go.mod

module github.com/aquasecurity/trivy

go 1.13

require (
	github.com/aquasecurity/fanal v0.0.0-20200528202907-79693bf4a058
	github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b
	github.com/aquasecurity/trivy-db v0.0.0-20200514134639-7e57e3e02470
	github.com/caarlos0/env/v6 v6.0.0
	github.com/cenkalti/backoff v2.2.1+incompatible
	github.com/cheggaaa/pb/v3 v3.0.3
	github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7
	github.com/docker/go-connections v0.4.0
	github.com/golang/protobuf v1.3.3
	github.com/google/go-containerregistry v0.0.0-20200331213917-3d03ed9b1ca2
	github.com/google/go-github/v28 v28.1.1
	github.com/google/wire v0.3.0
	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
	github.com/knqyf263/go-version v1.1.1
	github.com/kylelemons/godebug v1.1.0
	github.com/mattn/go-colorable v0.1.4 // indirect
	github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a
	github.com/spf13/afero v1.2.2
	github.com/stretchr/testify v1.6.1
	github.com/testcontainers/testcontainers-go v0.3.1
	github.com/twitchtv/twirp v5.10.1+incompatible
	github.com/urfave/cli/v2 v2.2.0
	go.uber.org/atomic v1.5.1 // indirect
	go.uber.org/multierr v1.4.0 // indirect
	go.uber.org/zap v1.13.0
	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
	golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
	k8s.io/utils v0.0.0-20191114184206-e782cd3c129f
)
Transfer repositoriy 2019-08-18 22:22:54 -10:00			`module github.com/aquasecurity/trivy`
Initial commit (#1) * initial 2019-05-07 15:41:03 +09:00
Bump Go 1.13 (#218) 2019-10-23 17:00:03 +03:00			`go 1.13`
Initial commit (#1) * initial 2019-05-07 15:41:03 +09:00
			`require (`
feat: support repository and filesystem scan (#503) * refactor: embed config * refactor: replace image and layer with artifact and blob * feat(config): add ArtifactConfig * fix(scanner): use Artifact * test(scanner): update mocks * feat: add repo and fs subcommands * chore(mod): update * refactor: fix warn message * feat(cli): add --no-progress to repo and fs * mod: Update fanal dependency Signed-off-by: Simarpreet Singh <simar@linux.com> Co-authored-by: Simarpreet Singh <simar@linux.com> 2020-05-30 19:46:12 +03:00			`github.com/aquasecurity/fanal v0.0.0-20200528202907-79693bf4a058`
Transfer repositoriy 2019-08-18 22:22:54 -10:00			`github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b`
vulnerability: Add CVSS Vectors to JSON output. (#484) * vulnerability: Add CVSS Vectors to JSON output. Now Trivy will display the CVSS Vectors presented by various vendors as part of the JSON output. This can be seen as follows: ``` { "VulnerabilityID": "CVE-2019-9923", "PkgName": "tar", "InstalledVersion": "1.30+dfsg-6", "Layer": { "Digest": "sha256:90fe46dd819953eb995f9cc9c326130abe9dd0b3993a998e12c01d0218a0b831", "DiffID": "sha256:e40d297cf5f89a9822af4c2f63caa2f2085d5aa188137506918e603774b083cb" }, "SeveritySource": "debian", "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Severity": "LOW", "VendorVectors": { "nvd": { "v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "redhat": { "v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } }, "References": [ "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", "http://savannah.gnu.org/bugs/?55369", "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" ] }, ``` Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: Update to latest master of trivy-db Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability_test: Fix tests for new struct type Signed-off-by: Simarpreet Singh <simar@linux.com> 2020-05-21 14:22:14 -07:00			`github.com/aquasecurity/trivy-db v0.0.0-20200514134639-7e57e3e02470`
auth for private docker registry from ENV vars (#52) * auth for private docker registry from env vars * fix typo * delete GCP and AWS ENV vars * update TOC * fix typo 2019-05-24 13:26:41 +09:00			`github.com/caarlos0/env/v6 v6.0.0`
feat(client): retry HTTP request when getting an unavailable error (#350) * feat(client): retry HTTP request when getting an unavailable error * fix(integration-test): use a snapshot database for Docker mode (#352) * fix(integration): add a binary name The first argument is used for the program name. --skip-update was ignored. * fix(integration): use a snapshot database After a new vulnerability is found, this test fails * chore(integration): add t.Run * refactor(client): functionalize common processes * refactor(client): remove unused const 2020-01-05 10:21:18 +02:00			`github.com/cenkalti/backoff v2.2.1+incompatible`
feat(db): show progress when downloading the DB (#317) * fix(github): return db size * fix(github_mock): add size * feat(indicator): add progress bar * refactor(config): remove global Quiet * fix(db): take progress bar as an argument * fix(progress): inject progress bar 2019-12-16 19:23:08 +02:00			`github.com/cheggaaa/pb/v3 v3.0.3`
fix: replace containers/image with google/go-containerregistry (#456) * chore(mod): update dependencies * fix(internal): remove cleanup * fix: use only diff_id * fix: use string instead of digest * fix: replace LayerID with Layer * test(integration): negotiate API version * feat(conf): add TRIVY_NONSSL * test(integration): update golden files * test(integration): fix the error message * chore(debian): add comments * chore(mod): update dependencies 2020-04-14 13:31:13 +03:00			`github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7`
feat: support registry token (#482) * feat: support registry token * chore(mod): update * test(integration): add registry tests * chore(mod): update * test(integration): comment in terminate Co-authored-by: Simarpreet Singh <simar@linux.com> 2020-05-19 20:49:27 +03:00			`github.com/docker/go-connections v0.4.0`
feat(cache): based on JSON (#398) * refactor(docker_conf): rename and remove unnecessary options * feat(rpc): define new API * fix(cli): change default timeout * fix(import): fix package names * refactor(vulnerability): remove old mock * refactor(utils): remove un-needed functions * feat(cache): implement cache communicating with a server * refactor(scan): separate scan function as local scanner * test(scanner): add tests for ScanImage * refactor(scan): remove unused options * test(vulnerability): generate mock * refactor(server): split a file * feat(server): implement new RPC server * feat(client): implement new RPC client * fix(cache): use new cache interface * fix(standalone): use new scanner * fix(client): use new scanner * fix(server): pass cache * test(integration): make sure an error is not nil before calling the method * fix(mod): update dependencies * test(integration): ensure the image load finishes * feat(docker): support DOCKER_HOST and DOCKER_CERT_PATH * chore(mod): update dependencies * refactor(rpc): remove old client * feat(server): support old API for backward compatibility * fix(server): check a schema version of JSON cache * fix(rpc): add a version to packages * feat(rpc): add PutImage * test: rename expectations * refactor(cache): rename LayerCache to ImageCache * refactor: rename ImageInfo to ImageReference * fix(applier): pass image_id to ApplyLayer * feat(cache): handle image cache * chore(mod): update dependencies * refactor(server): pass only config * feat(cli): add -removed-pkgs option * refactor(err): wrap errors 2020-02-27 23:17:55 +02:00			`github.com/golang/protobuf v1.3.3`
feat: support registry token (#482) * feat: support registry token * chore(mod): update * test(integration): add registry tests * chore(mod): update * test(integration): comment in terminate Co-authored-by: Simarpreet Singh <simar@linux.com> 2020-05-19 20:49:27 +03:00			`github.com/google/go-containerregistry v0.0.0-20200331213917-3d03ed9b1ca2`
test(db): add tests 2019-10-31 23:53:46 +02:00			`github.com/google/go-github/v28 v28.1.1`
feat: support client/server mode (#295) * chore(app): change dir * feat(rpc): add a proto file and auto-generated files * chore(dep): add dependencies * fix(app): fix import path * fix(integration): fix import path * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * refactor: split functions for client/server (#296) * refactor(db): split db.Download * refactor(standalone): create a different package * refactor(vulnerability): split FillAndFilter * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * fix(db): remove an unused variable * fix(db): expose the github client as an argument of constructor * refactor(vulnerability): add the detail message * feat(rpc): add rpc client (#302) * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * feat(rpc): convert types * feat(rpc): add rpc client * token: Refactor to handle bad headers being set Signed-off-by: Simarpreet Singh <simar@linux.com> * feat(rpc): add rpc server (#303) * feat(rpc): add rpc server * feat(utils): add CopyFile * feat(server/config): add config struct * feat(detector): add detector * feat(scanner): delegate procedures to detector * fix(scanner): fix the interface * test(mock): add mocks * test(rpc/server): add tests * test(rpc/ospkg/server): add tests * tets(os/detector): add tests * refactor(library): move directories * chore(dependency): add google/wire * refactor(library): introduce google/wire * refactor(ospkg/detector): move directory * feat(rpc): add eosl * refactor(ospkg): introduce google/wire * refactor(wire): bind an interface * refactor(client): use wire.Struct * chore(Makefile): fix wire * test(server): add AssertExpectations * test(server): add AssertExpectations * refactor(server): remove debug log * refactor(error): add more context messages * test(server): fix error message * refactor(test): create a constructor of mock * refactor(config): remove an unused variable * test(config): add an assertion to test the config struct * feat(client/server): add sub commands (#304) * feat(rpc): add rpc server * feat(utils): add CopyFile * feat(server/config): add config struct * feat(detector): add detector * feat(scanner): delegate procedures to detector * fix(scanner): fix the interface * feat(client/server): add sub commands * merge(server3) * test(scan): remove an unused mock * refactor(client): generate the constructor by wire * fix(cli): change the default port * fix(server): use auto-generated constructor * feat(ospkg): return eosl * test(integration): add integration tests for client/server (#306) * fix(server): remove unnecessary options * test(integration): add integration tests for client/server * fix(server): wrap an error * fix(server): change the update interval * fix(server): display the error detail * test(config): add an assertion to test the config struct * fix(client): returns an error when failing to initizlie a logger * test(ospkg/server): add eosl * Squashed commit of the following: * test(server): refactor and add tests (#307) * test(github): create a mock * test(db): create a mock * test(server): add tests for DB hot update * chore(db): add a log message * refactor(db): introduce google/wire * refactor(rpc): move directory * refactor(injector): fix import name * refactor(import): remove new lines * fix(server): display the error detail * fix(server): change the update interval * fix(server): wrap an error * test(integration): add integration tests for client/server * fix(server): remove unnecessary options * refactor(server): return an error when failing to initialize a logger * refactor(server): remove unused error * fix(client/server): fix default port * chore(README): add client/server * chore(README): update 2019-12-13 15:00:11 +02:00			`github.com/google/wire v0.3.0`
Update fanal version (#15) * Update fanal version * Update fanal version * do go mod tidy 2019-05-17 19:00:22 +09:00			`github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d`
Initial commit (#1) * initial 2019-05-07 15:41:03 +09:00			`github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936`
			`github.com/knqyf263/go-version v1.1.1`
Support Amazon Linux (#182) * Support Amazon Linux * amazon: Add tests for Scanner Detect functionality * amazon: Add more test cases for unhappy paths. This commit also asserts the logged output via observer. Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon: Add a test case for invalid fixed pkg version Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: go mod tidy Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon: Inject dependency seams for exposed db interface and logger. This commit also exposes an interface for doing db operations. Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon: Use injected logger for scanner. Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon_test: Add a sample testdata dir Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon: Add tests for for Get() for amazon vulns. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnsrc_test: Fix invocation call to SetVersion() Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon_test: Add a test for severirtyFromPriority Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon_test: Add tests for constructVersion() Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon: Refactor walkFunc outside for testability purposes Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon: Refactor walkFn and add tests for it. Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon: Refactor commitFunc closure and add tests This commit also introduces an interface for the vulnerability package to be used as a seam. Signed-off-by: Simarpreet Singh <simar@linux.com> * Revert "amazon: Use injected logger for scanner." This reverts commit 5a81e4d824a95f4de4aae2e2b903eedd0f7e241f. * test(amazon): fix failed tests * fix(vulnerability): trim references * test(amazon): add integration test 2019-10-22 09:31:15 +03:00			`github.com/kylelemons/godebug v1.1.0`
fix: replace containers/image with google/go-containerregistry (#456) * chore(mod): update dependencies * fix(internal): remove cleanup * fix: use only diff_id * fix: use string instead of digest * fix: replace LayerID with Layer * test(integration): negotiate API version * feat(conf): add TRIVY_NONSSL * test(integration): update golden files * test(integration): fix the error message * chore(debian): add comments * chore(mod): update dependencies 2020-04-14 13:31:13 +03:00			`github.com/mattn/go-colorable v0.1.4 // indirect`
Update dependencies 2019-06-07 23:46:55 +09:00			`github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a`
feat(db): store metadata as a file (#464) * refactor: wrap errors * feat(db): add the metadata file * test(db): re-generate mocks * fix(app): read metadata from the file in showVersion * fix: open the database after downloading it * fix(operation): use UpdateMetadata * chore(mod): update dependency * test(integration): fix tests * fix(conf): rename TRIVY_NONSSL to TRIVY_NON_SSL 2020-04-15 16:07:42 +03:00			`github.com/spf13/afero v1.2.2`
fix: MissingBlobs is implemented different in FS and S3 the method log… (#522) * fix: MissingBlobs is implemented diffrent in FS and S3 the method logic moved to cache.MissingBlobs * fix(unittest): implement MockArtifactCache instead MockLocalArtifactCache * fix(gofmt) * fix naming convention Co-authored-by: oranmoshai <oran.moshai@aquasec.com> 2020-06-10 10:38:37 +03:00			`github.com/stretchr/testify v1.6.1`
feat: support registry token (#482) * feat: support registry token * chore(mod): update * test(integration): add registry tests * chore(mod): update * test(integration): comment in terminate Co-authored-by: Simarpreet Singh <simar@linux.com> 2020-05-19 20:49:27 +03:00			`github.com/testcontainers/testcontainers-go v0.3.1`
fix(client): add image name and build time (#402) * WIP: Add imageName and BuildTime for Remote detector Signed-off-by: Simarpreet Singh <simar@linux.com> * wip Signed-off-by: Simarpreet Singh <simar@linux.com> * change name from build_time to created * remove an unused function * fix(library): add image_name and created_at * fix(ospkg): add image_name and created_at * fix(scan): add image_name and created_at * fix(library): remove unused param Co-authored-by: Simarpreet Singh <simar@linux.com> 2020-02-16 10:35:53 +02:00			`github.com/twitchtv/twirp v5.10.1+incompatible`
chore: bump up urfave/cli to v2 (#499) 2020-05-18 14:43:06 +03:00			`github.com/urfave/cli/v2 v2.2.0`
refactor(app): use internal and separate configurations (#291) * refactor(cmd): move app to internal * refactor(config): inject logger * test(config): add tests 2019-11-22 03:49:44 +02:00			`go.uber.org/atomic v1.5.1 // indirect`
Add oracle linux support (#286) * Add oracle * Add oracle * Add golden json * Add integration test * Update go.{mod,sum} * go mod tidy * Use k8s/utils clock.Clock interface * Fix Detect vulnerability oracle 2019-11-20 00:18:25 +09:00			`go.uber.org/multierr v1.4.0 // indirect`
refactor(app): use internal and separate configurations (#291) * refactor(cmd): move app to internal * refactor(config): inject logger * test(config): add tests 2019-11-22 03:49:44 +02:00			`go.uber.org/zap v1.13.0`
fix: replace containers/image with google/go-containerregistry (#456) * chore(mod): update dependencies * fix(internal): remove cleanup * fix: use only diff_id * fix: use string instead of digest * fix: replace LayerID with Layer * test(integration): negotiate API version * feat(conf): add TRIVY_NONSSL * test(integration): update golden files * test(integration): fix the error message * chore(debian): add comments * chore(mod): update dependencies 2020-04-14 13:31:13 +03:00			`golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45`
			`golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543`
			`k8s.io/utils v0.0.0-20191114184206-e782cd3c129f`
Initial commit (#1) * initial 2019-05-07 15:41:03 +09:00			`)`