Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 139f3a8

Browse files
dependabot[bot]MaineK00n
dependabot[bot]
and
MaineK00n
authoredJul 25, 2022
chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 (future-architect#1494)
* chore(deps): bump github.com/aquasecurity/trivy from 0.27.1 to 0.30.0 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.27.1 to 0.30.0. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](aquasecurity/trivy@v0.27.1...v0.30.0) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump github.com/aquasecurity/trivy from 0.30.0 to 0.30.2 * fix(library): change fanal to trivy/pkg/fanal * chore: update integration Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
1 parent d1a617c commit 139f3a8

File tree

10 files changed

+379
-118
lines changed

10 files changed

+379
-118
lines changed
 

‎GNUmakefile

+1-1
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ NOW=$(shell date --iso-8601=seconds)
8888
NOW_JSON_DIR := '${BASE_DIR}/$(NOW)'
8989
ONE_SEC_AFTER=$(shell date -d '+1 second' --iso-8601=seconds)
9090
ONE_SEC_AFTER_JSON_DIR := '${BASE_DIR}/$(ONE_SEC_AFTER)'
91-
LIBS := 'bundler' 'pip' 'pipenv' 'poetry' 'composer' 'npm' 'yarn' 'cargo' 'gomod' 'gosum' 'gobinary' 'jar' 'pom' 'nuget-lock' 'nuget-config' 'nvd_exact' 'nvd_rough' 'nvd_vendor_product' 'nvd_match_no_jvn' 'jvn_vendor_product' 'jvn_vendor_product_nover'
91+
LIBS := 'bundler' 'pip' 'pipenv' 'poetry' 'composer' 'npm' 'yarn' 'pnpm' 'cargo' 'gomod' 'gosum' 'gobinary' 'jar' 'pom' 'nuget-lock' 'nuget-config' 'dotnet-deps' 'nvd_exact' 'nvd_rough' 'nvd_vendor_product' 'nvd_match_no_jvn' 'jvn_vendor_product' 'jvn_vendor_product_nover'
9292

9393
diff:
9494
# git clone git@github.com:vulsio/vulsctl.git

‎contrib/trivy/pkg/converter.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ import (
44
"sort"
55
"time"
66

7-
"github.com/aquasecurity/fanal/analyzer/os"
7+
"github.com/aquasecurity/trivy/pkg/fanal/analyzer/os"
88
"github.com/aquasecurity/trivy/pkg/types"
99

1010
"github.com/future-architect/vuls/models"

‎detector/library.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ func DetectLibsCves(r *models.ScanResult, cacheDir string, noProgress bool) (err
6363
}
6464

6565
func downloadDB(appVersion, cacheDir string, quiet, skipUpdate bool) error {
66-
client := db.NewClient(cacheDir, quiet)
66+
client := db.NewClient(cacheDir, quiet, false)
6767
ctx := context.Background()
6868
needsUpdate, err := client.NeedsUpdate(appVersion, skipUpdate)
6969
if err != nil {

‎go.mod

+53-27
Original file line numberDiff line numberDiff line change
@@ -3,38 +3,37 @@ module github.com/future-architect/vuls
33
go 1.18
44

55
require (
6-
github.com/Azure/azure-sdk-for-go v63.0.0+incompatible
6+
github.com/Azure/azure-sdk-for-go v66.0.0+incompatible
77
github.com/BurntSushi/toml v1.1.0
88
github.com/Ullaakut/nmap/v2 v2.1.2-0.20210406060955-59a52fe80a4f
9-
github.com/aquasecurity/fanal v0.0.0-20220426115253-1d75fc0c7219
10-
github.com/aquasecurity/go-dep-parser v0.0.0-20220422134844-880747206031
11-
github.com/aquasecurity/trivy v0.27.1
12-
github.com/aquasecurity/trivy-db v0.0.0-20220327074450-74195d9604b2
9+
github.com/aquasecurity/go-dep-parser v0.0.0-20220626060741-179d0b167e5f
10+
github.com/aquasecurity/trivy v0.30.2
11+
github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63
1312
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
14-
github.com/aws/aws-sdk-go v1.43.31
13+
github.com/aws/aws-sdk-go v1.44.46
1514
github.com/c-robinson/iplib v1.0.3
1615
github.com/cenkalti/backoff v2.2.1+incompatible
1716
github.com/d4l3k/messagediff v1.2.2-0.20190829033028-7e0a312ae40b
1817
github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
1918
github.com/emersion/go-smtp v0.14.0
2019
github.com/google/subcommands v1.2.0
2120
github.com/gosuri/uitable v0.0.4
22-
github.com/hashicorp/go-uuid v1.0.2
21+
github.com/hashicorp/go-uuid v1.0.3
2322
github.com/hashicorp/go-version v1.6.0
2423
github.com/jesseduffield/gocui v0.3.0
2524
github.com/k0kubun/pp v3.0.1+incompatible
2625
github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
2726
github.com/knqyf263/go-cpe v0.0.0-20201213041631-54f6ab28673f
2827
github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
29-
github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
28+
github.com/knqyf263/go-rpm-version v0.0.0-20220614171824-631e686d1075
3029
github.com/kotakanbe/go-pingscanner v0.1.0
3130
github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96
3231
github.com/mitchellh/go-homedir v1.1.0
3332
github.com/nlopes/slack v0.6.0
3433
github.com/olekukonko/tablewriter v0.0.5
3534
github.com/parnurzeal/gorequest v0.2.16
3635
github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
37-
github.com/sirupsen/logrus v1.8.1
36+
github.com/sirupsen/logrus v1.9.0
3837
github.com/spf13/cobra v1.5.0
3938
github.com/vulsio/go-cti v0.0.2-0.20220613013115-8c7e57a6aa86
4039
github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85
@@ -46,7 +45,7 @@ require (
4645
go.etcd.io/bbolt v1.3.6
4746
golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d
4847
golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
49-
golang.org/x/sync v0.0.0-20220513210516-0976fa681c29
48+
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
5049
golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f
5150
)
5251

@@ -56,32 +55,42 @@ require (
5655
cloud.google.com/go/iam v0.3.0 // indirect
5756
cloud.google.com/go/storage v1.14.0 // indirect
5857
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
59-
github.com/Azure/go-autorest/autorest v0.11.25 // indirect
60-
github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
58+
github.com/Azure/go-autorest/autorest v0.11.27 // indirect
59+
github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
6160
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
6261
github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
6362
github.com/Azure/go-autorest/logger v0.2.1 // indirect
6463
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
64+
github.com/Microsoft/go-winio v0.5.2 // indirect
65+
github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
6566
github.com/PuerkitoBio/goquery v1.6.1 // indirect
6667
github.com/VividCortex/ewma v1.2.0 // indirect
68+
github.com/acomagu/bufpipe v1.0.3 // indirect
6769
github.com/andybalholm/cascadia v1.2.0 // indirect
6870
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce // indirect
6971
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 // indirect
7072
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
7173
github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
7274
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
7375
github.com/briandowns/spinner v1.18.1 // indirect
74-
github.com/caarlos0/env/v6 v6.9.1 // indirect
76+
github.com/caarlos0/env/v6 v6.9.3 // indirect
7577
github.com/cespare/xxhash/v2 v2.1.2 // indirect
7678
github.com/cheggaaa/pb/v3 v3.0.8 // indirect
7779
github.com/davecgh/go-spew v1.1.1 // indirect
80+
github.com/dgryski/go-minhash v0.0.0-20170608043002-7fe510aff544 // indirect
7881
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
79-
github.com/docker/cli v20.10.12+incompatible // indirect
80-
github.com/docker/distribution v2.7.1+incompatible // indirect
81-
github.com/docker/docker v20.10.14+incompatible // indirect
82+
github.com/docker/cli v20.10.17+incompatible // indirect
83+
github.com/docker/distribution v2.8.1+incompatible // indirect
84+
github.com/docker/docker v20.10.17+incompatible // indirect
8285
github.com/docker/docker-credential-helpers v0.6.4 // indirect
86+
github.com/ekzhu/minhash-lsh v0.0.0-20171225071031-5c06ee8586a1 // indirect
87+
github.com/emirpasic/gods v1.12.0 // indirect
8388
github.com/fatih/color v1.13.0 // indirect
8489
github.com/fsnotify/fsnotify v1.5.4 // indirect
90+
github.com/go-enry/go-license-detector/v4 v4.3.0 // indirect
91+
github.com/go-git/gcfg v1.5.0 // indirect
92+
github.com/go-git/go-billy/v5 v5.3.1 // indirect
93+
github.com/go-git/go-git/v5 v5.4.2 // indirect
8594
github.com/go-redis/redis/v8 v8.11.5 // indirect
8695
github.com/go-sql-driver/mysql v1.6.0 // indirect
8796
github.com/go-stack/stack v1.8.1 // indirect
@@ -90,15 +99,18 @@ require (
9099
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
91100
github.com/golang/protobuf v1.5.2 // indirect
92101
github.com/google/go-containerregistry v0.8.0 // indirect
102+
github.com/google/licenseclassifier/v2 v2.0.0-pre5 // indirect
93103
github.com/googleapis/gax-go/v2 v2.4.0 // indirect
94104
github.com/gorilla/websocket v1.4.2 // indirect
95105
github.com/hashicorp/errwrap v1.1.0 // indirect
96106
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
97-
github.com/hashicorp/go-getter v1.5.11 // indirect
107+
github.com/hashicorp/go-getter v1.6.2 // indirect
98108
github.com/hashicorp/go-multierror v1.1.1 // indirect
99109
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
100110
github.com/hashicorp/go-safetemp v1.0.0 // indirect
101111
github.com/hashicorp/hcl v1.0.0 // indirect
112+
github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b // indirect
113+
github.com/imdario/mergo v0.3.13 // indirect
102114
github.com/inconshreveable/log15 v0.0.0-20201112154412-8562bdadbbac // indirect
103115
github.com/inconshreveable/mousetrap v1.0.0 // indirect
104116
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
@@ -109,10 +121,13 @@ require (
109121
github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
110122
github.com/jackc/pgtype v1.11.0 // indirect
111123
github.com/jackc/pgx/v4 v4.16.1 // indirect
124+
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
125+
github.com/jdkato/prose v1.1.0 // indirect
112126
github.com/jinzhu/inflection v1.0.0 // indirect
113127
github.com/jinzhu/now v1.1.5 // indirect
114128
github.com/jmespath/go-jmespath v0.4.0 // indirect
115-
github.com/klauspost/compress v1.14.2 // indirect
129+
github.com/kevinburke/ssh_config v1.1.0 // indirect
130+
github.com/klauspost/compress v1.15.6 // indirect
116131
github.com/lib/pq v1.10.5 // indirect
117132
github.com/magiconair/properties v1.8.6 // indirect
118133
github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
@@ -123,47 +138,58 @@ require (
123138
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
124139
github.com/mitchellh/go-testing-interface v1.0.0 // indirect
125140
github.com/mitchellh/mapstructure v1.5.0 // indirect
141+
github.com/montanaflynn/stats v0.0.0-20151014174947-eeaced052adb // indirect
126142
github.com/nsf/termbox-go v1.1.1 // indirect
127143
github.com/opencontainers/go-digest v1.0.0 // indirect
128-
github.com/opencontainers/image-spec v1.0.2 // indirect
144+
github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1 // indirect
129145
github.com/pelletier/go-toml v1.9.5 // indirect
130146
github.com/pelletier/go-toml/v2 v2.0.2 // indirect
131147
github.com/pkg/errors v0.9.1 // indirect
132148
github.com/pmezard/go-difflib v1.0.0 // indirect
133149
github.com/rivo/uniseg v0.2.0 // indirect
134150
github.com/rogpeppe/go-internal v1.8.1 // indirect
151+
github.com/russross/blackfriday/v2 v2.1.0 // indirect
152+
github.com/sergi/go-diff v1.2.0 // indirect
153+
github.com/shogo82148/go-shuffle v0.0.0-20170808115208-59829097ff3b // indirect
135154
github.com/spf13/afero v1.8.2 // indirect
136155
github.com/spf13/cast v1.5.0 // indirect
137156
github.com/spf13/jwalterweatherman v1.1.0 // indirect
138157
github.com/spf13/pflag v1.0.5 // indirect
139158
github.com/spf13/viper v1.12.0 // indirect
140-
github.com/stretchr/objx v0.3.0 // indirect
141-
github.com/stretchr/testify v1.7.2 // indirect
159+
github.com/stretchr/objx v0.4.0 // indirect
160+
github.com/stretchr/testify v1.8.0 // indirect
142161
github.com/subosito/gotenv v1.4.0 // indirect
143162
github.com/ulikunitz/xz v0.5.10 // indirect
163+
github.com/xanzy/ssh-agent v0.3.0 // indirect
144164
go.opencensus.io v0.23.0 // indirect
145165
go.uber.org/atomic v1.7.0 // indirect
146166
go.uber.org/goleak v1.1.12 // indirect
147-
go.uber.org/multierr v1.6.0 // indirect
167+
go.uber.org/multierr v1.7.0 // indirect
148168
go.uber.org/zap v1.21.0 // indirect
149169
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
150170
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
151171
golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e // indirect
152-
golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b // indirect
153-
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
172+
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
173+
golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 // indirect
154174
golang.org/x/text v0.3.7 // indirect
175+
gonum.org/v1/gonum v0.7.0 // indirect
155176
google.golang.org/api v0.81.0 // indirect
156177
google.golang.org/appengine v1.6.7 // indirect
157-
google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd // indirect
158-
google.golang.org/grpc v1.46.2 // indirect
178+
google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f // indirect
179+
google.golang.org/grpc v1.47.0 // indirect
159180
google.golang.org/protobuf v1.28.0 // indirect
160181
gopkg.in/ini.v1 v1.66.6 // indirect
182+
gopkg.in/neurosnap/sentences.v1 v1.0.6 // indirect
183+
gopkg.in/warnings.v0 v0.1.2 // indirect
161184
gopkg.in/yaml.v2 v2.4.0 // indirect
162185
gopkg.in/yaml.v3 v3.0.1 // indirect
163186
gorm.io/driver/mysql v1.3.4 // indirect
164187
gorm.io/driver/postgres v1.3.7 // indirect
165188
gorm.io/driver/sqlite v1.3.4 // indirect
166189
gorm.io/gorm v1.23.5 // indirect
167-
k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect
190+
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
168191
moul.io/http2curl v1.0.0 // indirect
169192
)
193+
194+
// See https://github.com/moby/moby/issues/42939#issuecomment-1114255529
195+
replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible
There was a problem loading the remainder of the diff.

0 commit comments

Comments
 (0)
Please sign in to comment.