying raspbian package
* update go module
* update scan image
* update scan image
* change clarify scan mode
* change raspiPackNamePattern and add test case
* add a github actions config
* fix(log): Don't create a log dir when testing
* remove a meaningless test case
* Thanks for everything, Mr, Travys.
* add golangci
* add goreleaser.yml
* add tidy.yml
* add golang-ci
* fix many lint warnings
* refactor(model): PackageFixStatus.Name to BinName
* refacotr(oval): change var name
* feat(report): Add FixedIn in JSON
* refactor(tui): chage args
* display fixedin in report
* refactor(model): change fileld name
* remove unused field of PackageFixStatus
* Change config.toml, Auto-generate UUIDs, change structure of optional field
* Detect processes affected by update using yum-ps (#482)
Detect processes affected by update using yum-ps
* Detect processes needs restart using checkrestart on Debian and Ubuntu.
* pass cpename by args when calling FillCveInfo (#513)
* fix new db (#502)
* Include Version,Revision in JSON
* Include hostname in JSON
* Update goval-dictionary's commit hash in Gopkg.lock
* Remove README.ja.md
* update packages (#596)
* fix: change ControlPath to .vuls of SSH option (#618)
* feat: checkrestart for Ubuntu and Debian (#622)
* feat: checkrestart for Ubuntu and Debian
* fix: dependencies check logic of configtest
* feat: need-restarting on RedHat
* refactor: Process.ProcName to Process.Name
* feat: detect a systemd service name of need-restarting-process
* feat: detect a systemd service name of need-restarting-process on Ubuntu
* feat: fill a service name of need-restarting-process, init-system
* Support NVD JSON and CVSS3 of JVN (#605)
* fix: compile errors
* fix: Show CVSS3 on TUI
* fix: test cases
* fix: Avoid null in JSON
* Fix maxCvssScore (#621)
* Fix maxCvssScore
* Update vulninfos.go
* fix(init): remove unnecessary log initialization
* refactor(nvd): use only json feed if exists json data. if not, use xml feed
* fix(scan): make Confidence slice
* feat(CWE): Display CWE name to TUI
* feat(cwe): import CWE defs in Japanese
* feat(cwe): add OWASP Top 10 ranking to CWE if applicable
* feat(scan): add -fast-root mode, implement scan/amazon.go
* refactor(const): change const name JVN to Jvn
* feat(scan): add -fast-root mode, implement scan/centos.go
* refactor(dep): update deps
* fix(amazon): deps check
* feat(scan): add -fast-root mode, implement scan/rhel.go
* feat(scan): add -fast-root mode, implement scan/oracle.go
* fix complile err
* feat(scan): add -fast-root mode, implement scan/debian.go
* fix testcase
* fix(amazon): scan using yum
* fix(configtest): change error message, status when no scannnable servers
* Fix(scan): detect init process logic
* fix(tui): display cvss as table format
* fix(scan): parse a output of reboot-notifier on CentOS6.9
* fix(tui): don't display score, vector when score is zero
* fix(scan): add -offline mode to suse scanner
* fix(scan): fix help message
* feat(scan): enable to define scan mode for each servers in config.toml #510
* refactor(config): chagne cpeNames to cpeURIs
* refactor(config): change dependencyCheckXMLPath to owaspDCXMLPath
* fix(config): containers -> containersIncluded, Excluded, containerType
* feature(report): enable to define cpeURIs for each contaner
* feature(report): enable to specify owasp dc xml path for each container
* fix(discover): fix a template displayed at the end of discover
* feature(report): add ignorePkgsRegexp #665
* feature(report): enable to define ignoreCves for each container #666
* fix(report): Displayed nothing in TUI detail area when CweID is nil
* Gopkg.toml diet
* feat(server): support server mode (#678)
* feat(server): support server mode
* Lock go version
* Use the latest kernel release among the installed release when the running kernel release is unknown
* Add TestViaHTTP
* Set logger to go-cve-dictionary client
* Add -to-localfile
* Add -to-http option to report
* Load -to-http conf from config.toml
* Support gost (#676)
* feat(gost): Support RedHat API
* feat(gost): Support Debian Security Tracker
* feat(db): display error msg when SQLite3 is locked at the beginning of reporting.
* feat(gost): TUI
* Only use RedHat information of installed packages
* feat(tui): show mitigation on TUI
* feat(gost): support redis backend
* fix test case
* fix nil pointer when db is nil
* fix(gost): detect vulns of src packages for Debian
* feat(gost): implement redis backend for gost redhat api
* feat(report): display fixState of unfixed pkgs
* fix(report): display distincted cweIDs
* feat(slack): display gost info
* feat(slack): display mitigation
* feat(report): display available patch state as fixed/total
* fix(tui): display - if source of reference is empty
* update deps
* fix(report): key in ScanResult JSON be lowerCamelcase.
* some keys to lower camel
* fix(configtest): dep check logic of yum-plugin-ps
* fix(tui): format
* feat(report): add -format-list option
* fix(report): -format-full-text
* fix(report): report -format-full-text
* fix(report): display v3 score detected by gost
* fix(scan): scan in fast mode if not defined in config.toml
* fix(gost): fetch RedHat data for fixed CVEs
* feat(report): show number of cves detected in each database
* fix(report): show new version as `Unknown` in offline and fast scan mode
* fix(report): fix num of upadtable and fixed
* fix(report): set `Not fixed yet` if packageStatus is empty
* refact(gost): make convertToModel public
* fix(test): fix test case
* update deps
* fix(report): include gost score in MaxCvssScore
* [WIP] feat(config): enable to set options in config.toml instead of cmd opt (#690)
* feat(config): enable to set options in config.toml instead of cmd opt
* fix(config): change Conf.Report.Slack to Conf.Slack
* fix(discover): change tempalte
* fix(report): fix config.toml auto-generate with -uuid
* Add endpoint for health check and change endpoint
* refact(cmd): refactor flag set
* fix(report): enable to specify opts with cmd arg and env value
* fix(scan): enable to parse the release version of amazon linux 2
* add(report) add -to-saas option (#695)
* add(report) add -to-saas option
* ignore other writer if -to-saas
* fix(saas) fix bug
* fix(scan): need-restarting needs internet connection
* fix(scan,configtest): check scan mode
* refactor(scan): change func name
* fix(suse): support offline mode, bug fix on AWS, zypper --no-color
* fix(tui): fix nil pointer when no vulns in tui
* feat(report): enable to define CPE FS format in config.toml
* fix(vet): fix warnings of go vet
* fix(travis): go version to 1.11
* update deps
* Add filter options to tui subcommand (#508)
* Capture version of source packages on Debian based linux
* Change makefile, gofmt -s
* Refactoring
* Implement OVAL detection of source packages for Debian, Ubuntu
