* feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts
* derive ecosystem/version from dependency graph
* fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure
* fix miscs
* typo in error message
* fix ecosystem equally to trivy
* miscs
* refactoring
* recursive dependency graph pagination
* change var name && update comments
* omit map type of ghpkgToPURL in signatures
* fix vars name
* goimports
* make fmt
* fix comment
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
* feat(cti): add Cyber Threat Intelligence info
* chore: replace io/ioutil as it is deprecated
* chore: remove --format-csv in stdout writer
* chore(deps): go get go-cti@v0.0.1
* feat(cti): update cti dict(support MITRE ATT&CK v11.1)
* chore(deps): go get go-cti@master
* chore(mod): update go-exploitdb module
* docs: add inthewild datasource
* Unique because URLs sometimes duplicate on GitHub and InTheWild
Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
* feat(kevuln): add known exploited vulnerabilities
* chore: transfer repository owner
* feat: show CISA on top of CERT
* chore: rename var
* chore: rename var
* chore: fix review
* chore: fix message
* chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves()
* review comment
* chore: go mod update go-cve
* feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN
* add NvdExactVersionMatch andd NvdRoughVersionMatch
* add confidence-over option to report
* sort CveContetens
* fix integration-test
* feat(model): change CveContents(map[string]CveContent) to map[string][]CveContent
* fix(cpescan): use CveIDSource
* chore: check Nvd, Jvn data
* chore: go-cve-dictionary update
* chore: add to cveDetails as is, since CveID is embedded in the response
