Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
security
osv-scanner
osv-scanner.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File osv-scanner.changes of Package osv-scanner
------------------------------------------------------------------- Thu May 30 09:34:18 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.7.4: * Remove feature from changelog as it's still blocked on #769 (#1006) * V1.7.4 changelog (#1001) * Update typo in supported_languages_and_lockfiles.md (#998) * feat: support comparing Alpine versions locally (#980) * Now that we have updated to go1.21.10, we can remove the ignore line from osv-scanner.toml (#996) * chore(deps): update workflows (major) (#897) * fix(deps): update osv-scanner minor (#994) * chore(deps): update alpine docker tag to v3.20 (#993) * Update test snapshots (#992) * test: add cases for output functions (#937) * fix(deps): update osv-scanner minor (#978) * Add a new Maven pom.xml extractor (#982) * feat: support parsing `gradle/verification-metadata.xml` (#943) * chore(deps): update workflows (#977) * chore(deps): update golang:1.21-alpine3.19 docker digest to 1c2e474 (#985) * chore(deps-dev): Bump the bundler group across 1 directory with 2 updates (#983) * make Maven parent path relative on current project (#987) * Fix snapshots and alpine version (#990) * Update deps.dev dependencies (#984) * [docs] Add installation instructions for FreeBSD and NetBSD (#969) * Disable all unimportant vulnerabilities (#968) * GR: Add test universe generation script and tests for patch generation (#967) ------------------------------------------------------------------- Thu May 09 07:20:31 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.7.3: * chore(deps): update golang:1.21-alpine3.19 docker digest to b3aea8d (#973) * v1.7.3 changelog and version bump (#972) * Update gomod go version (#971) * Fix tests; add newly discovered vulns (#970) * Update go.mod to 1.21.9 (#907) * chore: import `sys` in Python generators (#966) * ci: upgrade `golangci/golangci-lint-action` to v5 (#964) * chore: only extract versions from packages in the generator ecosystem (#957) * refactor: encapsulate getting the working directory in a helper function (#961) * refactor: apply Rubocop to Ruby generator (#956) * test: remove future snapshots (#960) * chore(deps): update workflows (#935) * fix(deps): update osv-scanner minor (#945) * chore(deps): lock file maintenance (#962) * Fix snapshot for test (#963) * fix: ensure the sarif output has a stable order (#938) * chore: support skipping known unsupported comparisons in generators (#954) * chore(deps): lock file maintenance (#936) * chore: improve version fixture generators for local usage (#953) * ci: cancel in-progress runs when new changes are pushed (#959) * Automated Updates: support parents and dependency imports (#890) * GR: Support filtering on alias IDs (#946) * ci: ensure input name case matches just to be safe (#955) * refactor: use `maps` functions instead of custom implementations (#940) * test: update snapshots due to external vulnerability changes (#951) * ci: upgrade Codecov to v4 (#941) * feat: add support for PNPM v9 lockfiles (#934) * Add new vuln to tests (#947) * chore: add missing space to panic message (#942) * test: include groups when describing package details (#933) ------------------------------------------------------------------- Fri Apr 19 04:46:42 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.7.2: * Changelog for v1.7.2 (#932) * GR: Use deps.dev schema for graph definition in tests (#911) * ci: ensure snapshots are always cleaned up (#903) * test: clean up image snapshots (#923) * Fix paths in test snapshots (#930) * Fix regression for go call analysis in 1.7.0 (#926) * fix(deps): update osv-scanner minor (#918) * chore(deps): lock file maintenance (#919) * Ignore stdlib vuln (#920) * GR: Test `MatchVuln()` (#912) * GR: resolve tests & mock client (#909) * GR: Parse paths in npmrc auth fields correctly (#901) * Fix rust call analysis by explicitly disabling stripping of debug info (#908) * fix(deps): update osv-scanner minor (#895) * chore(deps): update golang:1.21-alpine3.19 docker digest to ed8ce6c (#905) * chore(deps): update workflows (#906) * chore(deps): lock file maintenance (#898) * test: clean and sort snapshots (#904) * Add new vuln for failing test (#900) * GR: Tests for npm relaxer (#894) * GR: Add simple test for package-lock.json writing (#891) * chore(deps): update workflows (#886) * fix(deps): update osv-scanner minor (#885) * update deps.dev/util/maven (#892) * Make MockHTTPServer for tests (#888) * GR: Add tests for npmrc & npm registry api (#879) * Update github action docs to v1.7.1 (#881) * Use stable deps.dev v3 API (#882) * test: pin alpine image to exact sha (#880) * test: change how snapshot matchers are called and update example name for consistency (#866) * [docs] Fix the HTTP link for downloading offline database. (#877) * fix(renovate): constrain go to 1.21 and do not update golang (#874) * ci: harden workflow permissions (#872) * chore(deps): Bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#878) ------------------------------------------------------------------- Wed Mar 20 06:19:45 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.7.1: * v1.7.1 changelog and removing unused fixtures (#876) * Fix/update retry logic in OSV (#860) * perf: optimize string formatting and update linting (#828) * test: add cli cases for `node_modules` images (#870) * Follow up PR851 mark acceptance on image tests (#869) * GR: Add npm lockfile read tests (#853) * ci: downgrade codecov action to v3 (#871) * test: use "public" package where possible (#838) * test: regenerate snapshots (#867) * Pin the dockerfiles to the correct base image (#865) * chore(deps): update workflows (#863) * fix(deps): update osv-scanner minor (#864) * add MakeVersionRequestsWithContext() (#781) * improve error messages in Maven registry client (#859) * Fix location of "*" for requirements.txt (#858) * docs: reword sentence in guided-remediation (#846) * Put API/networking errors on another error code (#857) * chore(deps): update golang:alpine docker digest to fc5e584 (#852) * Find and save the distro version when extracting from debian and alpine (#854) * fix: allow users to override GOVERSION (#850) * feat: support scanning `node_modules` generated by NPM in container images (#851) * GR: Add npm ManifestIO tests & minor fixes (#845) * Automated Updates: set up update subcommand (#830) ------------------------------------------------------------------- Fri Mar 15 21:49:28 UTC 2024 - opensuse_buildservice@ojkastl.de - BuildRequire go 1.21.8 to follow upstream - Update to version 1.7.0: * Update changelog for v1.7.0 (#843) * Merge docs to main (#842) * Replace stereoscope with using go-containerregistry directly (#836) * Rename relaxer and suggester (#839) * Update deps (#841) * Downgrade go.mod (#833) * chore(deps): update workflows (#835) * Add more guided remediation known issues re: vulnerabilitiy counting (#840) * Guided Remediation Docs (#827) * test: automatically cleanup test zip server (#834) * chore(deps): lock file maintenance (#822) * fix(deps): update osv-scanner minor (#807) * ci: remove unneeded `setup-go` step and pin `actions/download-artifact` (#786) * Dont traverse gitignored dirs for gitignore files (#797) * test: make `createTestDir` a general test utility (#832) * Maximum severity rating for each Group object in JSON output (#805) * Automated Updates: add a simple Maven registry API client (#837) * Automated Updates: only append dependencies with property to original requirements (#823) * chore(deps): update dependency github-pages to v231 (#821) * chore(deps): update workflows to v4 (major) (#784) * chore(deps): update workflows (#806) * Added a switch for using cached local db in test to improve speed (#826) * Remove version from the binary name. (#831) * Automated Updates: suggest property patches to update for Maven (#824) * refactor: replace usage of deprecated function (#829) * chore: don't ignore `fixtures` directory (#825) * Align GoVulncheck Go version with go.mod (#818) * Guided Remediation: Compute Dev dependencies in in-place parsing (#816) * Automated Updates: add ManifestIO for Maven (#813) * Update suggester package name (#817) * Automated Updates: add version suggester for Maven (#815) * Guided remediation: Interactive mode TUI (#811) * Proof of Concept of container scanning (#808) * Guided Remediation: non-interactive mode (#798) * Update main with the new docs updates. (#810) * Add user agent to deps.dev requests (#804) * chore(deps): update golang:alpine docker digest to 8e96e6c (#793) * fix(deps): update osv-scanner minor (#794) * chore(deps): update dependency github-pages to v230 (#796) * chore(deps): update workflows (#795) * Start setting up guided remediation subcommand (#792) * Guided Remediation: Compute in-place updates (#789) * Guided Remediation: Add `package-lock.json` LockfileIO (#785) * add new spdx identifiers (#788) * chore(deps-dev): Bump nokogiri from 1.15.5 to 1.16.2 in /docs (#787) * chore(deps): update workflows (#783) * fix(deps): update osv-scanner minor (#782) * Guided Remediation: add npm registry clients & `.npmrc` parsing (#778) * Fix tests (#780) ------------------------------------------------------------------- Wed Jan 31 14:00:36 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.6.2: * Update changelog for 1.6.2 (#779) * chore(deps): update golang:alpine docker digest to a6a7f1f (#772) * chore(deps): update alpine:3.19 docker digest to c5b1261 (#771) * Add pdm lockfile support (#776) * Guided Remediation: Make `VulnerabilityClient` for OSV queries (#773) * Do not fail if no lockfiles found in github action (#774) * Guided Remediation: Add computation for all relaxation patches (#766) * Parse severities for guided remediation (#767) * Add pictures to github action docs (#768) * Guided Remediation: Add dependency relaxation & re-resolution (#765) * Update govet printf settings (#745) * fix: improve wording of usage description (#764) * Guided Remediation: add npm `package.json` manifest parser (#763) * Update github action version (#761) * Guided Remediation: Add manifest resolution (#757) * Add OSV-Scanner subcommands (#748) * test: use snapshot-based testing (#717) * chore(deps): lock file maintenance (#760) * fix(deps): update osv-scanner minor (#758) * chore(deps): update workflows (#759) * add dependency groups to flattened vulnerability (#754) * Use new GitHub action in new repository (#756) ------------------------------------------------------------------- Thu Jan 18 08:15:11 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.6.1: * Final goreleaser fix (#753) * Remove unnecessary docker manifest entry in goreleaser (#752) * Update goreleaser to fix release pipeline (#751) ------------------------------------------------------------------- Thu Jan 18 08:13:06 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.6.0: * Update CHANGELOG.md for 1.6.0 (#749) * Bump version for OSV-Scanner. (#750) * Build action image when releasing (#747) * fix(deps): update osv-scanner minor (#743) * chore(deps): update actions/upload-artifact action to v4.1.0 (#744) * chore(deps): update golang:alpine docker digest to fd78f2f (#719) * chore(deps): update workflows (major) (#709) * chore(deps): update alpine docker tag to v3.19 (#708) * fix(deps): update osv-scanner minor (#700) * chore(deps): lock file maintenance (#710) * chore(deps): update github/codeql-action action to v2.23.0 (#707) * Assume latest patch version if version does not exist (#740) * Add support for verbosity levels (#727) * Show ecosystem and version even if git is shown if the info exists. (#736) * chore(deps): Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#738) * Add option to not fail on vuln to workflow files (#737) * Fix vulnerabilities that OSV-Scanner found (#724) * Add option to not fail on vulnerability being found for github action (#732) * fix: remove deprecated `Reporter` methods (#722) * fix directives related to go generate in package spdx (#730) * verify license allowlist against spdx identifiers (#729) * Add formatting instructions to docs contribution (#723) * Adjusting docs (#716) * fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 [security] (#721) * Get go stdlib version from go.mod (#704) * feat: support `PrintTextf` and `PrintErrorf` on `Reporter` (#706) * Refactor: attempt to transition into using models.Ecosystems rather than lockfile.Ecosystems (#705) * Updating cdxgen-go version in go.mod (#718) * Unify OSV scanner action (#711) * refactor: setup `prettier` for formatting files (#693) * Return an error if both license scanning and local/offline scanning is enabled simultaneously (#703) * chore(deps): update golang:alpine docker digest to feceecc (#699) * scan and report dependency groups of vulnerabilities (#655) * Create an option to skip/disable upload to code scanning (#702) * Add support for NuGet lock files version 2 (#694) * remove extra backtick in license scanning documentation (#696) * Update changelog to include minimum go version changes (#695) ------------------------------------------------------------------- Wed Dec 06 12:05:33 UTC 2023 - kastl@b1-systems.de - Update to version 1.5.0: * Add changelog for verson 1.5.0 (#692) * Fix go mod (#691) * chore(deps): lock file maintenance (#653) * refactor: switch golang.org/x/exp/slices