| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: osv-scanner | Distribution: openSUSE:Factory:zSystems |
| Version: 1.5.0 | Vendor: openSUSE |
| Release: 1.1 | Build date: Thu Dec 7 01:20:45 2023 |
| Group: Unspecified | Build host: s390zl26 |
| Size: 23377282 | Source RPM: osv-scanner-1.5.0-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/google/osv-scanner | |
| Summary: Vulnerability scanner written in Go | |
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies. OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners: - Each advisory comes from an open and authoritative source (e.g. the RustSec Advisory Database) - Anyone can suggest improvements to advisories, resulting in a very high quality database - The OSV format unambiguously stores information about affected versions in a machine-readable format that precisely maps onto a developer’s list of packages The above all results in fewer, more actionable vulnerability notifications, which reduces the time needed to resolve them.
Apache-2.0
* Wed Dec 06 2023 kastl@b1-systems.de
- Update to version 1.5.0:
* Add changelog for verson 1.5.0 (#692)
* Fix go mod (#691)
* chore(deps): lock file maintenance (#653)
* refactor: switch golang.org/x/exp/slices usages to stdlib
(#690)
* Include available formats in `--format` help message (#685)
* chore(deps): update golang:alpine docker digest to 70afe55
(#687)
* chore(deps): update alpine:3.18 docker digest to 34871e7 (#686)
* fix(deps): update osv-scanner minor (#688)
* Add `osv-scanner` pre-commit hook (#669)
* Fix goreleaser build (#683)
* feat: CVSS v4.0 support and replace cvss implementation to
comply with the specifications (#651)
* chore(deps): update workflows (#666)
* Added license scanning info (#674)
* update docs for call analysis. (#682)
* Setup manual release pipeline (#681)
* add experimental-licenses summary flag (#678)
* Set Go call analysis to default behaviour (#665)
* Fix filter ids (#647)
* feat: add support for `renv.lock` (#668)
* Simplify return codes to return 1 if any vulnerability related
error (#677)
* fix(deps): update osv-scanner minor (#652)
* refactor: upgrade golangci-lint (#673)
* make license allowlist matching case insensitive (#672)
* ci: run tests on Windows (#646)
* feat: add support for comparing CRAN versions (#656)
* ci: update `golangci-lint` to v1.54 (#661)
* Don't include nested vendored libs in determineversions query.
(#649)
* chore: disable `goconst` linter (#662)
* fix: remove noise lockfile warnings (#660)
* ci: enforce that `cachedregexp` is always used instead of
`regexp` (#663)
* Adding C/C++ info to the docs (#648)
* cmd/osv-scanner: update sarif output in test cases (#659)
* Downgrade jekyll-feed. Update lock file (#650)
* chore(deps): update golang:alpine docker digest to 110b07a
(#640)
* fix: properly handle file/url paths on Windows (#645)
* test: don't ignore anything from coverage (#627)
* fix(deps): update osv-scanner minor (#641)
* Filter local packages from scanning, and report the filtering.
(#643)
* license checking experimental feature (#501)
* upgrade version of Go in GitHub checks (#637)
* test: check against error type rather than message (#628)
* Minor github action docs changes to clarify behaviour. (#630)
* Thu Nov 02 2023 kastl@b1-systems.de
- Update to version 1.4.3:
* Prepare for v1.4.3 release (#629)
* Add support for determineversions API (#612). (#621)
* Refactor package scanning to produce packages instead of
queries (#614)
* Fix permissions in PR osv-scanner (#625)
* Fix gitignore matching for root directory (#626)
* Go binary not found should not be an error (#622)
* Scan submodules too. (#581)
* fix: handle yarn aliased packages (#615)
* fix(deps): update osv-scanner minor (#618)
* chore(deps): update github/codeql-action action to v2.22.5
(#616)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#597)
* chore(deps): update workflows (#596)
* handle npm aliased packages (#610)
* Some minor post release fixes (#613)
* Gate extended tests (#598)
* test: use `cmp.Diff` for diffing (#605)
* fix: remove some extra newlines in sarif report (#607)
* Wed Oct 25 2023 kastl@b1-systems.de
- Update to version 1.4.2:
* Prepare for 1.4.2 release (#609)
* chore: don't trim trailing whitespace on fixture snapshots
(#608)
* Update release pipeline (#602)
* fix: trim leading and trailing newlines off SARIF output (#606)
* Add name field to sarif rule output (#600)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#579)
* chore(deps): update golang:alpine docker digest to 926f7f7
(#591)
* chore(deps): update workflows (#592)
* Make scheduled and PR scanning only scan the relevant files and
ignore fixtures (#594)
* Update docs to add in saving to file option (#593)
* Clarify in the docs actions will fail when vulns are found
(#587)
* chore(deps): Bump golang.org/x/net from 0.16.0 to 0.17.0 (#585)
* Change branch back in github action (#586)
* Fix permissions and attempt "Download Artifact" option to allow
custom lockfiles (#584)
* Small doc adjustments for GitHub Actions (#582)
* fix(deps): update osv-scanner minor (#578)
* Update deps and fix tests (#583)
* Improve documentation for github actions (#575)
* chore(deps): update golang:alpine docker digest to a76f153
(#577)
* chore(deps): update workflows (#580)
* fix: support versions with build metadata in `yarn.lock` files
(#576)
* Add additional tests for git scanning, and markdown format
(#569)
* Fri Oct 06 2023 kastl@b1-systems.de
- Update to version 1.4.1:
* Allow release scanning to upload SARIF file. (#573)
* Fix goreleaser and update changelog (#572)
* 1.4.1 release and changelog (#571)
* SARIF with fixed version (#559)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#568)
* chore(deps): update github/codeql-action action to v2.21.9
(#567)
* chore(deps): update golang:alpine docker digest to 4bc6541
(#566)
* chore(deps): update alpine:3.18 docker digest to eece025 (#565)
* ci: don't fetch the whole repository history when its not
needed (#562)
* ci: ensure that `actions/checkout` is pinned (#563)
* Block release on vuln scan (#561)
* ci: use `.go-version` file (#564)
* ci: run tests on macos and in parallel when releasing (#560)
* test: use `cmp.Diff` for comparing output (#558)
* Add new ecosystems, and a slice containing all of them. (#557)
* test: compare expected with actual rather than the other way
around (#556)
* chore: move scripts into the `scripts` directory (#555)
* ci: combine lint and test workflows (#554)
* test: add cases for extra coverage (#524)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#544)
* chore(deps): lock file maintenance (#545)
* chore(deps): update workflows (#538)
* Add custom scan arguments (#552)
* SARIF output fixes. (#547)
* Minor readme update (#546)
* Action docs (#541)
* Update SARIF format (#534)
* Fix action naming and scheduled scan parameters (#543)
* chore(deps): update workflows (major) (#540)
* Attempt at multiline action (#542)
* fix(deps): update osv-scanner minor (#539)
* Update experimental.md (#536)
* Thu Sep 14 2023 kastl@b1-systems.de
- Update to version 1.4.0:
* Fix issue in the changelog (#533)
* 1.4.0 changelog and docs (#532)
* Adding Offline info (#517)
* chore(deps): update golang:alpine docker digest to 96634e5
(#527)
* chore(deps): update workflows (#529)
* fix(deps): update osv-scanner minor (#528)
* Fix result scanning (#526)
* ci: change how coverage is collected (#525)
* chore: capture coverage and upload it to codecov (#512)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#520)
* Correctly use matchFileNames in renovate.json (#522)
* Update test results to pass new test (#523)
* Revert breaking change in `osv.go` (#514)
* Add osv output lockfile + refactor (#505)
* Update renovate.json (#504)
* fix(deps): update osv-scanner minor (#506)
* Refactor models (#510)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#508)
* chore(deps): update actions/checkout action to v3.6.0 (#507)
* Update contributing docs (#502)
* chore(deps-dev): Bump activesupport from 7.0.7 to 7.0.7.2 in
/docs (#503)
* fix(deps): update golang.org/x/exp digest to d852ddb (#496)
* Add fixtures go to renovate bot ignore (#500)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#498)
* chore(deps): update golangci/golangci-lint-action action to
v3.7.0 (#499)
* chore(deps): update actions/setup-go action to v4.1.0 (#497)
* If go version can't be found, don't add stdlib (#494)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#448)
* feat: support `io.Reader` based parsers (#451)
* fix: don't error if local db directory already exists (#493)
* fix: ensure that "introduced 0" events are sorted before any
other event (#492)
* Add go stdlib version support (#484)
* chore(deps): update golang:alpine docker digest to 445f340
(#467)
* chore(deps): update alpine docker tag to v3.18 (#468)
* chore(deps): update slsa-framework/slsa-github-generator action
to v1.8.0 (#469)
* chore(deps): update alpine:3.18 docker digest to 7144f7b (#480)
* chore(deps): update alpine:3.17 docker digest to f71a5f0 (#466)
* chore(deps): update
gaurav-nelson/github-action-markdown-link-check digest to
46e4421 (#481)
* fix(deps): update golang.org/x/exp digest to 89c5cff (#482)
* chore(deps): update github/codeql-action action to v2.21.4
(#483)
* Fix some vulns and ignore others (#490)
* Rust call analysis (#452)
* Scanner action should pass if the vulnerabilities remain the
same (#475)
* Tidy up scanner action (#474)
* Manually update dependencies to resolve vulnerability
https://osv.dev/GO-2023-1988 (#472)
* feat: add experimental offline mode (#183)
* Move github action back to the main branch (#465)
* refactor: move experimental flags into their own struct (#463)
* fix: use correct plural and singular forms based on count
(#462)
* chore(deps): update github/codeql-action action to v2.21.2
(#455)
* fix(deps): update osv-scanner minor (#456)
* Add annotations and osv-scanner table in the Github Action
output (#460)
* Fix purl mapping (#457)
* test: make `output` tests their own package (#461)
* Updated github actions to use main branch now that the PR is
merged in (#459)
* Recreated Github Action PR (#432)
* chore: minor grammar fixes (#454)
* chore(deps): update docker/setup-buildx-action digest to
4c0219f (#437)
* chore(deps): update golang:alpine docker digest to 7839c9f
(#444)
* Optimize Dockerfile and add .dockerignore (#441)
* chore(deps): update github/codeql-action action to v2.21.0
(#449)
* Enable lockfile maintaince (#450)
* fix(deps): update osv-scanner minor (#445)
* Wed Jul 19 2023 kastl@b1-systems.de
- Update to version 1.3.6:
* Prepare for v1.3.6 Release (#447)
* Adjusting GitHub actions (#446)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#438)
* go.mod: upgrade to golang.org/x/vuln@v1.0.0 (#443)
* Fix PURLToPackage function and move it (#439)
* Update README.md (#440)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#422)
* chore(deps): update workflows (#429)
* fix(deps): update osv-scanner minor (#430)
* update govulncheck integration (#431)
* Wed Jun 28 2023 kastl@b1-systems.de
- Update to version 1.3.5:
* Add more ignores now that debian PURLs are parsed correctly
(#428)
* Adds changelog for v1.3.5 (#427)
* chore(deps): update alpine docker tag to v3.18 (#382)
* test: ensure fixtures directory isn't already a git repository
(#426)
* chore: ignore `.idea` directory (#425)
* Add withdrawn and fix time serialization to conform to the
schema. (#424)
* test: make `models` tests their own package (#423)
* Updated to reflect cvss scores being added to output table.
(#419)
* chore(deps): update workflows (#421)
* chore(deps): update alpine:3.17 docker digest to e95676d (#413)
* Add option to include severity in table output (#409)
* Update the model to better match schema and add YAML tags.
(#417)
* chore(deps): update golang:alpine docker digest to fd9d9d7
(#405)
* chore(deps): update workflows (#406)
* fix(deps): update osv-scanner minor (#415)
* Fixing broken github page (#412)
* Link checker (#408)
* fix(deps): update osv-scanner minor (#407)
* refactor: enable `goimports` linter (#404)
* Update the model to match the latest version of the OSV schema
(#403)
* Mon Jun 12 2023 kastl@b1-systems.de
- Update to version 1.3.4:
* Prepare for 1.3.4 release. (#401)
* chore(deps): update workflows (#393)
* fix(deps): update osv-scanner minor (#392)
* Fix version printer to use app stdout and stderr (#395)
* OSV user agent (#390)
* Wed May 17 2023 kastl@b1-systems.de
- Update to version 1.3.3:
* Add new line and fix test to avoid having to change version
twice (#387)
* 1.3.3 Release (#385)
* Use upload draft assets option (#384)
* chore(deps): update golang:alpine docker digest to ee2f23f
(#380)
* chore(deps): update slsa-framework/slsa-github-generator action
to v1.6.0 (#383)
* fix(deps): update osv-scanner minor (#381)
* Remove --hash from version in requirements.txt (#379)
* Small formatting changes (#377)
* chore(deps): bump github.com/cloudflare/circl from 1.1.0 to
1.3.3 (#378)
* add unit tests for results.go (#368)
* Improve exit docs and add No vulns found to output (#373)
* Update exit docs (#375)
* chore(deps): update github/codeql-action action to v2.3.3
(#372)
* chore(deps): update golang:alpine docker digest to 913de96
(#305)
* fix: handle cyclical `-r`s in `requirements.txt` (#366)
* fix: don't panic on empty files (#367)
* fix(deps): update osv-scanner minor (#327)
* Update spdx to 0.5.0 (#365)
* Update pkg/osv to allow overriding the http client / transport.
(#357)
* chore(deps): update github/codeql-action action to v2.3.2
(#363)
* Enable osvVulnerabilityAlerts (#362)
* Wed Apr 26 2023 kastl@b1-systems.de
- Update to version 1.3.2:
* Fix sbom scanning code (#360)
* 1.3.2 Release (#359)
* Refactor reporter to interfaces (#345)
* Update all minor dependencies without spdx (#358)
* chore(deps): update workflows (#334)
* Better SBOM documentation and error message (#349)
* Move a specific regex to static variable (#346)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#328)
* chore(deps): bump nokogiri from 1.14.1 to 1.14.3 in /docs
(#338)
* chore(deps): bump commonmarker from 0.23.8 to 0.23.9 in /docs
(#337)
* SBOM parsing improvements. (#339)
* Make the reporter public (#341)
* Set `skip-pkg-cache: true` for golangci-lint (#340)
* Support PNPM v6+ Lockfile (#325)
* chore(deps): update alpine:3.17 docker digest to 124c7d2 (#326)
* Call analysis note fixed. (#331)
* Add configs to ignore test vulnerabilities (#329)
* Thu Mar 30 2023 kastl@b1-systems.de
- Update to version 1.3.1:
* Release 1.3.1 changelog (#321)
* chore(deps): update ossf/scorecard-action action to v2.1.3
(#322)
* Add nil check to CycloneDX enumeration (#320)
* Tue Mar 28 2023 kastl@b1-systems.de
- Update to version 1.3.0:
* Update changelog and version for v1.3.0 (#316)
* chore(deps): update workflows (#314)
* fix(deps): update osv-scanner minor (#313)
* Update workflows to compositing, so that goreleaser workflow
can run them. (#315)
* Fix workflow (#311)
* Fix some issues with the model. (#312)
* Improve the OSV models to allow for 3rd party use of the
library. (#310)
* Adds concurrency to hydration requests (#304)
* Make `IgnoredVulns` also ignore aliases (#300)
* fix(deps): update osv-scanner minor (#306)
* chore(deps): update actions/setup-go action to v4 (#308)
* chore(deps): update workflows (#307)
* Run tests before release (#301)
* chore(deps): bump activesupport from 7.0.4.2 to 7.0.4.3 in
/docs (#302)
* Pin lint action (#299)
* fix(deps): update osv-scanner minor (#288)
* fix: support Pipenv develop packages without versions. (#297)
* Set version in source code (#295)
* Prevent `.gitignore` files from interfering with tests (#292)
* fix: trim leading zeros off when comparing numerical components
in Maven versions (better) (#285)
* fix: avoid infinite loops parsing Maven poms with syntax errors
(#294)
* Check if PURL is valid before adding it to queries (#291)
* Renovate bot ignore vulns package (#289)
* chore(deps): update workflows (#287)
* fix: trim leading zeros off when comparing numerical components
in Maven versions (#279)
* Adding call graph info back in (#284)
* Update Colors for Accessibility (#278)
* Removed call graph analysis for now. (#282)
* Remove "working doc" concept (#275)
* feat: improved error message when pom dependency version not
found (#253)
* Add tags and point people to slsa-verifier (#265)
* ci: harden permissions (#269)
* Run on merge queue (#272)
* fix: properly handle comparing zero versions in Maven (#267)
* chore: add `.editorconfig` file (#266)
* fix(deps): update osv-scanner minor (#270)
* Renovate bot use ignorePaths instead for fixtures (#264)
* test: update case with new advisory (#268)
* fix: deduplicate packages that appear multiple times in
`Pipenv.lock` files (#261)
* feat: support `-r` flag in `requirements.txt` files (#260)
* chore(deps): update workflows (#242)
* fix: avoid panic when parsing `file:` dependencies in `pnpm`
lockfiles (#259)
* More specific cyclone dx parsing (#258)
* Parse nested CycloneDX components correctly (#251)
* fix: support yarn locks with quoted properties (#250)
* Update renovate.json (#248)
* fix(deps): update golang.org/x/exp digest to c95f2b4 (#241)
* govulncheck integration (#198)
* Create draft release first in goreleaser (#236)
* Adding additional installation instructions (#235)
* Thu Feb 23 2023 kastl@b1-systems.de
- Update to version 1.2.0:
* Changelog update for v1.2.0 (#233)
* Moving Working Docs to Current (#234)
* Update the output docs, make logo a lot bigger, make page slightly wider (#226)
* Upgrade to yaml v3 (#231)
* ParseAs for dpkg-status (#229)
* Update analytics for documentation. (#230)
* chore(deps): update docker/setup-buildx-action digest to f03ac48 (#223)
* fix(deps): update osv-scanner minor (#225)
* chore(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 (#222)
* chore(deps): update dependency http_parser.rb to "~> 0.8.0" (#224)
* fix: ensure that vulnerability results are ordered deterministically (#220)
* test: ensure case names match function under test (#228)
* Nits - APK installed optimizations (#227)
* Support for DPKG (Debian) parser (#168)
* feat: support `dependencyManagement` in Maven poms (#221)
* Google analytics added. (#215)
* Console formatting changes
* Documentation Style Improvements (#211)
* fixed broken link (#210)
* Documentation moved to github page.
* Minor changes for gitignore parsing (#208)
* Improve gitignore parsing (#206)
* fix(deps): update osv-scanner minor (#205)
* chore(deps): update github/codeql-action action to v2.2.4 (#204)
* Move instructions to Usage (#197)
* Make scanner respect .gitignore files (#191)
* feat: support specifying what parser to use in `--lockfile` (#94)
* fix: add missing toml tags to struct (and update linter) (#190)
* fix(deps): update golang.org/x/exp digest to 98cc5a0 (#188)
* fix(osv-query): omit SourceInfo from JSON marshaling (#185)
* test: remove nonsense case and correct names (#187)
* Update readme usage section (#171)
* chore(deps): update docker/login-action action to v2 (#148)
* fix(deps): update osv-scanner minor (#147)
* Support SPDX 2.3 (#178)
* chore(deps): update workflows (#172)
* feat: Render output as a markdown table for use in github comments (#156)
* APK: fix test function (#180)
* Log number of packages scanned from SBOMs. (#179)
* Make OSV api public (#167)
* Add experimental comment (#173)
* fix: exit with generic non-zero code when there is a general error (#161)
* fix: reuse app-level writer and err writers in `VersionPrinter` (#166)
* chore(deps): update github/codeql-action action to v2.1.39 (#159)
* test: add cases for `semantic.MustParse` (#160)
* feat: create `--format` flag (#158)
* golangci checks in github action, and fixes initial linter issues (#149)
* test: add case for `--version` flag (#162)
* chore: remove duplicated generators (#157)
* - add conan.lock to the list (#59)
* Fix endpoint typo (#152)
* feat: add `semantic` package (#92)
* Adding re-try for getting a Vuln for the given ID (#141)
* chore(deps): update github/codeql-action action to v2.1.38 (#146)
* chore: adjust comment to match type name (#143)
* Mention Pipfile.lock support in changelog. (#140)
* Fix link to GitHub issues (#139)
* Thu Jan 12 2023 kastl@b1-systems.de
- Update to version 1.1.0:
* Fix goreleaser permissions (#138)
* v1.1.0 release PR (#137)
* fix(deps): update osv-scanner minor (#79)
* Temporarily disable alpine package scanning (#136)
* Move tests from cloudbuild to gh actions (#135)
* Use short url in scanner output (#134)
* chore(deps): update workflows (#78)
* Update readme and add changelog (#133)
* fix: use correct ecosystem for NuGet (#132)
* Do not highlight borders of result table (#131)
* Add contributing file (#130)
* Update README.md (#127)
* docs: describe build process (#109)
* Add gomodtidy after renovate updates (#120)
* Make lint trigger same as others (#125)
* Minor documentation updates. (#121)
* Add support for Alpine Linux /lib/apk/db/installed (Resolves #72) (#107)
* feat: add docker publish method (#70)
* Add Pipenv lockfile support (Resolves #71) (#66)
* Lint readme (#100)
* Have renovate-bot label its PRs as it does with osv.dev (#116)
* [pkg] implement NuGet ecosystem parser (#98)
* Update github.com/spdx/gordf dependency to fix 32 bit support (#104)
* test: update spec case and adjust assertion message (#99)
* fix: ensure that files are closed when they're no longer needed (#106)
* Fix lockfile example syntax (#103)
* docs: add homebrew installation note (#89)
* Tue Dec 20 2022 Johannes Kastl <kastl@b1-systems.de>
- add build parameters, so 'osv-scanner --version' shows proper version,
build date and the release tag as commit
* Tue Dec 20 2022 kastl@b1-systems.de
- Update to version 1.0.2:
* shorten affected package to package (#90)
* Move table columns so that the important column is displayed first (#87)
* Add blog post link to README (#84)
* Minor updates to install instruction title (#80)
* Added installation instructions for Scoop (#68)
* Update README.md (#77)
* Fix readme anchor link. (#76)
* Update README.md (#58)
* Add disclaimer on Debian scanning. (#65)
* Add gradle lockfile support (#46)
* Tue Dec 20 2022 Johannes Kastl <kastl@b1-systems.de>
- new package osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
/usr/bin/osv-scanner /usr/share/doc/packages/osv-scanner /usr/share/doc/packages/osv-scanner/README.md /usr/share/licenses/osv-scanner /usr/share/licenses/osv-scanner/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Mar 9 12:50:11 2024