Vuls

What's Changed

• chore(deps): update dependencies and integration by @shino in #2443
• fix(contrib/trivy): O(N²) library duplication in trivy-to-vuls ClassLangPkg handling by @Copilot in #2450
• feat(detector/vuls2): amazon linux by vuls2 by @shino in #2441

New Contributors

• @Copilot made their first contribution in #2450

Full Changelog: v0.38.5...v0.38.6

Changelog

• 9efad2a chore(deps): downgrade github.com/package-url/packageurl-go v0.1.4 => v0.1.3 (#2438)

Changelog

• b8762b3 fix(scanner/windows): revert "check invalid property, scanner err (#2419)" (#2428)

Changelog

• c5cdf1c fix(trivy-to-vuls): get exact LockfilePath (#2414)
• 7111680 feat(scanner/windows): add vendor field for windows package (#2412)
• 4140e93 chore(deps): bump github.com/go-git/go-git/v5 (#2413)
• 1ac6f1d chore(deps): bump the all group across 2 directories with 2 updates (#2401)
• 74b2959 chore(deps): bump github.com/aquasecurity/trivy in the trivy group (#2410)
• c70333f chore(deps): bump golang.org/x/oauth2 in the others group (#2411)
• cf4e1fe feat(trivy-to-vuls): add Dev flag to library conversion (#2408)
• 59e

Changelog

• 4ff3ccf chore!(ci/release): update cosign to v3
• 781977d chore(ci): update goreleaser to remove deprecated params (#2387)
• 2caede1 feat!(detector): lower the confidence of VulnCheck (#2385)
• fc5344c fix(model/CveContents): initialize CveContents to avoid nil map (#2379)
• c29a32f chore(deps): bump go-exploitdb (#2377)
• 3b796c8 feat(cwe): add 2023, 2024, 2025 top 25 (#2375)

Changelog

• a27a339 chore(deps): update dictionaries (#2373)
• 064541c chore(deps): bump the others group with 2 updates (#2372)
• c440fd5 chore(deps): bump github.com/aquasecurity/trivy from 0.67.2 to 0.68.0 in the trivy group (#2370)
• 93df2a8 chore(deps): bump the all group with 2 updates (#2366)
• 3d0f941 chore(deps): bump the others group across 1 directory with 8 updates (#2371)
• d8bff91 feat(detector/cve): support euvd (#2364)
• 3f82b46 chore(deps): bump the all group across 2 directories with 2 updates (#2367)

Changelog

• 47c6cec fix(scanner/redhatbase): update procPathToFQPN (#2363)
• 340fbb2 chore(deps): bump go-cve-dictionary version (#2362)
• 1c2a238 chore(deps): update vuls2 to json/v2 adaptation (#2359)
• 3b1e482 fix(detector/vuls2): compare CVSSv3 (#2360)
• 14d5c9a fix(ci/codeql): add json/v2 env var (#2358)
• 037514a chore(deps): bump the others group across 1 directory with 7 updates (#2357)
• f5a29e7 chore(deps): bump the go_modules group across 1 directory with 2 updates (#2356)
• 2c8a955 chore(deps): bump the all gr

Changelog

• 6efa3f0 fix(ci/goreleaser): pin cosign version to v2.6.1 (#2346)

Changelog

• dc268ae chore(deps): bump the others group with 6 updates (#2328)
• 2b527a2 fix(scanner/debian): correctly merge NeedRestartProcs (#2329)
• 6a6f187 fix(detector/vuls2): temporarily fill in the version (#2330)