usages to stdlib (#690) * Include available formats in `--format` help message (#685) * chore(deps): update golang:alpine docker digest to 70afe55 (#687) * chore(deps): update alpine:3.18 docker digest to 34871e7 (#686) * fix(deps): update osv-scanner minor (#688) * Add `osv-scanner` pre-commit hook (#669) * Fix goreleaser build (#683) * feat: CVSS v4.0 support and replace cvss implementation to comply with the specifications (#651) * chore(deps): update workflows (#666) * Added license scanning info (#674) * update docs for call analysis. (#682) * Setup manual release pipeline (#681) * add experimental-licenses summary flag (#678) * Set Go call analysis to default behaviour (#665) * Fix filter ids (#647) * feat: add support for `renv.lock` (#668) * Simplify return codes to return 1 if any vulnerability related error (#677) * fix(deps): update osv-scanner minor (#652) * refactor: upgrade golangci-lint (#673) * make license allowlist matching case insensitive (#672) * ci: run tests on Windows (#646) * feat: add support for comparing CRAN versions (#656) * ci: update `golangci-lint` to v1.54 (#661) * Don't include nested vendored libs in determineversions query. (#649) * chore: disable `goconst` linter (#662) * fix: remove noise lockfile warnings (#660) * ci: enforce that `cachedregexp` is always used instead of `regexp` (#663) * Adding C/C++ info to the docs (#648) * cmd/osv-scanner: update sarif output in test cases (#659) * Downgrade jekyll-feed. Update lock file (#650) * chore(deps): update golang:alpine docker digest to 110b07a (#640) * fix: properly handle file/url paths on Windows (#645) * test: don't ignore anything from coverage (#627) * fix(deps): update osv-scanner minor (#641) * Filter local packages from scanning, and report the filtering. (#643) * license checking experimental feature (#501) * upgrade version of Go in GitHub checks (#637) * test: check against error type rather than message (#628) * Minor github action docs changes to clarify behaviour. (#630) ------------------------------------------------------------------- Thu Nov 02 05:58:57 UTC 2023 - kastl@b1-systems.de - Update to version 1.4.3: * Prepare for v1.4.3 release (#629) * Add support for determineversions API (#612). (#621) * Refactor package scanning to produce packages instead of queries (#614) * Fix permissions in PR osv-scanner (#625) * Fix gitignore matching for root directory (#626) * Go binary not found should not be an error (#622) * Scan submodules too. (#581) * fix: handle yarn aliased packages (#615) * fix(deps): update osv-scanner minor (#618) * chore(deps): update github/codeql-action action to v2.22.5 (#616) * chore(deps): update dependency jekyll-feed to v0.17.0 (#597) * chore(deps): update workflows (#596) * handle npm aliased packages (#610) * Some minor post release fixes (#613) * Gate extended tests (#598) * test: use `cmp.Diff` for diffing (#605) * fix: remove some extra newlines in sarif report (#607) ------------------------------------------------------------------- Wed Oct 25 04:43:42 UTC 2023 - kastl@b1-systems.de - Update to version 1.4.2: * Prepare for 1.4.2 release (#609) * chore: don't trim trailing whitespace on fixture snapshots (#608) * Update release pipeline (#602) * fix: trim leading and trailing newlines off SARIF output (#606) * Add name field to sarif rule output (#600) * chore(deps): update dependency jekyll-feed to v0.17.0 (#579) * chore(deps): update golang:alpine docker digest to 926f7f7 (#591) * chore(deps): update workflows (#592) * Make scheduled and PR scanning only scan the relevant files and ignore fixtures (#594) * Update docs to add in saving to file option (#593) * Clarify in the docs actions will fail when vulns are found (#587) * chore(deps): Bump golang.org/x/net from 0.16.0 to 0.17.0 (#585) * Change branch back in github action (#586) * Fix permissions and attempt "Download Artifact" option to allow custom lockfiles (#584) * Small doc adjustments for GitHub Actions (#582) * fix(deps): update osv-scanner minor (#578) * Update deps and fix tests (#583) * Improve documentation for github actions (#575) * chore(deps): update golang:alpine docker digest to a76f153 (#577) * chore(deps): update workflows (#580) * fix: support versions with build metadata in `yarn.lock` files (#576) * Add additional tests for git scanning, and markdown format (#569) ------------------------------------------------------------------- Fri Oct 06 13:11:57 UTC 2023 - kastl@b1-systems.de - Update to version 1.4.1: * Allow release scanning to upload SARIF file. (#573) * Fix goreleaser and update changelog (#572) * 1.4.1 release and changelog (#571) * SARIF with fixed version (#559) * chore(deps): update dependency jekyll-feed to v0.17.0 (#568) * chore(deps): update github/codeql-action action to v2.21.9 (#567) * chore(deps): update golang:alpine docker digest to 4bc6541 (#566) * chore(deps): update alpine:3.18 docker digest to eece025 (#565) * ci: don't fetch the whole repository history when its not needed (#562) * ci: ensure that `actions/checkout` is pinned (#563) * Block release on vuln scan (#561) * ci: use `.go-version` file (#564) * ci: run tests on macos and in parallel when releasing (#560) * test: use `cmp.Diff` for comparing output (#558) * Add new ecosystems, and a slice containing all of them. (#557) * test: compare expected with actual rather than the other way around (#556) * chore: move scripts into the `scripts` directory (#555) * ci: combine lint and test workflows (#554) * test: add cases for extra coverage (#524) * chore(deps): update dependency jekyll-feed to v0.17.0 (#544) * chore(deps): lock file maintenance (#545) * chore(deps): update workflows (#538) * Add custom scan arguments (#552) * SARIF output fixes. (#547) * Minor readme update (#546) * Action docs (#541) * Update SARIF format (#534) * Fix action naming and scheduled scan parameters (#543) * chore(deps): update workflows (major) (#540) * Attempt at multiline action (#542) * fix(deps): update osv-scanner minor (#539) * Update experimental.md (#536) ------------------------------------------------------------------- Thu Sep 14 05:01:43 UTC 2023 - kastl@b1-systems.de - Update to version 1.4.0: * Fix issue in the changelog (#533) * 1.4.0 changelog and docs (#532) * Adding Offline info (#517) * chore(deps): update golang:alpine docker digest to 96634e5 (#527) * chore(deps): update workflows (#529) * fix(deps): update osv-scanner minor (#528) * Fix result scanning (#526) * ci: change how coverage is collected (#525) * chore: capture coverage and upload it to codecov (#512) * chore(deps): update dependency jekyll-feed to v0.17.0 (#520) * Correctly use matchFileNames in renovate.json (#522) * Update test results to pass new test (#523) * Revert breaking change in `osv.go` (#514) * Add osv output lockfile + refactor (#505) * Update renovate.json (#504) * fix(deps): update osv-scanner minor (#506) * Refactor models (#510) * chore(deps): update dependency jekyll-feed to v0.17.0 (#508) * chore(deps): update actions/checkout action to v3.6.0 (#507) * Update contributing docs (#502) * chore(deps-dev): Bump activesupport from 7.0.7 to 7.0.7.2 in /docs (#503) * fix(deps): update golang.org/x/exp digest to d852ddb (#496) * Add fixtures go to renovate bot ignore (#500) * chore(deps): update dependency jekyll-feed to v0.17.0 (#498) * chore(deps): update golangci/golangci-lint-action action to v3.7.0 (#499) * chore(deps): update actions/setup-go action to v4.1.0 (#497) * If go version can't be found, don't add stdlib (#494) * chore(deps): update dependency jekyll-feed to v0.17.0 (#448) * feat: support `io.Reader` based parsers (#451) * fix: don't error if local db directory already exists (#493) * fix: ensure that "introduced 0" events are sorted before any other event (#492) * Add go stdlib version support (#484) * chore(deps): update golang:alpine docker digest to 445f340 (#467) * chore(deps): update alpine docker tag to v3.18 (#468) * chore(deps): update slsa-framework/slsa-github-generator action to v1.8.0 (#469) * chore(deps): update alpine:3.18 docker digest to 7144f7b (#480) * chore(deps): update alpine:3.17 docker digest to f71a5f0 (#466) * chore(deps): update gaurav-nelson/github-action-markdown-link-check digest to 46e4421 (#481) * fix(deps): update golang.org/x/exp digest to 89c5cff (#482) * chore(deps): update github/codeql-action action to v2.21.4 (#483) * Fix some vulns and ignore others (#490) * Rust call analysis (#452) * Scanner action should pass if the vulnerabilities remain the same (#475) * Tidy up scanner action (#474) * Manually update dependencies to resolve vulnerability https://osv.dev/GO-2023-1988 (#472) * feat: add experimental offline mode (#183) * Move github action back to the main branch (#465) * refactor: move experimental flags into their own struct (#463) * fix: use correct plural and singular forms based on count (#462) * chore(deps): update github/codeql-action action to v2.21.2 (#455) * fix(deps): update osv-scanner minor (#456) * Add annotations and osv-scanner table in the Github Action output (#460) * Fix purl mapping (#457) * test: make `output` tests their own package (#461) * Updated github actions to use main branch now that the PR is merged in (#459) * Recreated Github Action PR (#432) * chore: minor grammar fixes (#454) * chore(deps): update docker/setup-buildx-action digest to 4c0219f (#437) * chore(deps): update golang:alpine docker digest to 7839c9f (#444) * Optimize Dockerfile and add .dockerignore (#441) * chore(deps): update github/codeql-action action to v2.21.0 (#449) * Enable lockfile maintaince (#450) * fix(deps): update osv-scanner minor (#445) ------------------------------------------------------------------- Wed Jul 19 06:29:55 UTC 2023 - kastl@b1-systems.de - Update to version 1.3.6: * Prepare for v1.3.6 Release (#447) * Adjusting GitHub actions (#446) * chore(deps): update dependency jekyll-feed to v0.17.0 (#438) * go.mod: upgrade to golang.org/x/vuln@v1.0.0 (#443) * Fix PURLToPackage function and move it (#439) * Update README.md (#440) * chore(deps): update dependency jekyll-feed to v0.17.0 (#422) * chore(deps): update workflows (#429) * fix(deps): update osv-scanner minor (#430) * update govulncheck integration (#431) ------------------------------------------------------------------- Wed Jun 28 06:19:46 UTC 2023 - kastl@b1-systems.de - Update to version 1.3.5: * Add more ignores now that debian PURLs are parsed correctly (#428) * Adds changelog for v1.3.5 (#427) * chore(deps): update alpine docker tag to v3.18 (#382) * test: ensure fixtures directory isn't already a git repository (#426) * chore: ignore `.idea` directory (#425) * Add withdrawn and fix time serialization to conform to the schema. (#424) * test: make `models` tests their own package (#423) * Updated to reflect cvss scores being added to output table. (#419) * chore(deps): update workflows (#421) * chore(deps): update alpine:3.17 docker digest to e95676d (#413) * Add option to include severity in table output (#409) * Update the model to better match schema and add YAML tags. (#417) * chore(deps): update golang:alpine docker digest to fd9d9d7 (#405) * chore(deps): update workflows (#406) * fix(deps): update osv-scanner minor (#415) * Fixing broken github page (#412) * Link checker (#408) * fix(deps): update osv-scanner minor (#407) * refactor: enable `goimports` linter (#404) * Update the model to match the latest version of the OSV schema (#403) ------------------------------------------------------------------- Mon Jun 12 20:13:33 UTC 2023 - kastl@b1-systems.de - Update to version 1.3.4: * Prepare for 1.3.4 release. (#401) * chore(deps): update workflows (#393) * fix(deps): update osv-scanner minor (#392) * Fix version printer to use app stdout and stderr (#395) * OSV user agent (#390) ------------------------------------------------------------------- Wed May 17 05:07:22 UTC 2023 - kastl@b1-systems.de - Update to version 1.3.3: * Add new line and fix test to avoid having to change version twice (#387) * 1.3.3 Release (#385) * Use upload draft assets option (#384) * chore(deps): update golang:alpine docker digest to ee2f23f (#380) * chore(deps): update slsa-framework/slsa-github-generator action to v1.6.0 (#383) * fix(deps): update osv-scanner minor (#381) * Remove --hash from version in requirements.txt (#379) * Small formatting changes (#377) * chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#378) * add unit tests for results.go (#368) * Improve exit docs and add No vulns found to output (#373) * Update exit docs (#375) * chore(deps): update github/codeql-action action to v2.3.3 (#372) * chore(deps): update golang:alpine docker digest to 913de96 (#305) * fix: handle cyclical `-r`s in `requirements.txt` (#366) * fix: don't panic on empty files (#367) * fix(deps): update osv-scanner minor (#327) * Update spdx to 0.5.0 (#365) * Update pkg/osv to allow overriding the http client / transport. (#357) * chore(deps): update github/codeql-action action to v2.3.2 (#363) * Enable osvVulnerabilityAlerts (#362) ------------------------------------------------------------------- Wed Apr 26 08:43:23 UTC 2023 - kastl@b1-systems.de - Update to version 1.3.2: * Fix sbom scanning code (#360) * 1.3.2 Release (#359) * Refactor reporter to interfaces (#345) * Update all minor dependencies without spdx (#358) * chore(deps): update workflows (#334) * Better SBOM documentation and error message (#349) * Move a specific regex to static variable (#346) * chore(deps): update dependency jekyll-feed to v0.17.0 (#328) * chore(deps): bump nokogiri from 1.14.1 to 1.14.3 in /docs (#338) * chore(deps): bump commonmarker from 0.23.8 to 0.23.9 in /docs (#337) * SBOM parsing improvements. (#339) * Make the reporter public (#341) * Set `skip-pkg-cache: true` for golangci-lint (#340) * Support PNPM v6+ Lockfile (#325) * chore(deps): update alpine:3.17 docker digest to 124c7d2 (#326) * Call analysis note fixed. (#331) * Add configs to ignore test vulnerabilities (#329) ------------------------------------------------------------------- Thu Mar 30 08:10:56 UTC 2023 - kastl@b1-systems.de - Update to version 1.3.1: * Release 1.3.1 changelog (#321) * chore(deps): update ossf/scorecard-action action to v2.1.3 (#322) * Add nil check to CycloneDX enumeration (#320) ------------------------------------------------------------------- Tue Mar 28 04:59:28 UTC 2023 - kastl@b1-systems.de - Update to version 1.3.0: * Update changelog and version for v1.3.0 (#316) * chore(deps): update workflows (#314) * fix(deps): update osv-scanner minor (#313) * Update workflows to compositing, so that goreleaser workflow can run them. (#315) * Fix workflow (#311) * Fix some issues with the model. (#312) * Improve the OSV models to allow for 3rd party use of the library. (#310) * Adds concurrency to hydration requests (#304) * Make `IgnoredVulns` also ignore aliases (#300) * fix(deps): update osv-scanner minor (#306) * chore(deps): update actions/setup-go action to v4 (#308) * chore(deps): update workflows (#307) * Run tests before release (#301) * chore(deps): bump activesupport from 7.0.4.2 to 7.0.4.3 in /docs (#302) * Pin lint action (#299) * fix(deps): update osv-scanner minor (#288) * fix: support Pipenv develop packages without versions. (#297) * Set version in source code (#295) * Prevent `.gitignore` files from interfering with tests (#292) * fix: trim leading zeros off when comparing numerical components in Maven versions (better) (#285) * fix: avoid infinite loops parsing Maven poms with syntax errors (#294) * Check if PURL is valid before adding it to queries (#291) * Renovate bot ignore vulns package (#289) * chore(deps): update workflows (#287) * fix: trim leading zeros off when comparing numerical components in Maven versions (#279) * Adding call graph info back in (#284) * Update Colors for Accessibility (#278) * Removed call graph analysis for now. (#282) * Remove "working doc" concept (#275) * feat: improved error message when pom dependency version not found (#253) * Add tags and point people to slsa-verifier (#265) * ci: harden permissions (#269) * Run on merge queue (#272) * fix: properly handle comparing zero versions in Maven (#267) * chore: add `.editorconfig` file (#266) * fix(deps): update osv-scanner minor (#270) * Renovate bot use ignorePaths instead for fixtures (#264) * test: update case with new advisory (#268) * fix: deduplicate packages that appear multiple times in `Pipenv.lock` files (#261) * feat: support `-r` flag in `requirements.txt` files (#260) * chore(deps): update workflows (#242) * fix: avoid panic when parsing `file:` dependencies in `pnpm` lockfiles (#259) * More specific cyclone dx parsing (#258) * Parse nested CycloneDX components correctly (#251) * fix: support yarn locks with quoted properties (#250) * Update renovate.json (#248) * fix(deps): update golang.org/x/exp digest to c95f2b4 (#241) * govulncheck integration (#198) * Create draft release first in goreleaser (#236) * Adding additional installation instructions (#235) ------------------------------------------------------------------- Thu Feb 23 10:38:20 UTC 2023 - kastl@b1-systems.de - Update to version 1.2.0: * Changelog update for v1.2.0 (#233) * Moving Working Docs to Current (#234) * Update the output docs, make logo a lot bigger, make page slightly wider (#226) * Upgrade to yaml v3 (#231) * ParseAs for dpkg-status (#229) * Update analytics for documentation. (#230) * chore(deps): update docker/setup-buildx-action digest to f03ac48 (#223) * fix(deps): update osv-scanner minor (#225) * chore(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 (#222) * chore(deps): update dependency http_parser.rb to "~> 0.8.0" (#224) * fix: ensure that vulnerability results are ordered deterministically (#220) * test: ensure case names match function under test (#228) * Nits - APK installed optimizations (#227) * Support for DPKG (Debian) parser (#168) * feat: support `dependencyManagement` in Maven poms (#221) * Google analytics added. (#215) * Console formatting changes * Documentation Style Improvements (#211) * fixed broken link (#210) * Documentation moved to github page. * Minor changes for gitignore parsing (#208) * Improve gitignore parsing (#206) * fix(deps): update osv-scanner minor (#205) * chore(deps): update github/codeql-action action to v2.2.4 (#204) * Move instructions to Usage (#197) * Make scanner respect .gitignore files (#191) * feat: support specifying what parser to use in `--lockfile` (#94) * fix: add missing toml tags to struct (and update linter) (#190) * fix(deps): update golang.org/x/exp digest to 98cc5a0 (#188) * fix(osv-query): omit SourceInfo from JSON marshaling (#185) * test: remove nonsense case and correct names (#187) * Update readme usage section (#171) * chore(deps): update docker/login-action action to v2 (#148) * fix(deps): update osv-scanner minor (#147) * Support SPDX 2.3 (#178) * chore(deps): update workflows (#172) * feat: Render output as a markdown table for use in github comments (#156) * APK: fix test function (#180) * Log number of packages scanned from SBOMs. (#179) * Make OSV api public (#167) * Add experimental comment (#173) * fix: exit with generic non-zero code when there is a general error (#161) * fix: reuse app-level writer and err writers in `VersionPrinter` (#166) * chore(deps): update github/codeql-action action to v2.1.39 (#159) * test: add cases for `semantic.MustParse` (#160) * feat: create `--format` flag (#158) * golangci checks in github action, and fixes initial linter issues (#149) * test: add case for `--version` flag (#162) * chore: remove duplicated generators (#157) * - add conan.lock to the list (#59) * Fix endpoint typo (#152) * feat: add `semantic` package (#92) * Adding re-try for getting a Vuln for the given ID (#141) * chore(deps): update github/codeql-action action to v2.1.38 (#146) * chore: adjust comment to match type name (#143) * Mention Pipfile.lock support in changelog. (#140) * Fix link to GitHub issues (#139) ------------------------------------------------------------------- Thu Jan 12 06:01:09 UTC 2023 - kastl@b1-systems.de - Update to version 1.1.0: * Fix goreleaser permissions (#138) * v1.1.0 release PR (#137) * fix(deps): update osv-scanner minor (#79) * Temporarily disable alpine package scanning (#136) * Move tests from cloudbuild to gh actions (#135) * Use short url in scanner output (#134) * chore(deps): update workflows (#78) * Update readme and add changelog (#133) * fix: use correct ecosystem for NuGet (#132) * Do not highlight borders of result table (#131) * Add contributing file (#130) * Update README.md (#127) * docs: describe build process (#109) * Add gomodtidy after renovate updates (#120) * Make lint trigger same as others (#125) * Minor documentation updates. (#121) * Add support for Alpine Linux /lib/apk/db/installed (Resolves #72) (#107) * feat: add docker publish method (#70) * Add Pipenv lockfile support (Resolves #71) (#66) * Lint readme (#100) * Have renovate-bot label its PRs as it does with osv.dev (#116) * [pkg] implement NuGet ecosystem parser (#98) * Update github.com/spdx/gordf dependency to fix 32 bit support (#104) * test: update spec case and adjust assertion message (#99) * fix: ensure that files are closed when they're no longer needed (#106) * Fix lockfile example syntax (#103) * docs: add homebrew installation note (#89) ------------------------------------------------------------------- Tue Dec 20 13:53:44 UTC 2022 - Johannes Kastl <kastl@b1-systems.de> - add build parameters, so 'osv-scanner --version' shows proper version, build date and the release tag as commit ------------------------------------------------------------------- Tue Dec 20 12:39:13 UTC 2022 - kastl@b1-systems.de - Update to version 1.0.2: * shorten affected package to package (#90) * Move table columns so that the important column is displayed first (#87) * Add blog post link to README (#84) * Minor updates to install instruction title (#80) * Added installation instructions for Scoop (#68) * Update README.md (#77) * Fix readme anchor link. (#76) * Update README.md (#58) * Add disclaimer on Debian scanning. (#65) * Add gradle lockfile support (#46) ------------------------------------------------------------------- Tue Dec 20 12:38:20 UTC 2022 - Johannes Kastl <kastl@b1-systems.de> - new package osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor