Copy disabled (too large)
Download .txt
Showing preview only (13,929K chars total). Download the full file to get everything.
Repository: google/osv-scanner
Branch: main
Commit: 35535698af3e
Files: 837
Total size: 13.1 MB
Directory structure:
gitextract_t0q6fdgj/
├── .dockerignore
├── .editorconfig
├── .gemini/
│ └── config.yaml
├── .github/
│ ├── PULL_REQUEST_TEMPLATE/
│ │ └── PULL_REQUEST_TEMPLATE.md
│ └── workflows/
│ ├── cassettes.yml
│ ├── checks.yml
│ ├── codeql-analysis.yml
│ ├── dependencies.yml
│ ├── format-action/
│ │ └── action.yml
│ ├── goreleaser-nightly.yml
│ ├── goreleaser.yml
│ ├── links.yml
│ ├── lint-action/
│ │ └── action.yml
│ ├── osv-scanner-reusable-pr.yml
│ ├── osv-scanner-reusable.yml
│ ├── osv-scanner-unified-action.yml
│ ├── prerelease-check.yml
│ ├── renovate-validator.yml
│ ├── scorecards.yml
│ ├── snapshots.yml
│ ├── staleness.yml
│ ├── test-action/
│ │ └── action.yml
│ ├── title.yml
│ └── zizmor.yml
├── .gitignore
├── .golangci-lint-version
├── .golangci.yaml
├── .goreleaser-nightly.yml
├── .goreleaser.yml
├── .pre-commit-hooks.yaml
├── .prettierignore
├── .prettierrc.json
├── CHANGELOG.md
├── CONTRIBUTING.md
├── Dockerfile
├── LICENSE
├── Makefile
├── README.md
├── action.dockerfile
├── actions/
│ ├── reporter/
│ │ └── action.yml
│ └── scanner/
│ └── action.yml
├── cmd/
│ ├── osv-reporter/
│ │ ├── main.go
│ │ └── main_test.go
│ └── osv-scanner/
│ ├── __snapshots__/
│ │ └── main_test.snap
│ ├── fix/
│ │ ├── __snapshots__/
│ │ │ └── command_test.snap
│ │ ├── command.go
│ │ ├── command_test.go
│ │ ├── interactive.go
│ │ ├── model.go
│ │ ├── noninteractive.go
│ │ ├── output.go
│ │ ├── regen_lockfile.go
│ │ ├── state-choose-in-place-patches.go
│ │ ├── state-choose-strategy.go
│ │ ├── state-in-place-result.go
│ │ ├── state-initialize.go
│ │ ├── state-relock-result.go
│ │ ├── testdata/
│ │ │ ├── in-place-npm/
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── override-maven/
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ └── pom.xml
│ │ │ └── relax-npm/
│ │ │ └── package.json
│ │ └── testmain_test.go
│ ├── internal/
│ │ ├── cmd/
│ │ │ ├── __snapshots__/
│ │ │ │ └── helpers_test.snap
│ │ │ ├── helpers.go
│ │ │ ├── helpers_test.go
│ │ │ ├── run.go
│ │ │ └── testmain_test.go
│ │ ├── helper/
│ │ │ ├── callanalysis_parser.go
│ │ │ ├── callanalysis_parser_test.go
│ │ │ ├── flags.go
│ │ │ ├── getters.go
│ │ │ └── misc.go
│ │ └── testcmd/
│ │ ├── case.go
│ │ ├── copy.go
│ │ ├── git.go
│ │ ├── run.go
│ │ └── vcr.go
│ ├── main.go
│ ├── main_test.go
│ ├── mcp/
│ │ ├── __snapshots__/
│ │ │ └── integration_test.snap
│ │ ├── command.go
│ │ ├── configuration-instructions.md
│ │ ├── integration_test.go
│ │ ├── scan-deps-prompt.md
│ │ ├── stats.go
│ │ ├── testdata/
│ │ │ └── go-project/
│ │ │ ├── go.mod
│ │ │ ├── go.sum
│ │ │ ├── main.go
│ │ │ ├── osv-scanner-test.toml
│ │ │ └── osv-scanner.toml
│ │ └── testmain_test.go
│ ├── scan/
│ │ ├── __snapshots__/
│ │ │ └── command_test.snap
│ │ ├── command.go
│ │ ├── command_test.go
│ │ ├── image/
│ │ │ ├── __snapshots__/
│ │ │ │ └── command_test.snap
│ │ │ ├── command.go
│ │ │ ├── command_test.go
│ │ │ ├── testdata/
│ │ │ │ ├── alpine-3.18-alpine-release
│ │ │ │ ├── alpine-3.18-os-release
│ │ │ │ ├── cassettes/
│ │ │ │ │ ├── TestCommand_Docker.yaml
│ │ │ │ │ ├── TestCommand_ExplicitExtractors_WithDefaults.yaml
│ │ │ │ │ ├── TestCommand_ExplicitExtractors_WithoutDefaults.yaml
│ │ │ │ │ ├── TestCommand_HtmlFile.yaml
│ │ │ │ │ ├── TestCommand_OCIImage.yaml
│ │ │ │ │ └── TestCommand_OCIImage_JSONFormat.yaml
│ │ │ │ ├── java-fixture/
│ │ │ │ │ └── app/
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── pom.xml
│ │ │ │ │ └── src/
│ │ │ │ │ └── main/
│ │ │ │ │ └── java/
│ │ │ │ │ └── com/
│ │ │ │ │ └── mycompany/
│ │ │ │ │ └── app/
│ │ │ │ │ └── App.java
│ │ │ │ ├── lockfile-fixture/
│ │ │ │ │ ├── alpine-zlib-16.cdx.json
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── package-tracing-fixture/
│ │ │ │ │ ├── go.mod
│ │ │ │ │ ├── go.sum
│ │ │ │ │ ├── main.go
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── python-fixture/
│ │ │ │ │ ├── main.py
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ └── requirements.txt
│ │ │ │ ├── sample-pkgs/
│ │ │ │ │ └── fzf_0.29.0-1ubuntu0.1_amd64.deb
│ │ │ │ ├── test-alpine-etcshadow.Dockerfile
│ │ │ │ ├── test-alpine-sbom.Dockerfile
│ │ │ │ ├── test-alpine.Dockerfile
│ │ │ │ ├── test-go-binary.Dockerfile
│ │ │ │ ├── test-image-with-deprecated/
│ │ │ │ │ ├── Cargo.toml
│ │ │ │ │ └── src/
│ │ │ │ │ └── main.rs
│ │ │ │ ├── test-image-with-deprecated.Dockerfile
│ │ │ │ ├── test-java-full.Dockerfile
│ │ │ │ ├── test-node_modules-npm-empty.Dockerfile
│ │ │ │ ├── test-node_modules-npm-full.Dockerfile
│ │ │ │ ├── test-node_modules-pnpm-empty.Dockerfile
│ │ │ │ ├── test-node_modules-pnpm-full.Dockerfile
│ │ │ │ ├── test-node_modules-yarn-empty.Dockerfile
│ │ │ │ ├── test-node_modules-yarn-full.Dockerfile
│ │ │ │ ├── test-package-tracing.Dockerfile
│ │ │ │ ├── test-python-empty.Dockerfile
│ │ │ │ ├── test-python-full.Dockerfile
│ │ │ │ ├── test-ubuntu-20-04.Dockerfile
│ │ │ │ ├── test-ubuntu-with-packages.Dockerfile
│ │ │ │ ├── test-ubuntu.Dockerfile
│ │ │ │ └── ubuntu20-04-unimportant-config.toml
│ │ │ └── testmain_test.go
│ │ ├── source/
│ │ │ ├── __snapshots__/
│ │ │ │ └── command_test.snap
│ │ │ ├── command.go
│ │ │ ├── command_test.go
│ │ │ ├── testdata/
│ │ │ │ ├── .goignore
│ │ │ │ ├── artifact/
│ │ │ │ │ ├── javareach_test.jar
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── bin/
│ │ │ │ │ └── ssh
│ │ │ │ ├── call-analysis-go-project/
│ │ │ │ │ ├── go.mod
│ │ │ │ │ ├── go.sum
│ │ │ │ │ ├── main.go
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── call-analysis-go-project-all-uncalled/
│ │ │ │ │ ├── go.mod
│ │ │ │ │ ├── go.sum
│ │ │ │ │ ├── main.go
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── cassettes/
│ │ │ │ │ ├── TestCommand.yaml
│ │ │ │ │ ├── TestCommandNonGit.yaml
│ │ │ │ │ ├── TestCommand_CallAnalysis.yaml
│ │ │ │ │ ├── TestCommand_CommitSupport.yaml
│ │ │ │ │ ├── TestCommand_Config_UnusedIgnores.yaml
│ │ │ │ │ ├── TestCommand_ExplicitExtractors_WithDefaults.yaml
│ │ │ │ │ ├── TestCommand_ExplicitExtractors_WithoutDefaults.yaml
│ │ │ │ │ ├── TestCommand_GithubActions.yaml
│ │ │ │ │ ├── TestCommand_HtmlFile.yaml
│ │ │ │ │ ├── TestCommand_HtmlFile_Deprecated.yaml
│ │ │ │ │ ├── TestCommand_JavareachArchive.yaml
│ │ │ │ │ ├── TestCommand_Licenses.yaml
│ │ │ │ │ ├── TestCommand_LocalDatabases.yaml
│ │ │ │ │ ├── TestCommand_LocalDatabases_AlwaysOffline.yaml
│ │ │ │ │ ├── TestCommand_LockfileWithExplicitParseAs.yaml
│ │ │ │ │ ├── TestCommand_MoreLockfiles.yaml
│ │ │ │ │ ├── TestCommand_Transitive.yaml
│ │ │ │ │ ├── TestCommand_WithDetector_OffLinux.yaml
│ │ │ │ │ └── TestCommand_WithDetector_OnLinux.yaml
│ │ │ │ ├── config-invalid/
│ │ │ │ │ └── osv-scanner-test.toml
│ │ │ │ ├── exp-plugins-pkgdeprecate/
│ │ │ │ │ └── deprecated-vuln/
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── go-project/
│ │ │ │ │ ├── go-version-config.toml
│ │ │ │ │ ├── go.mod
│ │ │ │ │ ├── nested/
│ │ │ │ │ │ ├── go-version-config.toml
│ │ │ │ │ │ ├── go.mod
│ │ │ │ │ │ └── osv-scanner.toml
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── locks-git/
│ │ │ │ │ └── osv-scanner.json
│ │ │ │ ├── locks-gitignore/
│ │ │ │ │ ├── subdir/
│ │ │ │ │ │ └── test.gitignore
│ │ │ │ │ └── test.gitignore
│ │ │ │ ├── locks-insecure/
│ │ │ │ │ ├── my-package-lock.json
│ │ │ │ │ ├── osv-scanner-custom-git-tag.json
│ │ │ │ │ ├── osv-scanner-custom.json
│ │ │ │ │ ├── osv-scanner-flutter-deps.json
│ │ │ │ │ ├── osv-scanner-with-unscannables.json
│ │ │ │ │ ├── osv-scanner.json
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── locks-licenses/
│ │ │ │ │ └── package.json
│ │ │ │ ├── locks-many/
│ │ │ │ │ ├── installed
│ │ │ │ │ ├── not-a-lockfile.toml
│ │ │ │ │ ├── osv-scanner-test.toml
│ │ │ │ │ ├── replace-local.mod
│ │ │ │ │ └── status
│ │ │ │ ├── locks-many-with-insecure/
│ │ │ │ │ ├── alpine.cdx.xml
│ │ │ │ │ ├── installed
│ │ │ │ │ ├── not-a-lockfile.toml
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── replace-local.mod
│ │ │ │ │ └── status
│ │ │ │ ├── locks-none/
│ │ │ │ │ └── README.md
│ │ │ │ ├── locks-requirements/
│ │ │ │ │ ├── my-requirements.txt
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── requirements-dev.txt
│ │ │ │ │ ├── requirements-transitive.txt
│ │ │ │ │ ├── requirements.prod.txt
│ │ │ │ │ ├── requirements.txt
│ │ │ │ │ ├── the_requirements_for_test.txt
│ │ │ │ │ └── unresolvable-requirements.txt
│ │ │ │ ├── locks-scalibr/
│ │ │ │ │ ├── Package.resolved
│ │ │ │ │ ├── cabal.project.freeze
│ │ │ │ │ ├── depsjson
│ │ │ │ │ ├── gems.locked
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── packages.config
│ │ │ │ │ └── packages.lock.json
│ │ │ │ ├── locks-test-ignore/
│ │ │ │ │ ├── osv-scanner-test.toml
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── maven-transitive/
│ │ │ │ │ ├── abc.xml
│ │ │ │ │ ├── encoding.xml
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── parent.xml
│ │ │ │ │ ├── pom.xml
│ │ │ │ │ └── registry.xml
│ │ │ │ ├── osv-scanner-call-analysis-config.toml
│ │ │ │ ├── osv-scanner-complex-licenses-config.toml
│ │ │ │ ├── osv-scanner-composite-config.toml
│ │ │ │ ├── osv-scanner-duplicate-config.toml
│ │ │ │ ├── osv-scanner-empty-config.toml
│ │ │ │ ├── osv-scanner-expressive-licenses-config.toml
│ │ │ │ ├── osv-scanner-invalid-licenses-config.toml
│ │ │ │ ├── osv-scanner-partial-ignores-config.toml
│ │ │ │ ├── osv-scanner-reasonless-ignores-config.toml
│ │ │ │ ├── osv-scanner-unknown-config.toml
│ │ │ │ └── sbom-insecure/
│ │ │ │ ├── alpine-zlib-16.cdx.json
│ │ │ │ ├── alpine.cdx.xml
│ │ │ │ ├── bad-purls.cdx.xml
│ │ │ │ ├── only-unimportant.spdx.json
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── postgres-stretch.cdx.xml
│ │ │ │ └── with-duplicates.cdx.xml
│ │ │ └── testmain_test.go
│ │ ├── testdata/
│ │ │ ├── cassettes/
│ │ │ │ └── TestCommand_SubCommands.yaml
│ │ │ └── locks-many/
│ │ │ ├── alpine.cdx.xml
│ │ │ ├── installed
│ │ │ ├── not-a-lockfile.toml
│ │ │ ├── osv-scanner.toml
│ │ │ ├── replace-local.mod
│ │ │ └── status
│ │ └── testmain_test.go
│ ├── testdata/
│ │ ├── cassettes/
│ │ │ └── Test_run_SubCommands.yaml
│ │ └── locks-many/
│ │ ├── alpine.cdx.xml
│ │ ├── installed
│ │ ├── not-a-lockfile.toml
│ │ ├── osv-scanner.toml
│ │ ├── replace-local.mod
│ │ └── status
│ ├── testmain_test.go
│ └── update/
│ ├── __snapshots__/
│ │ └── command_test.snap
│ ├── command.go
│ ├── command_test.go
│ ├── testdata/
│ │ ├── osv-scanner.toml
│ │ └── pom.xml
│ └── testmain_test.go
├── docs/
│ ├── .gitignore
│ ├── 404.html
│ ├── Gemfile
│ ├── README.md
│ ├── _config.yml
│ ├── _sass/
│ │ ├── color_schemes/
│ │ │ ├── _variables.scss
│ │ │ └── custom_dark.scss
│ │ ├── custom/
│ │ │ └── custom.scss
│ │ └── highlight/
│ │ └── native.scss
│ ├── configuration.md
│ ├── contribute.md
│ ├── docs.Dockerfile
│ ├── experimental.md
│ ├── github-action.md
│ ├── guided-remediation.md
│ ├── index.md
│ ├── installation.md
│ ├── license-scanning.md
│ ├── manual-plugin-selection.md
│ ├── migrating-from-scalibr.md
│ ├── migration-guide.md
│ ├── offline-mode.md
│ ├── osv-reporter.md
│ ├── output.md
│ ├── package-deprecation.md
│ ├── scan-image.md
│ ├── scan-source.md
│ ├── supported_languages_and_lockfiles.md
│ └── usage.md
├── exit_code_redirect.sh
├── go.mod
├── go.sum
├── goreleaser-action.dockerfile
├── goreleaser.dockerfile
├── internal/
│ ├── cachedregexp/
│ │ └── regex.go
│ ├── ci/
│ │ ├── __snapshots__/
│ │ │ └── vulnerability_result_diff_test.snap
│ │ ├── testdata/
│ │ │ ├── not-json.txt
│ │ │ ├── results-empty.json
│ │ │ ├── results-some.json
│ │ │ └── vulns/
│ │ │ ├── test-vuln-results-a-1.json
│ │ │ ├── test-vuln-results-a.json
│ │ │ ├── test-vuln-results-b.json
│ │ │ ├── test-vuln-results-c.json
│ │ │ └── test-vuln-results-d.json
│ │ ├── testmain_test.go
│ │ ├── utility.go
│ │ ├── utility_test.go
│ │ ├── vulnerability_result_diff.go
│ │ └── vulnerability_result_diff_test.go
│ ├── clients/
│ │ ├── clientimpl/
│ │ │ ├── licensematcher/
│ │ │ │ └── licensematcher.go
│ │ │ ├── localmatcher/
│ │ │ │ ├── localmatcher.go
│ │ │ │ ├── testdata/
│ │ │ │ │ └── db/
│ │ │ │ │ ├── file.json
│ │ │ │ │ ├── file.yaml
│ │ │ │ │ ├── nested-1/
│ │ │ │ │ │ └── osv-1.json
│ │ │ │ │ └── nested-2/
│ │ │ │ │ ├── invalid.json
│ │ │ │ │ └── osv-2.json
│ │ │ │ ├── zip.go
│ │ │ │ └── zip_test.go
│ │ │ └── osvmatcher/
│ │ │ ├── cachedosvmatcher.go
│ │ │ ├── osvmatcher.go
│ │ │ └── osvmatcher_test.go
│ │ └── clientinterfaces/
│ │ ├── licensematcher.go
│ │ └── vulnerabilitymatcher.go
│ ├── cmdlogger/
│ │ ├── fmt.go
│ │ ├── handler.go
│ │ ├── interface.go
│ │ ├── level.go
│ │ ├── level_test.go
│ │ ├── scalibr.go
│ │ └── static.go
│ ├── config/
│ │ ├── config.go
│ │ ├── config_internal_test.go
│ │ ├── manager.go
│ │ └── testdata/
│ │ ├── testdatainner/
│ │ │ ├── innerFolder/
│ │ │ │ └── test.yaml
│ │ │ ├── osv-scanner-load-path.toml
│ │ │ ├── osv-scanner.toml
│ │ │ └── some-manifest.yaml
│ │ ├── unknown-key-1.toml
│ │ ├── unknown-key-2.toml
│ │ ├── unknown-key-3.toml
│ │ ├── unknown-key-4.toml
│ │ ├── unknown-key-5.toml
│ │ ├── unknown-key-6.toml
│ │ └── unknown-key-7.toml
│ ├── datasource/
│ │ ├── cache.go
│ │ ├── cache_test.go
│ │ ├── http_auth.go
│ │ ├── http_auth_test.go
│ │ ├── insights.go
│ │ ├── insights_cache.go
│ │ ├── insightsalpha.go
│ │ ├── maven_registry.go
│ │ ├── maven_registry_cache.go
│ │ ├── maven_registry_test.go
│ │ ├── maven_settings.go
│ │ ├── maven_settings_test.go
│ │ ├── npm_registry.go
│ │ ├── npm_registry_cache.go
│ │ ├── npm_registry_test.go
│ │ ├── npmrc.go
│ │ ├── npmrc_test.go
│ │ └── testdata/
│ │ ├── maven_settings/
│ │ │ └── settings.xml
│ │ └── npm_registry/
│ │ ├── @fake-registry-a.json
│ │ ├── fake-package-2.2.2.json
│ │ └── fake-package.json
│ ├── depsdev/
│ │ └── depsdev.go
│ ├── grouper/
│ │ ├── grouper.go
│ │ ├── grouper_models.go
│ │ └── grouper_test.go
│ ├── identifiers/
│ │ ├── identifiers.go
│ │ └── identifiers_test.go
│ ├── imodels/
│ │ ├── imodels.go
│ │ ├── imodels_test.go
│ │ └── results/
│ │ └── scanresults.go
│ ├── output/
│ │ ├── __snapshots__/
│ │ │ ├── cyclonedx_test.snap
│ │ │ ├── githubannotation_test.snap
│ │ │ ├── machinejson_test.snap
│ │ │ ├── markdowntable_test.snap
│ │ │ ├── output_result_test.snap
│ │ │ ├── result_test.snap
│ │ │ ├── sarif_internal_test.snap
│ │ │ ├── sarif_test.snap
│ │ │ ├── spdx_test.snap
│ │ │ ├── table_test.snap
│ │ │ └── vertical_test.snap
│ │ ├── cyclonedx.go
│ │ ├── cyclonedx_test.go
│ │ ├── form.go
│ │ ├── form_test.go
│ │ ├── githubannotation.go
│ │ ├── githubannotation_test.go
│ │ ├── helpers_test.go
│ │ ├── html/
│ │ │ ├── base_image_template.gohtml
│ │ │ ├── deprecated_package_template.gohtml
│ │ │ ├── filter_template.gohtml
│ │ │ ├── license_summary_template.gohtml
│ │ │ ├── package_table_template.gohtml
│ │ │ ├── package_view_template.gohtml
│ │ │ ├── report_template.gohtml
│ │ │ ├── script.js
│ │ │ ├── severity_summary_template.gohtml
│ │ │ ├── style.css
│ │ │ ├── vuln_table_entry_template.gohtml
│ │ │ └── vuln_table_template.gohtml
│ │ ├── html.go
│ │ ├── html_test.go
│ │ ├── machinejson.go
│ │ ├── machinejson_test.go
│ │ ├── markdowntable.go
│ │ ├── markdowntable_test.go
│ │ ├── output_result.go
│ │ ├── output_result_test.go
│ │ ├── result.go
│ │ ├── result_test.go
│ │ ├── sarif.go
│ │ ├── sarif_fingerprint_test.go
│ │ ├── sarif_internal_test.go
│ │ ├── sarif_test.go
│ │ ├── sbom/
│ │ │ ├── cyclonedx_1_4.go
│ │ │ ├── cyclonedx_1_5.go
│ │ │ ├── cyclonedx_1_6.go
│ │ │ ├── cyclonedx_common.go
│ │ │ └── models.go
│ │ ├── spdx.go
│ │ ├── spdx_test.go
│ │ ├── table.go
│ │ ├── table_test.go
│ │ ├── testdata/
│ │ │ ├── commit-grouped.json
│ │ │ ├── flattened_vulns.json
│ │ │ ├── test-vuln-results-a.json
│ │ │ └── vuln-grouped.json
│ │ ├── testmain_test.go
│ │ ├── vertical.go
│ │ └── vertical_test.go
│ ├── remediation/
│ │ ├── __snapshots__/
│ │ │ ├── in_place_test.snap
│ │ │ └── testhelpers_test.snap
│ │ ├── in_place.go
│ │ ├── in_place_test.go
│ │ ├── override.go
│ │ ├── override_test.go
│ │ ├── relax/
│ │ │ ├── npm.go
│ │ │ ├── npm_test.go
│ │ │ └── relax.go
│ │ ├── relax.go
│ │ ├── relax_test.go
│ │ ├── remediation.go
│ │ ├── remediation_test.go
│ │ ├── suggest/
│ │ │ ├── maven.go
│ │ │ ├── maven_test.go
│ │ │ └── suggest.go
│ │ ├── testdata/
│ │ │ ├── maven-classifier/
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── pom.xml
│ │ │ │ ├── universe.yaml
│ │ │ │ └── vulns.json
│ │ │ ├── override-workaround/
│ │ │ │ ├── commons/
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ └── pom.xml
│ │ │ │ ├── guava/
│ │ │ │ │ ├── android-to-android/
│ │ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ │ └── pom.xml
│ │ │ │ │ ├── jre-to-jre/
│ │ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ │ └── pom.xml
│ │ │ │ │ └── none-to-jre/
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ └── pom.xml
│ │ │ │ ├── universe.yaml
│ │ │ │ └── vulns.json
│ │ │ ├── santatracker/
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── package.json
│ │ │ │ ├── universe.yaml
│ │ │ │ └── vulns.json
│ │ │ └── zeppelin-server/
│ │ │ ├── osv-scanner.toml
│ │ │ ├── parent/
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── parent/
│ │ │ │ │ └── pom.xml
│ │ │ │ └── pom.xml
│ │ │ ├── pom.xml
│ │ │ ├── universe.yaml
│ │ │ └── vulns.json
│ │ ├── testhelpers_test.go
│ │ ├── testmain_test.go
│ │ └── upgrade/
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── level.go
│ │ └── level_test.go
│ ├── reporter/
│ │ ├── cyclonedx.go
│ │ ├── format.go
│ │ ├── gh-annotations_reporter.go
│ │ ├── html_reporter.go
│ │ ├── json_reporter.go
│ │ ├── reporter.go
│ │ ├── reporter_test.go
│ │ ├── sarif_reporter.go
│ │ ├── spdx.go
│ │ ├── table_reporter.go
│ │ └── vertical_reporter.go
│ ├── resolution/
│ │ ├── __snapshots__/
│ │ │ └── resolve_test.snap
│ │ ├── client/
│ │ │ ├── client.go
│ │ │ ├── depsdev_client.go
│ │ │ ├── helper.go
│ │ │ ├── maven_registry_client.go
│ │ │ ├── npm_registry_client.go
│ │ │ └── override_client.go
│ │ ├── clienttest/
│ │ │ └── mock_resolution_client.go
│ │ ├── dependency_subgraph.go
│ │ ├── dependency_subgraph_test.go
│ │ ├── depfile/
│ │ │ └── depfile.go
│ │ ├── lockfile/
│ │ │ ├── __snapshots__/
│ │ │ │ └── npm_test.snap
│ │ │ ├── lockfile.go
│ │ │ ├── npm.go
│ │ │ ├── npm_test.go
│ │ │ ├── npm_v1.go
│ │ │ ├── npm_v2.go
│ │ │ ├── testdata/
│ │ │ │ ├── npm_registry/
│ │ │ │ │ ├── @fake-registry-a-1.2.4.json
│ │ │ │ │ └── @fake-registry-a-2.3.5.json
│ │ │ │ ├── npm_v1/
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ └── package.json
│ │ │ │ └── npm_v2/
│ │ │ │ └── osv-scanner.toml
│ │ │ └── testmain_test.go
│ │ ├── manifest/
│ │ │ ├── __snapshots__/
│ │ │ │ ├── maven_test.snap
│ │ │ │ └── npm_test.snap
│ │ │ ├── manifest.go
│ │ │ ├── maven.go
│ │ │ ├── maven_test.go
│ │ │ ├── npm.go
│ │ │ ├── npm_test.go
│ │ │ ├── testdata/
│ │ │ │ ├── maven/
│ │ │ │ │ ├── my-app/
│ │ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ │ └── pom.xml
│ │ │ │ │ ├── no-dependency-management.xml
│ │ │ │ │ └── parent/
│ │ │ │ │ ├── grandparent/
│ │ │ │ │ │ ├── mismatch.xml
│ │ │ │ │ │ └── pom.xml
│ │ │ │ │ └── pom.xml
│ │ │ │ ├── npm-workspaces/
│ │ │ │ │ ├── package.json
│ │ │ │ │ ├── ws/
│ │ │ │ │ │ ├── jquery/
│ │ │ │ │ │ │ └── package.json
│ │ │ │ │ │ └── ugh/
│ │ │ │ │ │ └── package.json
│ │ │ │ │ └── z/
│ │ │ │ │ └── package.json
│ │ │ │ └── package.json
│ │ │ └── testmain_test.go
│ │ ├── resolve.go
│ │ ├── resolve_test.go
│ │ ├── testdata/
│ │ │ ├── basic-universe.yaml
│ │ │ ├── basic-vulns.json
│ │ │ ├── complex-universe.yaml
│ │ │ ├── complex-vulns.json
│ │ │ ├── diamond-universe.yaml
│ │ │ └── diamond-vulns.json
│ │ ├── testmain_test.go
│ │ └── util/
│ │ └── depsdev.go
│ ├── scalibrenricher/
│ │ └── govulncheck/
│ │ └── source/
│ │ ├── govulncheck.go
│ │ ├── govulncheck_test.go
│ │ ├── result.go
│ │ └── testdata/
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── main.go
│ │ └── osv-scanner.toml
│ ├── scalibrextract/
│ │ ├── filesystem/
│ │ │ └── vendored/
│ │ │ ├── testdata/
│ │ │ │ └── thirdparty/
│ │ │ │ └── zlib/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── CMakeLists.txt
│ │ │ │ ├── ChangeLog
│ │ │ │ ├── FAQ
│ │ │ │ ├── INDEX
│ │ │ │ ├── LICENSE
│ │ │ │ ├── Makefile
│ │ │ │ ├── Makefile.in
│ │ │ │ ├── README
│ │ │ │ ├── adler32.c
│ │ │ │ ├── amiga/
│ │ │ │ │ ├── Makefile.pup
│ │ │ │ │ └── Makefile.sas
│ │ │ │ ├── compress.c
│ │ │ │ ├── configure
│ │ │ │ ├── crc32.c
│ │ │ │ ├── crc32.h
│ │ │ │ ├── deflate.c
│ │ │ │ ├── deflate.h
│ │ │ │ ├── examples/
│ │ │ │ │ ├── README.examples
│ │ │ │ │ ├── enough.c
│ │ │ │ │ ├── fitblk.c
│ │ │ │ │ ├── gun.c
│ │ │ │ │ ├── gzappend.c
│ │ │ │ │ ├── gzjoin.c
│ │ │ │ │ ├── gzlog.c
│ │ │ │ │ ├── gzlog.h
│ │ │ │ │ ├── gznorm.c
│ │ │ │ │ ├── zlib_how.html
│ │ │ │ │ ├── zpipe.c
│ │ │ │ │ ├── zran.c
│ │ │ │ │ └── zran.h
│ │ │ │ ├── gzclose.c
│ │ │ │ ├── gzguts.h
│ │ │ │ ├── gzlib.c
│ │ │ │ ├── gzread.c
│ │ │ │ ├── gzwrite.c
│ │ │ │ ├── infback.c
│ │ │ │ ├── inffast.c
│ │ │ │ ├── inffast.h
│ │ │ │ ├── inffixed.h
│ │ │ │ ├── inflate.c
│ │ │ │ ├── inflate.h
│ │ │ │ ├── inftrees.c
│ │ │ │ ├── inftrees.h
│ │ │ │ ├── make_vms.com
│ │ │ │ ├── nintendods/
│ │ │ │ │ ├── Makefile
│ │ │ │ │ └── README
│ │ │ │ ├── os400/
│ │ │ │ │ ├── README400
│ │ │ │ │ ├── bndsrc
│ │ │ │ │ ├── make.sh
│ │ │ │ │ └── zlib.inc
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── qnx/
│ │ │ │ │ └── package.qpg
│ │ │ │ ├── test/
│ │ │ │ │ ├── example.c
│ │ │ │ │ ├── infcover.c
│ │ │ │ │ └── minigzip.c
│ │ │ │ ├── treebuild.xml
│ │ │ │ ├── trees.c
│ │ │ │ ├── trees.h
│ │ │ │ ├── uncompr.c
│ │ │ │ ├── watcom/
│ │ │ │ │ ├── watcom_f.mak
│ │ │ │ │ └── watcom_l.mak
│ │ │ │ ├── win32/
│ │ │ │ │ ├── DLL_FAQ.txt
│ │ │ │ │ ├── Makefile.bor
│ │ │ │ │ ├── Makefile.gcc
│ │ │ │ │ ├── Makefile.msc
│ │ │ │ │ ├── README-WIN32.txt
│ │ │ │ │ ├── VisualC.txt
│ │ │ │ │ ├── zlib.def
│ │ │ │ │ └── zlib1.rc
│ │ │ │ ├── zconf.h
│ │ │ │ ├── zconf.h.cmakein
│ │ │ │ ├── zconf.h.in
│ │ │ │ ├── zlib.3
│ │ │ │ ├── zlib.h
│ │ │ │ ├── zlib.pc.cmakein
│ │ │ │ ├── zlib.pc.in
│ │ │ │ ├── zutil.c
│ │ │ │ └── zutil.h
│ │ │ ├── vendored.go
│ │ │ └── vendored_test.go
│ │ ├── language/
│ │ │ ├── javascript/
│ │ │ │ └── nodemodules/
│ │ │ │ └── extractor.go
│ │ │ └── osv/
│ │ │ └── osvscannerjson/
│ │ │ ├── extractor.go
│ │ │ ├── extractor_test.go
│ │ │ ├── metadata.go
│ │ │ └── testdata/
│ │ │ ├── empty.json
│ │ │ ├── multiple-packages-with-vulns.json
│ │ │ ├── not-json.txt
│ │ │ ├── one-package-commit.json
│ │ │ └── one-package.json
│ │ └── vcs/
│ │ ├── gitcommitdirect/
│ │ │ └── extractor.go
│ │ └── gitrepo/
│ │ ├── extractor.go
│ │ ├── extractor_test.go
│ │ └── testdata/
│ │ ├── example-clean/
│ │ │ └── git-hidden/
│ │ │ ├── HEAD
│ │ │ ├── config
│ │ │ ├── description
│ │ │ └── info/
│ │ │ └── exclude
│ │ ├── example-git/
│ │ │ ├── a.txt
│ │ │ └── git-hidden/
│ │ │ ├── COMMIT_EDITMSG
│ │ │ ├── HEAD
│ │ │ ├── config
│ │ │ ├── description
│ │ │ ├── index
│ │ │ ├── info/
│ │ │ │ └── exclude
│ │ │ ├── logs/
│ │ │ │ ├── HEAD
│ │ │ │ └── refs/
│ │ │ │ └── heads/
│ │ │ │ └── main
│ │ │ ├── objects/
│ │ │ │ ├── 16/
│ │ │ │ │ └── b14f5da9e2fcd6f3f38cc9e584cef2f3c90ebe
│ │ │ │ ├── 4b/
│ │ │ │ │ └── 825dc642cb6eb9a060e54bf8d69288fbee4904
│ │ │ │ ├── 86/
│ │ │ │ │ └── 2ac4bd2703b622e85f29f55a2fd8cd6caf8182
│ │ │ │ └── bf/
│ │ │ │ └── 8fbfe5a434c007b640c12d920683cb19a7b2b9
│ │ │ └── refs/
│ │ │ └── heads/
│ │ │ └── main
│ │ └── example-not-git/
│ │ ├── a.txt
│ │ └── git-hidden/
│ │ └── b.txt
│ ├── scalibrplugin/
│ │ ├── __snapshots__/
│ │ │ └── resolve_test.snap
│ │ ├── presets.go
│ │ ├── resolve.go
│ │ ├── resolve_test.go
│ │ └── testmain_test.go
│ ├── sourceanalysis/
│ │ ├── __snapshots__/
│ │ │ ├── go_test.snap
│ │ │ ├── integration_test.snap
│ │ │ └── rust_test.snap
│ │ ├── go.go
│ │ ├── go_test.go
│ │ ├── govulncheck/
│ │ │ └── result.go
│ │ ├── integration_test.go
│ │ ├── rust.go
│ │ ├── rust_test.go
│ │ ├── sourceanalysis.go
│ │ ├── testdata/
│ │ │ ├── go-integration/
│ │ │ │ ├── .goignore
│ │ │ │ ├── GO-2021-0053.json
│ │ │ │ ├── GO-2023-1558.json
│ │ │ │ ├── GO-2023-2382.json
│ │ │ │ └── test-project/
│ │ │ │ ├── go.mod
│ │ │ │ ├── go.sum
│ │ │ │ ├── main.go
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── json/
│ │ │ │ ├── govulncheckinput.json
│ │ │ │ ├── input-no-call-data.json
│ │ │ │ ├── input.json
│ │ │ │ ├── output-no-call-data.json
│ │ │ │ ├── output.json
│ │ │ │ ├── vulnbyid-no-call-data.json
│ │ │ │ └── vulnbyid.json
│ │ │ └── rust/
│ │ │ ├── archives/
│ │ │ │ ├── medium.rlib
│ │ │ │ └── simple.rlib
│ │ │ ├── functions/
│ │ │ │ ├── medium.json
│ │ │ │ ├── simple.json
│ │ │ │ └── test-rust-2.json
│ │ │ ├── objs/
│ │ │ │ ├── medium.o
│ │ │ │ ├── simple.o
│ │ │ │ └── test-rust-2
│ │ │ └── rust-project/
│ │ │ ├── .gitignore
│ │ │ ├── Cargo.toml
│ │ │ └── src/
│ │ │ └── main.rs
│ │ └── testmain_test.go
│ ├── spdx/
│ │ ├── gen.go
│ │ ├── licenses.go
│ │ ├── satisfies.go
│ │ ├── satisfies_test.go
│ │ ├── verify.go
│ │ └── verify_test.go
│ ├── testlogger/
│ │ ├── handler.go
│ │ └── markers.go
│ ├── testutility/
│ │ ├── fixture.go
│ │ ├── jsonreplace.go
│ │ ├── jsonreplace_test.go
│ │ ├── mock_http.go
│ │ ├── normalize.go
│ │ ├── snapshot.go
│ │ └── utility.go
│ ├── thirdparty/
│ │ ├── ar/
│ │ │ ├── COPYING
│ │ │ └── reader.go
│ │ └── xml/
│ │ ├── atom_test.go
│ │ ├── marshal.go
│ │ ├── marshal_test.go
│ │ ├── read.go
│ │ ├── read_test.go
│ │ ├── typeinfo.go
│ │ ├── xml.go
│ │ └── xml_test.go
│ ├── tui/
│ │ ├── dependency-graph.go
│ │ ├── in-place-info.go
│ │ ├── relock-info.go
│ │ ├── severity.go
│ │ ├── styles.go
│ │ ├── tui.go
│ │ ├── vuln-info.go
│ │ └── vuln-list.go
│ ├── url/
│ │ ├── url.go
│ │ ├── url_other_test.go
│ │ ├── url_test.go
│ │ └── url_windows_test.go
│ ├── utility/
│ │ ├── depgroup/
│ │ │ └── devgroup.go
│ │ ├── maven/
│ │ │ ├── maven.go
│ │ │ ├── maven_test.go
│ │ │ └── testdata/
│ │ │ ├── my-app/
│ │ │ │ └── pom.xml
│ │ │ ├── parent/
│ │ │ │ └── pom.xml
│ │ │ └── pom.xml
│ │ ├── purl/
│ │ │ ├── composer.go
│ │ │ ├── composer_test.go
│ │ │ ├── golang.go
│ │ │ ├── golang_test.go
│ │ │ ├── maven.go
│ │ │ ├── maven_test.go
│ │ │ ├── package_grouper.go
│ │ │ ├── package_grouper_test.go
│ │ │ ├── purl.go
│ │ │ ├── purl_to_package.go
│ │ │ └── purl_to_package_test.go
│ │ ├── results/
│ │ │ └── results.go
│ │ ├── semverlike/
│ │ │ └── version-semver-like.go
│ │ ├── severity/
│ │ │ ├── severity.go
│ │ │ └── severity_test.go
│ │ └── vulns/
│ │ ├── vulnerabilities.go
│ │ ├── vulnerabilities_test.go
│ │ ├── vulnerability.go
│ │ └── vulnerability_test.go
│ └── version/
│ └── version.go
├── osv-scanner.toml
├── pkg/
│ ├── models/
│ │ ├── cyclonedx.go
│ │ ├── image.go
│ │ ├── results.go
│ │ └── results_test.go
│ └── osvscanner/
│ ├── __snapshots__/
│ │ ├── filter_internal_test.snap
│ │ ├── osvscanner_test.snap
│ │ └── vulnerability_result_internal_test.snap
│ ├── exclude.go
│ ├── exclude_test.go
│ ├── filter.go
│ ├── filter_internal_test.go
│ ├── internal/
│ │ ├── imagehelpers/
│ │ │ └── imagehelpers.go
│ │ └── scanners/
│ │ └── lockfile.go
│ ├── invsort.go
│ ├── osvscanner.go
│ ├── osvscanner_test.go
│ ├── scan.go
│ ├── scan_test.go
│ ├── stats.go
│ ├── testdata/
│ │ └── filter/
│ │ ├── .gitignore
│ │ ├── all/
│ │ │ ├── configs/
│ │ │ │ ├── a/
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── b/
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ └── c/
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── input.json
│ │ │ └── want.json
│ │ ├── none/
│ │ │ ├── configs/
│ │ │ │ ├── a/
│ │ │ │ │ └── no_config
│ │ │ │ ├── b/
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ └── c/
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── input.json
│ │ │ └── want.json
│ │ └── some/
│ │ ├── configs/
│ │ │ ├── a/
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── b/
│ │ │ │ └── osv-scanner.toml
│ │ │ └── c/
│ │ │ └── osv-scanner.toml
│ │ ├── input.json
│ │ └── want.json
│ ├── testmain_test.go
│ ├── vulnerability_result.go
│ └── vulnerability_result_internal_test.go
├── renovate.json
└── scripts/
├── build.sh
├── build_snapshot.sh
├── build_test_images.sh
├── examples/
│ └── auto_guided_remediation.py
├── generate_coverage_report.sh
├── generate_mock_resolution_universe/
│ └── main.go
├── generators/
│ ├── GenerateMavenVersions.java
│ ├── generate-alpine-versions.py
│ ├── generate-cran-versions.R
│ ├── generate-debian-versions.py
│ ├── generate-packagist-versions.php
│ ├── generate-pypi-versions.py
│ ├── generate-redhat-versions.py
│ └── generate-rubygems-versions.rb
├── report_uncleaned_snapshots.py
├── run_formatters.sh
├── run_lints.sh
├── run_local_docs.sh
├── run_tests.sh
└── test_env.dockerfile
================================================
FILE CONTENTS
================================================
================================================
FILE: .dockerignore
================================================
docs/vendor
docs/_site
dist/
.history/
================================================
FILE: .editorconfig
================================================
# EditorConfig helps developers define and maintain consistent
# coding styles between different editors and IDEs
# editorconfig.org
root = true
[*]
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
indent_style = space
indent_size = 2
[*.go]
indent_style = tab
[internal/output/testdata/*.md]
trim_trailing_whitespace = false
[Makefile]
indent_style = tab
================================================
FILE: .gemini/config.yaml
================================================
have_fun: false
code_review:
disable: false
comment_severity_threshold: MEDIUM
max_review_comments: -1
pull_request_opened:
help: false
summary: false
code_review: false
include_drafts: true
ignore_patterns: []
================================================
FILE: .github/PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md
================================================
## Overview
**Please create an issue to discuss the proposed changes before sending a pull request.**
A brief description of the changes in this pull request. What is the purpose of this PR? What issue does it fix?
Fixes # (issue)
## Details
Provide a more detailed description of the changes. This can include:
- The approach taken to solve the problem.
- Any technical details that are relevant to the review.
- Before and after screenshots (if applicable).
## Testing
Please describe the tests that you ran to verify your changes. For example:
- I have added unit tests for the new functionality.
- I have run the existing test suite and all tests pass.
- I have manually tested the changes in the following way: ...
## Checklist
- [ ] I have signed the [Contributor License Agreement](https://cla.developers.google.com/).
- [ ] I have run the linter using `./scripts/run_lints.sh`.
- [ ] I have run the unit tests using `./scripts/run_tests.sh`.
- [ ] I have made my commits and PR title follow the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification.
================================================
FILE: .github/workflows/cassettes.yml
================================================
name: Cassettes
on:
schedule:
- cron: "47 20 * * *"
workflow_dispatch:
concurrency:
# Pushing new changes to a branch will cancel any in-progress CI runs
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
update:
permissions:
contents: write # to fetch and commit code
actions: write # to manually dispatch checks on the pull request
pull-requests: write # Create pull requests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- run: ./scripts/run_tests.sh || true
env:
TEST_ACCEPTANCE: true
TEST_VCR_MODE: recordonly
UPDATE_SNAPS: always
- uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
token: ${{ secrets.PR_TOKEN_BOT }}
title: "test: update cassettes"
body: >
The cassettes have changed, probably due to OSV advisories being changed.
Please review the differences to make sure that they're expected!
branch: "bot/update-cassettes"
author: "osv-robot <osv-robot@google.com>"
commit-message: "test: update cassettes"
================================================
FILE: .github/workflows/checks.yml
================================================
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Checks
on:
push:
branches: ["main", "v1", "mcp"]
pull_request:
# The branches below must be a subset of the branches above
branches: ["main", "v1", "mcp"]
workflow_dispatch:
concurrency:
# Pushing new changes to a branch will cancel any in-progress CI runs
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
ensure_snapshots_are_being_cleaned:
permissions:
contents: read # to fetch code (actions/checkout)
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- run: scripts/report_uncleaned_snapshots.py
filenames:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- run: |
find . -mindepth 1 ! -regex '.*/[#@A-Za-z0-9._-]*' -print0 \
| xargs -0 -I{} bash -c \
'printf "::error file=%q::This filename contains undesired characters\n" "$1" && false' _ {}
format:
permissions:
contents: read # to fetch code (actions/checkout)
name: prettier
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Run format action
uses: ./.github/workflows/format-action
tidy:
permissions:
contents: read # to fetch code (actions/checkout)
name: go mod tidy
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- run: go mod tidy -diff
lint:
permissions:
contents: read # to fetch code (actions/checkout)
name: golangci-lint
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- name: Run lint action
uses: ./.github/workflows/lint-action
prepare_test_image_testdata:
permissions:
contents: read # to fetch code (actions/checkout)
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- run: scripts/build_test_images.sh
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: image-testdata-${{ github.run_number }}-${{ github.run_attempt }}
path: cmd/osv-scanner/scan/image/testdata/*.tar
retention-days: 1
tests:
permissions:
contents: read # to fetch code (actions/checkout)
needs:
- prepare_test_image_testdata
name: Run unit tests
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: image-testdata-${{ github.run_number }}-*
path: cmd/osv-scanner/scan/image/testdata/
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- name: Run test action
uses: ./.github/workflows/test-action
with:
codecov_token: ${{ secrets.CODECOV_TOKEN }}
docker:
permissions:
contents: read # to fetch code (actions/checkout)
runs-on: ubuntu-latest
env:
# Required for buildx on docker 19.x
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Run GoReleaser
id: run-goreleaser
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
with:
distribution: goreleaser
version: "~> v2"
args: release --clean --snapshot
- env:
ARTIFACTS: ${{ steps.run-goreleaser.outputs.artifacts }}
run: |
echo "$ARTIFACTS" > output.json
jq -r '.[] | select(
.type == "Docker Image" and
.goarch == "amd64" and
.goos == "linux" and
.extra.DockerConfig.dockerfile == "goreleaser.dockerfile"
) | .name' output.json | while read -r image; do
echo "Testing image $image"
exit_code=0
docker run -v ${PWD}:/src $image -L /src/go.mod || exit_code=$?
# fail if we get a non-zero exit code other than "vulnerabilities were found"
if [[ $exit_code -ne 0 && $exit_code -ne 1 ]]; then
exit $exit_code
fi
done
================================================
FILE: .github/workflows/codeql-analysis.yml
================================================
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [main, v1]
pull_request:
# The branches below must be a subset of the branches above
branches: [main, v1]
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["go"]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# Update go to the latest version to support minor go versions is go.mod file
- name: Install Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
================================================
FILE: .github/workflows/dependencies.yml
================================================
name: Dependencies
on:
schedule:
- cron: "47 18 * * *"
workflow_dispatch:
concurrency:
# Pushing new changes to a branch will cancel any in-progress CI runs
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
update:
permissions:
contents: write # to fetch and commit code
actions: write # to manually dispatch checks on the pull request
pull-requests: write # Create pull requests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- run: |
latest_commit=$(git ls-remote https://github.com/google/osv-scalibr.git HEAD | cut -f1)
echo "updating osv-scalibr to $latest_commit"
go get github.com/google/osv-scalibr@"$latest_commit"
echo "latest_scalibr_commit=$latest_commit" >> "$GITHUB_ENV"
go mod tidy
- run: go test ./cmd/osv-scanner/ -run 'Test_run$' || true
env:
TEST_ACCEPTANCE: true
TEST_VCR_MODE: replaywithnewepisodes
UPDATE_SNAPS: always
- uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
token: ${{ secrets.PR_TOKEN_BOT }}
title: "feat: update osv-scalibr"
body: >
This updates `osv-scalibr` to https://github.com/google/osv-scalibr/commit/${{ env.latest_scalibr_commit }}
branch: "bot/update-scalibr"
author: "osv-robot <osv-robot@google.com>"
commit-message: "feat: update osv-scalibr to ${{ env.latest_scalibr_commit }}"
delete-branch: true
================================================
FILE: .github/workflows/format-action/action.yml
================================================
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: format
description: "Runs file formatters"
runs:
using: composite
steps:
- name: Run formatters
shell: bash
run: ./scripts/run_formatters.sh
================================================
FILE: .github/workflows/goreleaser-nightly.yml
================================================
name: Release nightly github action image
on:
schedule:
# we want the nightly builds only on work days
- cron: "0 0 * * 2-6"
# Allow us to manually call the workflow
workflow_dispatch:
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
goreleaser:
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
permissions:
packages: write # for goreleaser/goreleaser-action to publish docker images
runs-on: ubuntu-latest
env:
# Required for buildx on docker 19.x
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: ghcr-login
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
id: run-goreleaser
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
with:
distribution: goreleaser
version: "~> v2"
# Essentially do a snapshot release, but still push the docker images
# Skipping validate skips checks that the current commit has a tag
args: release --clean --config .goreleaser-nightly.yml --skip validate,announce
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/goreleaser.yml
================================================
name: Release new version
on:
push:
tags:
- "*" # triggers only if push new tag version, like `v0.8.4`
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
goreleaser:
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
permissions:
contents: write # for goreleaser/goreleaser-action to create a GitHub release
packages: write # for goreleaser/goreleaser-action to publish docker images
runs-on: ubuntu-latest
env:
# Required for buildx on docker 19.x
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: ghcr-login
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Detect stable tag
id: detect_stable
# Extracts tag name from git ref and check tag is stable
# semantic version pattern (vMAJOR.MINOR.PATCH, e.g., v1.2.3)
run: |
TAG="${GITHUB_REF_NAME}"
if [[ "$TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "STABLE=true" >> $GITHUB_ENV
else
echo "STABLE=false" >> $GITHUB_ENV
fi
- name: Run GoReleaser
id: run-goreleaser
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
with:
distribution: goreleaser
version: "~> v2"
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
STABLE: ${{ env.STABLE }}
- name: Generate subject
id: hash
env:
ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
run: |
set -euo pipefail
checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT"
provenance:
needs: [goreleaser]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a # v2.1.0
with:
base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
upload-assets: true # upload to a new release
draft-release: true # upload to a new draft release
================================================
FILE: .github/workflows/links.yml
================================================
name: Check markdown links
on:
push:
paths:
- "**.md"
pull_request:
paths:
- "**.md"
schedule:
- cron: "45 22 * * 1,4"
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
check:
permissions:
contents: read # to fetch code (actions/checkout)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: tcort/github-action-markdown-link-check@e7c7a18363c842693fadde5d41a3bd3573a7a225 # v1.1.2
with:
use-quiet-mode: "yes"
base-branch: "main"
check-modified-files-only: ${{ github.event_name == 'schedule' && 'yes' || 'no'}}
================================================
FILE: .github/workflows/lint-action/action.yml
================================================
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: lint
description: "Runs go lints"
runs:
using: composite
steps:
- name: Run golangci-lint
uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
with:
version-file: .golangci-lint-version
args: --timeout=5m
================================================
FILE: .github/workflows/osv-scanner-reusable-pr.yml
================================================
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# WARNING, this workflow is for legacy purposes. To view the current workflow see: https://github.com/google/osv-scanner-action
name: OSV-Scanner PR scanning reusable
# These are the permissions required by this reusable workflow to function.
#
# You should include a copy of this block next to any `uses:` of this workflow
permissions:
contents: read # to fetch code (actions/checkout)
security-events: write # for uploading SARIF files (github/codeql-action/upload-sarif)
on:
workflow_call:
inputs:
scan-args:
description: "Custom osv-scanner arguments (See https://google.github.io/osv-scanner/usage/ for options, you cannot set --format or --output-file)"
type: string
default: |-
-r
./
results-file-name:
description: "File name of the result SARIF file"
type: string
default: results.sarif
upload-sarif:
description: "Whether to upload to Security > Code Scanning"
type: boolean
required: false
default: true
fail-on-vuln:
description: "Whether to fail the action on vulnerability found"
type: boolean
default: true
jobs:
scan-pr:
runs-on: ubuntu-latest
steps:
- run: |
echo "### This action is deprecated" >> $GITHUB_STEP_SUMMARY
echo "Please use https://github.com/google/osv-scanner-action instead" >> $GITHUB_STEP_SUMMARY
false
================================================
FILE: .github/workflows/osv-scanner-reusable.yml
================================================
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# WARNING, this workflow is for legacy purposes. To view the current workflow see: https://github.com/google/osv-scanner-action
name: OSV-Scanner scanning reusable
# These are the permissions required by this reusable workflow to function.
#
# You should include a copy of this block next to any `uses:` of this workflow
permissions:
contents: read # to fetch code (actions/checkout)
security-events: write # for uploading SARIF files (github/codeql-action/upload-sarif)
on:
workflow_call:
inputs:
scan-args:
description: "Custom osv-scanner arguments (See https://google.github.io/osv-scanner/usage/ for options, you cannot set --format or --output-file)"
type: string
default: |-
-r
./
results-file-name:
description: "File name of the result SARIF file"
type: string
default: results.sarif
download-artifact:
description: "Optional artifact to download for scanning"
required: false
default: ""
type: string
upload-sarif:
description: "Whether to upload to Security > Code Scanning"
type: boolean
required: false
default: true
fail-on-vuln:
description: "Whether to fail the action on vulnerability found"
type: boolean
default: true
jobs:
osv-scan:
runs-on: ubuntu-latest
steps:
- run: |
echo "### This action is deprecated" >> $GITHUB_STEP_SUMMARY
echo "Please use https://github.com/google/osv-scanner-action instead" >> $GITHUB_STEP_SUMMARY
false
================================================
FILE: .github/workflows/osv-scanner-unified-action.yml
================================================
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: OSV-Scanner Scheduled Scan
on:
pull_request:
branches: ["main", "v1", "mcp"]
schedule:
- cron: "12 12 * * 1"
push:
branches: ["main", "v1", "mcp"]
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
scan-scheduled:
permissions:
contents: read # to fetch code (actions/checkout)
security-events: write # for uploading SARIF files
actions: read
if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
# If you want to copy this config, highly suggest pinning this to a release rather than tracking the nightly branch.
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@nightly"
scan-pr:
permissions:
contents: read # to fetch code (actions/checkout)
security-events: write # for uploading SARIF files
actions: read
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
# If you want to copy this config, highly suggest pinning this to a release rather than tracking the nightly branch.
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@nightly"
================================================
FILE: .github/workflows/prerelease-check.yml
================================================
name: Pre-release check
on:
workflow_dispatch:
inputs:
version:
description: "The version tag to release, (e.g. v1.2.3)"
required: true
type: string
commit:
description: "The commit hash to release"
required: true
type: string
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
osv-scan:
permissions:
contents: read # to fetch code (actions/checkout)
security-events: write # for uploading SARIF files
actions: read
uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@main
with:
# Only scan the top level go.mod file without recursively scanning directories since
# this is pipeline is about releasing the go module and binary
scan-args: |-
./
links:
permissions:
contents: read # to fetch code (actions/checkout)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: tcort/github-action-markdown-link-check@e7c7a18363c842693fadde5d41a3bd3573a7a225 # v1.1.2
with:
use-quiet-mode: "yes"
base-branch: "main"
format:
permissions:
contents: read # to fetch code (actions/checkout)
name: prettier
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Run lint action
uses: ./.github/workflows/format-action
tidy:
permissions:
contents: read # to fetch code (actions/checkout)
name: go mod tidy
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- run: go mod tidy -diff
lint:
permissions:
contents: read # to fetch code (actions/checkout)
name: golangci-lint
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
ref: ${{ inputs.commit }}
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- name: Run lint action
uses: ./.github/workflows/lint-action
prepare_test_image_testdata:
permissions:
contents: read # to fetch code (actions/checkout)
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- run: scripts/build_test_images.sh
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: image-testdata-${{ github.run_number }}-${{ github.run_attempt }}
path: cmd/osv-scanner/scan/image/testdata/*.tar
retention-days: 1
tests:
permissions:
contents: read # to fetch code (actions/checkout)
name: Run unit tests
needs:
- prepare_test_image_testdata
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
ref: ${{ inputs.commit }}
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: image-testdata-${{ github.run_number }}-${{ github.run_attempt }}
path: cmd/osv-scanner/scan/image/testdata/
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- name: Run test action
uses: ./.github/workflows/test-action
with:
codecov_token: ${{ secrets.CODECOV_TOKEN }}
generators:
permissions:
contents: read # to fetch code (actions/checkout)
name: (re)generate code
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
ref: ${{ inputs.commit }}
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- name: Run generators
run: go generate ./...
- run: |
git diff --name-only \
| xargs -I '{}' bash -c \
'echo "::error file={}::This needs to be regenerated by running \`go generate ./...\`" && false'
release-helper:
permissions:
contents: read # to fetch code (actions/checkout)
runs-on: ubuntu-latest
needs:
- format
- lint
- tests
- osv-scan
steps:
- name: Print Scripts
env:
OUTPUT: |
git fetch upstream &&
git tag ${{ inputs.version }} ${{ inputs.commit }} &&
git push upstream ${{ inputs.version }}
shell: bash
run: |
echo $OUTPUT
================================================
FILE: .github/workflows/renovate-validator.yml
================================================
name: Renovate Config Validator
on:
push:
branches: [main, v2]
paths:
- "renovate.json"
pull_request:
branches: [main, v2]
paths:
- "renovate.json"
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
validate:
runs-on: ubuntu-latest
permissions:
contents: read # to fetch code (actions/checkout)
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Nodes.js
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: latest
- name: Validate Renovate Config
run: npx --yes --package renovate -- renovate-config-validator
================================================
FILE: .github/workflows/scorecards.yml
================================================
# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.
name: Scorecards supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: "32 22 * * 6"
push:
branches: ["main"]
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
# (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecards on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
with:
sarif_file: results.sarif
================================================
FILE: .github/workflows/snapshots.yml
================================================
name: Snapshots
on:
schedule:
- cron: "47 18 * * *"
workflow_dispatch:
concurrency:
# Pushing new changes to a branch will cancel any in-progress CI runs
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
update:
permissions:
contents: write # to fetch and commit code
actions: write # to manually dispatch checks on the pull request
pull-requests: write # Create pull requests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: "go.mod"
check-latest: true
- run: ./scripts/run_tests.sh || true
env:
TEST_ACCEPTANCE: true
TEST_VCR_MODE: replaywithnewepisodes
UPDATE_SNAPS: always
- uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
token: ${{ secrets.PR_TOKEN_BOT }}
title: "test: update snapshots"
body: >
The snapshots have changed, probably due to OSV advisories being changed.
Please review the differences to make sure that they're expected!
branch: "bot/update-snapshots"
author: "osv-robot <osv-robot@google.com>"
commit-message: "test: update snapshots"
================================================
FILE: .github/workflows/staleness.yml
================================================
name: "Close stale issues and PRs"
permissions: read-all
on:
schedule:
- cron: "0 * * * *"
jobs:
stale:
permissions:
issues: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
with:
days-before-stale: 60
days-before-close: 14
operations-per-run: 100
remove-stale-when-updated: true
exempt-issue-labels: "good first issue,V2 Wishlist,backlog"
exempt-all-assignees: true
ignore-updates: false
stale-issue-label: stale
stale-issue-message: |
This issue has not had any activity for 60 days and will be automatically closed in two weeks
See https://github.com/google/osv-scanner/blob/main/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.
stale-pr-label: stale
stale-pr-message: |
This pull request has not had any activity for 60 days and will be automatically closed in two weeks
close-issue-label: "autoclosed"
close-issue-message: |
Automatically closing stale issue
close-pr-label: "autoclosed"
close-pr-message: |
Automatically closing stale pull request
================================================
FILE: .github/workflows/test-action/action.yml
================================================
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: test
description: "Runs go tests"
inputs:
codecov_token:
description: "Token for uploading coverage reports to Codecov"
required: true
runs:
using: composite
steps:
- name: Run go test
shell: bash
env:
TEST_ACCEPTANCE: true
run: ./scripts/run_tests.sh
- name: Upload coverage to Codecov
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
with:
token: ${{ inputs.codecov_token }}
fail_ci_if_error: true
================================================
FILE: .github/workflows/title.yml
================================================
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Title
on:
# `pull_request_target` is only required when editing PRs from forks.
pull_request:
types:
- opened
- edited
- reopened
permissions:
pull-requests: read
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/zizmor.yml
================================================
name: GitHub Actions Security Analysis with zizmor 🌈
on:
pull_request:
paths: [".github/workflows/**"]
push:
branches: ["main"]
permissions: {}
jobs:
zizmor:
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Run zizmor 🌈
uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
================================================
FILE: .gitignore
================================================
.history/
.vscode/
.idea/
/dist/
/osv-scanner
/temp
/coverage.out
/coverage.html
*.tar
*.pprof
.go-version
node_modules
osv-scalibr-portal
# we don't want to check in this file as it's very very large
/internal/semantic/testdata/redhat-versions-generated.txt
================================================
FILE: .golangci-lint-version
================================================
v2.9
================================================
FILE: .golangci.yaml
================================================
version: "2"
linters:
default: all
# prettier-ignore
disable:
- cyclop #
- err113 # will re-add later (another-rex)
- exhaustruct # overkill (g-rath)
- forcetypeassert # too hard (g-rath)
- funlen #
- funcorder #
- gochecknoglobals # disagree with, for non changing variables (another-rex)
- gocognit #
- goconst # not everything should be a constant
- gocyclo #
- godot # comments are fine without full stops (g-rath)
- godox # to-do comments are fine (g-rath)
- ireturn # disagree with, sort of (g-rath)
- lll # line length is hard (g-rath)
- maintidx #
- mnd # not every number is magic (g-rath)
- nestif #
- noinlineerr #
- nonamedreturns # disagree with, for now (another-rex)
- tagliatelle # we're parsing data from external sources (g-rath)
- testpackage # will re-add later (another-rex)
- varnamelen # maybe later (g-rath)
- wrapcheck # too difficult, will re-add later (another-rex)
- wsl # disagree with, for now (g-rath)
- wsl_v5 # disagree with, for now (g-rath)
settings:
depguard:
rules:
regexp:
files:
- "!**/internal/cachedregexp/**"
- "!**/internal/testutility/normalize.go"
- "!**/pkg/osvscanner/exclude.go"
deny:
- pkg: regexp
desc: Use github.com/google/osv-scanner/v2/internal/cachedregexp instead
exhaustive:
default-signifies-exhaustive: true
forbidigo:
forbid:
- pattern: ^testing.T.Skip
pkg: ^testing$
msg: go-snaps needs to know the test has been skipped, so use `testutility.Skip` instead
- pattern: ^os.Getwd
pkg: ^os$
msg: use `testutility.GetCurrentWorkingDirectory`
analyze-types: true
gocritic:
disabled-checks:
- ifElseChain
govet:
enable-all: true
disable:
- fieldalignment
- shadow
nlreturn:
block-size: 2
revive:
rules:
- name: increment-decrement
disabled: true
- name: blank-imports
disabled: false
- name: context-as-argument
disabled: false
- name: context-keys-type
disabled: false
- name: dot-imports
disabled: false
- name: empty-block
disabled: false
- name: error-naming
disabled: false
- name: error-return
disabled: false
- name: error-strings
disabled: false
- name: errorf
disabled: false
- name: exported
disabled: false
arguments:
# TODO: get these all enabled
- "check-private-receivers"
# - "check-public-interface"
- "disable-checks-on-constants"
- "disable-checks-on-functions"
- "disable-checks-on-methods"
- "disable-checks-on-types"
- "disable-checks-on-variables"
- name: import-alias-naming
disabled: false
- name: import-shadowing
disabled: false
- name: indent-error-flow
disabled: false
- name: package-comments
disabled: false
- name: range
disabled: false
- name: receiver-naming
disabled: false
- name: redefines-builtin-id
disabled: false
- name: redundant-test-main-exit
disabled: false
- name: superfluous-else
disabled: false
- name: time-naming
disabled: false
- name: unexported-return
disabled: false
- name: unreachable-code
disabled: false
- name: unused-parameter
disabled: false
- name: use-any
disabled: false
- name: var-declaration
disabled: false
- name: var-naming
disabled: false
arguments:
- [] # AllowList
- [] # DenyList
- - skip-package-name-checks: true
exclusions:
generated: lax
presets:
- common-false-positives
- legacy
- std-error-handling
rules:
- path: _test\.go
linters:
- dupl
- path-except: _test\.go
text: use `testutility.GetCurrentWorkingDirectory`
paths:
- internal/thirdparty/
- third_party$
- builtin$
- examples$
formatters:
enable:
- gofmt
- goimports
exclusions:
generated: lax
paths:
- internal/thirdparty/
- third_party$
- builtin$
- examples$
issues:
max-issues-per-linter: 0
max-same-issues: 0
================================================
FILE: .goreleaser-nightly.yml
================================================
version: 2
before:
hooks:
- go mod tidy
builds:
- main: ./cmd/osv-scanner/
id: osv-scanner
binary: osv-scanner
env:
# goreleaser does not work with CGO, it could also complicate
# usage by users in CI/CD systems like Terraform Cloud where
# they are unable to install libraries.
- CGO_ENABLED=0
- GO111MODULE=on
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
- -trimpath
ldflags:
- "-s -w"
- "-X github.com/google/osv-scanner/v2/internal/version.OSVVersion={{.Version}}.nightly"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.commit={{.Commit}}"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.date={{.CommitDate}}"
goos:
- linux
goarch:
- amd64
- main: ./cmd/osv-scanner/
id: osv-scanner-action
binary: osv-scanner-action
env:
# goreleaser does not work with CGO, it could also complicate
# usage by users in CI/CD systems like Terraform Cloud where
# they are unable to install libraries.
- CGO_ENABLED=0
- GO111MODULE=on
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
- -trimpath
ldflags:
- "-s -w"
- "-X github.com/google/osv-scanner/v2/internal/version.OSVVersion={{.Version}}.nightly_GHAction"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.commit={{.Commit}}"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.date={{.CommitDate}}"
goos:
- linux
goarch:
- amd64
- main: ./cmd/osv-reporter/
id: osv-reporter
binary: osv-reporter
env: # osv-reporter for github action
- CGO_ENABLED=0
- GO111MODULE=on
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
- -trimpath
ldflags:
- "-s -w"
- "-X github.com/google/osv-scanner/v2/internal/version.OSVVersion={{.Version}}"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.commit={{.Commit}}"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.date={{.CommitDate}}"
goos:
- linux
goarch:
- amd64
dockers:
# Main osv-scanner
- image_templates:
- "ghcr.io/google/osv-scanner:nightly"
dockerfile: goreleaser.dockerfile
use: buildx
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.title=osv-scanner"
- "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
- "--label=org.opencontainers.image.licenses=Apache License 2.0"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
- "--label=org.opencontainers.image.url={{.GitURL}}"
- "--platform=linux/amd64"
# Github Action
- image_templates:
- "ghcr.io/google/osv-scanner-action:nightly"
dockerfile: goreleaser-action.dockerfile
use: buildx
extra_files:
- exit_code_redirect.sh
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.title=osv-scanner-action"
- "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
- "--label=org.opencontainers.image.licenses=Apache-2.0"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
- "--label=org.opencontainers.image.url={{.GitURL}}"
- "--platform=linux/amd64"
goarch: amd64
release:
disable: true
changelog:
disable: true
================================================
FILE: .goreleaser.yml
================================================
version: 2
before:
hooks:
- go mod tidy
builds:
- main: ./cmd/osv-scanner/
id: osv-scanner
binary: osv-scanner
env:
# goreleaser does not work with CGO, it could also complicate
# usage by users in CI/CD systems like Terraform Cloud where
# they are unable to install libraries.
- CGO_ENABLED=0
- GO111MODULE=on
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
- -trimpath
ldflags:
- "-s -w"
- "-X github.com/google/osv-scanner/v2/internal/version.OSVVersion={{.Version}}"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.commit={{.Commit}}"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.date={{.CommitDate}}"
goos:
# Further testing before supporting freebsd
# - freebsd
- windows
- linux
- darwin
goarch:
- amd64
# 32bit does not compile at the moment because of spdx dependency
# - '386'
# Further testing before supporting arm
# - arm
- arm64
- main: ./cmd/osv-scanner/
id: osv-scanner-action
binary: osv-scanner-action
env:
# goreleaser does not work with CGO, it could also complicate
# usage by users in CI/CD systems like Terraform Cloud where
# they are unable to install libraries.
- CGO_ENABLED=0
- GO111MODULE=on
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
- -trimpath
ldflags:
- "-s -w"
- "-X github.com/google/osv-scanner/v2/internal/version.OSVVersion={{.Version}}_GHAction"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.commit={{.Commit}}"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.date={{.CommitDate}}"
goos:
- linux
goarch:
- amd64
- main: ./cmd/osv-reporter/
id: osv-reporter
binary: osv-reporter
env: # osv-reporter for github action
- CGO_ENABLED=0
- GO111MODULE=on
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
- -trimpath
ldflags:
- "-s -w"
- "-X github.com/google/osv-scanner/v2/internal/version.OSVVersion={{.Version}}"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.commit={{.Commit}}"
- "-X github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd.date={{.CommitDate}}"
goos:
- linux
goarch:
- amd64
dockers:
# Arch: amd64
- image_templates:
- "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
dockerfile: goreleaser.dockerfile
use: buildx
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.title=osv-scanner"
- "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
- "--label=org.opencontainers.image.licenses=Apache License 2.0"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
- "--label=org.opencontainers.image.url={{.GitURL}}"
- "--platform=linux/amd64"
# Arch: arm64
- image_templates:
- "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"
dockerfile: goreleaser.dockerfile
use: buildx
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.title=osv-scanner"
- "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
- "--label=org.opencontainers.image.licenses=Apache-2.0"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
- "--label=org.opencontainers.image.url={{.GitURL}}"
- "--platform=linux/arm64"
goarch: arm64
# Github Action
- image_templates:
- "ghcr.io/google/osv-scanner-action:{{ .Tag }}"
dockerfile: goreleaser-action.dockerfile
use: buildx
extra_files:
- exit_code_redirect.sh
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.title=osv-scanner-action"
- "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
- "--label=org.opencontainers.image.licenses=Apache-2.0"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
- "--label=org.opencontainers.image.url={{.GitURL}}"
- "--platform=linux/amd64"
goarch: amd64
docker_manifests:
- name_template: "ghcr.io/google/osv-scanner:{{ .Tag }}"
image_templates:
- "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
- "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"
- name_template: "ghcr.io/google/osv-scanner:latest"
image_templates:
- "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
- "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"
- name_template: "ghcr.io/google/osv-scanner:stable"
image_templates:
- "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
- "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"
skip_push: "{{ ne .Env.STABLE `true` }}"
archives:
- formats: binary
name_template: "{{ .Binary }}_{{ .Os }}_{{ .Arch }}"
ids:
- osv-scanner
checksum:
name_template: "{{ .ProjectName }}_SHA256SUMS"
algorithm: sha256
release:
draft: true
changelog:
disable: false
================================================
FILE: .pre-commit-hooks.yaml
================================================
---
- id: osv-scanner
name: osv-scanner
description: Scan the current working directory for vulnerable dependencies
entry: osv-scanner
always_run: true
pass_filenames: false
language: golang
args:
- "scan"
- "source"
- "--format=vertical"
- "--recursive"
- "--verbosity=error"
- "."
================================================
FILE: .prettierignore
================================================
**/testdata/**
/docs/vendor/**
/docs/_sites/**
/internal/output/html/*.gohtml
================================================
FILE: .prettierrc.json
================================================
{
"$schema": "https://json.schemastore.org/prettierrc",
"singleQuote": false,
"proseWrap": "preserve",
"endOfLine": "lf",
"arrowParens": "avoid",
"trailingComma": "none",
"htmlWhitespaceSensitivity": "ignore"
}
================================================
FILE: CHANGELOG.md
================================================
# v2.3.4
### Features:
- [Feature #2571](https://github.com/google/osv-scanner/pull/2571) Enable transitive scanning for Python requirements.txt files using the deps.dev API.
- [Feature #2649](https://github.com/google/osv-scanner/pull/2649) Add ability to allow unsafe plugins, logging a warning when any unsafe plugin is enabled.
### Fixes:
- [Bug #2630](https://github.com/google/osv-scanner/pull/2630) Improve startup performance on Windows Terminal by updating lipgloss.
- [Bug #2599](https://github.com/google/osv-scanner/pull/2599) Ensure the package deprecation enricher respects the same configuration as other plugins.
- [Bug #2600](https://github.com/google/osv-scanner/pull/2600) Ensure the Java extractor plugin for call analysis respects the same configuration as other plugins.
### Misc:
- Update osv-scalibr from v0.4.2 to v0.4.5. Release notes: [v0.4.3](https://github.com/google/osv-scalibr/releases/tag/v0.4.3), [v0.4.4](https://github.com/google/osv-scalibr/releases/tag/v0.4.4), [v0.4.5](https://github.com/google/osv-scalibr/releases/tag/v0.4.5).
# v2.3.3
### Features:
- [Feature #2458](https://github.com/google/osv-scanner/pull/2458) Add `--exclude` flag to skip paths during scanning.
- [Feature #2477](https://github.com/google/osv-scanner/pull/2477) Add `pylock` extractor.
- [Feature #2475](https://github.com/google/osv-scanner/pull/2475) Add base image info to container scanning output header (in table, markdown and vertical formats).
### Misc:
- Update Go version to 1.25.7.
- Update osv-scalibr from v0.4.1 to v0.4.2. [Release note](https://github.com/google/osv-scalibr/releases/tag/v0.4.2).
- Refactor to better align with osv-scalibr plugins and inventory data structure.
# v2.3.2
This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in `osv-scanner.json`, and ignore entry tracking, along with documentation updates.
### Fixes:
- [Bug #2415](https://github.com/google/osv-scanner/pull/2415) Add more PURL-to-ecosystem mappings
- [Bug #2422](https://github.com/google/osv-scanner/pull/2422) MCP error for get_vulnerability_id because type definition is incorrect.
- [Bug #2460](https://github.com/google/osv-scanner/pull/2460) Enable osv-scanner.json git queries
- [Bug #2456](https://github.com/google/osv-scanner/pull/2456) Properly track if an ignore entry has been used
- [Bug #2450](https://github.com/google/osv-scanner/pull/2450) **Performance:** Avoid loading the entire advisory unless it will actually be used
- [Bug #2445](https://github.com/google/osv-scanner/pull/2445) **Performance:** Don't read the entire zip into memory
- [Bug #2433](https://github.com/google/osv-scanner/pull/2433) Allow specifying user agent in v2 osvscanner package
### Misc:
- [Misc #2453](https://github.com/google/osv-scanner/pull/2453) Switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
- [Misc #2447](https://github.com/google/osv-scanner/pull/2447) Include `bun.lock` as a supported lockfile
- [Misc #2444](https://github.com/google/osv-scanner/pull/2444) Document GoVersionOverride in configuration.md
# v2.3.1
### Features:
- [Feature #2370](https://github.com/google/osv-scanner/pull/2370) Add support for the `packagedeprecation` plugin via the new `--experimental-flag-deprecated-packages` flag. The result is available in all output formats except SPDX.
### Fixes:
- [Bug #2395](https://github.com/google/osv-scanner/pull/2395) Fix license scanning to correctly match new `deps.dev` package names.
- [Bug #2333](https://github.com/google/osv-scanner/pull/2333) Deduplicate SARIF outputs for GitHub.
- [Bug #2259](https://github.com/google/osv-scanner/pull/2259) Fix lookup of Go packages with major versions by including the subpath of Go PURLs, preventing false positives.
### Misc:
- Updated Go version to v1.25.5 to support Go reachability analysis for the latest version.
# v2.3.0
This release migrates to the new `osv.dev` and `osv-schema` proto bindings for its internal data models ([#2328](https://github.com/google/osv-scanner/pull/2328)). This is primarily an internal change and should not impact users.
### Features:
- [Feature #2321](https://github.com/google/osv-scanner/pull/2321) Add support for license checks for RubyGems.
- [Feature #2294](https://github.com/google/osv-scanner/pull/2294) Replace `requirementsenhanceable` extractor with transitive enricher.
- [Feature #2344](https://github.com/google/osv-scanner/pull/2344) Use `osduplicate` annotators.
### Fixes:
- [Bug #2329](https://github.com/google/osv-scanner/pull/2329) Add `--ignore-scripts` flag to npm lockfile generation.
- [Bug #2311](https://github.com/google/osv-scanner/pull/2311) Improve logic for `--all-packages` flag.
- [Bug #2309](https://github.com/google/osv-scanner/pull/2309) Exit with a non-zero code when showing help.
- [Bug #2316](https://github.com/google/osv-scanner/pull/2316) Pre-commit hook now defaults to scanning current directory instead of failing.
- [Bug #1507 (osv-scalibr)](https://github.com/google/osv-scalibr/pull/1507) Interpolate Maven projects before extracting repositories.
# v2.2.4
### Features:
- [Feature #2256](https://github.com/google/osv-scanner/pull/2256) Add experimental OSV-Scanner MCP server. (`osv-scanner experimental-mcp`)
- [Feature #2284](https://github.com/google/osv-scanner/pull/2284) Update `osv-scalibr` integration, replacing `baseimagematch` with the base image enricher.
- [Feature #2216](https://github.com/google/osv-scanner/pull/2216) Warn when vulnerabilities specified in the ignore config are not found during a scan (fixes \#2206).
### Fixes:
- [Bug #2305](https://github.com/google/osv-scanner/pull/2305) Ignore common protocols and `.git` suffix when checking if an advisory affects a git repository (fixes \#2291).
- [Bug #2300](https://github.com/google/osv-scanner/pull/2300) Ensure the global logger is used in `cmdlogger` and `osv-scalibr` when set (fixes \#2081).
- [Bug #2295](https://github.com/google/osv-scanner/pull/2295) Fix Go stdlib license result matching (fixes \#2191).
# v2.2.3
### Features:
- [Feature #2209](https://github.com/google/osv-scanner/pull/2209) Add support for resolving git packages that have a version specified.
- [Feature #2210](https://github.com/google/osv-scanner/pull/2210) Make the `--experimental-plugins` flag additive by default, and introduce a new `--experimental-no-default-plugins` flag.
- [Feature #2203](https://github.com/google/osv-scanner/pull/2203) Update `osv-scalibr` to 0.3.4 for improved dependency extraction. See osv-scalibr changelog for additional information.
### Fixes:
- [Bug #2214](https://github.com/google/osv-scanner/pull/2214) Fix issue where `input.Path` was incorrectly constructed on Windows when using the `-L` flag.
- [Fix #2241](https://github.com/google/osv-scanner/pull/2241) **Performance:** Greatly reduce memory usage in the local matcher by only loading advisories relevant to the packages being scanned.
# v2.2.2
### Features:
- [Feature #2113](https://github.com/google/osv-scanner/pull/2113) Add support for Java reachability analysis to identify uncalled vulnerabilities in JAR files.
- [Feature #2177](https://github.com/google/osv-scanner/pull/2177) Automatically parse `osv-scanner-custom.json` files as `osv-scanner.json` custom lockfiles.
### Fixes:
- [Bug #2204](https://github.com/google/osv-scanner/pull/2204) Add a warning to guide users to the correct GitHub Action.
- [Bug #2202](https://github.com/google/osv-scanner/pull/2202) Fix incorrect exit code when unimportant vulnerabilities are found in non-container scans.
- [Bug #2188](https://github.com/google/osv-scanner/pull/2188) Fix handling of absolute paths on Windows.
# v2.2.1
### Fixes
- [Bug #2151](https://github.com/google/osv-scanner/issues/2151) Filter by ecosystem before querying.
# v2.2.0
OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (`--experimental-plugins`, see details [here](https://google.github.io/osv-scanner/experimental/manual-plugin-selection/))!
### Features:
- [Feature #2146](https://github.com/google/osv-scanner/pull/2146) Allow manual OSV-Scalibr plugin selection.
- [Feature #2144](https://github.com/google/osv-scanner/pull/2144) Add OSV-Scalibr version to osv-scanner --version output.
- [Feature #2021](https://github.com/google/osv-scanner/pull/2021) Add experimental support for running OSV-Scalibr detectors.
- [Feature #2079](https://github.com/google/osv-scanner/pull/2079) Fall back to offline extractor if the transitive one fails, so at least direct dependencies are returned.
- [Feature #2032](https://github.com/google/osv-scanner/pull/2032) Add summary section at the top of outputs and a 'Fixed Version' column.
- [Feature #2076](https://github.com/google/osv-scanner/pull/2076) Support Ubuntu severity type.
### Fixes:
- [Bug #2141](https://github.com/google/osv-scanner/pull/2141) Fix OSV-Scanner json scans not matching with correct ecosystem.
- [Bug #2084](https://github.com/google/osv-scanner/pull/2084) Show absolute paths when scanning containers.
- [Bug #2126](https://github.com/google/osv-scanner/pull/2126) Log and preserve package count before continuing on db error.
- [Bug #2095](https://github.com/google/osv-scanner/pull/2095) Pass through plugin capabilities correctly.
- [Bug #2051](https://github.com/google/osv-scanner/pull/2051) Properly flag if running on Linux or Mac OSs for plugin compatibility.
- [Bug #2072](https://github.com/google/osv-scanner/pull/2072) Add missing "text" property in description fields.
- [Bug #2068](https://github.com/google/osv-scanner/pull/2068) Change links in output to go to the specific vulnerability page instead of the list page.
- [Bug #2064](https://github.com/google/osv-scanner/pull/2064) Fix SARIF v3 output to include results.
### API Changes:
- [API Change #2096](https://github.com/google/osv-scanner/pull/2096) Allow log handler to be overridden.
# v2.1.0
### Features:
- [Feature #2038](https://github.com/google/osv-scanner/pull/2038) Add CycloneDX location field to the output source string.
- [Feature #2036](https://github.com/google/osv-scanner/pull/2036) Include upstream source information in vulnerability grouping to improve accuracy.
- [Feature #1970](https://github.com/google/osv-scanner/pull/1970) Hide unimportant vulnerabilities by default to reduce noise, and adds a `--show-all-vulns` flag to show all.
- [Feature #2003](https://github.com/google/osv-scanner/pull/2003) Add experimental summary output format for the reporter.
- [Feature #1988](https://github.com/google/osv-scanner/pull/1988) Add support for CycloneDX 1.6 report format.
- [Feature #1987](https://github.com/google/osv-scanner/pull/1987) Add support for `gems.locked` files used by Bundler.
- [Feature #1980](https://github.com/google/osv-scanner/pull/1980) Enable transitive dependency extraction for Python `requirements.txt` files.
- [Feature #1961](https://github.com/google/osv-scanner/pull/1961) Deprecate the `--sbom` flag in favor of the existing `-L/--lockfile` flag for scanning SBOMs.
- [Feature #1963](https://github.com/google/osv-scanner/pull/1963) Stabilize various experimental fields in the output by moving them out of the experimental struct.
- [Feature #1957](https://github.com/google/osv-scanner/pull/1957) Use a dedicated exit code for invalid configuration files.
### Fixes:
- [Bug #2046](https://github.com/google/osv-scanner/pull/2046) Correctly set the user agent string for all outgoing requests.
- [Bug #2019](https://github.com/google/osv-scanner/pull/2019) Use more natural language in the descriptions for extractor-related flags.
- [Bug #1982](https://github.com/google/osv-scanner/pull/1982) Correctly parse Ubuntu package information with suffixes (e.g. `:Pro`, `:LTS`).
- [Bug #2000](https://github.com/google/osv-scanner/pull/2000) Ensure CDATA content in XML is correctly outputted in guided remediation.
- [Bug #1949](https://github.com/google/osv-scanner/pull/1949) Fix filtering of package types in vulnerability counts.
# v2.0.3
### Features:
- [Feature #1943](https://github.com/google/osv-scanner/pull/1943) Added a flag to suppress "no package sources found" error.
- [Feature #1844](https://github.com/google/osv-scanner/pull/1844) Allow flags to be passed after scan targets, e.g. `osv-scanner ./scan-this-dir --format=vertical`, by updating to cli/v3
- [Feature #1882](https://github.com/google/osv-scanner/pull/1882) Added a `stable` tag to container images for releases that follow semantic versioning.
- [Feature #1846](https://github.com/google/osv-scanner/pull/1846) Experimental: Add `--experimental-extractors` and `--experimental-disable-extractors` flags to allow for more granular control over which OSV-Scalibr dependency extractors are used.
### Fixes:
- [Bug #1856](https://github.com/google/osv-scanner/pull/1856) Improve XML output by guessing and matching the indentation of existing `<dependency>` elements.
- [Bug #1850](https://github.com/google/osv-scanner/pull/1850) Prevent escaping of single quotes in XML attributes for better readability and correctness.
- [Bug #1922](https://github.com/google/osv-scanner/pull/1922) Prevent a potential panic in `MatchVulnerabilities` when the API response is nil, particularly on timeout.
- [Bug #1916](https://github.com/google/osv-scanner/pull/1916) Add the "ubuntu" namespace to the debian purl type to correctly parse dpkg BOMs generated on Ubuntu.
- [Bug #1871](https://github.com/google/osv-scanner/pull/1871) Ensure inventories are sorted by PURL in addition to name and version to prevent incorrect deduplication of packages.
- [Bug #1919](https://github.com/google/osv-scanner/pull/1919) Improve error reporting by including the underlying error when the response body from a Maven registry cannot be read.
- [Bug #1857](https://github.com/google/osv-scanner/pull/1857) Fix an issue where SPDX output is not correctly outputted because it was getting overwritten.
- [Bug #1873](https://github.com/google/osv-scanner/pull/1873) Fix the GitHub Action to not ignore general errors during execution.
- [Bug #1955](https://github.com/google/osv-scanner/pull/1955) Fix issue causing error messages to be spammed when not running in a git repository.
- [Bug #1930](https://github.com/google/osv-scanner/pull/1930) Fix issue where Maven client loses auth data during extraction.
### Misc:
- Update dependencies and updated golang to 1.24.4
# v2.0.2
### Fixes:
- [Bug #1842](https://github.com/google/osv-scanner/pull/1842) Fix an issue in the GitHub Action where call analysis for Go projects using the `tool` directive (Go 1.24+) in `go.mod` files would fail. The scanner image has been updated to use a newer Go version.
- [Bug #1806](https://github.com/google/osv-scanner/pull/1806) Fix an issue where license overrides were not correctly reflected in the final scan results and license summary.
- [Fix #1825](https://github.com/google/osv-scanner/pull/1825), [#1809](https://github.com/google/osv-scanner/pull/1809), [#1805](https://github.com/google/osv-scanner/pull/1805), [#1803](https://github.com/google/osv-scanner/pull/1803), [#1787](https://github.com/google/osv-scanner/pull/1787) Enhance XML output stability and consistency by preserving original spacing and minimizing unnecessary escaping. This helps reduce differences when XML files are processed.
# v2.0.1
### Features:
- [Feature #1730](https://github.com/google/osv-scanner/pull/1730) Add support for extracting dependencies from .NET `packages.config` and `packages.lock.json` files.
- [Feature #1770](https://github.com/google/osv-scanner/pull/1770) Add support for extracting dependencies from rust binaries compiled with cargo-auditable.
- [Feature #1761](https://github.com/google/osv-scanner/pull/1761) Improve output when scanning for OS packages, we now show binary packages associated with a source package in the table output.
### Fixes:
- [Bug #1752](https://github.com/google/osv-scanner/pull/1752) Fix paging depth issue when querying the osv.dev API.
- [Bug #1747](https://github.com/google/osv-scanner/pull/1747) Ensure osv-reporter prints warnings instead of errors for certain messages to return correct exit code (related to [osv-scanner-action#65](https://github.com/google/osv-scanner-action/issues/65)).
- [Bug #1717](https://github.com/google/osv-scanner/pull/1717) Fix issue where nested CycloneDX components were not being parsed.
- [Bug #1744](https://github.com/google/osv-scanner/pull/1744) Fix issue where empty CycloneDX SBOMs was causing a panic.
- [Bug #1726](https://github.com/google/osv-scanner/pull/1726) De-duplicate references in CycloneDX report output for improved validity.
- [Bug #1727](https://github.com/google/osv-scanner/pull/1727) Remove automatic opening of HTML reports in the browser (fixes [#1721](https://github.com/google/osv-scanner/issues/1721)).
- [Bug #1735](https://github.com/google/osv-scanner/pull/1735) Require a tag when scanning container images to prevent potential errors.
### Docs:
- [Docs #1753](https://github.com/google/osv-scanner/pull/1753) Correct documentation for the OSV-Scanner GitHub Action (fixes [osv-scanner-action#68](https://github.com/google/osv-scanner-action/issues/68)).
- [Docs #1743](https://github.com/google/osv-scanner/pull/1743) Minor grammar fixes in documentation.
### API Changes:
- [API Change #1763](https://github.com/google/osv-scanner/pull/1763) Made the SourceType enum public.
# OSV-Scanner v2.0.0
This release merges the improvements, features, and fixes from v2.0.0-rc1, v2.0.0-beta2, and v2.0.0-beta1.
**Important:** This release includes several breaking changes aimed at future-proofing OSV-Scanner. Please consult our comprehensive **[Migration Guide](https://google.github.io/osv-scanner/migration-guide.html)** to ensure a smooth upgrade.
### Features:
- **Layer and base image-aware container scanning:**
- Rewritten support for Debian, Ubuntu, and Alpine container images.
- Layer level analysis and vulnerability breakdown.
- Supports Go, Java, Node, and Python artifacts within supported distros.
- Base image identification via `deps.dev`.
- Usage: `osv-scanner scan image <image-name>:<tag>`
- **Interactive HTML output:**
- Severity breakdown, package/ID/importance filtering, vulnerability details.
- Container image layer filtering, layer info, base image identification.
- Usage: `osv-scanner scan --serve ...`
- **Guided Remediation for Maven pom.xml:**
- Remediate direct and transitive dependencies (non-interactive mode).
- New `override` remediation strategy.
- Support for reading/writing `pom.xml` and parent POM files.
- Private registry support for Maven metadata.
- Machine-readable output for guided remediation.
- **Enhanced Dependency Extraction with `osv-scalibr`:**
- Haskell: `cabal.project.freeze`, `stack.yaml.lock`
- .NET: `deps.json`
- Python: `uv.lock`
- Artifacts: `node_module`s, Python wheels, Java uber jars, Go binaries
- [Feature #1636](https://github.com/google/osv-scanner/pull/1636) `osv-scanner update` command for updating the local vulnerability database (formerly experimental).
- [Feature #1582](https://github.com/google/osv-scanner/pull/1582) Add container scanning information to vertical output format.
- [Feature #1587](https://github.com/google/osv-scanner/pull/1587) Add support for severity in SARIF report format.
- [Feature #1569](https://github.com/google/osv-scanner/pull/1569) Add support for `bun.lock` lockfiles.
- [Feature #1547](https://github.com/google/osv-scanner/pull/1547) Add experimental config support to the `scan image` command.
- [Feature #1557](https://github.com/google/osv-scanner/pull/1557) Allow setting port number with `--serve` using the new `--port` flag.
### Breaking Changes:
- [Feature #1670](https://github.com/google/osv-scanner/pull/1670) Guided remediation now defaults to non-interactive mode; use the `--interactive` flag for interactive mode.
- [Feature #1670](https://github.com/google/osv-scanner/pull/1686) Removed the `--verbosity=verbose` verbosity level.
- [Feature #1673](https://github.com/google/osv-scanner/pull/1673) & [Feature #1664](https://github.com/google/osv-scanner/pull/1664) All previous experimental flags are now out of experimental, and the experimental flag mechanism has been removed.
- [Feature #1651](https://github.com/google/osv-scanner/pull/1651) Multiple license flags have been merged into a single `--license` flag.
- [Feature #1666](https://github.com/google/osv-scanner/pull/1666) API: `reporter` removed; logging now uses `slog`, which can be overridden.
- [Feature #1638](https://github.com/google/osv-scanner/pull/1638) API: Deprecated packages removed, including `lockfile` (migrated to `OSV-Scalibr`).
### Improvements:
- [Feature #1561](https://github.com/google/osv-scanner/pull/1561) Updated HTML report for better contrast and usability (from beta2).
- [Feature #1584](https://github.com/google/osv-scanner/pull/1584) Make skipping the root git repository the default behavior (from beta2).
- [Feature #1648](https://github.com/google/osv-scanner/pull/1648) Updated HTML report styling to improve contrast (from rc1).
### Fixes:
- [Fix #1598](https://github.com/google/osv-scanner/pull/1598) Fix table output vulnerability ordering.
- [Fix #1616](https://github.com/google/osv-scanner/pull/1616) Filter out Ubuntu unimportant vulnerabilities.
- [Fix #1585](https://github.com/google/osv-scanner/pull/1585) Fixed issue where base images are occasionally duplicated.
- [Fix #1597](https://github.com/google/osv-scanner/pull/1597) Fixed issue where SBOM parsers are not correctly parsing CycloneDX files when using the `bom.xml` filename.
- [Fix #1566](https://github.com/google/osv-scanner/pull/1566) Fixed issue where offline scanning returns different results from online scanning.
- [Fix #1538](https://github.com/google/osv-scanner/pull/1538) Reduce memory usage when using guided remediation.
We encourage everyone to upgrade to OSV-Scanner v2.0.0 and experience these powerful new capabilities! As always, your feedback is invaluable, so please don't hesitate to share your thoughts and suggestions.
- [General V2 feedback](https://github.com/google/osv-scanner/discussions/1529)
- [Container scanning feedback](https://github.com/google/osv-scanner/discussions/1521)
# v2.0.0-rc1
Our first release candidate for OSV-Scanner V2, which includes various breaking changes osv-scanner to help future proof osv-scanner in V2! See the changelog for beta1 and beta2 for the full list of changes.
We've also added a migration guide here: https://google.github.io/osv-scanner/migration-guide.html
### Changes:
- [Feature #1670](https://github.com/google/osv-scanner/pull/1670) Guided remediation now makes non-interactive the default mode, and adds the `--interactive` flag.
- [Feature #1670](https://github.com/google/osv-scanner/pull/1686) Removes the `--verbosity=verbose` verbosity level.
- [Feature #1673](https://github.com/google/osv-scanner/pull/1673) & [Feature #1664](https://github.com/google/osv-scanner/pull/1664) Moves all our experimental flags out of experimental, and removes the experimental flags.
- [Feature #1651](https://github.com/google/osv-scanner/pull/1651) License flags have been merged into a single license flag. See `--help` or migration guide for more details.
### Features:
- [Feature #1636](https://github.com/google/osv-scanner/pull/1636) `osv-scanner update` command has been released as an experimental feature.
- [Feature #1582](https://github.com/google/osv-scanner/pull/1582) Add container scanning related information to vertical output format.
- [Feature #1587](https://github.com/google/osv-scanner/pull/1587) Add support for severity in SARIF report format.
### Fixes
- [Fix #1677](https://github.com/google/osv-scanner/pull/1677) Fix OS filter for HTML report.
- [Fix #1598](https://github.com/google/osv-scanner/pull/1598) Fix table output vulnerability ordering.
- [Fix #1661](https://github.com/google/osv-scanner/pull/1661) Add spinner to iframs in the HTML report.
- [Fix #1648](https://github.com/google/osv-scanner/pull/1648) Updated HTML report styling to improve contrast.
- [Fix #1616](https://github.com/google/osv-scanner/pull/1616) Display git scanning results in HTML report.
- [Fix #1616](https://github.com/google/osv-scanner/pull/1616) Filter out Ubuntu unimportant vulnerabilities.
### API changes
- [Feature #1666](https://github.com/google/osv-scanner/pull/1666) Removes `reporter`, all logging now goes through slog, which you can override to change the output.
- [Feature #1638](https://github.com/google/osv-scanner/pull/1638) All deprecated packages have been removed from the osv-scanner module, this includes the `lockfile` package, which has been migrated to the `OSV-Scalibr` library.
# v2.0.0-beta2
This second beta release brings a series of fixes and improvements to the previous release.
### Improvements:
- [Feature #1561](https://github.com/google/osv-scanner/pull/1561) Updated HTML report for better contrast and usability
- [Feature #1569](https://github.com/google/osv-scanner/pull/1569) Add support for bun.lock lockfiles.
- [Feature #1584](https://github.com/google/osv-scanner/pull/1584) Make skip root git repository the default behavior.
- [Feature #1547](https://github.com/google/osv-scanner/pull/1547) Add experimental config support to the image command.
- [Feature #1557](https://github.com/google/osv-scanner/pull/1557) Allow setting port number when using the `--serve` flag with the new `--port` flag.
### Fixes
- [Fix #1585](https://github.com/google/osv-scanner/pull/1585) Fixed issue where base images are occasionally duplicated.
- [Fix #1597](https://github.com/google/osv-scanner/pull/1597) Fixed issue where SBOM parsers are not correctly parsing CycloneDX files when using the `bom.xml` filename.
- [Fix #1566](https://github.com/google/osv-scanner/pull/1566) Fixed issue where offline scanning returns different results from online scanning.
- [Fix #1538](https://github.com/google/osv-scanner/pull/1538) Reduce memory usage when using guided remediation.
# v2.0.0-beta1
The first beta of OSV-Scanner V2 is here! This beta release introduces significant enhancements, including refactored dependency extraction capabilities, container image scanning, and guided remediation for Maven.
This beta release does _not_ introduce any breaking CLI changes and the beta period is expected to last approximately one month. However, as this is a beta release, there may be breaking changes breaking changes in the final release compared to the first beta.
We encourage you to try out these new features and would appreciate any feedback you might have on our discussion topics:
- [General V2 feedback](https://github.com/google/osv-scanner/discussions/1529)
- [Container scanning feedback](https://github.com/google/osv-scanner/discussions/1521)
### Layer and base image-aware container scanning
A significant new feature is a rewritten, layer-aware container scanning support for Debian, Ubuntu, and Alpine container images. OSV-Scanner can now analyze container images to provide:
- Layers where a package was first introduced
- Layer history and commands
- Base images the image is based on
- OS/Distro the container is running on
This layer analysis leverages [OSV-Scalibr](https://github.com/google/osv-scalibr), and supports the following OSes and languages:
| Distro Support | Language Artifacts Support |
| -------------- | -------------------------- |
| Alpine OS | Go |
| Debian | Java |
| Ubuntu | Node |
| | Python |
Base image identification also leverages a new experimental API provided by https://deps.dev.
For usage, run the new `scan image` command:
```
osv-scanner scan image <image-name>:<tag>
```
Check out our [documentation](https://google.github.io/osv-scanner/usage/scan-image) for more details.
### Interactive HTML output
A new, interactive HTML output is now available. This provides a lot more interactivity and information compared to terminal only outputs, including:
- Severity breakdown
- Package and ID filtering
- Vulnerability importance filtering
- Full vulnerability advisory entries
And additionally for container image scanning:
- Layer filtering
- Image layer information
- Base image identification
### Guided Remediation for Maven pom.xml
Last year we released a feature called [guided remediation](https://osv.dev/blog/posts/announcing-guided-remediation-in-osv-scanner/) for npm. We have now expanded support to Maven pom.xml.
With guided remediation support for Maven, you can remediate vulnerabilities in both direct and transitive dependencies through direct version updates or overriding versions through dependency management.
We’ve introduced a few new features for our Maven support:
- A new remediation strategy `override` is introduced.
- Support for reading and writing pom.xml files, including writing changes to local parent pom files.
- Private registry can be specified to fetch Maven metadata.
The guided remediation support for Maven is only available in the non-interactive mode. For basic usage, run the following command:
```
osv-scanner fix --non-interactive --strategy=override -M path/to/pom.xml
```
We also introduced machine readable output for guided remediation that makes it easier to integrate guided remediation into your workflow.
For more usage details on guided remediation, please see our [documentation](https://google.github.io/osv-scanner/experimental/guided-remediation/).
### Enhanced Dependency Extraction with `osv-scalibr`
With the help from [OSV-Scalibr](https://github.com/google/osv-scalibr), we now also have expanded support for the kinds of dependencies we can extract from projects and containers:
#### Source manifests and lockfiles
- Haskell: `cabal.project.freeze`, `stack.yaml.lock`
- .NET: `deps.json`
- Python: `uv.lock`
#### Artifacts
- node_modules
- Python wheels
- Java uber jars
- Go binaries
The full list of supported formats can be found [here](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/).
The first beta doesn’t enable every single extractor currently available in OSV-Scalibr today. We’ll continue to add more leading up to the final 2.0.0 release.
OSV-Scalibr also makes it incredibly easy to add new extractors. Please file a [feature request](https://github.com/google/osv-scalibr/issues) if a format you’re interested in is missing!
# v1.9.1
### Features:
- [Feature #1295](https://github.com/google/osv-scanner/pull/1295) Support offline database in fix subcommand.
- [Feature #1342](https://github.com/google/osv-scanner/pull/1342) Add `--experimental-offline-vulnerabilities` and `--experimental-no-resolve` flags.
- [Feature #1045](https://github.com/google/osv-scanner/pull/1045) Support private registries for Maven.
- [Feature #1226](https://github.com/google/osv-scanner/pull/1226) Support support `vulnerabilities.ignore` in package overrides.
### Fixes:
- [Bug #604](https://github.com/google/osv-scanner/pull/604) Use correct path separator in SARIF output when on Windows.
- [Bug #330](https://github.com/google/osv-scanner/pull/330) Warn about and ignore duplicate entries in SBOMs.
- [Bug #1325](https://github.com/google/osv-scanner/pull/1325) Set CharsetReader and Entity when reading pom.xml.
- [Bug #1310](https://github.com/google/osv-scanner/pull/1310) Update spdx license ids.
- [Bug #1288](https://github.com/google/osv-scanner/pull/1288) Sort sbom packages by PURL.
- [Bug #1285](https://github.com/google/osv-scanner/pull/1285) Improve handling if `docker` exits with a non-zero code when trying to scan images
### API Changes:
- Deprecate auxillary public packages: As part of the V2 update described above, we have started deprecating some of the auxillary packages
which are not commonly used to give us more room to make better API designs. These include:
- `config`
- `depsdev`
- `grouper`
- `spdx`
# v1.9.0
### Features:
- [Feature #1243](https://github.com/google/osv-scanner/pull/1243) Allow explicitly ignoring the license of a package in config with `license.ignore = true`.
- [Feature #1249](https://github.com/google/osv-scanner/pull/1249) Error if configuration file has unknown properties.
- [Feature #1271](https://github.com/google/osv-scanner/pull/1271) Assume `.txt` files with "requirements" in their name are `requirements.txt` files
### Fixes:
- [Bug #1242](https://github.com/google/osv-scanner/pull/1242) Announce when a config file is invalid and exit with a non-zero code.
- [Bug #1241](https://github.com/google/osv-scanner/pull/1241) Display `(no reason given)` when there is no reason in the override config.
- [Bug #1252](https://github.com/google/osv-scanner/pull/1252) Don't allow `LoadPath` to be set via config file.
- [Bug #1279](https://github.com/google/osv-scanner/pull/1279) Report all ecosystems without local databases in one single line.
- [Bug #1283](https://github.com/google/osv-scanner/pull/1283) Output invalid PURLs when scanning SBOMs.
- [Bug #1278](https://github.com/google/osv-scanner/pull/1278) Apply go version override to _all_ instances of the `stdlib`.
### Misc:
- [#1253](https://github.com/google/osv-scanner/pull/1253) Deprecate `ParseX()` functions in `pkg/lockfile` in favor of their `Extract` equivalents.
- [#1290](https://github.com/google/osv-scanner/pull/1290) Bump maximum number of concurrent requests to the OSV.dev API.
# v1.8.5:
### Features:
- [Feature #1160](https://github.com/google/osv-scanner/pull/1160) Support fetching snapshot versions from a Maven registry.
- [Feature #1177](https://github.com/google/osv-scanner/pull/1177) Support composite-based package overrides. This allows for ignoring entire manifests when scanning.
- [Feature #1210](https://github.com/google/osv-scanner/pull/1210) Add FIXED-VULN-IDS to guided remediation non-interactive output.
### Fixes:
- [Bug #1220](https://github.com/google/osv-scanner/issues/1220) Fix govulncheck calls on C code.
- [Bug #1236](https://github.com/google/osv-scanner/pull/1236) Alpine package scanning now falls back to latest release version if no release version can be found.
# v1.8.4:
### Features:
- [Feature #1177](https://github.com/google/osv-scanner/pull/1177) Adds `--upgrade-config` flag for configuring allowed upgrades on a per-package basis. Also hide & deprecate previous `--disallow-major-upgrades` and `--disallow-package-upgrades` flags.
### Fixes:
- [Bug #1123](https://github.com/google/osv-scanner/issues/1123) Issue when running osv-scanner on project running with golang 1.22 #1123
### Misc:
- [Feature #638](https://github.com/google/osv-scanner/issues/638) Update go policy to use stable go version for builds (updated to go 1.23)
# v1.8.3:
### Features:
- [Feature #889](https://github.com/google/osv-scanner/pull/889) OSV-Scanner now provides "vertical" output format!
### Fixes:
- [Bug #1115](https://github.com/google/osv-scanner/issues/1115) Ensure that `semantic` is passed a valid `models.Ecosystem`.
- [Bug #1140](https://github.com/google/osv-scanner/pull/1140) Add Maven dependency management to override client.
- [Bug #1149](https://github.com/google/osv-scanner/pull/1149) Handle Maven parent relative path.
### Misc:
- [Feature #1091](https://github.com/google/osv-scanner/pull/1091) Improved the runtime of DiffVulnerabilityResults. Thanks @neilnaveen!
- [Feature #1125](https://github.com/google/osv-scanner/pull/1125) Workflow for stale issue and PR management.
# v1.8.2:
### Features:
- [Feature #1014](https://github.com/google/osv-scanner/pull/1014) Adding CycloneDX 1.4 and 1.5 output format. Thanks @marcwieserdev!
### Fixes:
- [Bug #769](https://github.com/google/osv-scanner/issues/769) Fixed missing vulnerabilities for debian purls for `--experimental-local-db`.
- [Bug #1055](https://github.com/google/osv-scanner/issues/1055) Ensure that `package` exists in `affected` property.
- [Bug #1072](https://github.com/google/osv-scanner/issues/1072) Filter out unimportant vulnerabilities from vuln group.
- [Bug #1077](https://github.com/google/osv-scanner/issues/1077) Fix rate osv-scanner deadlock.
- [Bug #924](https://github.com/google/osv-scanner/issues/924) Ensure that npm dependencies retain their "production" grouping.
# v1.8.0/v1.8.1:
### Features:
- [Feature #35](https://github.com/google/osv-scanner/issues/35)
OSV-Scanner now scans transitive dependencies in Maven `pom.xml` files!
See [our documentation](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/#transitive-dependency-scanning) for more information.
- [Feature #944](https://github.com/google/osv-scanner/pull/944)
The `osv-scanner.toml` configuration file can now filter specific packages with new `[[PackageOverrides]]` sections:
```toml
[[PackageOverrides]]
# The package name, version, and ecosystem to match against
name = "lib"
# If version is not set or empty, it will match every version
version = "1.0.0"
ecosystem = "Go"
# Ignore this package entirely, including license scanning
ignore = true
# Override the license of the package
# This is not used if ignore = true
license.override = ["MIT", "0BSD"]
# effectiveUntil = 2022-11-09 # Optional exception expiry date
reason = "abc"
```
### Minor Updates
- [Feature #1039](https://github.com/google/osv-scanner/pull/1039) The `--experimental-local-db` flag has been removed and replaced with a new flag `--experimental-download-offline-databases` which better reflects what the flag does.
To replicate the behavior of the original `--experimental-local-db` flag, replace it with both `--experimental-offline --experimental-download-offline-databases` flags. This will run osv-scanner in offline mode, but download the latest version of the vulnerability databases before scanning.
### Fixes:
- [Bug #1000](https://github.com/google/osv-scanner/pull/1000) Standard dependencies now correctly override `dependencyManagement` dependencies when scanning `pom.xml` files in offline mode.
# v1.7.4:
### Features:
- [Feature #943](https://github.com/google/osv-scanner/pull/943) Support scanning gradle/verification-metadata.xml files.
### Misc:
- [Bug #968](https://github.com/google/osv-scanner/issues/968) Hide unimportant Debian vulnerabilities to reduce noise.
# v1.7.3:
### Features:
- [Feature #934](https://github.com/google/osv-scanner/pull/934) add support for PNPM v9 lockfiles.
### Fixes:
- [Bug #938](https://github.com/google/osv-scanner/issues/938) Ensure the sarif output has a stable order.
- [Bug #922](https://github.com/google/osv-scanner/issues/922) Support filtering on alias IDs in Guided Remediation.
# v1.7.2:
### Fixes:
- [Bug #899](https://github.com/google/osv-scanner/issues/899) Guided Remediation: Parse paths in npmrc auth fields correctly.
- [Bug #908](https://github.com/google/osv-scanner/issues/908) Fix rust call analysis by explicitly disabling stripping of debug info.
- [Bug #914](https://github.com/google/osv-scanner/issues/914) Fix regression for go call analysis introduced in 1.7.0.
# v1.7.1:
(There is no Github release for this version)
### Fixes
- [Bug #856](https://github.com/google/osv-scanner/issues/856)
Add retry logic to make calls to OSV.dev API more resilient. This combined with changes in OSV.dev's API should result in much less timeout errors.
### API Features
- [Feature #781](https://github.com/google/osv-scanner/pull/781)
add `MakeVersionRequestsWithContext()`
- [Feature #857](https://github.com/google/osv-scanner/pull/857)
API and networking related errors now has their own error and exit code (Exit Code 129)
# v1.7.0:
### Features
- [Feature #352](https://github.com/google/osv-scanner/issues/352) Guided Remediation
Introducing our new experimental guided remediation feature on `osv-scanner fix` subcommand.
See our [docs](https://google.github.io/osv-scanner/experimental/guided-remediation/) for detailed usage instructions.
- [Feature #805](https://github.com/google/osv-scanner/pull/805)
Include CVSS MaxSeverity in JSON output.
### Fixes
- [Bug #818](https://github.com/google/osv-scanner/pull/818)
Align GoVulncheck Go version with go.mod.
- [Bug #797](https://github.com/google/osv-scanner/pull/797)
Don't traverse gitignored dirs for gitignore files.
### Miscellaneous
- [#831](https://github.com/google/osv-scanner/pull/831)
Remove version number from the release binary name.
# v1.6.2:
### Features
- [Feature #694](https://github.com/google/osv-scanner/pull/694)
Add subcommands! OSV-Scanner now has subcommands! The base command has been moved to `scan` (currently the only commands is `scan`).
By default if you do not pass in a command, `scan` will be used, so CLI remains backwards compatible.
This is a building block to adding the guided remediation feature. See [issue #352](https://github.com/google/osv-scanner/issues/352)
for more details!
- [Feature #776](https://github.com/google/osv-scanner/pull/776)
Add pdm lockfile support.
### API Features
- [Feature #754](https://github.com/google/osv-scanner/pull/754)
Add dependency groups to flattened vulnerabilities output.
# v1.6.0:
### Features
- [Feature #694](https://github.com/google/osv-scanner/pull/694)
Add support for NuGet lock files version 2.
- [Feature #655](https://github.com/google/osv-scanner/pull/655)
Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities.
- [Feature #702](https://github.com/google/osv-scanner/pull/702)
Created an option to skip/disable upload to code scanning.
- [Feature #732](https://github.com/google/osv-scanner/pull/732)
Add option to not fail on vulnerability being found for GitHub Actions.
- [Feature #729](https://github.com/google/osv-scanner/pull/729)
Verify the spdx licenses passed in to the license allowlist.
### Fixes
- [Bug #736](https://github.com/google/osv-scanner/pull/736)
Show ecosystem and version even if git is shown if the info exists.
- [Bug #703](https://github.com/google/osv-scanner/pull/703)
Return an error if both license scanning and local/offline scanning is enabled simultaneously.
- [Bug #718](https://github.com/google/osv-scanner/pull/718)
Fixed parsing of SBOMs generated by the latest CycloneDX.
- [Bug #704](https://github.com/google/osv-scanner/pull/704)
Get go stdlib version from go.mod.
### API Features
- [Feature #727](https://github.com/google/osv-scanner/pull/727)
Changes to `Reporter` methods to add verbosity levels and to deprecate functions.
# v1.5.0:
### Features
- [Feature #501](https://github.com/google/osv-scanner/pull/501)
Add experimental license scanning support! See https://osv.dev/blog/posts/introducing-license-scanning-with-osv-scanner/ for more information!
- [Feature #642](https://github.com/google/osv-scanner/pull/642)
Support scanning `renv` files for the R language ecosystem.
- [Feature #513](https://github.com/google/osv-scanner/pull/513)
Stabilize call analysis for Go! The experimental `--experimental-call-analysis` flag has now been updated to:
```
--call-analysis=<language/all>
--no-call-analysis=<language/all>
```
with call analysis for Go enabled by default. See https://google.github.io/osv-scanner/usage/#scanning-with-call-analysis for the documentation!
- [Feature #676](https://github.com/google/osv-scanner/pull/676)
Simplify return codes:
- Return 0 if there are no findings or errors.
- Return 1 if there are any findings (license violations or vulnerabilities).
- Return 128 if no packages are found.
- [Feature #651](https://github.com/google/osv-scanner/pull/651)
CVSS v4.0 support.
- [Feature #60](https://github.com/google/osv-scanner/pull/60)
[Pre-commit hook](https://pre-commit.com/) support.
### Fixes
- [Bug #639](https://github.com/google/osv-scanner/issues/639)
We now filter local packages from scans, and report the filtering of those packages.
- [Bug #645](https://github.com/google/osv-scanner/issues/645)
Properly handle file/url paths on Windows.
- [Bug #660](https://github.com/google/osv-scanner/issues/660)
Remove noise from failed lockfile parsing.
- [Bug #649](https://github.com/google/osv-scanner/issues/649)
No longer include vendored libraries in C/C++ package analysis.
- [Bug #634](https://github.com/google/osv-scanner/issues/634)
Fix filtering of aliases to also include non OSV aliases
### Miscellaneous
- The minimum go version has been updated to go1.21 from go1.18.
# v1.4.3:
### Features
- [Feature #621](https://github.com/google/osv-scanner/pull/621)
Add support for scanning vendored C/C++ files.
- [Feature #581](https://github.com/google/osv-scanner/pull/581)
Scan submodules commit hashes.
### Fixes
- [Bug #626](https://github.com/google/osv-scanner/issues/626)
Fix gitignore matching for root directory
- [Bug #622](https://github.com/google/osv-scanner/issues/622)
Go binary not found should not be an error
- [Bug #588](https://github.com/google/osv-scanner/issues/588)
handle npm/yarn aliased packages
- [Bug #607](https://github.com/google/osv-scanner/pull/607)
fix: remove some extra newlines in sarif report
# v1.4.2:
### Fixes
- [Bug #574](https://github.com/google/osv-scanner/issues/574)
Support versions with build metadata in `yarn.lock` files
- [Bug #599](https://github.com/google/osv-scanner/issues/599)
Add name field to sarif rule output
# v1.4.1:
### Features
- [Feature #534](https://github.com/google/osv-scanner/pull/534)
New SARIF format that separates out individual vulnerabilities, see https://github.com/google/osv-scanner/issues/216
- [Experimental Feature #57](https://github.com/google/osv-scanner/issues/57) Experimental Github Action!
Have a look at https://google.github.io/osv-scanner/experimental/ for how to use the new Github Action in your repo.
Experimental, so might change with only a minor update.
### API Features
- [Feature #557](https://github.com/google/osv-scanner/pull/557) Add new ecosystems, and a slice containing all of them.
# v1.4.0:
### Features
- [Feature #183](https://github.com/google/osv-scanner/pull/183)
Add (experimental) offline mode! See [our documentation](https://google.github.io/osv-scanner/experimental/#offline-mode) for how to use it.
- [Feature #452](https://github.com/google/osv-scanner/pull/452)
Add (experimental) rust call analysis, detect whether vulnerable functions are actually called in your Rust project! See [our documentation](https://google.github.io/osv-scanner/experimental/#call-analysis-in-rust) for limitations and how to use this.
- [Feature #484](https://github.com/google/osv-scanner/pull/484) Detect the installed `go` version and checks for vulnerabilities in the standard library.
- [Feature #505](https://github.com/google/osv-scanner/pull/505) OSV-Scanner doesn't support your lockfile format? You can now use your own parser for your format, and create an intermediate `osv-scanner.json` for osv-scanner to scan. See [our documentation](https://google.github.io/osv-scanner/usage/#custom-lockfiles) for instructions.
### API Features
- [Feature #451](https://github.com/google/osv-scanner/pull/451) The lockfile package now support extracting dependencies directly from any io.Reader, removing the requirement of a file path.
### Fixes
- [Bug #457](https://github.com/google/osv-scanner/pull/457)
Fix PURL mapping for Alpine packages
- [Bug #462](https://github.com/google/osv-scanner/pull/462)
Use correct plural and singular forms based on count
# v1.3.6:
### Minor Updates
- [Feature #431](https://github.com/google/osv-scanner/pull/431)
Update GoVulnCheck integration.
- [Feature #439](https://github.com/google/osv-scanner/pull/439)
Create `models.PURLToPackage()`, and deprecate `osvscanner.PURLToPackage()`.
### Fixes
- [Feature #439](https://github.com/google/osv-scanner/pull/439)
Fix `PURLToPackage` not returning the full namespace of packages in ecosystems
that use them (e.g. golang).
# v1.3.5:
### Features
- [Feature #409](https://github.com/google/osv-scanner/pull/409)
Adds an additional column to the table output which shows the severity if available.
### API Features
- [Feature #424](https://github.com/google/osv-scanner/pull/424)
- [Feature #417](https://github.com/google/osv-scanner/pull/417)
- [Feature #417](https://github.com/google/osv-scanner/pull/417)
- Update the models package to better reflect the osv schema, including:
- Add the withdrawn field
- Improve timestamp serialization
- Add related field
- Add additional ecosystem constants
- Add new reference types
- Add YAML tags
# v1.3.4:
### Minor Updates
- [Feature #390](https://github.com/google/osv-scanner/pull/390) Add an
user agent to OSV API requests.
# v1.3.3:
### Fixes
- [Bug #369](https://github.com/google/osv-scanner/issues/369) Fix
requirements.txt misparsing lines that contain `--hash`.
- [Bug #237](https://github.com/google/osv-scanner/issues/237) Clarify when no
vulnerabilities are found.
- [Bug #354](https://github.com/google/osv-scanner/issues/354) Fix cycle in
requirements.txt causing infinite recursion.
- [Bug #367](https://github.com/google/osv-scanner/issues/367) Fix panic when
parsing empty lockfile.
### API Features
- [Feature #357](https://github.com/google/osv-scanner/pull/357) Update
`pkg/osv` to allow overriding the http client / transport
# v1.3.2:
### Fixes
- [Bug #341](https://github.com/google/osv-scanner/pull/341) Make the reporter
public to allow calling DoScan with non nil reporters.
- [Bug #335](https://github.com/google/osv-scanner/issues/335) Improve SBOM
parsing and relaxing name requirements when explicitly scanning with
`--sbom`.
- [Bug #333](https://github.com/google/osv-scanner/issues/333) Improve
scanning speed for regex heavy lockfiles by caching regex compilation.
- [Bug #349](https://github.com/google/osv-scanner/pull/349) Improve SBOM
documentation and error messages.
# v1.3.1:
### Fixes
- [Bug #319](https://github.com/google/osv-scanner/issues/319) Fix
segmentation fault when parsing CycloneDX without dependencies.
# v1.3.0:
### Major Features:
- [Feature #198](https://github.com/google/osv-scanner/pull/198) GoVulnCheck
integration! Try it out when scanning go code by adding the
`--experimental-call-analysis` flag.
- [Feature #260](https://github.com/google/osv-scanner/pull/198) Support `-r`
flag in `requirements.txt` files.
- [Feature #300](https://github.com/google/osv-scanner/pull/300) Make
`IgnoredVulns` also ignore aliases.
- [Feature #304](https://github.com/google/osv-scanner/pull/304) OSV-Scanner
now runs faster when there's multiple vulnerabilities.
### Fixes
- [Bug #249](https://github.com/google/osv-scanner/issues/249) Support yarn
locks with quoted properties.
- [Bug #232](https://github.com/google/osv-scanner/issues/232) Parse nested
CycloneDX components correctly.
- [Bug #257](https://github.com/google/osv-scanner/issues/257) More specific
cyclone dx parsing.
- [Bug #256](https://github.com/google/osv-scanner/issues/256) Avoid panic
when parsing `file:` dependencies in `pnpm` lockfiles.
- [Bug #261](https://github.com/google/osv-scanner/issues/261) Deduplicate
packages that appear multiple times in `Pipenv.lock` files.
- [Bug #267](https://github.com/google/osv-scanner/issues/267) Properly handle
comparing zero versions in Maven.
- [Bug #279](https://github.com/google/osv-scanner/issues/279) Trim leading
zeros off when comparing numerical components in Maven versions.
- [Bug #291](https://github.com/google/osv-scanner/issues/291) Check if PURL
is valid before adding it to queries.
- [Bug #293](https://github.com/google/osv-scanner/issues/293) Avoid infinite
loops parsing Maven poms with syntax errors
- [Bug #295](https://github.com/google/osv-scanner/issues/295) Set version in
the source code, this allows version to be displayed in most package
managers.
- [Bug #297](https://github.com/google/osv-scanner/issues/297) Support Pipenv
develop packages without versions.
### API Features
- [Feature #310](https://github.com/google/osv-scanner/pull/310) Improve the
OSV models to allow for 3rd party use of the library.
# v1.2.0:
### Major Features:
- [Feature #168](https://github.com/google/osv-scanner/pull/168) Support for
scanning debian package status file, usually located in
`/var/lib/dpkg/status`. Thanks @cmaritan
- [Feature #94](https://github.com/google/osv-scanner/pull/94) Specify what
parser should be used in `--lockfile`.
- [Feature #158](https://github.com/google/osv-scanner/pull/158) Specify
output format to use with the `--format` flag.
- [Feature #165](https://github.com/google/osv-scanner/pull/165) Respect
`.gitignore` files by default when scanning.
- [Feature #156](https://github.com/google/osv-scanner/pull/156) Support
markdown table output format. Thanks @deftdawg
- [Feature #59](https://github.com/google/osv-scanner/pull/59) Support
`conan.lock` lockfiles and ecosystem Thanks @SSE4
- Updated documentation! Check it out here:
https://google.github.io/osv-scanner/
### Minor Updates:
- [Feature #178](https://github.com/google/osv-scanner/pull/178) Support SPDX
2.3.
- [Feature #221](https://github.com/google/osv-scanner/pull/221) Support
dependencyManagement section in Maven poms.
- [Feature #167](https://github.com/google/osv-scanner/pull/167) Make
osvscanner API library public.
- [Feature #141](https://github.com/google/osv-scanner/pull/141) Retry OSV API
calls to mitigate transient network issues. Thanks @davift
- [Feature #220](https://github.com/google/osv-scanner/pull/220) Vulnerability
output is ordered deterministically.
- [Feature #179](https://github.com/google/osv-scanner/pull/179) Log number of
packages scanned from SBOM.
- General dependency updates
### Fixes
- [Bug #161](https://github.com/google/osv-scanner/pull/161) Exit with non
zero exit code when there is a general error.
- [Bug #185](https://github.com/google/osv-scanner/pull/185) Properly omit
Source from JSON output.
# v1.1.0:
This update adds support for NuGet ecosystem and various bug fixes by the
community.
- [Feature #98](https://github.com/google/osv-scanner/pull/98): Support for
NuGet ecosystem.
- [Feature #71](https://github.com/google/osv-scanner/issues/71): Now supports
Pipfile.lock scanning.
- [Bug #85](https://github.com/google/osv-scanner/issues/85): Even better
support for narrow terminals by shortening osv.dev URLs.
- [Bug #105](https://github.com/google/osv-scanner/issues/105): Fix rare cases
of too many open file handles.
- [Bug #131](https://github.com/google/osv-scanner/pull/131): Fix table
highlighting overflow.
- [Bug #101](https://github.com/google/osv-scanner/issues/101): Now supports
32 bit systems.
# v1.0.2
This is a minor patch release to mitigate human readable output issues on narrow
terminals (#85).
- [Bug #85](https://github.com/google/osv-scanner/issues/85): Better support
for narrow terminals.
# v1.0.1
Various bug fixes and improvements. Many thanks to the amazing contributions and
suggestions from the community!
- Feature: ARM64 builds are now also available!
- [Feature #46](https://github.com/google/osv-scanner/pull/46): Gradle
lockfile support.
- [Feature #50](https://github.com/google/osv-scanner/pull/46): Add version
command.
- [Bug #52](https://github.com/google/osv-scanner/issues/52): Fixes 0 exit
code being wrongly emitted when vulnerabilities are present.
================================================
FILE: CONTRIBUTING.md
================================================
# How to Contribute
We'd love to accept your patches and contributions to this project. There are
just a few small guidelines you need to follow.
## Contributor License Agreement
Contributions to this project must be accompanied by a Contributor License
Agreement. You (or your employer) retain the copyright to your contribution;
this simply gives us permission to use and redistribute your contributions as
part of the project. Head over to <https://cla.developers.google.com/> to see
your current agreements on file or to sign a new one.
You generally only need to submit a CLA once, so if you've already submitted one
(even if it was for a different project), you probably don't need to do it
again.
## Code reviews
All submissions, including submissions by project members, require review. We
use GitHub pull requests for this purpose. Consult
[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
information on using pull requests.
When creating a pull request, please use the provided
[pull request template](/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md)
and fill out the sections to ensure a smooth review process.
For any new feature, please create an issue first to discuss the proposed changes
before proceeding to make a pull request. This helps ensure that your contribution
is aligned with the project's goals and avoids duplicate work.
## Community Guidelines
This project follows
[Google's Open Source Community Guidelines](https://opensource.google.com/conduct/).
## Contributing documentation
Please review the documentation [README](docs/README.md) for more information about contributing to documentation.
## Contributing code
### Prerequisites
Install:
1. [Go](https://go.dev/) 1.21+, use `go version` to check.
2. [GoReleaser](https://goreleaser.com/) (Optional, only if you want reproducible builds).
> **Note**
>
> The scripts within `/scripts` expect to be run from the root of the repository
### Building
#### Build using only `go`
Run the following in the project directory:
```shell
./scripts/build.sh
```
Produces `osv-scanner` binary in the project directory.
#### Build using `goreleaser`
Run the following in the project directory:
```shell
./scripts/build_snapshot.sh
```
See GoReleaser [documentation](https://goreleaser.com/cmd/goreleaser_build/) for build options.
You can also reproduce the downloadable builds by checking out the specific tag and running `goreleaser build`,
using the same Go version as the one used during the actual release (see goreleaser workflows).
### Running tests
To run tests:
```shell
make test
```
To see a list of all tests and other available Makefile targets, you can run:
```shell
make help
```
To get consistent test results, please run with `GOTOOLCHAIN=go<go version in go.mod>`.
The `Makefile` defines several modes you can use to change how tests run:
- `SNAPS=true`: Update snapshot tests.
- `ACC=true`: Run acceptance tests that require additional dependencies.
- `SHORT=false`: Run the full test suite instead of the default short suite.
- `VCR=<mode>`: Set the VCR recording mode (see below).
By default, tests that require additional dependencies beyond the go toolchain are skipped.
Enable these tests by running:
```shell
make test ACC=true
```
You can generate an HTML coverage report by running:
```shell
./scripts/generate_coverage_report.sh
```
You can regenerate snapshots by running tests with `SNAPS=true`:
```shell
make test SNAPS=true
```
Note that some long-running tests may be skipped and their snapshots will not be updated. To update all snapshots, use:
```shell
make update-snapshots
# Equivalent to: make test SNAPS=true SHORT=false
```
To update all snapshots for all tests, matching the CI test environment, use:
```shell
make refresh-all
```
`cmd` tests use [`go-vcr`](https://github.com/dnaeon/go-vcr) to provide a custom `http.Client` for osv.dev requests to the `querybulk` endpoint which uses
snapshots of requests called cassettes to reduce noise from changes to advisories while still providing a high degree
of confidence.
You can control the recording behaviour by passing `VCR=<mode>` as an argument to `make test`.
The `<mode>` can be one of the [supported modes](https://github.com/dnaeon/go-vcr/blob/v4/pkg/recorder/recorder.go#L51),
specified either by [its name without the `Mode` suffix or by its int value](./cmd/osv-scanner/internal/testcmd/vcr.go#L16).
```shell
# Example: Disable VCR tests to passthrough network requests
make test VCR=Passthrough
```
The default mode locally is `ReplayWithNewEpisodes`, meaning existing interactions will be replayed while any new ones will
be recorded and added to the existing cassette; when running in CI, the default mode is `ReplayOnly` meaning an error will be
raised if an http interaction is missing from a test's cassette.
If adding a lockfile with known vulnerabilities for test data, also add an [`osv-scanner.toml`](https://google.github.io/osv-scanner/configuration/) config file to exclude those vulnerabilities from scans of the repository.
### Linting
To lint your code, run
```shell
./scripts/run_lints.sh
```
### Making commits
Please follow the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification when squashing commits during a merge. This is typically the commit merged into the main branch and is often based on the PR title. Doing so helps us to automate processes like changelog generation and ensures a clear and consistent commit history.
Some types: `feat:`, `fix:`, `docs:`, `chore:`, `refactor:`, and others.
## Contributing documentation
Please follow these steps to successfully contribute documentation.
1. Fork the repository.
2. Make desired documentation changes.
3. Preview the changes by spinning up a GitHub page for your fork, building from your working branch.
<!-- markdown-link-check-disable-next-line -->
- On your fork, go to the settings tab and then the GitHub page settings. Sample URL: https://github.com/{your-github-profile}/osv-scanner/settings/pages
- Under "Build and deployment" select "Deploy from a branch"
- Set the branch to your working branch
- Set the github page to build from the "/docs" folder
- Hit save and wait for your site to build
- Once it is ready, click the link and preview the docs
4. If you are satisfied with the changes, open a PR.
5. In the PR, link to your fork's GitHub page, so we can preview the changes.
For information on how to run the documentation locally, please see our [documentation readme](https://github.com/google/osv-scanner/blob/main/docs/README.md/#running-docs-locally).
================================================
FILE: Dockerfile
================================================
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM golang:1.26.1-alpine3.23@sha256:2389ebfa5b7f43eeafbd6be0c3700cc46690ef842ad962f6c5bd6be49ed82039 AS builder
WORKDIR /src
COPY ./go.mod ./go.sum ./
RUN go mod download
COPY ./ ./
RUN go build -o osv-scanner ./cmd/osv-scanner/
FROM alpine:3.23@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
RUN apk --no-cache add ca-certificates git && \
git config --global --add safe.directory '*'
WORKDIR /root/
COPY --from=builder /src/osv-scanner .
ENTRYPOINT ["/root/osv-scanner"]
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: Makefile
================================================
export PATH := $(PATH):$(shell go env GOPATH)/bin
# Default - run help
.DEFAULT_GOAL := help
# Defaults for test
SHORT ?= true
SNAPS ?= false
ACC ?= false
VCR ?= ReplayWithNewEpisodes
help: ## Show this help message
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} \
/^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-20s\033[0m %s\n", $$1, $$2 } \
/^## / { printf " %-20s %s\n", "", substr($$0, 4) }' $(MAKEFILE_LIST)
## Prevents make from trying to interpret the targets as files
.PHONY: build scanner lint lint-fix format clean local-docs test update-snapshots refresh-all help
build: ## Build scanner
scripts/build.sh
scanner: ## Run scanner (Usage: make scanner ARGS="<args>")
go run ./cmd/osv-scanner $(ARGS)
lint: ## Run lints
scripts/run_lints.sh
lint-fix: ## Run lints and fix
scripts/run_lints.sh --fix
format: ## Run formatters
scripts/run_formatters.sh
clean: ## Clean build artifacts
rm -f osv-scanner
rm -f cmd/osv-scanner/scan/image/testdata/test-*.tar
local-docs: ## Run local docs
scripts/run_local_docs.sh
test: ## Run tests
## Options:
## SNAPS=true Update snapshots (Default: false)
## ACC=true Run acceptance tests (Default: false)
## SHORT=false Run full tests (Default: true)
## VCR=mode VCR mode (Default: ReplayWithNewEpisodes):
## - 0|RecordOnly: Record new cassettes
## - 1|ReplayOnly: Replay cassettes, error if missing
## - 2|ReplayWithNewEpisodes: Replay, record if missing
## - 3|RecordOnce: Record if missing
## - 4|Passthrough: Disable VCR
@export TEST_VCR_MODE=$(VCR); \
if [ "$(SNAPS)" = "true" ]; then export UPDATE_SNAPS=true; fi; \
if [ "$(ACC)" = "true" ]; then export TEST_ACCEPTANCE=true; fi; \
ARGS=""; \
if [ "$(SHORT)" = "true" ]; then ARGS="$$ARGS -short"; fi; \
scripts/run_tests.sh $$ARGS
update-snapshots: ## Update all snapshots (Equivalent to make test SNAPS=true SHORT=false)
$(MAKE) test SNAPS=true SHORT=false
refresh-all: ## Refresh all snaps, matching CI test (Usage: make refresh-all REBUILD_IMAGES=true)
@if [ "$(REBUILD_IMAGES)" = "true" ]; then $(MAKE) clean; fi
$(MAKE) test ACC=true SHORT=false VCR=RecordOnly SNAPS=true
================================================
FILE: README.md
================================================
<picture>
<source srcset="/docs/images/osv-scanner-full-logo-darkmode.svg" media="(prefers-color-scheme: dark)">
<!-- markdown-link-check-disable-next-line -->
<img src="/docs/images/osv-scanner-full-logo-lightmode.svg">
</picture>
---
[](https://scorecard.dev/viewer/?uri=github.com/google/osv-scanner)
[](https://goreportcard.com/report/github.com/google/osv-scanner)
[](https://codecov.io/gh/google/osv-scanner)
[](https://slsa.dev)
[](https://github.com/google/osv-scanner/releases)
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
OSV-Scanner provides an officially supported frontend to the [OSV database](https://osv.dev/) and CLI interface to [OSV-Scalibr](https://github.com/google/osv-scalibr) that connects a project’s list of dependencies with the vulnerabilities that affect them.
OSV-Scanner supports a wide range of project types, package managers and features, including but not limited to:
- **Languages:** C/C++, Dart, Elixir, Go, Java, Javascript, PHP, Python, R, Ruby, Rust.
- **Package Managers:** npm, pip, yarn, maven, go modules, cargo, gem, composer, nuget and others.
- **Operating Systems:** Detects vulnerabilities in OS packages on Linux systems.
- **Containers:** Scans container images for vulnerabilities in their base images and included packages.
- **Guided Remediation:** Provides recommendations for package version upgrades based on criteria such as dependency depth, minimum severity, fix strategy, and return on investment.
OSV-Scanner uses the extensible [OSV-Scalibr](https://github.com/google/osv-scalibr) library under the hood to provide this functionality. If a language or package manager is not supported currently, please file a [feature request.](https://github.com/google/osv-scanner/issues)
#### Underlying database
The underlying database, [OSV.dev](https://osv.dev/) has several benefits in comparison with closed source advisory databases and scanners:
- Covering most open source language and OS ecosystems (including [Git](https://osv.dev/list?q=&ecosystem=GIT)), it’s comprehensive.
- Each advisory comes from an open and authoritative source (e.g. [GitHub Security Advisories](https://github.com/github/advisory-database), [RustSec Advisory Database](https://github.com/rustsec/advisory-db), [Ubuntu security notices](https://github.com/canonical/ubuntu-security-notices/tree/main/osv))
- Anyone can suggest improvements to advisories, resulting in a very high quality database.
- The OSV format unambiguously stores information about affected versions in a machine-readable format that precisely maps onto a developer’s list of packages
The above all results in accurate and actionable vulnerability notifications, which reduces the time needed to resolve them. Check out [OSV.dev](https://osv.dev/) for more details!
## Basic installation
To install OSV-Scanner, please refer to the [installation section](https://google.github.io/osv-scanner/installation) of our documentation. OSV-Scanner releases can be found on the [releases page](https://github.com/google/osv-scanner/releases) of the GitHub repository. The recommended method is to download a prebuilt binary for your platform. Alternatively, you can use
`go install github.com/google/osv-scanner/v2/cmd/osv-scanner@latest` to build it from source.
## Key Features
For more information, please read our [detailed documentation](https://google.github.io/osv-scanner) to learn how to use OSV-Scanner. For detailed information about each feature, click their titles in this README.
Please note: These are the instructions for the latest OSV-Scanner V2 beta. If you are using V1, checkout the V1 [README](https://github.com/google/osv-scanner-v1) and [documentation](https://google.github.io/osv-scanner-v1/) instead.
### [Scanning a source directory](https://google.github.io/osv-scanner/usage)
```bash
$ osv-scanner scan source -r /path/to/your/dir
```
This command will recursively scan the specified directory for any supported package files, such as `package.json`, `go.mod`, `pom.xml`, etc. and output any discovered vulnerabilities.
OSV-Scanner has the option of using call analysis to determine if a vulnerable function is actually being used in the project, resulting in fewer false positives, and actionable alerts.
OSV-Scanner can also detect vendored C/C++ code for vulnerability scanning. See [here](https://google.github.io/osv-scanner/usage/#cc-scanning) for details.
#### Supported Lockfiles
OSV-Scanner supports 11+ language ecosystems and 19+ lockfile types. To check if your ecosystem is covered, please check out our [detailed documentation](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/#supported-lockfiles).
### [Container Scanning](https://google.github.io/osv-scanner/usage/scan-image)
OSV-Scanner also supports comprehensive, layer-aware scanning for container images to detect vulnerabilities the following operating system packages and language-specific dependencies.
| Distro Support | Language Artifacts Support |
| -------------- | -------------------------- |
| Alpine OS | Go |
| Debian | Java |
| Ubuntu | Node |
| | Python |
See the [full documentation](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/#supported-artifacts) for details on support.
**Usage**:
```bash
$ osv-scanner scan image my-image-name:tag
```
### [License Scanning](https://google.github.io/osv-scanner/usage/license-scanning/)
Check your dependencies' licenses using deps.dev data. For a summary:
```bash
osv-scanner --licenses path/to/repository
```
To check against an allowed license list (SPDX format):
```bash
osv-scanner --licenses="MIT,Apache-2.0" path/to/directory
```
### [Offline Scanning](https://google.github.io/osv-scanner/usage/offline-mode/)
Scan your project against a local OSV database. No network connection is required after the initial database download. The database can also be manually downloaded.
```bash
osv-scanner --offline --download-offline-databases ./path/to/your/dir
```
### [Guided Remediation](https://google.github.io/osv-scanner/experimental/guided-remediation/) (Experimental)
OSV-Scanner provides guided remediation, a feature that suggests package version upgrades based on criteria such as dependency depth, minimum severity, fix strategy, and return on investment.
We currently support remediating vulnerabilities in the following files:
| Ecosystem | File Format (Type) | Supported Remediation Strategies |
| :-------- | :----------------------------- | :---------------------------------------------------------------------------------------------------------------- |
| npm | `package-lock.json` (lockfile) | [`in-place`](https://google.github.io/osv-scanner/experimental/guided-remediation/#in-place-lockfile-remediation) |
| npm | `package.json` (manifest) | [`relock`](https://google.github.io/osv-scanner/experimental/guided-remediation/#in-place-lockfile-remediation) |
| Maven | `pom.xml` (manifest) | [`override`](https://google.github.io/osv-scanner/experimental/guided-remediation/#override-dependency-versions) |
This is available as a headless CLI command, as well as an interactive mode.
#### Example (for npm)
```bash
$ osv-scanner fix \
--max-depth=3 \
--min-severity=5 \
--ignore-dev \
--strategy=in-place \
-L path/to/package-lock.json
```
#### Interactive mode (for npm)
```bash
$ osv-scanner fix \
-M path/to/package.json \
-L path/to/package-lock.json
```
<img src="https://google.github.io/osv-scanner/images/guided-remediation-relock-patches.png" alt="Screenshot of the interactive relock results screen with some relaxation patches selected">
## Data Sources and Privacy
OSV-Scanner communicates with the following external services during operation:
### [OSV.dev API](https://osv.dev/)
The primary data source for vulnerability information. OSV-Scanner queries this API to check packages for known vulnerabilities and to identify vendored C/C++ dependencies. Data sent includes package names, versions, ecosystems, and file hashes. Use [`--offline` mode](https://google.github.io/osv-scanner/usage/offline-mode/) to disable network requests and scan against a local database instead.
### [deps.dev API](https://docs.deps.dev/api/)
Used for supplementary package information:
- **Dependency resolution**: Resolves dependency graphs for vulnerability scanning and remediation
- **Container image scanning**: Queries container image metadata for vulnerability detection
- **License scanning** (`--licenses` flag): Retrieves license information for packages
- **Package deprecation**: Checks if packages are deprecated
Data sent includes package names, versions, and ecosystems. No source code is transmitted.
### Package Registries
When using native registry for dependency resolution (instead of deps.dev), OSV-Scanner may query:
| Registry | URL | Used For |
| ------------- | ------------------------------ | ------------------------------------ |
| Maven Central | `repo.maven.apache.org/maven2` | Maven package metadata and POM files |
| npm Registry | `registry.npmjs.org` | npm package metadata |
| PyPI | `pypi.org` | Python package metadata |
## Contribute
### Report Problems
If you have what looks like a bug, please use the [GitHub issue tracking system](https://github.com/google/osv-scanner/issues). Before you file an issue, please search existing issues to see if your issue is already covered.
### Contributing code to `osv-scanner`
See [CONTRIBUTING.md](CONTRIBUTING.md) for documentation on how to contribute code.
## Star History
[](https://www.star-history.com/#google/osv-scanner&Date)
================================================
FILE: action.dockerfile
================================================
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# WARNING, this workflow is for legacy purposes. To view the current workflow see: https://github.com/google/osv-scanner-action
FROM golang:1.26.1-alpine3.23@sha256:2389ebfa5b7f43eeafbd6be0c3700cc46690ef842ad962f6c5bd6be49ed82039
RUN mkdir /src
WORKDIR /src
COPY ./go.mod /src/go.mod
COPY ./go.sum /src/go.sum
RUN go mod download
COPY ./ /src/
RUN go build -o osv-scanner ./cmd/osv-scanner/
RUN go build -o osv-reporter ./cmd/osv-reporter/
FROM alpine:3.23@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
RUN apk --no-cache add \
ca-certificates \
git \
bash
# Allow git to run on mounted directories
RUN git config --global --add safe.directory '*'
WORKDIR /root/
COPY --from=0 /src/osv-scanner ./
COPY --from=0 /src/osv-reporter ./
COPY ./exit_code_redirect.sh ./
ENV PATH="${PATH}:/root"
ENTRYPOINT [
"bash",
"-c",
"echo 'WARNING, this workflow is for legacy purposes. To view the current workflow see: https://github.com/google/osv-scanner-action' && /root/exit_code_redirect.sh"
]
================================================
FILE: actions/reporter/action.yml
================================================
# Currently experimental.
name: "osv-scanner-reporter"
description: "Specialized reporting of scanner results for github actions"
inputs:
scan-args:
description: "Arguments to osv-scanner, separated by new line"
required: true
runs:
using: "docker"
image: "../../action.dockerfile"
entrypoint: /root/osv-reporter
args:
- "${{ inputs.scan-args }}"
================================================
FILE: actions/scanner/action.yml
================================================
# Currently experimental.
# WARNING, this workflow is for legacy purposes. To view the current workflow see: https://github.com/google/osv-scanner-action
name: "osv-scanner"
description: "Scans your directory against the OSV database (Experimental)"
inputs:
scan-args:
description: "Arguments to osv-scanner, separated by new line"
default: |-
--recursive
./
runs:
using: "docker"
image: "../../action.dockerfile"
args:
- ${{ inputs.scan-args }}
================================================
FILE: cmd/osv-reporter/main.go
================================================
// Package main implements the osv-reporter command, which generates GitHub Action
// output for OSV scanner results.
package main
import (
"context"
"errors"
"fmt"
"io"
"log/slog"
"os"
"strings"
"github.com/google/osv-scanner/v2/internal/ci"
"github.com/google/osv-scanner/v2/internal/cmdlogger"
"github.com/google/osv-scanner/v2/internal/reporter"
"github.com/google/osv-scanner/v2/internal/version"
"github.com/google/osv-scanner/v2/pkg/models"
"github.com/google/osv-scanner/v2/pkg/osvscanner"
"github.com/urfave/cli/v3"
"golang.org/x/term"
)
var (
// Update this variable when doing a release
commit = "n/a"
date = "n/a"
)
// splitLastArg splits the last argument by new lines and appends the split
// elements onto args and returns it
func splitLastArg(args []string) []string {
lastArg := args[len(args)-1]
lastArgSplits := strings.Split(lastArg, "\n")
args = append(args[:len(args)-1], lastArgSplits...)
return args
}
func run(args []string, stdout, stderr io.Writer) int {
logger := cmdlogger.New(stdout, stderr)
slog.SetDefault(slog.New(logger))
// Allow multiple arguments to be defined by github actions by splitting the last argument
// by new lines.
args = splitLastArg(args)
cli.VersionPrinter = func(cmd *cli.Command) {
cmdlogger.Infof("osv-scanner version: %s", cmd.Version)
cmdlogger.Infof("commit: %s", commit)
cmdlogger.Infof("built at: %s", date)
}
app := &cli.Command{
Name: "osv-scanner-action-reporter",
Version: version.OSVVersion,
Usage: "(Experimental) generates github action output",
Description: "(Experimental) Used specifically to generate github action output ",
Suggest: true,
Writer: stdout,
ErrWriter: stderr,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "old",
Usage: "the old osv json output",
TakesFile: true,
Required: false,
DefaultText: "",
},
&cli.StringFlag{
Name: "new",
Usage: "the new osv json output",
TakesFile: true,
Required: true,
},
&cli.StringSliceFlag{
Name: "output-files",
Usage: "used to save files to various formats (--output-files=[format]:[path],[format]:[path]...).\n" +
"See available formats in osv-scanner (default output 'sarif').\n" +
"In output paths, there are two special options to output to terminal - '#stdout' and '#stderr'.",
TakesFile: true,
},
&cli.StringSliceFlag{
Name: "output",
Usage: "[DEPRECATED] (Use \"--output-files\" instead)",
TakesFile: true,
Action: func(_ context.Context, _ *cli.Command, _ []string) error {
cmdlogger.Warnf("Warning: --output has been deprecated in favor of --output-files")
return nil
},
},
&cli.BoolFlag{
Name: "gh-annotations",
Usage: "[DEPRECATED] (Use `--output-files=gh-annotations:#stderr`) prints github action annotations",
},
&cli.BoolFlag{
Name: "fail-on-vuln",
Usage: "whether to return 1 when vulnerabilities are found",
DefaultText: "true",
},
&cli.BoolFlag{
Name: "all-vulns",
Usage: "show all vulnerabilities including unimportant and uncalled ones",
},
},
Action: func(_ context.Context, cmd *cli.Command) error {
var termWidth int
var err error
if stdoutAsFile, ok := stdout.(*os.File); ok {
termWidth, _, err = term.GetSize(int(stdoutAsFile.Fd()))
if err != nil { // If output is not a terminal,
termWidth = 0
}
}
oldPath := cmd.String("old")
newPath := cmd.String("new")
oldVulns := models.VulnerabilityResults{}
if oldPath != "" {
oldVulns, err = ci.LoadVulnResults(oldPath)
if err != nil {
cmdlogger.Warnf("failed to open old results at %s: %v - likely because target branch has no lockfiles.", oldPath, err)
// Do not return, assume there is no oldVulns (which will display all new vulns).
oldVulns = models.VulnerabilityResults{}
}
}
newVulns, err := ci.LoadVulnResults(newPath)
if err != nil {
cmdlogger.Warnf("failed to open new results at %s: %v - likely because previous step failed.", newPath, err)
newVulns = models.VulnerabilityResults{}
// Do not return a non zero error code.
}
var diffVulns models.VulnerabilityResults
diffVulnOccurrences := ci.DiffVulnerabilityResultsByOccurrences(oldVulns, newVulns)
if len(diffVulnOccurrences) == 0 {
// There are actually no new vulns, no need to do full diff
//
// Since `DiffVulnerabilityResultsByUniqueVulnCount` does not account for Source or Package,
// this actually changes the results in some cases, e.g.
//
// When a lockfile is moved, `DiffVulnerabilityResults` will report the moved lockfile as having
// a new vulnerability if the existing lockfile has a vulnerability. However this check will
// report no vulnerabilities. This is desired behavior.
// TODO: This will need to be not empty when we change osv-scanner to report all packages
diffVulns = models.VulnerabilityResults{}
} else {
// TODO: This will need to contain all scanned packages when we change osv-scanner to report all packages
diffVulns = ci.DiffVulnerabilityResults(oldVulns, newVulns)
}
showAllVulns := cmd.Bool("all-vulns")
stdoutTaken := false
outputPaths := cmd.StringSlice("output-files")
if len(outputPaths) == 0 {
outputPaths = cmd.StringSlice("output")
}
if len(outputPaths) != 0 {
for _, outputPath := range outputPaths {
format := "sarif"
// Parses strings like: "markdown:./output-path.md
preColon, postColon, found := strings.Cut(outputPath, ":")
if found {
outputPath = postColon
format = preColon
}
var writer io.Writer
var err error
switch outputPath {
case "#stdout":
writer = stdout
stdoutTaken = true
case "#stderr":
writer = stderr
stdoutTaken = true
default:
writer, err = os.Create(outputPath)
}
if err != nil {
return fmt.Errorf("failed to create output file: %w", err)
}
termWidth = 0
if errPrint := reporter.PrintResult(&diffVulns, format, writer, termWidth, showAllVulns); errPrint != nil {
return fmt.Errorf("failed to write output: %w", errPrint)
}
}
}
if !stdoutTaken {
if errPrint := reporter.PrintResult(&diffVulns, "table", stdout, termWidth, showAllVulns); errPrint != nil {
return fmt.Errorf("failed to write output: %w", errPrint)
}
}
if cmd.Bool("gh-annotations") {
if errPrint := reporter.PrintResult(&diffVulns, "gh-annotations", stderr, termWidth, showAllVulns); errPrint != nil {
return fmt.Errorf("failed to write output: %w", errPrint)
}
}
// Default to true, only false when explicitly set to false
failOnVuln := !cmd.IsSet("fail-on-vuln") || cmd.Bool("fail-on-vuln")
// Check if any is *not* called
anyIsCalled := false
for _, vuln := range diffVulns.Flatten() {
if vuln.GroupInfo.IsCalled() {
anyIsCalled = true
break
}
}
// if vulnerability exists it should return error
if len(diffVulns.Results) > 0 && failOnVuln && anyIsCalled {
return osvscanner.ErrVulnerabilitiesFound
}
return nil
},
}
err := app.Run(context.Background(), args)
// if the config is invalid, it's possible that is why any other errors
// happened so that exit code takes priority
if logger.HasErroredBecauseInvalidConfig() {
return 130
}
if err != nil {
if errors.Is(err, osvscanner.ErrVulnerabilitiesFound) {
return 1
}
if errors.Is(err, osvscanner.ErrNoPackagesFound) {
cmdlogger.Errorf("No package sources found, --help for usage information.")
return 128
}
cmdlogger.Errorf("%v", err)
}
// if we've been told to print an error, and not already exited with
// a specific error code, then exit with a generic non-zero code
if logger.HasErrored() {
return 127
}
return 0
}
func main() {
os.Exit(run(os.Args, os.Stdout, os.Stderr))
}
================================================
FILE: cmd/osv-reporter/main_test.go
================================================
package main
import (
"reflect"
"testing"
)
func Test_splitLastArg(t *testing.T) {
t.Parallel()
tests := []struct {
name string
args []string
want []string
}{
{
args: []string{
"--test1",
"--test2",
"--test3\n--test4\n--test5",
},
want: []string{
"--test1",
"--test2",
"--test3",
"--test4",
"--test5",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
if got := splitLastArg(tt.args); !reflect.DeepEqual(got, tt.want) {
t.Errorf("splitLastArg() = %v, want %v", got, tt.want)
}
})
}
}
================================================
FILE: cmd/osv-scanner/__snapshots__/main_test.snap
================================================
[Test_run/#00 - 1]
NAME:
osv-scanner scan - scans projects and container images for dependencies, and checks them against the OSV database.
USAGE:
osv-scanner scan [command [command options]]
DESCRIPTION:
scans projects and container images for dependencies, and checks them against the OSV database.
COMMANDS:
source scans a source project's dependencies for known vulnerabilities using the OSV database.
image detects vulnerabilities in a container image's dependencies, pulling the image if it's not found locally
OPTIONS:
--help, -h show help
---
[Test_run/#00 - 2]
---
[Test_run/#01 - 1]
NAME:
osv-scanner scan - scans projects and container images for dependencies, and checks them against the OSV database.
USAGE:
osv-scanner scan [command [command options]]
DESCRIPTION:
scans projects and container images for dependencies, and checks them against the OSV database.
COMMANDS:
source scans a source project's dependencies for known vulnerabilities using the OSV database.
image detects vulnerabilities in a container image's dependencies, pulling the image if it's not found locally
OPTIONS:
--help, -h show help
---
[Test_run/#01 - 2]
---
[Test_run/version - 1]
osv-scanner version: 2.3.4
osv-scalibr version: 0.4.5
commit: n/a
built at: n/a
---
[Test_run/version - 2]
---
[Test_run_SubCommands/scan_with_a_flag - 1]
Scanning dir ./testdata/locks-one-with-nested
Scanned <rootdir>/testdata/locks-one-with-nested/nested/composer.lock file and found 1 package
Scanned <rootdir>/testdata/locks-one-with-nested/yarn.lock file and found 1 package
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
No issues found
---
[Test_run_SubCommands/scan_with_a_flag - 2]
Warning: `scan` exists as both a subcommand of OSV-Scanner and as a file on the filesystem. `scan` is assumed to be a subcommand here. If you intended for `scan` to be an argument to `scan`, you must specify `scan scan` in your command line.
---
[Test_run_SubCommands/with_no_subcommand - 1]
Scanning dir ./testdata/locks-many/composer.lock
Scanned <rootdir>/testdata/locks-many/composer.lock file and found 1 package
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
No issues found
---
[Test_run_SubCommands/with_no_subcommand - 2]
---
[Test_run_SubCommands/with_scan_subcommand - 1]
Scanning dir ./testdata/locks-many/composer.lock
Scanned <rootdir>/testdata/locks-many/composer.lock file and found 1 package
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
No issues found
---
[Test_run_SubCommands/with_scan_subcommand - 2]
Warning: `scan` exists as both a subcommand of OSV-Scanner and as a file on the filesystem. `scan` is assumed to be a subcommand here. If you intended for `scan` to be an argument to `scan`, you must specify `scan scan` in your command line.
---
================================================
FILE: cmd/osv-scanner/fix/__snapshots__/command_test.snap
================================================
[TestCommand/errors_when_in_place_used_without_lockfile - 1]
---
[TestCommand/errors_when_in_place_used_without_lockfile - 2]
in-place strategy requires lockfile
---
[TestCommand/errors_when_in_place_used_without_lockfile - 3]
{
"name": "osv-fix",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo /"Error: no test specified/" && exit 1"
},
"author": "",
"license": "ISC",
"dependencies": {
"npm-registry-client": "6.2.0"
}
}
---
[TestCommand/errors_when_override_used_without_manifest - 1]
---
[TestCommand/errors_when_override_used_without_manifest - 2]
override strategy requires manifest file
---
[TestCommand/errors_when_override_used_without_manifest - 3]
{
"name": "osv-fix",
"version": "1.0.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "osv-fix",
"version": "1.0.0",
"license": "ISC",
"dependencies": {
"npm-registry-client": "^6.2.0"
}
},
"node_modules/ajv": {
"version": "6.12.6",
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
"integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
"dependencies": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
"json-schema-traverse": "^0.4.1",
"uri-js": "^4.2.2"
},
"funding": {
"type": "github",
"url": "https://github.com/sponsors/epoberezkin"
}
},
"node_modules/ansi-regex": {
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
"integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
"optional": true,
"engines": {
"node": ">=8"
}
},
"node_modules/aproba": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/aproba/-/aproba-2.0.0.tgz",
"integrity": "sha512-lYe4Gx7QT+MKGbDsA+Z+he/Wtef0BiwDOlK/XkBrdfsh9J/jPPXbX0tE9x9cl27Tmu5gg3QUbUrQYa/y+KOHPQ==",
"optional": true
},
"node_modules/are-we-there-yet": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-4.0.2.tgz",
"integrity": "sha512-ncSWAawFhKMJDTdoAeOV+jyW1VCMj5QIAwULIBV0SSR7B/RLPPEQiknKcg/RIIZlUQrxELpsxMiTUoAQ4sIUyg==",
"optional": true,
"engines": {
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
}
},
"node_modules/asn1": {
"version": "0.2.6",
"resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
"integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
"dependencies": {
"safer-buffer": "~2.1.0"
}
},
"node_modules/assert-plus": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
"integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==",
"engines": {
"node": ">=0.8"
}
},
"node_modules/asynckit": {
"version": "0.4.0",
"resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
"integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
},
"node_modules/aws-sign2": {
"version": "0.7.0",
"resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
"integrity": "sha512-08kcGqnYf/YmjoRhfxyu+CLxBjUtHLXLXX/vUfx9l2LYzG3c1m61nrpyFUZI6zeS+Li/wWMMidD9KgrqtGq3mA==",
"engines": {
"node": "*"
}
},
"node_modules/aws4": {
"version": "1.12.0",
"resolved": "https://registry.npmjs.org/aws4/-/aws4-1.12.0.tgz",
"integrity": "sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg=="
},
"node_modules/balanced-match": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
"integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
},
"node_modules/bcrypt-pbkdf": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
"integrity": "sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w==",
"dependencies": {
"tweetnacl": "^0.14.3"
}
},
"node_modules/brace-expansion": {
"version": "1.1.11",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"node_modules/caseless": {
"version": "0.12.0",
"resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
"integrity": "sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw=="
},
"node_modules/chownr": {
"version": "0.0.2",
"resolved": "https://registry.npmjs.org/chownr/-/chownr-0.0.2.tgz",
"integrity": "sha512-4sa7ZJ+/DavveVRsu49tUbYvLn5cS75w8gLQr14jXlFxSNbuoY7G6gPjcVfgdQ+c4BW02b0hXV5nOXYFD7Fmpw=="
},
"node_modules/color-support": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/color-support/-/color-support-1.1.3.tgz",
"integrity": "sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg==",
"optional": true,
"bin": {
"color-support": "bin.js"
}
},
"node_modules/combined-stream": {
"version": "1.0.8",
"resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
"integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
"dependencies": {
"delayed-stream": "~1.0.0"
},
"engines": {
"node": ">= 0.8"
}
},
"node_modules/concat-map": {
"version": "0.0.1",
"resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
"integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="
},
"node_modules/concat-stream": {
"version": "1.5.0",
"resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.5.0.tgz",
"integrity": "sha512-litEocitzYgqQ0IPaoLw+tCHcVcJJYW05+SAhH+LS9qutSC7iuejvawts3cUYQycZbRbLsjG8mCJLQi2KX5kEw==",
"engines": [
"node >= 0.8"
],
"dependencies": {
"inherits": "~2.0.1",
"readable-stream": "~2.0.0",
"typedarray": "~0.0.5"
}
},
"node_modules/console-control-strings": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
"integrity": "sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ==",
"optional": true
},
"node_modules/core-util-is": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
"integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="
},
"node_modules/dashdash": {
"version": "1.14.1",
"resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
"integrity": "sha512-jRFi8UDGo6j+odZiEpjazZaWqEal3w/basFjQHQEwVtZJGDpxbH1MeYluwCS8Xq5wmLJooDlMgvVarmWfGM44g==",
"dependencies": {
"assert-plus": "^1.0.0"
},
"engines": {
"node": ">=0.10"
}
},
"node_modules/delayed-stream": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
"integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
"engines": {
"node": ">=0.4.0"
}
},
"node_modules/ecc-jsbn": {
"version": "0.1.2",
"resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
"integrity": "sha512-eh9O+hwRHNbG4BLTjEl3nw044CkGm5X6LoaCf7LPp7UU8Qrt47JYNi6nPX8xjW97TKGKm1ouctg0QSpZe9qrnw==",
"dependencies": {
"jsbn": "~0.1.0",
"safer-buffer": "^2.1.0"
}
},
"node_modules/emoji-regex": {
"version": "8.0.0",
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
"integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
"optional": true
},
"node_modules/extend": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
"integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
},
"node_modules/extsprintf": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
"integrity": "sha512-11Ndz7Nv+mvAC1j0ktTa7fAb0vLyGGX+rMHNBYQviQDGU0Hw7lhctJANqbPhu9nV9/izT/IntTgZ7Im/9LJs9g==",
"engines": [
"node >=0.6.0"
]
},
"node_modules/fast-deep-equal": {
"version": "3.1.3",
"resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
"integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="
},
"node_modules/fast-json-stable-stringify": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
"integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw=="
},
"node_modules/forever-agent": {
"version": "0.6.1",
"resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
"integrity": "sha512-j0KLYPhm6zeac4lz3oJ3o65qvgQCcPubiyotZrXqEaG4hNagNYO8qdlUrX5vwqv9ohqeT/Z3j6+yW067yWWdUw==",
"engines": {
"node": "*"
}
},
"node_modules/form-data": {
"version": "2.3.3",
"resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz",
"integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.6",
"mime-types": "^2.1.12"
},
"engines": {
"node": ">= 0.12"
}
},
"node_modules/fs.realpath": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
"integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
},
"node_modules/function-bind": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
"integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/gauge": {
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/gauge/-/gauge-5.0.1.tgz",
"integrity": "sha512-CmykPMJGuNan/3S4kZOpvvPYSNqSHANiWnh9XcMU2pSjtBfF0XzZ2p1bFAxTbnFxyBuPxQYHhzwaoOmUdqzvxQ==",
"optional": true,
"dependencies": {
"aproba": "^1.0.3 || ^2.0.0",
"color-support": "^1.1.3",
"console-control-strings": "^1.1.0",
"has-unicode": "^2.0.1",
"signal-exit": "^4.0.1",
"string-width": "^4.2.3",
"strip-ansi": "^6.0.1",
"wide-align": "^1.1.5"
},
"engines": {
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
}
},
"node_modules/getpass": {
"version": "0.1.7",
"resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
"integrity": "sha512-0fzj9JxOLfJ+XGLhR8ze3unN0KZCgZwiSSDz168VERjK8Wl8kVSdcu2kspd4s4wtAa1y/qrVRiAA0WclVsu0ng==",
"dependencies": {
"assert-plus": "^1.0.0"
}
},
"node_modules/glob": {
"version": "7.2.3",
"resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
"integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
"dependencies": {
"fs.realpath": "^1.0.0",
"inflight": "^1.0.4",
"inherits": "2",
"minimatch": "^3.1.1",
"once": "^1.3.0",
"path-is-absolute": "^1.0.0"
},
"engines": {
"node": "*"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/graceful-fs": {
"version": "3.0.12",
"resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-3.0.12.tgz",
"integrity": "sha512-J55gaCS4iTTJfTXIxSVw3EMQckcqkpdRv3IR7gu6sq0+tbC363Zx6KH/SEwXASK9JRbhyZmVjJEVJIOxYsB3Qg==",
"dependencies": {
"natives": "^1.1.3"
},
"engines": {
"node": ">=0.4.0"
}
},
"node_modules/har-schema": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
"integrity": "sha512-Oqluz6zhGX8cyRaTQlFMPw80bSJVG2x/cFb8ZPhUILGgHka9SsokCCOQgpveePerqidZOrT14ipqfJb7ILcW5Q==",
"engines": {
"node": ">=4"
}
},
"node_modules/har-validator": {
"version": "5.1.5",
"resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz",
"integrity": "sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==",
"deprecated": "this library is no longer supported",
"dependencies": {
"ajv": "^6.12.3",
"har-schema": "^2.0.0"
},
"engines": {
"node": ">=6"
}
},
"node_modules/has-unicode": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz",
"integrity": "sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ==",
"optional": true
},
"node_modules/hasown": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.1.tgz",
"integrity": "sha512-1/th4MHjnwncwXsIW6QMzlvYL9kG5e/CpVvLRZe4XPa8TOUNbCELqmvhDmnkNsAjwaG4+I8gJJL0JBvTTLO9qA==",
"dependencies": {
"function-bind": "^1.1.2"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/hosted-git-info": {
"version": "2.1.4",
"resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.1.4.tgz",
"integrity": "sha512-4R9eDu2ytsDMdo7nQXHrpK1347y3nu/ThXZ4tjpkUTsZnzoIIQprnPOM65c20oInjmocLuEGBIbPsesYCqibag=="
},
"node_modules/http-signature": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
"integrity": "sha512-CAbnr6Rz4CYQkLYUtSNXxQPUH2gK8f3iWexVlsnMeD+GjlsQ0Xsy1cOX+mN3dtxYomRy21CiOzU8Uhw6OwncEQ==",
"dependencies": {
"assert-plus": "^1.0.0",
"jsprim": "^1.2.2",
"sshpk": "^1.7.0"
},
"engines": {
"node": ">=0.8",
"npm": ">=1.3.7"
}
},
"node_modules/inflight": {
"version": "1.0.6",
"resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
"integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
"dependencies": {
"once": "^1.3.0",
"wrappy": "1"
}
},
"node_modules/inherits": {
"version": "2.0.4",
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
"integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
},
"node_modules/is-core-module": {
"version": "2.13.1",
"resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz",
"integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==",
"dependencies": {
"hasown": "^2.0.0"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/is-fullwidth-code-point": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
"integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
"optional": true,
"engines": {
"node": ">=8"
}
},
"node_modules/is-typedarray": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
"integrity": "sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA=="
},
"node_modules/isarray": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
"integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
},
"node_modules/isstream": {
"version": "0.1.2",
"resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
"integrity": "sha512-Yljz7ffyPbrLpLngrMtZ7NduUgVvi6wG9RJ9IUcyCd59YQ911PBJphODUcbOVbqYfxe1wuYf/LJ8PauMRwsM/g=="
},
"node_modules/jsbn": {
"version": "0.1.1",
"resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
"integrity": "sha512-UVU9dibq2JcFWxQPA6KCqj5O42VOmAY3zQUfEKxU0KpTGXwNoCjkX1e13eHNvw/xPynt6pU0rZ1htjWTNTSXsg=="
},
"node_modules/json-schema": {
"version": "0.4.0",
"resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz",
"integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA=="
},
"node_modules/json-schema-traverse": {
"version": "0.4.1",
"resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
"integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="
},
"node_modules/json-stringify-safe": {
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
"integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA=="
},
"node_modules/jsprim": {
"version": "1.4.2",
"resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz",
"integrity": "sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==",
"dependencies": {
"assert-plus": "1.0.0",
"extsprintf": "1.3.0",
"json-schema": "0.4.0",
"verror": "1.10.0"
},
"engines": {
"node": ">=0.6.0"
}
},
"node_modules/mime-db": {
"version": "1.52.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
"integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/mime-types": {
"version": "2.1.35",
"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
"integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
"dependencies": {
"mime-db": "1.52.0"
},
"engines": {
"node": ">= 0.6"
}
},
"node_modules/minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"dependencies": {
"brace-expansion": "^1.1.7"
},
"engines": {
"node": "*"
}
},
"node_modules/minimist": {
"version": "1.2.8",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
"integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/mkdirp": {
"version": "0.5.6",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
"integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
"dependencies": {
"minimist": "^1.2.6"
},
"bin": {
"mkdirp": "bin/cmd.js"
}
},
"node_modules/natives": {
"version": "1.1.6",
"resolved": "https://registry.npmjs.org/natives/-/natives-1.1.6.tgz",
"integrity": "sha512-6+TDFewD4yxY14ptjKaS63GVdtKiES1pTPyxn9Jb0rBqPMZ7VcCiooEhPNsr+mqHtMGxa/5c/HhcC4uPEUw/nA==",
"deprecated": "This module relies on Node.js's internals and will break at some point. Do not use it, and update to graceful-fs@4.x."
},
"node_modules/normalize-package-data": {
"version": "2.5.0",
"resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz",
"integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==",
"dependencies": {
"hosted-git-info": "^2.1.4",
"resolve": "^1.10.0",
"semver": "2 || 3 || 4 || 5",
"validate-npm-package-license": "^3.0.1"
}
},
"node_modules/npm-package-arg": {
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-3.1.1.tgz",
"integrity": "sha512-jOIv9ddxThaiiI6WH2kLOsUL0vpA1rb7laRZO45OxSzGAj1ouiW0uQLq4zK2LR82pjeBO64VmEHHgUXHkyCQRw==",
"dependencies": {
"hosted-git-info": "^1.5.3",
"semver": "4"
}
},
"node_modules/npm-package-arg/node_modules/hosted-git-info": {
"version": "1.6.0",
"resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-1.6.0.tgz",
"integrity": "sha512-hX2w5jrEx2C64DRfLMb5OKHrZ8ReEkssfcjmrSHVih7dH1FD/qVn3/DfqLRQme2/CXBgpN/iApgAhpdaY+rCRQ=="
},
"node_modules/npm-registry-client": {
"version": "6.2.0",
"resolved": "https://registry.npmjs.org/npm-registry-client/-/npm-registry-client-6.2.0.tgz",
"integrity": "sha512-zFrsY9IAR3prA7lwKBWZXi/SdxPBbAQXFqQsbgGZXzECUda/8jVW2x3EfD+2h70o/PGio4K6rYvC/A/IoT1IOA==",
"dependencies": {
"chownr": "0",
"concat-stream": "^1.4.6",
"graceful-fs": "^3.0.0",
"mkdirp": "^0.5.0",
"normalize-package-data": "~1.0.1 || ^2.0.0",
"npm-package-arg": "^3.0.0",
"once": "^1.3.0",
"request": "^2.47.0",
"retry": "^0.6.1",
"rimraf": "2",
"semver": "2 >=2.2.1 || 3.x || 4",
"slide": "^1.1.3"
},
"optionalDependencies": {
"npmlog": ""
}
},
"node_modules/npmlog": {
"version": "7.0.1",
"resolved": "https://registry.npmjs.org/npmlog/-/npmlog-7.0.1.tgz",
"integrity": "sha512-uJ0YFk/mCQpLBt+bxN88AKd+gyqZvZDbtiNxk6Waqcj2aPRyfVx8ITawkyQynxUagInjdYT1+qj4NfA5KJJUxg==",
"optional": true,
"dependencies": {
"are-we-there-yet": "^4.0.0",
"console-control-strings": "^1.1.0",
"gauge": "^5.0.0",
"set-blocking": "^2.0.0"
},
"engines": {
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
}
},
"node_modules/oauth-sign": {
"version": "0.9.0",
"resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
"integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==",
"engines": {
"node": "*"
}
},
"node_modules/once": {
"version": "1.4.0",
"resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
"integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
"dependencies": {
"wrappy": "1"
}
},
"node_modules/path-is-absolute": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
"integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
"engines": {
"node": ">=0.10.0"
}
},
"node_modules/path-parse": {
"version": "1.0.7",
"resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
"integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
},
"node_modules/performance-now": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
"integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow=="
},
"node_modules/process-nextick-args": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
"integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
},
"node_modules/psl": {
"version": "1.9.0",
"resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz",
"integrity": "sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag=="
},
"node_modules/punycode": {
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
"integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
"engines": {
"node": ">=6"
}
},
"node_modules/qs": {
"version": "6.5.3",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz",
"integrity": "sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==",
"engines": {
"node": ">=0.6"
}
},
"node_modules/readable-stream": {
"version": "2.3.8",
"resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
"integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
"dependencies": {
"core-util-is": "~1.0.0",
"inherits": "~2.0.3",
"isarray": "~1.0.0",
"process-nextick-args": "~2.0.0",
"safe-buffer": "~5.1.1",
"string_decoder": "~1.1.1",
"util-deprecate": "~1.0.1"
}
},
"node_modules/request": {
"version": "2.88.2",
"resolved": "https://registry.npmjs.org/request/-/request-2.88.2.tgz",
"integrity": "sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==",
"deprecated": "request has been deprecated, see https://github.com/request/request/issues/3142",
"dependencies": {
"aws-sign2": "~0.7.0",
"aws4": "^1.8.0",
"caseless": "~0.12.0",
"combined-stream": "~1.0.6",
"extend": "~3.0.2",
"forever-agent": "~0.6.1",
"form-data": "~2.3.2",
"har-validator": "~5.1.3",
"http-signature": "~1.2.0",
"is-typedarray": "~1.0.0",
"isstream": "~0.1.2",
"json-stringify-safe": "~5.0.1",
"mime-types": "~2.1.19",
"oauth-sign": "~0.9.0",
"performance-now": "^2.1.0",
"qs": "~6.5.2",
"safe-buffer": "^5.1.2",
"tough-cookie": "~2.5.0",
"tunnel-agent": "^0.6.0",
"uuid": "^3.3.2"
},
"engines": {
"node": ">= 6"
}
},
"node_modules/resolve": {
"version": "1.22.8",
"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz",
"integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==",
"dependencies": {
"is-core-module": "^2.13.0",
"path-parse": "^1.0.7",
"supports-preserve-symlinks-flag": "^1.0.0"
},
"bin": {
"resolve": "bin/resolve"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/retry": {
"version": "0.6.1",
"resolved": "https://registry.npmjs.org/retry/-/retry-0.6.1.tgz",
"integrity": "sha512-txv1qsctZq8ei9J/uCXgaKKFPjlBB0H2hvtnzw9rjKWFNUFtKh59WprXxpAeAey3/QeWwHdxMFqStPaOAgy+dA==",
"engines": {
"node": "*"
}
},
"node_modules/rimraf": {
"version": "2.7.1",
"resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz",
"integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==",
"dependencies": {
"glob": "^7.1.3"
},
"bin": {
"rimraf": "bin.js"
}
},
"node_modules/safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
},
"node_modules/safer-buffer": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
},
"node_modules/semver": {
"version": "4.3.6",
"resolved": "https://registry.npmjs.org/semver/-/semver-4.3.6.tgz",
"integrity": "sha512-IrpJ+yoG4EOH8DFWuVg+8H1kW1Oaof0Wxe7cPcXW3x9BjkN/eVo54F15LyqemnDIUYskQWr9qvl/RihmSy6+xQ==",
"bin": {
"semver": "bin/semver"
}
},
"node_modules/set-blocking": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
"integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==",
"optional": true
},
"node_modules/signal-exit": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
"integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
"optional": true,
"engines": {
"node": ">=14"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/slide": {
"version": "1.1.6",
"resolved": "https://registry.npmjs.org/slide/-/slide-1.1.6.tgz",
"integrity": "sha512-NwrtjCg+lZoqhFU8fOwl4ay2ei8PaqCBOUV3/ektPY9trO1yQ1oXEfmHAhKArUVUr/hOHvy5f6AdP17dCM0zMw==",
"engines": {
"node": "*"
}
},
"node_modules/spdx-correct": {
"version": "3.2.0",
"resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz",
"integrity": "sha512-kN9dJbvnySHULIluDHy32WHRUu3Og7B9sbY7tsFLctQkIqnMh3hErYgdMjTYuqmcXX+lK5T1lnUt3G7zNswmZA==",
"dependencies": {
"spdx-expression-parse": "^3.0.0",
"spdx-license-ids": "^3.0.0"
}
},
gitextract_t0q6fdgj/
├── .dockerignore
├── .editorconfig
├── .gemini/
│ └── config.yaml
├── .github/
│ ├── PULL_REQUEST_TEMPLATE/
│ │ └── PULL_REQUEST_TEMPLATE.md
│ └── workflows/
│ ├── cassettes.yml
│ ├── checks.yml
│ ├── codeql-analysis.yml
│ ├── dependencies.yml
│ ├── format-action/
│ │ └── action.yml
│ ├── goreleaser-nightly.yml
│ ├── goreleaser.yml
│ ├── links.yml
│ ├── lint-action/
│ │ └── action.yml
│ ├── osv-scanner-reusable-pr.yml
│ ├── osv-scanner-reusable.yml
│ ├── osv-scanner-unified-action.yml
│ ├── prerelease-check.yml
│ ├── renovate-validator.yml
│ ├── scorecards.yml
│ ├── snapshots.yml
│ ├── staleness.yml
│ ├── test-action/
│ │ └── action.yml
│ ├── title.yml
│ └── zizmor.yml
├── .gitignore
├── .golangci-lint-version
├── .golangci.yaml
├── .goreleaser-nightly.yml
├── .goreleaser.yml
├── .pre-commit-hooks.yaml
├── .prettierignore
├── .prettierrc.json
├── CHANGELOG.md
├── CONTRIBUTING.md
├── Dockerfile
├── LICENSE
├── Makefile
├── README.md
├── action.dockerfile
├── actions/
│ ├── reporter/
│ │ └── action.yml
│ └── scanner/
│ └── action.yml
├── cmd/
│ ├── osv-reporter/
│ │ ├── main.go
│ │ └── main_test.go
│ └── osv-scanner/
│ ├── __snapshots__/
│ │ └── main_test.snap
│ ├── fix/
│ │ ├── __snapshots__/
│ │ │ └── command_test.snap
│ │ ├── command.go
│ │ ├── command_test.go
│ │ ├── interactive.go
│ │ ├── model.go
│ │ ├── noninteractive.go
│ │ ├── output.go
│ │ ├── regen_lockfile.go
│ │ ├── state-choose-in-place-patches.go
│ │ ├── state-choose-strategy.go
│ │ ├── state-in-place-result.go
│ │ ├── state-initialize.go
│ │ ├── state-relock-result.go
│ │ ├── testdata/
│ │ │ ├── in-place-npm/
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── override-maven/
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ └── pom.xml
│ │ │ └── relax-npm/
│ │ │ └── package.json
│ │ └── testmain_test.go
│ ├── internal/
│ │ ├── cmd/
│ │ │ ├── __snapshots__/
│ │ │ │ └── helpers_test.snap
│ │ │ ├── helpers.go
│ │ │ ├── helpers_test.go
│ │ │ ├── run.go
│ │ │ └── testmain_test.go
│ │ ├── helper/
│ │ │ ├── callanalysis_parser.go
│ │ │ ├── callanalysis_parser_test.go
│ │ │ ├── flags.go
│ │ │ ├── getters.go
│ │ │ └── misc.go
│ │ └── testcmd/
│ │ ├── case.go
│ │ ├── copy.go
│ │ ├── git.go
│ │ ├── run.go
│ │ └── vcr.go
│ ├── main.go
│ ├── main_test.go
│ ├── mcp/
│ │ ├── __snapshots__/
│ │ │ └── integration_test.snap
│ │ ├── command.go
│ │ ├── configuration-instructions.md
│ │ ├── integration_test.go
│ │ ├── scan-deps-prompt.md
│ │ ├── stats.go
│ │ ├── testdata/
│ │ │ └── go-project/
│ │ │ ├── go.mod
│ │ │ ├── go.sum
│ │ │ ├── main.go
│ │ │ ├── osv-scanner-test.toml
│ │ │ └── osv-scanner.toml
│ │ └── testmain_test.go
│ ├── scan/
│ │ ├── __snapshots__/
│ │ │ └── command_test.snap
│ │ ├── command.go
│ │ ├── command_test.go
│ │ ├── image/
│ │ │ ├── __snapshots__/
│ │ │ │ └── command_test.snap
│ │ │ ├── command.go
│ │ │ ├── command_test.go
│ │ │ ├── testdata/
│ │ │ │ ├── alpine-3.18-alpine-release
│ │ │ │ ├── alpine-3.18-os-release
│ │ │ │ ├── cassettes/
│ │ │ │ │ ├── TestCommand_Docker.yaml
│ │ │ │ │ ├── TestCommand_ExplicitExtractors_WithDefaults.yaml
│ │ │ │ │ ├── TestCommand_ExplicitExtractors_WithoutDefaults.yaml
│ │ │ │ │ ├── TestCommand_HtmlFile.yaml
│ │ │ │ │ ├── TestCommand_OCIImage.yaml
│ │ │ │ │ └── TestCommand_OCIImage_JSONFormat.yaml
│ │ │ │ ├── java-fixture/
│ │ │ │ │ └── app/
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── pom.xml
│ │ │ │ │ └── src/
│ │ │ │ │ └── main/
│ │ │ │ │ └── java/
│ │ │ │ │ └── com/
│ │ │ │ │ └── mycompany/
│ │ │ │ │ └── app/
│ │ │ │ │ └── App.java
│ │ │ │ ├── lockfile-fixture/
│ │ │ │ │ ├── alpine-zlib-16.cdx.json
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── package-tracing-fixture/
│ │ │ │ │ ├── go.mod
│ │ │ │ │ ├── go.sum
│ │ │ │ │ ├── main.go
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── python-fixture/
│ │ │ │ │ ├── main.py
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ └── requirements.txt
│ │ │ │ ├── sample-pkgs/
│ │ │ │ │ └── fzf_0.29.0-1ubuntu0.1_amd64.deb
│ │ │ │ ├── test-alpine-etcshadow.Dockerfile
│ │ │ │ ├── test-alpine-sbom.Dockerfile
│ │ │ │ ├── test-alpine.Dockerfile
│ │ │ │ ├── test-go-binary.Dockerfile
│ │ │ │ ├── test-image-with-deprecated/
│ │ │ │ │ ├── Cargo.toml
│ │ │ │ │ └── src/
│ │ │ │ │ └── main.rs
│ │ │ │ ├── test-image-with-deprecated.Dockerfile
│ │ │ │ ├── test-java-full.Dockerfile
│ │ │ │ ├── test-node_modules-npm-empty.Dockerfile
│ │ │ │ ├── test-node_modules-npm-full.Dockerfile
│ │ │ │ ├── test-node_modules-pnpm-empty.Dockerfile
│ │ │ │ ├── test-node_modules-pnpm-full.Dockerfile
│ │ │ │ ├── test-node_modules-yarn-empty.Dockerfile
│ │ │ │ ├── test-node_modules-yarn-full.Dockerfile
│ │ │ │ ├── test-package-tracing.Dockerfile
│ │ │ │ ├── test-python-empty.Dockerfile
│ │ │ │ ├── test-python-full.Dockerfile
│ │ │ │ ├── test-ubuntu-20-04.Dockerfile
│ │ │ │ ├── test-ubuntu-with-packages.Dockerfile
│ │ │ │ ├── test-ubuntu.Dockerfile
│ │ │ │ └── ubuntu20-04-unimportant-config.toml
│ │ │ └── testmain_test.go
│ │ ├── source/
│ │ │ ├── __snapshots__/
│ │ │ │ └── command_test.snap
│ │ │ ├── command.go
│ │ │ ├── command_test.go
│ │ │ ├── testdata/
│ │ │ │ ├── .goignore
│ │ │ │ ├── artifact/
│ │ │ │ │ ├── javareach_test.jar
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── bin/
│ │ │ │ │ └── ssh
│ │ │ │ ├── call-analysis-go-project/
│ │ │ │ │ ├── go.mod
│ │ │ │ │ ├── go.sum
│ │ │ │ │ ├── main.go
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── call-analysis-go-project-all-uncalled/
│ │ │ │ │ ├── go.mod
│ │ │ │ │ ├── go.sum
│ │ │ │ │ ├── main.go
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── cassettes/
│ │ │ │ │ ├── TestCommand.yaml
│ │ │ │ │ ├── TestCommandNonGit.yaml
│ │ │ │ │ ├── TestCommand_CallAnalysis.yaml
│ │ │ │ │ ├── TestCommand_CommitSupport.yaml
│ │ │ │ │ ├── TestCommand_Config_UnusedIgnores.yaml
│ │ │ │ │ ├── TestCommand_ExplicitExtractors_WithDefaults.yaml
│ │ │ │ │ ├── TestCommand_ExplicitExtractors_WithoutDefaults.yaml
│ │ │ │ │ ├── TestCommand_GithubActions.yaml
│ │ │ │ │ ├── TestCommand_HtmlFile.yaml
│ │ │ │ │ ├── TestCommand_HtmlFile_Deprecated.yaml
│ │ │ │ │ ├── TestCommand_JavareachArchive.yaml
│ │ │ │ │ ├── TestCommand_Licenses.yaml
│ │ │ │ │ ├── TestCommand_LocalDatabases.yaml
│ │ │ │ │ ├── TestCommand_LocalDatabases_AlwaysOffline.yaml
│ │ │ │ │ ├── TestCommand_LockfileWithExplicitParseAs.yaml
│ │ │ │ │ ├── TestCommand_MoreLockfiles.yaml
│ │ │ │ │ ├── TestCommand_Transitive.yaml
│ │ │ │ │ ├── TestCommand_WithDetector_OffLinux.yaml
│ │ │ │ │ └── TestCommand_WithDetector_OnLinux.yaml
│ │ │ │ ├── config-invalid/
│ │ │ │ │ └── osv-scanner-test.toml
│ │ │ │ ├── exp-plugins-pkgdeprecate/
│ │ │ │ │ └── deprecated-vuln/
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── go-project/
│ │ │ │ │ ├── go-version-config.toml
│ │ │ │ │ ├── go.mod
│ │ │ │ │ ├── nested/
│ │ │ │ │ │ ├── go-version-config.toml
│ │ │ │ │ │ ├── go.mod
│ │ │ │ │ │ └── osv-scanner.toml
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── locks-git/
│ │ │ │ │ └── osv-scanner.json
│ │ │ │ ├── locks-gitignore/
│ │ │ │ │ ├── subdir/
│ │ │ │ │ │ └── test.gitignore
│ │ │ │ │ └── test.gitignore
│ │ │ │ ├── locks-insecure/
│ │ │ │ │ ├── my-package-lock.json
│ │ │ │ │ ├── osv-scanner-custom-git-tag.json
│ │ │ │ │ ├── osv-scanner-custom.json
│ │ │ │ │ ├── osv-scanner-flutter-deps.json
│ │ │ │ │ ├── osv-scanner-with-unscannables.json
│ │ │ │ │ ├── osv-scanner.json
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── locks-licenses/
│ │ │ │ │ └── package.json
│ │ │ │ ├── locks-many/
│ │ │ │ │ ├── installed
│ │ │ │ │ ├── not-a-lockfile.toml
│ │ │ │ │ ├── osv-scanner-test.toml
│ │ │ │ │ ├── replace-local.mod
│ │ │ │ │ └── status
│ │ │ │ ├── locks-many-with-insecure/
│ │ │ │ │ ├── alpine.cdx.xml
│ │ │ │ │ ├── installed
│ │ │ │ │ ├── not-a-lockfile.toml
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── replace-local.mod
│ │ │ │ │ └── status
│ │ │ │ ├── locks-none/
│ │ │ │ │ └── README.md
│ │ │ │ ├── locks-requirements/
│ │ │ │ │ ├── my-requirements.txt
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── requirements-dev.txt
│ │ │ │ │ ├── requirements-transitive.txt
│ │ │ │ │ ├── requirements.prod.txt
│ │ │ │ │ ├── requirements.txt
│ │ │ │ │ ├── the_requirements_for_test.txt
│ │ │ │ │ └── unresolvable-requirements.txt
│ │ │ │ ├── locks-scalibr/
│ │ │ │ │ ├── Package.resolved
│ │ │ │ │ ├── cabal.project.freeze
│ │ │ │ │ ├── depsjson
│ │ │ │ │ ├── gems.locked
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── packages.config
│ │ │ │ │ └── packages.lock.json
│ │ │ │ ├── locks-test-ignore/
│ │ │ │ │ ├── osv-scanner-test.toml
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── maven-transitive/
│ │ │ │ │ ├── abc.xml
│ │ │ │ │ ├── encoding.xml
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ ├── parent.xml
│ │ │ │ │ ├── pom.xml
│ │ │ │ │ └── registry.xml
│ │ │ │ ├── osv-scanner-call-analysis-config.toml
│ │ │ │ ├── osv-scanner-complex-licenses-config.toml
│ │ │ │ ├── osv-scanner-composite-config.toml
│ │ │ │ ├── osv-scanner-duplicate-config.toml
│ │ │ │ ├── osv-scanner-empty-config.toml
│ │ │ │ ├── osv-scanner-expressive-licenses-config.toml
│ │ │ │ ├── osv-scanner-invalid-licenses-config.toml
│ │ │ │ ├── osv-scanner-partial-ignores-config.toml
│ │ │ │ ├── osv-scanner-reasonless-ignores-config.toml
│ │ │ │ ├── osv-scanner-unknown-config.toml
│ │ │ │ └── sbom-insecure/
│ │ │ │ ├── alpine-zlib-16.cdx.json
│ │ │ │ ├── alpine.cdx.xml
│ │ │ │ ├── bad-purls.cdx.xml
│ │ │ │ ├── only-unimportant.spdx.json
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── postgres-stretch.cdx.xml
│ │ │ │ └── with-duplicates.cdx.xml
│ │ │ └── testmain_test.go
│ │ ├── testdata/
│ │ │ ├── cassettes/
│ │ │ │ └── TestCommand_SubCommands.yaml
│ │ │ └── locks-many/
│ │ │ ├── alpine.cdx.xml
│ │ │ ├── installed
│ │ │ ├── not-a-lockfile.toml
│ │ │ ├── osv-scanner.toml
│ │ │ ├── replace-local.mod
│ │ │ └── status
│ │ └── testmain_test.go
│ ├── testdata/
│ │ ├── cassettes/
│ │ │ └── Test_run_SubCommands.yaml
│ │ └── locks-many/
│ │ ├── alpine.cdx.xml
│ │ ├── installed
│ │ ├── not-a-lockfile.toml
│ │ ├── osv-scanner.toml
│ │ ├── replace-local.mod
│ │ └── status
│ ├── testmain_test.go
│ └── update/
│ ├── __snapshots__/
│ │ └── command_test.snap
│ ├── command.go
│ ├── command_test.go
│ ├── testdata/
│ │ ├── osv-scanner.toml
│ │ └── pom.xml
│ └── testmain_test.go
├── docs/
│ ├── .gitignore
│ ├── 404.html
│ ├── Gemfile
│ ├── README.md
│ ├── _config.yml
│ ├── _sass/
│ │ ├── color_schemes/
│ │ │ ├── _variables.scss
│ │ │ └── custom_dark.scss
│ │ ├── custom/
│ │ │ └── custom.scss
│ │ └── highlight/
│ │ └── native.scss
│ ├── configuration.md
│ ├── contribute.md
│ ├── docs.Dockerfile
│ ├── experimental.md
│ ├── github-action.md
│ ├── guided-remediation.md
│ ├── index.md
│ ├── installation.md
│ ├── license-scanning.md
│ ├── manual-plugin-selection.md
│ ├── migrating-from-scalibr.md
│ ├── migration-guide.md
│ ├── offline-mode.md
│ ├── osv-reporter.md
│ ├── output.md
│ ├── package-deprecation.md
│ ├── scan-image.md
│ ├── scan-source.md
│ ├── supported_languages_and_lockfiles.md
│ └── usage.md
├── exit_code_redirect.sh
├── go.mod
├── go.sum
├── goreleaser-action.dockerfile
├── goreleaser.dockerfile
├── internal/
│ ├── cachedregexp/
│ │ └── regex.go
│ ├── ci/
│ │ ├── __snapshots__/
│ │ │ └── vulnerability_result_diff_test.snap
│ │ ├── testdata/
│ │ │ ├── not-json.txt
│ │ │ ├── results-empty.json
│ │ │ ├── results-some.json
│ │ │ └── vulns/
│ │ │ ├── test-vuln-results-a-1.json
│ │ │ ├── test-vuln-results-a.json
│ │ │ ├── test-vuln-results-b.json
│ │ │ ├── test-vuln-results-c.json
│ │ │ └── test-vuln-results-d.json
│ │ ├── testmain_test.go
│ │ ├── utility.go
│ │ ├── utility_test.go
│ │ ├── vulnerability_result_diff.go
│ │ └── vulnerability_result_diff_test.go
│ ├── clients/
│ │ ├── clientimpl/
│ │ │ ├── licensematcher/
│ │ │ │ └── licensematcher.go
│ │ │ ├── localmatcher/
│ │ │ │ ├── localmatcher.go
│ │ │ │ ├── testdata/
│ │ │ │ │ └── db/
│ │ │ │ │ ├── file.json
│ │ │ │ │ ├── file.yaml
│ │ │ │ │ ├── nested-1/
│ │ │ │ │ │ └── osv-1.json
│ │ │ │ │ └── nested-2/
│ │ │ │ │ ├── invalid.json
│ │ │ │ │ └── osv-2.json
│ │ │ │ ├── zip.go
│ │ │ │ └── zip_test.go
│ │ │ └── osvmatcher/
│ │ │ ├── cachedosvmatcher.go
│ │ │ ├── osvmatcher.go
│ │ │ └── osvmatcher_test.go
│ │ └── clientinterfaces/
│ │ ├── licensematcher.go
│ │ └── vulnerabilitymatcher.go
│ ├── cmdlogger/
│ │ ├── fmt.go
│ │ ├── handler.go
│ │ ├── interface.go
│ │ ├── level.go
│ │ ├── level_test.go
│ │ ├── scalibr.go
│ │ └── static.go
│ ├── config/
│ │ ├── config.go
│ │ ├── config_internal_test.go
│ │ ├── manager.go
│ │ └── testdata/
│ │ ├── testdatainner/
│ │ │ ├── innerFolder/
│ │ │ │ └── test.yaml
│ │ │ ├── osv-scanner-load-path.toml
│ │ │ ├── osv-scanner.toml
│ │ │ └── some-manifest.yaml
│ │ ├── unknown-key-1.toml
│ │ ├── unknown-key-2.toml
│ │ ├── unknown-key-3.toml
│ │ ├── unknown-key-4.toml
│ │ ├── unknown-key-5.toml
│ │ ├── unknown-key-6.toml
│ │ └── unknown-key-7.toml
│ ├── datasource/
│ │ ├── cache.go
│ │ ├── cache_test.go
│ │ ├── http_auth.go
│ │ ├── http_auth_test.go
│ │ ├── insights.go
│ │ ├── insights_cache.go
│ │ ├── insightsalpha.go
│ │ ├── maven_registry.go
│ │ ├── maven_registry_cache.go
│ │ ├── maven_registry_test.go
│ │ ├── maven_settings.go
│ │ ├── maven_settings_test.go
│ │ ├── npm_registry.go
│ │ ├── npm_registry_cache.go
│ │ ├── npm_registry_test.go
│ │ ├── npmrc.go
│ │ ├── npmrc_test.go
│ │ └── testdata/
│ │ ├── maven_settings/
│ │ │ └── settings.xml
│ │ └── npm_registry/
│ │ ├── @fake-registry-a.json
│ │ ├── fake-package-2.2.2.json
│ │ └── fake-package.json
│ ├── depsdev/
│ │ └── depsdev.go
│ ├── grouper/
│ │ ├── grouper.go
│ │ ├── grouper_models.go
│ │ └── grouper_test.go
│ ├── identifiers/
│ │ ├── identifiers.go
│ │ └── identifiers_test.go
│ ├── imodels/
│ │ ├── imodels.go
│ │ ├── imodels_test.go
│ │ └── results/
│ │ └── scanresults.go
│ ├── output/
│ │ ├── __snapshots__/
│ │ │ ├── cyclonedx_test.snap
│ │ │ ├── githubannotation_test.snap
│ │ │ ├── machinejson_test.snap
│ │ │ ├── markdowntable_test.snap
│ │ │ ├── output_result_test.snap
│ │ │ ├── result_test.snap
│ │ │ ├── sarif_internal_test.snap
│ │ │ ├── sarif_test.snap
│ │ │ ├── spdx_test.snap
│ │ │ ├── table_test.snap
│ │ │ └── vertical_test.snap
│ │ ├── cyclonedx.go
│ │ ├── cyclonedx_test.go
│ │ ├── form.go
│ │ ├── form_test.go
│ │ ├── githubannotation.go
│ │ ├── githubannotation_test.go
│ │ ├── helpers_test.go
│ │ ├── html/
│ │ │ ├── base_image_template.gohtml
│ │ │ ├── deprecated_package_template.gohtml
│ │ │ ├── filter_template.gohtml
│ │ │ ├── license_summary_template.gohtml
│ │ │ ├── package_table_template.gohtml
│ │ │ ├── package_view_template.gohtml
│ │ │ ├── report_template.gohtml
│ │ │ ├── script.js
│ │ │ ├── severity_summary_template.gohtml
│ │ │ ├── style.css
│ │ │ ├── vuln_table_entry_template.gohtml
│ │ │ └── vuln_table_template.gohtml
│ │ ├── html.go
│ │ ├── html_test.go
│ │ ├── machinejson.go
│ │ ├── machinejson_test.go
│ │ ├── markdowntable.go
│ │ ├── markdowntable_test.go
│ │ ├── output_result.go
│ │ ├── output_result_test.go
│ │ ├── result.go
│ │ ├── result_test.go
│ │ ├── sarif.go
│ │ ├── sarif_fingerprint_test.go
│ │ ├── sarif_internal_test.go
│ │ ├── sarif_test.go
│ │ ├── sbom/
│ │ │ ├── cyclonedx_1_4.go
│ │ │ ├── cyclonedx_1_5.go
│ │ │ ├── cyclonedx_1_6.go
│ │ │ ├── cyclonedx_common.go
│ │ │ └── models.go
│ │ ├── spdx.go
│ │ ├── spdx_test.go
│ │ ├── table.go
│ │ ├── table_test.go
│ │ ├── testdata/
│ │ │ ├── commit-grouped.json
│ │ │ ├── flattened_vulns.json
│ │ │ ├── test-vuln-results-a.json
│ │ │ └── vuln-grouped.json
│ │ ├── testmain_test.go
│ │ ├── vertical.go
│ │ └── vertical_test.go
│ ├── remediation/
│ │ ├── __snapshots__/
│ │ │ ├── in_place_test.snap
│ │ │ └── testhelpers_test.snap
│ │ ├── in_place.go
│ │ ├── in_place_test.go
│ │ ├── override.go
│ │ ├── override_test.go
│ │ ├── relax/
│ │ │ ├── npm.go
│ │ │ ├── npm_test.go
│ │ │ └── relax.go
│ │ ├── relax.go
│ │ ├── relax_test.go
│ │ ├── remediation.go
│ │ ├── remediation_test.go
│ │ ├── suggest/
│ │ │ ├── maven.go
│ │ │ ├── maven_test.go
│ │ │ └── suggest.go
│ │ ├── testdata/
│ │ │ ├── maven-classifier/
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── pom.xml
│ │ │ │ ├── universe.yaml
│ │ │ │ └── vulns.json
│ │ │ ├── override-workaround/
│ │ │ │ ├── commons/
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ └── pom.xml
│ │ │ │ ├── guava/
│ │ │ │ │ ├── android-to-android/
│ │ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ │ └── pom.xml
│ │ │ │ │ ├── jre-to-jre/
│ │ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ │ └── pom.xml
│ │ │ │ │ └── none-to-jre/
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ └── pom.xml
│ │ │ │ ├── universe.yaml
│ │ │ │ └── vulns.json
│ │ │ ├── santatracker/
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── package.json
│ │ │ │ ├── universe.yaml
│ │ │ │ └── vulns.json
│ │ │ └── zeppelin-server/
│ │ │ ├── osv-scanner.toml
│ │ │ ├── parent/
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── parent/
│ │ │ │ │ └── pom.xml
│ │ │ │ └── pom.xml
│ │ │ ├── pom.xml
│ │ │ ├── universe.yaml
│ │ │ └── vulns.json
│ │ ├── testhelpers_test.go
│ │ ├── testmain_test.go
│ │ └── upgrade/
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── level.go
│ │ └── level_test.go
│ ├── reporter/
│ │ ├── cyclonedx.go
│ │ ├── format.go
│ │ ├── gh-annotations_reporter.go
│ │ ├── html_reporter.go
│ │ ├── json_reporter.go
│ │ ├── reporter.go
│ │ ├── reporter_test.go
│ │ ├── sarif_reporter.go
│ │ ├── spdx.go
│ │ ├── table_reporter.go
│ │ └── vertical_reporter.go
│ ├── resolution/
│ │ ├── __snapshots__/
│ │ │ └── resolve_test.snap
│ │ ├── client/
│ │ │ ├── client.go
│ │ │ ├── depsdev_client.go
│ │ │ ├── helper.go
│ │ │ ├── maven_registry_client.go
│ │ │ ├── npm_registry_client.go
│ │ │ └── override_client.go
│ │ ├── clienttest/
│ │ │ └── mock_resolution_client.go
│ │ ├── dependency_subgraph.go
│ │ ├── dependency_subgraph_test.go
│ │ ├── depfile/
│ │ │ └── depfile.go
│ │ ├── lockfile/
│ │ │ ├── __snapshots__/
│ │ │ │ └── npm_test.snap
│ │ │ ├── lockfile.go
│ │ │ ├── npm.go
│ │ │ ├── npm_test.go
│ │ │ ├── npm_v1.go
│ │ │ ├── npm_v2.go
│ │ │ ├── testdata/
│ │ │ │ ├── npm_registry/
│ │ │ │ │ ├── @fake-registry-a-1.2.4.json
│ │ │ │ │ └── @fake-registry-a-2.3.5.json
│ │ │ │ ├── npm_v1/
│ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ └── package.json
│ │ │ │ └── npm_v2/
│ │ │ │ └── osv-scanner.toml
│ │ │ └── testmain_test.go
│ │ ├── manifest/
│ │ │ ├── __snapshots__/
│ │ │ │ ├── maven_test.snap
│ │ │ │ └── npm_test.snap
│ │ │ ├── manifest.go
│ │ │ ├── maven.go
│ │ │ ├── maven_test.go
│ │ │ ├── npm.go
│ │ │ ├── npm_test.go
│ │ │ ├── testdata/
│ │ │ │ ├── maven/
│ │ │ │ │ ├── my-app/
│ │ │ │ │ │ ├── osv-scanner.toml
│ │ │ │ │ │ └── pom.xml
│ │ │ │ │ ├── no-dependency-management.xml
│ │ │ │ │ └── parent/
│ │ │ │ │ ├── grandparent/
│ │ │ │ │ │ ├── mismatch.xml
│ │ │ │ │ │ └── pom.xml
│ │ │ │ │ └── pom.xml
│ │ │ │ ├── npm-workspaces/
│ │ │ │ │ ├── package.json
│ │ │ │ │ ├── ws/
│ │ │ │ │ │ ├── jquery/
│ │ │ │ │ │ │ └── package.json
│ │ │ │ │ │ └── ugh/
│ │ │ │ │ │ └── package.json
│ │ │ │ │ └── z/
│ │ │ │ │ └── package.json
│ │ │ │ └── package.json
│ │ │ └── testmain_test.go
│ │ ├── resolve.go
│ │ ├── resolve_test.go
│ │ ├── testdata/
│ │ │ ├── basic-universe.yaml
│ │ │ ├── basic-vulns.json
│ │ │ ├── complex-universe.yaml
│ │ │ ├── complex-vulns.json
│ │ │ ├── diamond-universe.yaml
│ │ │ └── diamond-vulns.json
│ │ ├── testmain_test.go
│ │ └── util/
│ │ └── depsdev.go
│ ├── scalibrenricher/
│ │ └── govulncheck/
│ │ └── source/
│ │ ├── govulncheck.go
│ │ ├── govulncheck_test.go
│ │ ├── result.go
│ │ └── testdata/
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── main.go
│ │ └── osv-scanner.toml
│ ├── scalibrextract/
│ │ ├── filesystem/
│ │ │ └── vendored/
│ │ │ ├── testdata/
│ │ │ │ └── thirdparty/
│ │ │ │ └── zlib/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── CMakeLists.txt
│ │ │ │ ├── ChangeLog
│ │ │ │ ├── FAQ
│ │ │ │ ├── INDEX
│ │ │ │ ├── LICENSE
│ │ │ │ ├── Makefile
│ │ │ │ ├── Makefile.in
│ │ │ │ ├── README
│ │ │ │ ├── adler32.c
│ │ │ │ ├── amiga/
│ │ │ │ │ ├── Makefile.pup
│ │ │ │ │ └── Makefile.sas
│ │ │ │ ├── compress.c
│ │ │ │ ├── configure
│ │ │ │ ├── crc32.c
│ │ │ │ ├── crc32.h
│ │ │ │ ├── deflate.c
│ │ │ │ ├── deflate.h
│ │ │ │ ├── examples/
│ │ │ │ │ ├── README.examples
│ │ │ │ │ ├── enough.c
│ │ │ │ │ ├── fitblk.c
│ │ │ │ │ ├── gun.c
│ │ │ │ │ ├── gzappend.c
│ │ │ │ │ ├── gzjoin.c
│ │ │ │ │ ├── gzlog.c
│ │ │ │ │ ├── gzlog.h
│ │ │ │ │ ├── gznorm.c
│ │ │ │ │ ├── zlib_how.html
│ │ │ │ │ ├── zpipe.c
│ │ │ │ │ ├── zran.c
│ │ │ │ │ └── zran.h
│ │ │ │ ├── gzclose.c
│ │ │ │ ├── gzguts.h
│ │ │ │ ├── gzlib.c
│ │ │ │ ├── gzread.c
│ │ │ │ ├── gzwrite.c
│ │ │ │ ├── infback.c
│ │ │ │ ├── inffast.c
│ │ │ │ ├── inffast.h
│ │ │ │ ├── inffixed.h
│ │ │ │ ├── inflate.c
│ │ │ │ ├── inflate.h
│ │ │ │ ├── inftrees.c
│ │ │ │ ├── inftrees.h
│ │ │ │ ├── make_vms.com
│ │ │ │ ├── nintendods/
│ │ │ │ │ ├── Makefile
│ │ │ │ │ └── README
│ │ │ │ ├── os400/
│ │ │ │ │ ├── README400
│ │ │ │ │ ├── bndsrc
│ │ │ │ │ ├── make.sh
│ │ │ │ │ └── zlib.inc
│ │ │ │ ├── osv-scanner.toml
│ │ │ │ ├── qnx/
│ │ │ │ │ └── package.qpg
│ │ │ │ ├── test/
│ │ │ │ │ ├── example.c
│ │ │ │ │ ├── infcover.c
│ │ │ │ │ └── minigzip.c
│ │ │ │ ├── treebuild.xml
│ │ │ │ ├── trees.c
│ │ │ │ ├── trees.h
│ │ │ │ ├── uncompr.c
│ │ │ │ ├── watcom/
│ │ │ │ │ ├── watcom_f.mak
│ │ │ │ │ └── watcom_l.mak
│ │ │ │ ├── win32/
│ │ │ │ │ ├── DLL_FAQ.txt
│ │ │ │ │ ├── Makefile.bor
│ │ │ │ │ ├── Makefile.gcc
│ │ │ │ │ ├── Makefile.msc
│ │ │ │ │ ├── README-WIN32.txt
│ │ │ │ │ ├── VisualC.txt
│ │ │ │ │ ├── zlib.def
│ │ │ │ │ └── zlib1.rc
│ │ │ │ ├── zconf.h
│ │ │ │ ├── zconf.h.cmakein
│ │ │ │ ├── zconf.h.in
│ │ │ │ ├── zlib.3
│ │ │ │ ├── zlib.h
│ │ │ │ ├── zlib.pc.cmakein
│ │ │ │ ├── zlib.pc.in
│ │ │ │ ├── zutil.c
│ │ │ │ └── zutil.h
│ │ │ ├── vendored.go
│ │ │ └── vendored_test.go
│ │ ├── language/
│ │ │ ├── javascript/
│ │ │ │ └── nodemodules/
│ │ │ │ └── extractor.go
│ │ │ └── osv/
│ │ │ └── osvscannerjson/
│ │ │ ├── extractor.go
│ │ │ ├── extractor_test.go
│ │ │ ├── metadata.go
│ │ │ └── testdata/
│ │ │ ├── empty.json
│ │ │ ├── multiple-packages-with-vulns.json
│ │ │ ├── not-json.txt
│ │ │ ├── one-package-commit.json
│ │ │ └── one-package.json
│ │ └── vcs/
│ │ ├── gitcommitdirect/
│ │ │ └── extractor.go
│ │ └── gitrepo/
│ │ ├── extractor.go
│ │ ├── extractor_test.go
│ │ └── testdata/
│ │ ├── example-clean/
│ │ │ └── git-hidden/
│ │ │ ├── HEAD
│ │ │ ├── config
│ │ │ ├── description
│ │ │ └── info/
│ │ │ └── exclude
│ │ ├── example-git/
│ │ │ ├── a.txt
│ │ │ └── git-hidden/
│ │ │ ├── COMMIT_EDITMSG
│ │ │ ├── HEAD
│ │ │ ├── config
│ │ │ ├── description
│ │ │ ├── index
│ │ │ ├── info/
│ │ │ │ └── exclude
│ │ │ ├── logs/
│ │ │ │ ├── HEAD
│ │ │ │ └── refs/
│ │ │ │ └── heads/
│ │ │ │ └── main
│ │ │ ├── objects/
│ │ │ │ ├── 16/
│ │ │ │ │ └── b14f5da9e2fcd6f3f38cc9e584cef2f3c90ebe
│ │ │ │ ├── 4b/
│ │ │ │ │ └── 825dc642cb6eb9a060e54bf8d69288fbee4904
│ │ │ │ ├── 86/
│ │ │ │ │ └── 2ac4bd2703b622e85f29f55a2fd8cd6caf8182
│ │ │ │ └── bf/
│ │ │ │ └── 8fbfe5a434c007b640c12d920683cb19a7b2b9
│ │ │ └── refs/
│ │ │ └── heads/
│ │ │ └── main
│ │ └── example-not-git/
│ │ ├── a.txt
│ │ └── git-hidden/
│ │ └── b.txt
│ ├── scalibrplugin/
│ │ ├── __snapshots__/
│ │ │ └── resolve_test.snap
│ │ ├── presets.go
│ │ ├── resolve.go
│ │ ├── resolve_test.go
│ │ └── testmain_test.go
│ ├── sourceanalysis/
│ │ ├── __snapshots__/
│ │ │ ├── go_test.snap
│ │ │ ├── integration_test.snap
│ │ │ └── rust_test.snap
│ │ ├── go.go
│ │ ├── go_test.go
│ │ ├── govulncheck/
│ │ │ └── result.go
│ │ ├── integration_test.go
│ │ ├── rust.go
│ │ ├── rust_test.go
│ │ ├── sourceanalysis.go
│ │ ├── testdata/
│ │ │ ├── go-integration/
│ │ │ │ ├── .goignore
│ │ │ │ ├── GO-2021-0053.json
│ │ │ │ ├── GO-2023-1558.json
│ │ │ │ ├── GO-2023-2382.json
│ │ │ │ └── test-project/
│ │ │ │ ├── go.mod
│ │ │ │ ├── go.sum
│ │ │ │ ├── main.go
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── json/
│ │ │ │ ├── govulncheckinput.json
│ │ │ │ ├── input-no-call-data.json
│ │ │ │ ├── input.json
│ │ │ │ ├── output-no-call-data.json
│ │ │ │ ├── output.json
│ │ │ │ ├── vulnbyid-no-call-data.json
│ │ │ │ └── vulnbyid.json
│ │ │ └── rust/
│ │ │ ├── archives/
│ │ │ │ ├── medium.rlib
│ │ │ │ └── simple.rlib
│ │ │ ├── functions/
│ │ │ │ ├── medium.json
│ │ │ │ ├── simple.json
│ │ │ │ └── test-rust-2.json
│ │ │ ├── objs/
│ │ │ │ ├── medium.o
│ │ │ │ ├── simple.o
│ │ │ │ └── test-rust-2
│ │ │ └── rust-project/
│ │ │ ├── .gitignore
│ │ │ ├── Cargo.toml
│ │ │ └── src/
│ │ │ └── main.rs
│ │ └── testmain_test.go
│ ├── spdx/
│ │ ├── gen.go
│ │ ├── licenses.go
│ │ ├── satisfies.go
│ │ ├── satisfies_test.go
│ │ ├── verify.go
│ │ └── verify_test.go
│ ├── testlogger/
│ │ ├── handler.go
│ │ └── markers.go
│ ├── testutility/
│ │ ├── fixture.go
│ │ ├── jsonreplace.go
│ │ ├── jsonreplace_test.go
│ │ ├── mock_http.go
│ │ ├── normalize.go
│ │ ├── snapshot.go
│ │ └── utility.go
│ ├── thirdparty/
│ │ ├── ar/
│ │ │ ├── COPYING
│ │ │ └── reader.go
│ │ └── xml/
│ │ ├── atom_test.go
│ │ ├── marshal.go
│ │ ├── marshal_test.go
│ │ ├── read.go
│ │ ├── read_test.go
│ │ ├── typeinfo.go
│ │ ├── xml.go
│ │ └── xml_test.go
│ ├── tui/
│ │ ├── dependency-graph.go
│ │ ├── in-place-info.go
│ │ ├── relock-info.go
│ │ ├── severity.go
│ │ ├── styles.go
│ │ ├── tui.go
│ │ ├── vuln-info.go
│ │ └── vuln-list.go
│ ├── url/
│ │ ├── url.go
│ │ ├── url_other_test.go
│ │ ├── url_test.go
│ │ └── url_windows_test.go
│ ├── utility/
│ │ ├── depgroup/
│ │ │ └── devgroup.go
│ │ ├── maven/
│ │ │ ├── maven.go
│ │ │ ├── maven_test.go
│ │ │ └── testdata/
│ │ │ ├── my-app/
│ │ │ │ └── pom.xml
│ │ │ ├── parent/
│ │ │ │ └── pom.xml
│ │ │ └── pom.xml
│ │ ├── purl/
│ │ │ ├── composer.go
│ │ │ ├── composer_test.go
│ │ │ ├── golang.go
│ │ │ ├── golang_test.go
│ │ │ ├── maven.go
│ │ │ ├── maven_test.go
│ │ │ ├── package_grouper.go
│ │ │ ├── package_grouper_test.go
│ │ │ ├── purl.go
│ │ │ ├── purl_to_package.go
│ │ │ └── purl_to_package_test.go
│ │ ├── results/
│ │ │ └── results.go
│ │ ├── semverlike/
│ │ │ └── version-semver-like.go
│ │ ├── severity/
│ │ │ ├── severity.go
│ │ │ └── severity_test.go
│ │ └── vulns/
│ │ ├── vulnerabilities.go
│ │ ├── vulnerabilities_test.go
│ │ ├── vulnerability.go
│ │ └── vulnerability_test.go
│ └── version/
│ └── version.go
├── osv-scanner.toml
├── pkg/
│ ├── models/
│ │ ├── cyclonedx.go
│ │ ├── image.go
│ │ ├── results.go
│ │ └── results_test.go
│ └── osvscanner/
│ ├── __snapshots__/
│ │ ├── filter_internal_test.snap
│ │ ├── osvscanner_test.snap
│ │ └── vulnerability_result_internal_test.snap
│ ├── exclude.go
│ ├── exclude_test.go
│ ├── filter.go
│ ├── filter_internal_test.go
│ ├── internal/
│ │ ├── imagehelpers/
│ │ │ └── imagehelpers.go
│ │ └── scanners/
│ │ └── lockfile.go
│ ├── invsort.go
│ ├── osvscanner.go
│ ├── osvscanner_test.go
│ ├── scan.go
│ ├── scan_test.go
│ ├── stats.go
│ ├── testdata/
│ │ └── filter/
│ │ ├── .gitignore
│ │ ├── all/
│ │ │ ├── configs/
│ │ │ │ ├── a/
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ ├── b/
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ └── c/
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── input.json
│ │ │ └── want.json
│ │ ├── none/
│ │ │ ├── configs/
│ │ │ │ ├── a/
│ │ │ │ │ └── no_config
│ │ │ │ ├── b/
│ │ │ │ │ └── osv-scanner.toml
│ │ │ │ └── c/
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── input.json
│ │ │ └── want.json
│ │ └── some/
│ │ ├── configs/
│ │ │ ├── a/
│ │ │ │ └── osv-scanner.toml
│ │ │ ├── b/
│ │ │ │ └── osv-scanner.toml
│ │ │ └── c/
│ │ │ └── osv-scanner.toml
│ │ ├── input.json
│ │ └── want.json
│ ├── testmain_test.go
│ ├── vulnerability_result.go
│ └── vulnerability_result_internal_test.go
├── renovate.json
└── scripts/
├── build.sh
├── build_snapshot.sh
├── build_test_images.sh
├── examples/
│ └── auto_guided_remediation.py
├── generate_coverage_report.sh
├── generate_mock_resolution_universe/
│ └── main.go
├── generators/
│ ├── GenerateMavenVersions.java
│ ├── generate-alpine-versions.py
│ ├── generate-cran-versions.R
│ ├── generate-debian-versions.py
│ ├── generate-packagist-versions.php
│ ├── generate-pypi-versions.py
│ ├── generate-redhat-versions.py
│ └── generate-rubygems-versions.rb
├── report_uncleaned_snapshots.py
├── run_formatters.sh
├── run_lints.sh
├── run_local_docs.sh
├── run_tests.sh
└── test_env.dockerfile
Showing preview only (218K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (2379 symbols across 345 files)
FILE: cmd/osv-reporter/main.go
function splitLastArg (line 32) | func splitLastArg(args []string) []string {
function run (line 40) | func run(args []string, stdout, stderr io.Writer) int {
function main (line 265) | func main() {
FILE: cmd/osv-reporter/main_test.go
function Test_splitLastArg (line 8) | func Test_splitLastArg(t *testing.T) {
FILE: cmd/osv-scanner/fix/command.go
type strategy (line 35) | type strategy
constant strategyInPlace (line 38) | strategyInPlace strategy = "in-place"
constant strategyRelax (line 39) | strategyRelax strategy = "relax"
constant strategyOverride (line 40) | strategyOverride strategy = "override"
constant vulnCategory (line 46) | vulnCategory = "Vulnerability Selection Options:"
constant upgradeCategory (line 47) | upgradeCategory = "Dependency Upgrade Options:"
constant autoModeCategory (line 48) | autoModeCategory = "non-interactive options:"
type osvFixOptions (line 51) | type osvFixOptions struct
function Command (line 65) | func Command(stdout, stderr io.Writer, _ *http.Client) *cli.Command {
function action (line 233) | func action(ctx context.Context, cmd *cli.Command, stdout, stderr io.Wri...
FILE: cmd/osv-scanner/fix/command_test.go
function matchFile (line 16) | func matchFile(t *testing.T, file string) {
function TestCommand (line 25) | func TestCommand(t *testing.T) {
function TestCommand_OfflineDatabase (line 134) | func TestCommand_OfflineDatabase(t *testing.T) {
function parseFlags (line 173) | func parseFlags(t *testing.T, flags []string, arguments []string) (*cli....
function Test_parseUpgradeConfig (line 198) | func Test_parseUpgradeConfig(t *testing.T) {
FILE: cmd/osv-scanner/fix/interactive.go
function interactiveMode (line 14) | func interactiveMode(ctx context.Context, opts osvFixOptions) error {
FILE: cmd/osv-scanner/fix/model.go
type model (line 24) | type model struct
method setTermSize (line 80) | func (m *model) setTermSize(w, h int) {
method getBorderStyles (line 106) | func (m *model) getBorderStyles() (lipgloss.Style, lipgloss.Style) {
method Init (line 124) | func (m model) Init() tea.Cmd {
method Update (line 128) | func (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
method View (line 144) | func (m model) View() tea.View {
function newModel (line 53) | func newModel(ctx context.Context, opts osvFixOptions, cl client.Resolut...
function errorAndExit (line 119) | func errorAndExit(m model, err error) (tea.Model, tea.Cmd) {
type modelState (line 169) | type modelState interface
type inPlaceResolutionMsg (line 180) | type inPlaceResolutionMsg struct
function doInPlaceResolution (line 186) | func doInPlaceResolution(ctx context.Context, cl client.ResolutionClient...
type doRelockMsg (line 201) | type doRelockMsg struct
function doRelock (line 206) | func doRelock(ctx context.Context, cl client.ResolutionClient, m manif.M...
function doInitialRelock (line 221) | func doInitialRelock(ctx context.Context, opts osvFixOptions) tea.Msg {
type infoStringView (line 237) | type infoStringView
method Update (line 239) | func (s infoStringView) Update(tea.Msg) (tui.ViewModel, tea.Cmd) { ret...
method View (line 240) | func (s infoStringView) View() string { ret...
method Resize (line 241) | func (s infoStringView) Resize(int, int) {}
function resolutionErrorView (line 245) | func resolutionErrorView(res *resolution.Result, errs []resolution.NodeE...
type writeMsg (line 268) | type writeMsg struct
FILE: cmd/osv-scanner/fix/noninteractive.go
function autoInPlace (line 25) | func autoInPlace(ctx context.Context, opts osvFixOptions, maxUpgrades in...
function autoChooseInPlacePatches (line 66) | func autoChooseInPlacePatches(res remediation.InPlaceResult, maxUpgrades...
function autoRelax (line 125) | func autoRelax(ctx context.Context, opts osvFixOptions, maxUpgrades int)...
function autoChooseRelaxPatches (line 221) | func autoChooseRelaxPatches(diffs []resolution.Difference, maxUpgrades i...
function autoOverride (line 261) | func autoOverride(ctx context.Context, opts osvFixOptions, maxUpgrades i...
function autoChooseOverridePatches (line 346) | func autoChooseOverridePatches(diffs []resolution.Difference, maxUpgrade...
function sortVulns (line 411) | func sortVulns(vulns []vulnOutput) {
function makeResultVuln (line 417) | func makeResultVuln(vuln resolution.Vulnerability) vulnOutput {
function populateResultVulns (line 439) | func populateResultVulns(outputResult *fixOutput, res *resolution.Result...
function removeVulnIntroducingPatches (line 479) | func removeVulnIntroducingPatches(patches []resolution.Difference) []res...
FILE: cmd/osv-scanner/fix/output.go
type fixOutput (line 14) | type fixOutput struct
type vulnOutput (line 24) | type vulnOutput struct
type patchOutput (line 31) | type patchOutput struct
type packageOutput (line 38) | type packageOutput struct
type updatePackageOutput (line 44) | type updatePackageOutput struct
type errorOutput (line 52) | type errorOutput struct
function printResult (line 64) | func printResult(outputResult fixOutput, opts osvFixOptions) error {
function outputText (line 72) | func outputText(_ io.Writer, out fixOutput) error {
function outputJSON (line 139) | func outputJSON(w io.Writer, out fixOutput) error {
FILE: cmd/osv-scanner/fix/regen_lockfile.go
function regenerateLockfileCmd (line 10) | func regenerateLockfileCmd(ctx context.Context, opts osvFixOptions) (*ex...
FILE: cmd/osv-scanner/fix/state-choose-in-place-patches.go
type stateChooseInPlacePatches (line 14) | type stateChooseInPlacePatches struct
method Init (line 26) | func (st *stateChooseInPlacePatches) Init(m model) tea.Cmd {
method Update (line 51) | func (st *stateChooseInPlacePatches) Update(m model, msg tea.Msg) (tea...
method View (line 100) | func (st *stateChooseInPlacePatches) View(_ model) string {
method InfoView (line 108) | func (st *stateChooseInPlacePatches) InfoView() string {
method updateTableRows (line 113) | func (st *stateChooseInPlacePatches) updateTableRows(m model) {
method toggleSelection (line 142) | func (st *stateChooseInPlacePatches) toggleSelection(idx int) {
method currentInfoView (line 148) | func (st *stateChooseInPlacePatches) currentInfoView() (view tui.ViewM...
method Resize (line 156) | func (st *stateChooseInPlacePatches) Resize(w, h int) {
method ResizeInfo (line 162) | func (st *stateChooseInPlacePatches) ResizeInfo(w, h int) {
method IsInfoFocused (line 168) | func (st *stateChooseInPlacePatches) IsInfoFocused() bool {
FILE: cmd/osv-scanner/fix/state-choose-strategy.go
type stateChooseStrategy (line 17) | type stateChooseStrategy struct
method Init (line 45) | func (st *stateChooseStrategy) Init(m model) tea.Cmd {
method Update (line 96) | func (st *stateChooseStrategy) Update(m model, msg tea.Msg) (tea.Model...
method UpdateTextFocus (line 156) | func (st *stateChooseStrategy) UpdateTextFocus() {
method IsInfoFocused (line 168) | func (st *stateChooseStrategy) IsInfoFocused() bool {
method currentInfoView (line 172) | func (st *stateChooseStrategy) currentInfoView() (view tui.ViewModel, ...
method parseInput (line 189) | func (st *stateChooseStrategy) parseInput(m model) (tea.Model, tea.Cmd) {
method View (line 238) | func (st *stateChooseStrategy) View(m model) string {
method InfoView (line 327) | func (st *stateChooseStrategy) InfoView() string {
method Resize (line 332) | func (st *stateChooseStrategy) Resize(_, _ int) {}
method ResizeInfo (line 334) | func (st *stateChooseStrategy) ResizeInfo(w, h int) {
constant stateChooseInfo (line 33) | stateChooseInfo = iota
constant stateChooseErrors (line 34) | stateChooseErrors
constant stateChooseInPlace (line 35) | stateChooseInPlace
constant stateChooseRelock (line 36) | stateChooseRelock
constant stateChooseDepth (line 37) | stateChooseDepth
constant stateChooseSeverity (line 38) | stateChooseSeverity
constant stateChooseDev (line 39) | stateChooseDev
constant stateChooseApplyCriteria (line 40) | stateChooseApplyCriteria
constant stateChooseQuit (line 41) | stateChooseQuit
constant stateChooseEnd (line 42) | stateChooseEnd
FILE: cmd/osv-scanner/fix/state-in-place-result.go
type stateInPlaceResult (line 16) | type stateInPlaceResult struct
method Init (line 39) | func (st *stateInPlaceResult) Init(m model) tea.Cmd {
method Update (line 72) | func (st *stateInPlaceResult) Update(m model, msg tea.Msg) (tea.Model,...
method currentInfoView (line 133) | func (st *stateInPlaceResult) currentInfoView() (view tui.ViewModel, c...
method parseInput (line 152) | func (st *stateInPlaceResult) parseInput(m model) (tea.Model, tea.Cmd) {
method View (line 176) | func (st *stateInPlaceResult) View(m model) string {
method InfoView (line 245) | func (st *stateInPlaceResult) InfoView() string {
method Resize (line 250) | func (st *stateInPlaceResult) Resize(_, _ int) {}
method ResizeInfo (line 252) | func (st *stateInPlaceResult) ResizeInfo(w, h int) {
method IsInfoFocused (line 258) | func (st *stateInPlaceResult) IsInfoFocused() bool {
method write (line 263) | func (st *stateInPlaceResult) write(m model) tea.Msg {
constant stateInPlaceFixed (line 30) | stateInPlaceFixed = iota
constant stateInPlaceRemain (line 31) | stateInPlaceRemain
constant stateInPlaceChoice (line 32) | stateInPlaceChoice
constant stateInPlaceWrite (line 33) | stateInPlaceWrite
constant stateInPlaceRelock (line 34) | stateInPlaceRelock
constant stateInPlaceQuit (line 35) | stateInPlaceQuit
constant stateInPlaceEnd (line 36) | stateInPlaceEnd
FILE: cmd/osv-scanner/fix/state-initialize.go
type stateInitialize (line 12) | type stateInitialize struct
method Init (line 16) | func (st *stateInitialize) Init(m model) tea.Cmd {
method Update (line 37) | func (st *stateInitialize) Update(m model, msg tea.Msg) (tea.Model, te...
method View (line 81) | func (st *stateInitialize) View(m model) string {
method InfoView (line 108) | func (st *stateInitialize) InfoView() string { return "" }
method Resize (line 109) | func (st *stateInitialize) Resize(_, _ int) {}
method ResizeInfo (line 110) | func (st *stateInitialize) ResizeInfo(_, _ int) {}
method IsInfoFocused (line 111) | func (st *stateInitialize) IsInfoFocused() bool { return false }
FILE: cmd/osv-scanner/fix/state-relock-result.go
type stateRelockResult (line 19) | type stateRelockResult struct
method getEffectiveCursor (line 52) | func (st *stateRelockResult) getEffectiveCursor() int {
method setEffectiveCursor (line 71) | func (st *stateRelockResult) setEffectiveCursor(pos int) {
method getPatchIndex (line 83) | func (st *stateRelockResult) getPatchIndex() int {
method Init (line 87) | func (st *stateRelockResult) Init(m model) tea.Cmd {
method Update (line 113) | func (st *stateRelockResult) Update(m model, msg tea.Msg) (tea.Model, ...
method currentInfoView (line 207) | func (st *stateRelockResult) currentInfoView() (view tui.ViewModel, ca...
method buildPatchInfoViews (line 228) | func (st *stateRelockResult) buildPatchInfoViews(m model) {
method parseInput (line 265) | func (st *stateRelockResult) parseInput(m model) (tea.Model, tea.Cmd) {
method relaxChoice (line 293) | func (st *stateRelockResult) relaxChoice(m model) (model, tea.Cmd) {
method View (line 334) | func (st *stateRelockResult) View(m model) string {
method InfoView (line 466) | func (st *stateRelockResult) InfoView() string {
method patchCompatible (line 473) | func (st *stateRelockResult) patchCompatible(idx int) bool {
method Resize (line 494) | func (st *stateRelockResult) Resize(w, _ int) {
method ResizeInfo (line 498) | func (st *stateRelockResult) ResizeInfo(w, h int) {
method IsInfoFocused (line 505) | func (st *stateRelockResult) IsInfoFocused() bool {
method write (line 510) | func (st *stateRelockResult) write(m model) tea.Msg {
constant stateRelockRemain (line 40) | stateRelockRemain = iota
constant stateRelockUnfixable (line 41) | stateRelockUnfixable
constant stateRelockErrors (line 42) | stateRelockErrors
constant stateRelockPatches (line 43) | stateRelockPatches
constant stateRelockApply (line 44) | stateRelockApply
constant stateRelockWrite (line 45) | stateRelockWrite
constant stateRelockQuit (line 46) | stateRelockQuit
constant stateRelockEnd (line 47) | stateRelockEnd
function relockUnfixableVulns (line 242) | func relockUnfixableVulns(diffs []resolution.Difference) []*resolution.V...
function diffString (line 450) | func diffString(diff resolution.Difference) string {
type relockPatchMsg (line 543) | type relockPatchMsg struct
function doComputeRelockPatches (line 549) | func doComputeRelockPatches(ctx context.Context, cl client.ResolutionCli...
FILE: cmd/osv-scanner/fix/testmain_test.go
function TestMain (line 15) | func TestMain(m *testing.M) {
FILE: cmd/osv-scanner/internal/cmd/helpers.go
function getCustomHelpTemplate (line 14) | func getCustomHelpTemplate() string {
function getAllCommands (line 55) | func getAllCommands(commands []*cli.Command) []string {
function warnIfCommandAmbiguous (line 81) | func warnIfCommandAmbiguous(command, defaultCommand string, stderr io.Wr...
function insertDefaultCommand (line 91) | func insertDefaultCommand(args []string, commands []*cli.Command, defaul...
FILE: cmd/osv-scanner/internal/cmd/helpers_test.go
function Test_insertDefaultCommand (line 14) | func Test_insertDefaultCommand(t *testing.T) {
FILE: cmd/osv-scanner/internal/cmd/run.go
function Run (line 26) | func Run(args []string, stdout, stderr io.Writer, client *http.Client, c...
FILE: cmd/osv-scanner/internal/cmd/testmain_test.go
function TestMain (line 9) | func TestMain(m *testing.M) {
FILE: cmd/osv-scanner/internal/helper/callanalysis_parser.go
function CreateCallAnalysisStates (line 10) | func CreateCallAnalysisStates(enabledCallAnalysis []string, disabledCall...
FILE: cmd/osv-scanner/internal/helper/callanalysis_parser_test.go
function TestCreateCallAnalysisStates (line 8) | func TestCreateCallAnalysisStates(t *testing.T) {
FILE: cmd/osv-scanner/internal/helper/flags.go
type allowedLicencesFlag (line 24) | type allowedLicencesFlag struct
method Get (line 28) | func (g *allowedLicencesFlag) Get() any {
method Set (line 32) | func (g *allowedLicencesFlag) Set(value string) error {
method IsBoolFlag (line 44) | func (g *allowedLicencesFlag) IsBoolFlag() bool {
method String (line 48) | func (g *allowedLicencesFlag) String() string {
function BuildCommonScanFlags (line 53) | func BuildCommonScanFlags(defaultExtractors []string) []cli.Flag {
FILE: cmd/osv-scanner/internal/helper/getters.go
function GetScanLicensesAllowlist (line 13) | func GetScanLicensesAllowlist(cmd *cli.Command) ([]string, error) {
function GetCommonScannerActions (line 35) | func GetCommonScannerActions(cmd *cli.Command, scanLicensesAllowlist []s...
function GetExperimentalScannerActions (line 52) | func GetExperimentalScannerActions(cmd *cli.Command, client *http.Client...
FILE: cmd/osv-scanner/internal/helper/misc.go
function ServeHTML (line 25) | func ServeHTML(outputPath string) {
function PrintResult (line 42) | func PrintResult(stdout, stderr io.Writer, outputPath, format string, di...
FILE: cmd/osv-scanner/internal/testcmd/case.go
type Case (line 11) | type Case struct
method findFirstValueOfFlag (line 24) | func (c Case) findFirstValueOfFlag(f string) string {
FILE: cmd/osv-scanner/internal/testcmd/copy.go
function copyFile (line 11) | func copyFile(from, to string) (string, error) {
function CopyFileFlagTo (line 31) | func CopyFileFlagTo(t *testing.T, tc Case, flagName string, dir string) ...
FILE: cmd/osv-scanner/internal/testcmd/git.go
function SetupGitFixtures (line 11) | func SetupGitFixtures() (func(), error) {
FILE: cmd/osv-scanner/internal/testcmd/run.go
function fetchCommandsToTest (line 27) | func fetchCommandsToTest() []cmd.CommandBuilder {
function run (line 46) | func run(t *testing.T, tc Case) (string, string) {
function RunAndNormalize (line 63) | func RunAndNormalize(t *testing.T, tc Case) (string, string) {
function RunAndMatchSnapshots (line 84) | func RunAndMatchSnapshots(t *testing.T, tc Case) {
function normalizeJSON (line 96) | func normalizeJSON(t *testing.T, jsonInput string, jsonReplaceRules ...t...
function normalizeDirScanOrder (line 114) | func normalizeDirScanOrder(t *testing.T, input string) string {
function normalizeUUID (line 159) | func normalizeUUID(t *testing.T, input string) string {
FILE: cmd/osv-scanner/internal/testcmd/vcr.go
function determineRecorderMode (line 22) | func determineRecorderMode() recorder.Mode {
type withHeadersTripper (line 44) | type withHeadersTripper struct
method RoundTrip (line 49) | func (wht withHeadersTripper) RoundTrip(request *http.Request) (*http....
function WithTestNameHeader (line 61) | func WithTestNameHeader(t *testing.T, client http.Client) *http.Client {
type withoutID (line 71) | type withoutID struct
function marshalCassettes (line 78) | func marshalCassettes(in any) (out []byte, err error) {
function InsertCassette (line 109) | func InsertCassette(t *testing.T) *http.Client {
function sortCassetteInteractions (line 181) | func sortCassetteInteractions(t *testing.T, path string) {
function matcher (line 206) | func matcher(r *http.Request, i cassette.Request) bool {
function matchBody (line 237) | func matchBody(r *http.Request, i cassette.Request) bool {
FILE: cmd/osv-scanner/main.go
function main (line 13) | func main() {
FILE: cmd/osv-scanner/main_test.go
function Test_run (line 11) | func Test_run(t *testing.T) {
function Test_run_SubCommands (line 38) | func Test_run_SubCommands(t *testing.T) {
FILE: cmd/osv-scanner/mcp/command.go
function Command (line 35) | func Command(_, _ io.Writer, _ *http.Client) *cli.Command {
type scanVulnerableDependenciesInput (line 53) | type scanVulnerableDependenciesInput struct
function action (line 59) | func action(ctx context.Context, cmd *cli.Command) error {
function handleScan (line 117) | func handleScan(_ context.Context, _ *mcp.CallToolRequest, input *scanVu...
type getVulnerabilityDetailsInput (line 169) | type getVulnerabilityDetailsInput struct
function handleVulnIDRetrieval (line 173) | func handleVulnIDRetrieval(ctx context.Context, _ *mcp.CallToolRequest, ...
type ignoreVulnerabilityInput (line 206) | type ignoreVulnerabilityInput struct
function handleIgnoreVulnerability (line 216) | func handleIgnoreVulnerability(_ context.Context, _ *mcp.CallToolRequest...
function handleScanDepsPrompt (line 229) | func handleScanDepsPrompt(_ context.Context, _ *mcp.GetPromptRequest) (*...
FILE: cmd/osv-scanner/mcp/integration_test.go
function TestIntegration_MCP_SSE_Subprocess (line 25) | func TestIntegration_MCP_SSE_Subprocess(t *testing.T) {
function buildTestBinary (line 115) | func buildTestBinary(t *testing.T) string {
function findFreePort (line 144) | func findFreePort(t *testing.T) string {
function startMCPServer (line 160) | func startMCPServer(t *testing.T, ctx context.Context, binPath, addr str...
function connectMCPClient (line 177) | func connectMCPClient(t *testing.T, ctx context.Context, baseURL string)...
function waitForServer (line 196) | func waitForServer(t *testing.T, url string) {
FILE: cmd/osv-scanner/mcp/stats.go
type fileOpenedLogger (line 11) | type fileOpenedLogger struct
method AfterExtractorRun (line 19) | func (c *fileOpenedLogger) AfterExtractorRun(_ string, extractorstats ...
FILE: cmd/osv-scanner/mcp/testdata/go-project/main.go
function main (line 7) | func main() {
FILE: cmd/osv-scanner/mcp/testmain_test.go
function TestMain (line 14) | func TestMain(m *testing.M) {
FILE: cmd/osv-scanner/scan/command.go
constant sourceSubCommand (line 13) | sourceSubCommand = "source"
constant DefaultSubcommand (line 15) | DefaultSubcommand = sourceSubCommand
function Command (line 19) | func Command(stdout, stderr io.Writer, client *http.Client) *cli.Command {
FILE: cmd/osv-scanner/scan/command_test.go
function TestCommand_SubCommands (line 10) | func TestCommand_SubCommands(t *testing.T) {
FILE: cmd/osv-scanner/scan/image/command.go
function Command (line 22) | func Command(stdout, stderr io.Writer, client *http.Client) *cli.Command {
function action (line 40) | func action(_ context.Context, cmd *cli.Command, stdout, stderr io.Write...
FILE: cmd/osv-scanner/scan/image/command_test.go
function TestCommand_ExplicitExtractors_WithDefaults (line 14) | func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
function TestCommand_ExplicitExtractors_WithoutDefaults (line 78) | func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
function TestCommand_Docker (line 147) | func TestCommand_Docker(t *testing.T) {
function TestCommand_OCIImage (line 216) | func TestCommand_OCIImage(t *testing.T) {
function TestCommand_OCIImage_JSONFormat (line 376) | func TestCommand_OCIImage_JSONFormat(t *testing.T) {
function TestCommand_HtmlFile (line 512) | func TestCommand_HtmlFile(t *testing.T) {
FILE: cmd/osv-scanner/scan/image/testdata/java-fixture/app/src/main/java/com/mycompany/app/App.java
class App (line 7) | public class App
method main (line 9) | public static void main( String[] args )
FILE: cmd/osv-scanner/scan/image/testdata/package-tracing-fixture/main.go
function main (line 9) | func main() {
FILE: cmd/osv-scanner/scan/image/testdata/python-fixture/main.py
function main (line 1) | def main():
FILE: cmd/osv-scanner/scan/image/testdata/test-image-with-deprecated/src/main.rs
function main (line 3) | fn main() {
FILE: cmd/osv-scanner/scan/image/testmain_test.go
function TestMain (line 15) | func TestMain(m *testing.M) {
FILE: cmd/osv-scanner/scan/source/command.go
function Command (line 21) | func Command(stdout, stderr io.Writer, client *http.Client) *cli.Command {
function action (line 88) | func action(_ context.Context, cmd *cli.Command, stdout, stderr io.Write...
FILE: cmd/osv-scanner/scan/source/command_test.go
function TestCommand (line 14) | func TestCommand(t *testing.T) {
function TestCommand_Config_UnusedIgnores (line 385) | func TestCommand_Config_UnusedIgnores(t *testing.T) {
function TestCommand_JavareachArchive (line 418) | func TestCommand_JavareachArchive(t *testing.T) {
function TestCommand_ExplicitExtractors_WithDefaults (line 453) | func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
function TestCommand_ExplicitExtractors_WithoutDefaults (line 592) | func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
function TestCommand_CallAnalysis (line 744) | func TestCommand_CallAnalysis(t *testing.T) {
function TestCommand_LockfileWithExplicitParseAs (line 790) | func TestCommand_LockfileWithExplicitParseAs(t *testing.T) {
function TestCommand_GithubActions (line 967) | func TestCommand_GithubActions(t *testing.T) {
function TestCommand_LocalDatabases (line 1003) | func TestCommand_LocalDatabases(t *testing.T) {
function TestCommand_LocalDatabases_AlwaysOffline (line 1092) | func TestCommand_LocalDatabases_AlwaysOffline(t *testing.T) {
function TestCommand_CommitSupport (line 1123) | func TestCommand_CommitSupport(t *testing.T) {
function TestCommand_Licenses (line 1154) | func TestCommand_Licenses(t *testing.T) {
function TestCommand_Transitive (line 1263) | func TestCommand_Transitive(t *testing.T) {
function TestCommand_MoreLockfiles (line 1361) | func TestCommand_MoreLockfiles(t *testing.T) {
function TestCommandNonGit (line 1425) | func TestCommandNonGit(t *testing.T) {
function TestCommand_HtmlFile (line 1455) | func TestCommand_HtmlFile(t *testing.T) {
function TestCommand_HtmlFile_Deprecated (line 1476) | func TestCommand_HtmlFile_Deprecated(t *testing.T) {
function TestCommand_WithDetector_OnLinux (line 1497) | func TestCommand_WithDetector_OnLinux(t *testing.T) {
function TestCommand_WithDetector_OffLinux (line 1573) | func TestCommand_WithDetector_OffLinux(t *testing.T) {
function TestCommand_Filter (line 1649) | func TestCommand_Filter(t *testing.T) {
function TestCommand_FlagDeprecatedPackages (line 1668) | func TestCommand_FlagDeprecatedPackages(t *testing.T) {
FILE: cmd/osv-scanner/scan/source/testdata/call-analysis-go-project-all-uncalled/main.go
function main (line 11) | func main() {
FILE: cmd/osv-scanner/scan/source/testdata/call-analysis-go-project/main.go
function main (line 12) | func main() {
FILE: cmd/osv-scanner/scan/source/testmain_test.go
function TestMain (line 15) | func TestMain(m *testing.M) {
FILE: cmd/osv-scanner/scan/testmain_test.go
function TestMain (line 15) | func TestMain(m *testing.M) {
FILE: cmd/osv-scanner/testmain_test.go
function TestMain (line 17) | func TestMain(m *testing.M) {
FILE: cmd/osv-scanner/update/command.go
function Command (line 23) | func Command(_, _ io.Writer, _ *http.Client) *cli.Command {
type updateOptions (line 62) | type updateOptions struct
function action (line 71) | func action(ctx context.Context, cmd *cli.Command) error {
FILE: cmd/osv-scanner/update/command_test.go
function TestCommand (line 11) | func TestCommand(t *testing.T) {
FILE: cmd/osv-scanner/update/testmain_test.go
function TestMain (line 14) | func TestMain(m *testing.M) {
FILE: internal/cachedregexp/regex.go
function MustCompile (line 11) | func MustCompile(exp string) *regexp.Regexp {
function Compile (line 22) | func Compile(exp string) (*regexp.Regexp, error) {
FILE: internal/ci/testmain_test.go
function TestMain (line 9) | func TestMain(m *testing.M) {
FILE: internal/ci/utility.go
function LoadVulnResults (line 12) | func LoadVulnResults(path string) (models.VulnerabilityResults, error) {
FILE: internal/ci/utility_test.go
function parseTime (line 16) | func parseTime(t *testing.T, str string) time.Time {
function TestLoadVulnResults (line 27) | func TestLoadVulnResults(t *testing.T) {
FILE: internal/ci/vulnerability_result_diff.go
function DiffVulnerabilityResults (line 11) | func DiffVulnerabilityResults(oldRes, newRes models.VulnerabilityResults...
function initializeCaches (line 71) | func initializeCaches(oldRes models.VulnerabilityResults) (map[models.So...
function DiffVulnerabilityResultsByOccurrences (line 107) | func DiffVulnerabilityResultsByOccurrences(oldRes, newRes models.Vulnera...
FILE: internal/ci/vulnerability_result_diff_test.go
function TestDiffVulnerabilityResults (line 11) | func TestDiffVulnerabilityResults(t *testing.T) {
function TestDiffVulnerabilityByUniqueVulnCountResults (line 87) | func TestDiffVulnerabilityByUniqueVulnCountResults(t *testing.T) {
FILE: internal/clients/clientimpl/licensematcher/licensematcher.go
constant maxConcurrentRequests (line 19) | maxConcurrentRequests = 1000
type DepsDevLicenseMatcher (line 24) | type DepsDevLicenseMatcher struct
method MatchLicenses (line 28) | func (matcher *DepsDevLicenseMatcher) MatchLicenses(ctx context.Contex...
method makeVersionRequest (line 59) | func (matcher *DepsDevLicenseMatcher) makeVersionRequest(ctx context.C...
function versionQuery (line 102) | func versionQuery(system depsdevpb.System, name string, version string) ...
FILE: internal/clients/clientimpl/localmatcher/localmatcher.go
constant zippedDBRemoteHost (line 20) | zippedDBRemoteHost = "https://osv-vulnerabilities.storage.googleapis.com"
constant envKeyLocalDBCacheDirectory (line 21) | envKeyLocalDBCacheDirectory = "OSV_SCANNER_LOCAL_DB_CACHE_DIRECTORY"
type LocalMatcher (line 25) | type LocalMatcher struct
method MatchVulnerabilities (line 50) | func (matcher *LocalMatcher) MatchVulnerabilities(ctx context.Context,...
method LoadEcosystem (line 108) | func (matcher *LocalMatcher) LoadEcosystem(ctx context.Context, eco os...
method loadDBFromCache (line 114) | func (matcher *LocalMatcher) loadDBFromCache(ctx context.Context, eco ...
function NewLocalMatcher (line 35) | func NewLocalMatcher(localDBPath string, userAgent string, downloadDB bo...
function setupLocalDBDirectory (line 156) | func setupLocalDBDirectory(localDBPath string) (string, error) {
FILE: internal/clients/clientimpl/localmatcher/zip.go
type ZipDB (line 27) | type ZipDB struct
method fetchZip (line 92) | func (db *ZipDB) fetchZip(ctx context.Context) (*os.File, error) {
method loadZipFile (line 192) | func (db *ZipDB) loadZipFile(zipFile *zip.File, names []string) {
method load (line 233) | func (db *ZipDB) load(ctx context.Context, names []string) error {
function fetchRemoteArchiveCRC32CHash (line 48) | func fetchRemoteArchiveCRC32CHash(ctx context.Context, url string) (uint...
function fetchLocalArchiveCRC32CHash (line 82) | func fetchLocalArchiveCRC32CHash(f *os.File) (uint32, error) {
function mightAffectPackagesBytes (line 165) | func mightAffectPackagesBytes(content []byte, names []string) bool {
function NewZippedDB (line 267) | func NewZippedDB(ctx context.Context, dbBasePath, name, url, userAgent s...
function VulnerabilitiesAffectingPackage (line 296) | func VulnerabilitiesAffectingPackage(allVulns []*osvschema.Vulnerability...
FILE: internal/clients/clientimpl/localmatcher/zip_test.go
constant userAgent (line 27) | userAgent = "osv-scanner_test/" + version.OSVVersion
function expectDBToHaveOSVs (line 29) | func expectDBToHaveOSVs(
function cacheWrite (line 50) | func cacheWrite(t *testing.T, storedAt string, cache []byte) {
function cacheWriteBad (line 65) | func cacheWriteBad(t *testing.T, storedAt string, contents string) {
function createZipServer (line 80) | func createZipServer(t *testing.T, handler http.HandlerFunc) *httptest.S...
function computeCRC32CHash (line 90) | func computeCRC32CHash(t *testing.T, data []byte) string {
function writeOSVsZip (line 98) | func writeOSVsZip(t *testing.T, w http.ResponseWriter, osvs map[string]*...
function zipOSVs (line 108) | func zipOSVs(t *testing.T, osvs map[string]*osvschema.Vulnerability) []b...
function determineStoredAtPath (line 138) | func determineStoredAtPath(dbBasePath, name string) string {
function TestNewZippedDB_Offline_WithoutCache (line 142) | func TestNewZippedDB_Offline_WithoutCache(t *testing.T) {
function TestNewZippedDB_Offline_WithCache (line 158) | func TestNewZippedDB_Offline_WithCache(t *testing.T) {
function TestNewZippedDB_BadZip (line 195) | func TestNewZippedDB_BadZip(t *testing.T) {
function TestNewZippedDB_UnsupportedProtocol (line 211) | func TestNewZippedDB_UnsupportedProtocol(t *testing.T) {
function TestNewZippedDB_Online_WithoutCache (line 223) | func TestNewZippedDB_Online_WithoutCache(t *testing.T) {
function TestNewZippedDB_Online_WithoutCacheAndNoHashHeader (line 258) | func TestNewZippedDB_Online_WithoutCacheAndNoHashHeader(t *testing.T) {
function TestNewZippedDB_Online_WithSameCache (line 293) | func TestNewZippedDB_Online_WithSameCache(t *testing.T) {
function TestNewZippedDB_Online_WithDifferentCache (line 334) | func TestNewZippedDB_Online_WithDifferentCache(t *testing.T) {
function TestNewZippedDB_Online_WithCacheButBadHeadResponse (line 375) | func TestNewZippedDB_Online_WithCacheButBadHeadResponse(t *testing.T) {
function TestNewZippedDB_Online_WithCacheButBadHashHeader (line 397) | func TestNewZippedDB_Online_WithCacheButBadHashHeader(t *testing.T) {
function TestNewZippedDB_Online_WithCacheButNoHashHeader (line 427) | func TestNewZippedDB_Online_WithCacheButNoHashHeader(t *testing.T) {
function TestNewZippedDB_Online_WithBadCache (line 455) | func TestNewZippedDB_Online_WithBadCache(t *testing.T) {
function TestNewZippedDB_Online_WithBadGetResponse (line 488) | func TestNewZippedDB_Online_WithBadGetResponse(t *testing.T) {
function TestNewZippedDB_FileChecks (line 510) | func TestNewZippedDB_FileChecks(t *testing.T) {
function TestNewZippedDB_WithSpecificPackages (line 539) | func TestNewZippedDB_WithSpecificPackages(t *testing.T) {
FILE: internal/clients/clientimpl/osvmatcher/cachedosvmatcher.go
type CachedOSVMatcher (line 29) | type CachedOSVMatcher struct
method MatchVulnerabilities (line 39) | func (matcher *CachedOSVMatcher) MatchVulnerabilities(ctx context.Cont...
method doQueries (line 66) | func (matcher *CachedOSVMatcher) doQueries(ctx context.Context, invs [...
FILE: internal/clients/clientimpl/osvmatcher/osvmatcher.go
constant maxConcurrentRequests (line 22) | maxConcurrentRequests = 1000
type OSVMatcher (line 38) | type OSVMatcher struct
method MatchVulnerabilities (line 65) | func (matcher *OSVMatcher) MatchVulnerabilities(ctx context.Context, p...
function New (line 46) | func New(initialQueryTimeout time.Duration, userAgent string, httpClient...
function pkgToQuery (line 135) | func pkgToQuery(pkg *extractor.Package) *api.Query {
function pkgsToQueries (line 179) | func pkgsToQueries(pkgs []*extractor.Package) []*api.Query {
FILE: internal/clients/clientimpl/osvmatcher/osvmatcher_test.go
function TestOSVMatcher_MatchVulnerabilities (line 16) | func TestOSVMatcher_MatchVulnerabilities(t *testing.T) {
FILE: internal/clients/clientinterfaces/licensematcher.go
type LicenseMatcher (line 10) | type LicenseMatcher interface
FILE: internal/clients/clientinterfaces/vulnerabilitymatcher.go
type VulnerabilityMatcher (line 10) | type VulnerabilityMatcher interface
FILE: internal/cmdlogger/fmt.go
function Debugf (line 10) | func Debugf(msg string, args ...any) {
function Infof (line 15) | func Infof(msg string, args ...any) {
function Warnf (line 20) | func Warnf(msg string, args ...any) {
function Errorf (line 25) | func Errorf(msg string, args ...any) {
FILE: internal/cmdlogger/handler.go
type Handler (line 15) | type Handler struct
method SendEverythingToStderr (line 31) | func (c *Handler) SendEverythingToStderr() {
method SetLevel (line 35) | func (c *Handler) SetLevel(level slog.Leveler) {
method writer (line 39) | func (c *Handler) writer(level slog.Level) io.Writer {
method Enabled (line 47) | func (c *Handler) Enabled(ctx context.Context, level slog.Level) bool {
method Handle (line 59) | func (c *Handler) Handle(ctx context.Context, record slog.Record) error {
method SetHasErrored (line 84) | func (c *Handler) SetHasErrored() {
method HasErrored (line 90) | func (c *Handler) HasErrored() bool {
method HasErroredBecauseInvalidConfig (line 96) | func (c *Handler) HasErroredBecauseInvalidConfig() bool {
method WithAttrs (line 100) | func (c *Handler) WithAttrs(a []slog.Attr) slog.Handler {
method WithGroup (line 107) | func (c *Handler) WithGroup(g string) slog.Handler {
function New (line 116) | func New(stdout, stderr io.Writer) CmdLogger {
function NewOverride (line 124) | func NewOverride(overrideHandler slog.Handler) CmdLogger {
FILE: internal/cmdlogger/interface.go
type CmdLogger (line 5) | type CmdLogger interface
function SendEverythingToStderr (line 19) | func SendEverythingToStderr() {
FILE: internal/cmdlogger/level.go
function Levels (line 15) | func Levels() []string {
function ParseLevel (line 19) | func ParseLevel(text string) (slog.Level, error) {
FILE: internal/cmdlogger/level_test.go
function TestParseVerbosityLevel_GivenValidLevels (line 10) | func TestParseVerbosityLevel_GivenValidLevels(t *testing.T) {
function TestParseVerbosityLevel_GivenInvalidLevels (line 33) | func TestParseVerbosityLevel_GivenInvalidLevels(t *testing.T) {
FILE: internal/cmdlogger/scalibr.go
type ScalibrAdapter (line 12) | type ScalibrAdapter struct
method Errorf (line 16) | func (s *ScalibrAdapter) Errorf(format string, args ...any) {
method Error (line 20) | func (s *ScalibrAdapter) Error(args ...any) {
method Warnf (line 24) | func (s *ScalibrAdapter) Warnf(format string, args ...any) {
method Warn (line 28) | func (s *ScalibrAdapter) Warn(args ...any) {
method Infof (line 32) | func (s *ScalibrAdapter) Infof(format string, args ...any) {
method Info (line 36) | func (s *ScalibrAdapter) Info(args ...any) {
method Debugf (line 40) | func (s *ScalibrAdapter) Debugf(format string, args ...any) {
method Debug (line 44) | func (s *ScalibrAdapter) Debug(args ...any) {
FILE: internal/cmdlogger/static.go
function SetHasErrored (line 5) | func SetHasErrored() {
function HasErrored (line 17) | func HasErrored() bool {
function SetLevel (line 27) | func SetLevel(level slog.Leveler) {
FILE: internal/config/config.go
type Config (line 15) | type Config struct
method UnusedIgnoredVulns (line 78) | func (c *Config) UnusedIgnoredVulns() []*IgnoreEntry {
method ShouldIgnore (line 90) | func (c *Config) ShouldIgnore(vulnID string) (bool, *IgnoreEntry) {
method filterPackageVersionEntries (line 100) | func (c *Config) filterPackageVersionEntries(pkg *extractor.Package, c...
method ShouldIgnorePackage (line 113) | func (c *Config) ShouldIgnorePackage(pkg *extractor.Package) (bool, Pa...
method ShouldIgnorePackageVulnerabilities (line 120) | func (c *Config) ShouldIgnorePackageVulnerabilities(pkg *extractor.Pac...
method ShouldOverridePackageLicense (line 129) | func (c *Config) ShouldOverridePackageLicense(pkg *extractor.Package) ...
method warnAboutDuplicates (line 145) | func (c *Config) warnAboutDuplicates() {
type IgnoreEntry (line 24) | type IgnoreEntry struct
method MarkAsUsed (line 32) | func (ie *IgnoreEntry) MarkAsUsed() {
type PackageOverrideEntry (line 36) | type PackageOverrideEntry struct
method matches (line 49) | func (e PackageOverrideEntry) matches(pkg *extractor.Package) bool {
type Vulnerability (line 69) | type Vulnerability struct
type License (line 73) | type License struct
function shouldIgnoreTimestamp (line 135) | func shouldIgnoreTimestamp(ignoreUntil time.Time) bool {
FILE: internal/config/config_internal_test.go
function normalizeFilePaths (line 21) | func normalizeFilePaths(t *testing.T, output string) string {
function Test_normalizeConfigLoadPath (line 27) | func Test_normalizeConfigLoadPath(t *testing.T) {
function Test_tryLoadConfig (line 106) | func Test_tryLoadConfig(t *testing.T) {
function TestTryLoadConfig_UnknownKeys (line 190) | func TestTryLoadConfig_UnknownKeys(t *testing.T) {
function TestConfig_ShouldIgnore (line 246) | func TestConfig_ShouldIgnore(t *testing.T) {
function TestConfig_ShouldIgnorePackage (line 360) | func TestConfig_ShouldIgnorePackage(t *testing.T) {
function TestConfig_ShouldIgnorePackageVulnerabilities (line 870) | func TestConfig_ShouldIgnorePackageVulnerabilities(t *testing.T) {
function TestConfig_ShouldOverridePackageLicense (line 958) | func TestConfig_ShouldOverridePackageLicense(t *testing.T) {
FILE: internal/config/manager.go
type Manager (line 14) | type Manager struct
method UseOverride (line 25) | func (m *Manager) UseOverride(configPath string) error {
method Get (line 36) | func (m *Manager) Get(targetPath string) Config {
method GetUnusedIgnoreEntries (line 70) | func (m *Manager) GetUnusedIgnoreEntries() map[string][]*IgnoreEntry {
function normalizeConfigLoadPath (line 93) | func normalizeConfigLoadPath(target string) (string, error) {
function tryLoadConfig (line 112) | func tryLoadConfig(configPath string) (Config, error) {
FILE: internal/datasource/cache.go
constant cacheExpiry (line 12) | cacheExpiry = 6 * time.Hour
function gobMarshal (line 14) | func gobMarshal(v any) ([]byte, error) {
function gobUnmarshal (line 26) | func gobUnmarshal(b []byte, v any) error {
type requestCacheCall (line 31) | type requestCacheCall struct
type RequestCache (line 38) | type RequestCache struct
function NewRequestCache (line 44) | func NewRequestCache[K comparable, V any]() *RequestCache[K, V] {
method Get (line 53) | func (rq *RequestCache[K, V]) Get(key K, fn func() (V, error)) (V, error) {
method GetMap (line 96) | func (rq *RequestCache[K, V]) GetMap() map[K]V {
method SetMap (line 104) | func (rq *RequestCache[K, V]) SetMap(m map[K]V) {
FILE: internal/datasource/cache_test.go
function TestRequestCache (line 12) | func TestRequestCache(t *testing.T) {
function TestRequestCacheSetMap (line 58) | func TestRequestCacheSetMap(t *testing.T) {
FILE: internal/datasource/http_auth.go
type HTTPAuthMethod (line 17) | type HTTPAuthMethod
constant AuthBasic (line 20) | AuthBasic HTTPAuthMethod = iota
constant AuthBearer (line 21) | AuthBearer
constant AuthDigest (line 22) | AuthDigest
type HTTPAuthentication (line 28) | type HTTPAuthentication struct
method Get (line 51) | func (auth *HTTPAuthentication) Get(ctx context.Context, httpClient *h...
method authIndex (line 141) | func (auth *HTTPAuthentication) authIndex(wwwAuth []string, authScheme...
method addBasic (line 148) | func (auth *HTTPAuthentication) addBasic(req *http.Request) bool {
method addBearer (line 165) | func (auth *HTTPAuthentication) addBearer(req *http.Request) bool {
method addDigest (line 175) | func (auth *HTTPAuthentication) addDigest(req *http.Request, challenge...
method parseChallenge (line 251) | func (auth *HTTPAuthentication) parseChallenge(challenge string) map[s...
method cnonce (line 287) | func (auth *HTTPAuthentication) cnonce() string {
FILE: internal/datasource/http_auth_test.go
type mockTransport (line 11) | type mockTransport struct
method RoundTrip (line 17) | func (mt *mockTransport) RoundTrip(req *http.Request) (*http.Response,...
function TestHTTPAuthentication (line 32) | func TestHTTPAuthentication(t *testing.T) {
FILE: internal/datasource/insights.go
type CachedInsightsClient (line 16) | type CachedInsightsClient struct
method GetPackage (line 79) | func (c *CachedInsightsClient) GetPackage(ctx context.Context, in *pb....
method GetVersion (line 85) | func (c *CachedInsightsClient) GetVersion(ctx context.Context, in *pb....
method GetRequirements (line 91) | func (c *CachedInsightsClient) GetRequirements(ctx context.Context, in...
type packageKey (line 28) | type packageKey struct
function makePackageKey (line 33) | func makePackageKey(k *pb.PackageKey) packageKey {
type versionKey (line 40) | type versionKey struct
function makeVersionKey (line 46) | func makeVersionKey(k *pb.VersionKey) versionKey {
function NewCachedInsightsClient (line 54) | func NewCachedInsightsClient(addr string, userAgent string) (*CachedInsi...
FILE: internal/datasource/insights_cache.go
type depsdevAPICache (line 10) | type depsdevAPICache struct
function protoMarshalCache (line 17) | func protoMarshalCache[K comparable, V proto.Message](protoMap map[K]V) ...
function protoUnmarshalCache (line 30) | func protoUnmarshalCache[K comparable, V any, PV interface {
method GobEncode (line 46) | func (c *CachedInsightsClient) GobEncode() ([]byte, error) {
method GobDecode (line 74) | func (c *CachedInsightsClient) GobDecode(b []byte) error {
FILE: internal/datasource/insightsalpha.go
function NewInsightsAlphaClient (line 13) | func NewInsightsAlphaClient(addr string, userAgent string) (pb.InsightsC...
FILE: internal/datasource/maven_registry.go
constant MavenCentral (line 22) | MavenCentral = "https://repo.maven.apache.org/maven2"
type MavenRegistryAPIClient (line 26) | type MavenRegistryAPIClient struct
method WithoutRegistries (line 77) | func (m *MavenRegistryAPIClient) WithoutRegistries() *MavenRegistryAPI...
method AddRegistry (line 87) | func (m *MavenRegistryAPIClient) AddRegistry(registry MavenRegistry) e...
method GetRegistries (line 105) | func (m *MavenRegistryAPIClient) GetRegistries() (registries []MavenRe...
method GetProject (line 114) | func (m *MavenRegistryAPIClient) GetProject(ctx context.Context, group...
method GetVersions (line 159) | func (m *MavenRegistryAPIClient) GetVersions(ctx context.Context, grou...
method getProject (line 175) | func (m *MavenRegistryAPIClient) getProject(ctx context.Context, regis...
method getVersionMetadata (line 190) | func (m *MavenRegistryAPIClient) getVersionMetadata(ctx context.Contex...
method getArtifactMetadata (line 202) | func (m *MavenRegistryAPIClient) getArtifactMetadata(ctx context.Conte...
method get (line 213) | func (m *MavenRegistryAPIClient) get(ctx context.Context, auth *HTTPAu...
type response (line 37) | type response struct
type MavenRegistry (line 42) | type MavenRegistry struct
function NewMavenRegistryAPIClient (line 52) | func NewMavenRegistryAPIClient(registry MavenRegistry) (*MavenRegistryAP...
function NewMavenDecoder (line 245) | func NewMavenDecoder(reader io.Reader) *xml.Decoder {
FILE: internal/datasource/maven_registry_cache.go
type mavenRegistryCache (line 7) | type mavenRegistryCache struct
method GobEncode (line 12) | func (m *MavenRegistryAPIClient) GobEncode() ([]byte, error) {
method GobDecode (line 29) | func (m *MavenRegistryAPIClient) GobDecode(b []byte) error {
FILE: internal/datasource/maven_registry_test.go
function TestMavenRegistryAPIClient_GetProject (line 12) | func TestMavenRegistryAPIClient_GetProject(t *testing.T) {
function TestGetProjectSnapshot (line 41) | func TestGetProjectSnapshot(t *testing.T) {
function TestGetArtifactMetadata (line 95) | func TestGetArtifactMetadata(t *testing.T) {
function TestGetVersionMetadata (line 143) | func TestGetVersionMetadata(t *testing.T) {
function TestMultipleRegistry (line 211) | func TestMultipleRegistry(t *testing.T) {
FILE: internal/datasource/maven_settings.go
type MavenSettingsXML (line 18) | type MavenSettingsXML struct
type MavenSettingsXMLServer (line 22) | type MavenSettingsXMLServer struct
function ParseMavenSettings (line 28) | func ParseMavenSettings(path string) MavenSettingsXML {
function globalMavenSettingsFile (line 70) | func globalMavenSettingsFile() string {
function userMavenSettingsFile (line 91) | func userMavenSettingsFile() string {
function MakeMavenAuth (line 103) | func MakeMavenAuth(globalSettings, userSettings MavenSettingsXML) map[st...
FILE: internal/datasource/maven_settings_test.go
function TestParseMavenSettings (line 11) | func TestParseMavenSettings(t *testing.T) {
function TestMakeMavenAuth (line 43) | func TestMakeMavenAuth(t *testing.T) {
FILE: internal/datasource/npm_registry.go
type NpmRegistryAPIClient (line 17) | type NpmRegistryAPIClient struct
method Versions (line 52) | func (c *NpmRegistryAPIClient) Versions(ctx context.Context, pkg strin...
method Dependencies (line 73) | func (c *NpmRegistryAPIClient) Dependencies(ctx context.Context, pkg, ...
method FullJSON (line 86) | func (c *NpmRegistryAPIClient) FullJSON(ctx context.Context, pkg, vers...
method get (line 90) | func (c *NpmRegistryAPIClient) get(ctx context.Context, urlComponents ...
method getPackageDetails (line 111) | func (c *NpmRegistryAPIClient) getPackageDetails(ctx context.Context, ...
type npmRegistryPackageDetails (line 29) | type npmRegistryPackageDetails struct
function NewNpmRegistryAPIClient (line 35) | func NewNpmRegistryAPIClient(workdir string) (*NpmRegistryAPIClient, err...
type NpmRegistryVersions (line 47) | type NpmRegistryVersions struct
type NpmRegistryDependencies (line 64) | type NpmRegistryDependencies struct
function jsonToStringSlice (line 136) | func jsonToStringSlice(v gjson.Result) []string {
function jsonToStringMap (line 149) | func jsonToStringMap(v gjson.Result) map[string]string {
FILE: internal/datasource/npm_registry_cache.go
type npmRegistryCache (line 9) | type npmRegistryCache struct
method GobEncode (line 15) | func (c *NpmRegistryAPIClient) GobEncode() ([]byte, error) {
method GobDecode (line 36) | func (c *NpmRegistryAPIClient) GobDecode(b []byte) error {
FILE: internal/datasource/npm_registry_test.go
function TestNpmRegistryClient (line 16) | func TestNpmRegistryClient(t *testing.T) {
FILE: internal/datasource/npmrc.go
type NpmrcConfig (line 19) | type NpmrcConfig
function loadNpmrc (line 21) | func loadNpmrc(workdir string) (NpmrcConfig, error) {
function envVarNpmrc (line 88) | func envVarNpmrc() ([]byte, error) {
function builtinNpmrc (line 112) | func builtinNpmrc() string {
type NpmRegistryAuths (line 133) | type NpmRegistryAuths
method GetAuth (line 135) | func (auths NpmRegistryAuths) GetAuth(uri string) *HTTPAuthentication {
function urlPathEscapeLower (line 165) | func urlPathEscapeLower(s string) string {
type NpmRegistryConfig (line 172) | type NpmRegistryConfig struct
method MakeRequest (line 188) | func (r NpmRegistryConfig) MakeRequest(ctx context.Context, httpClient...
function LoadNpmRegistryConfig (line 177) | func LoadNpmRegistryConfig(workdir string) (NpmRegistryConfig, error) {
function ParseNpmRegistryInfo (line 217) | func ParseNpmRegistryInfo(npmrc NpmrcConfig) NpmRegistryConfig {
FILE: internal/datasource/npmrc_test.go
function createTempNpmrc (line 19) | func createTempNpmrc(t *testing.T, filename string) string {
function writeToNpmrc (line 32) | func writeToNpmrc(t *testing.T, file string, lines ...string) {
type testNpmrcFiles (line 46) | type testNpmrcFiles struct
function makeBlankNpmrcFiles (line 52) | func makeBlankNpmrcFiles(t *testing.T) testNpmrcFiles {
function checkNpmRegistryRequest (line 63) | func checkNpmRegistryRequest(t *testing.T, config datasource.NpmRegistry...
function TestLoadNpmRegistryConfig_WithNoRegistries (line 86) | func TestLoadNpmRegistryConfig_WithNoRegistries(t *testing.T) {
function TestLoadNpmRegistryConfig_WithAuth (line 103) | func TestLoadNpmRegistryConfig_WithAuth(t *testing.T) {
function TestLoadNpmRegistryConfig_WithOverrides (line 128) | func TestLoadNpmRegistryConfig_WithOverrides(t *testing.T) {
function TestNpmRegistryAuths (line 183) | func TestNpmRegistryAuths(t *testing.T) {
FILE: internal/depsdev/depsdev.go
constant DepsdevAPI (line 12) | DepsdevAPI = "api.deps.dev:443"
FILE: internal/grouper/grouper.go
function hasAliasIntersection (line 13) | func hasAliasIntersection(v1, v2 IDAliases) bool {
function Group (line 25) | func Group(vulns []IDAliases) []models.GroupInfo {
FILE: internal/grouper/grouper_models.go
type IDAliases (line 11) | type IDAliases struct
function ConvertVulnerabilityToIDAliases (line 16) | func ConvertVulnerabilityToIDAliases(c []*osvschema.Vulnerability) []IDA...
FILE: internal/grouper/grouper_test.go
function TestGroup (line 11) | func TestGroup(t *testing.T) {
FILE: internal/identifiers/identifiers.go
function MostUpstreamsOrder (line 12) | func MostUpstreamsOrder(a, b *osvschema.Vulnerability) int {
function prefixOrder (line 22) | func prefixOrder(prefix string) int {
function prefixOrderForDescription (line 38) | func prefixOrderForDescription(prefix string) int {
function idSort (line 49) | func idSort(a, b string, prefixOrd func(string) int) int {
function IDSortFunc (line 63) | func IDSortFunc(a, b string) int {
function IDSortFuncForDescription (line 68) | func IDSortFuncForDescription(a, b string) int {
FILE: internal/identifiers/identifiers_test.go
function Test_idSortFunc (line 8) | func Test_idSortFunc(t *testing.T) {
function Test_idSortFuncUsage (line 46) | func Test_idSortFuncUsage(t *testing.T) {
FILE: internal/imodels/imodels.go
function toCachedPackageInfo (line 36) | func toCachedPackageInfo(pkg *extractor.Package) *models.PackageInfo {
function Name (line 63) | func Name(pkg *extractor.Package) string {
function Ecosystem (line 111) | func Ecosystem(pkg *extractor.Package) osvecosystem.Parsed {
function Version (line 138) | func Version(pkg *extractor.Package) string {
function Location (line 167) | func Location(pkg *extractor.Package) string {
function Commit (line 171) | func Commit(pkg *extractor.Package) string {
function SourceType (line 179) | func SourceType(pkg *extractor.Package) models.SourceType {
function DepGroups (line 197) | func DepGroups(pkg *extractor.Package) []string {
function OSPackageName (line 205) | func OSPackageName(pkg *extractor.Package) string {
FILE: internal/imodels/imodels_test.go
function Test_Name (line 10) | func Test_Name(t *testing.T) {
FILE: internal/imodels/results/scanresults.go
type ScanResults (line 13) | type ScanResults struct
FILE: internal/output/cyclonedx.go
function PrintCycloneDXResults (line 15) | func PrintCycloneDXResults(vulnResult *models.VulnerabilityResults, cycl...
FILE: internal/output/cyclonedx_test.go
function testCycloneDXResults (line 12) | func testCycloneDXResults(t *testing.T, version models.CycloneDXVersion,...
function TestPrintCycloneDXResults (line 25) | func TestPrintCycloneDXResults(t *testing.T) {
FILE: internal/output/form.go
function Form (line 4) | func Form(count int, singular, plural string) string {
FILE: internal/output/form_test.go
function TestForm (line 9) | func TestForm(t *testing.T) {
FILE: internal/output/githubannotation.go
function createSourceRemediationTable (line 14) | func createSourceRemediationTable(source models.PackageSource, groupedFi...
function createDeprecationTable (line 40) | func createDeprecationTable(source models.PackageSource) (table.Writer, ...
function PrintGHAnnotationReport (line 60) | func PrintGHAnnotationReport(vulnResult *models.VulnerabilityResults, ou...
FILE: internal/output/githubannotation_test.go
function TestPrintGHAnnotationReport_WithVulnerabilities (line 11) | func TestPrintGHAnnotationReport_WithVulnerabilities(t *testing.T) {
function TestPrintGHAnnotationReport_WithLicenseViolations (line 28) | func TestPrintGHAnnotationReport_WithLicenseViolations(t *testing.T) {
function TestPrintGHAnnotationReport_WithMixedIssues (line 45) | func TestPrintGHAnnotationReport_WithMixedIssues(t *testing.T) {
FILE: internal/output/helpers_test.go
type outputTestCaseArgs (line 18) | type outputTestCaseArgs struct
type outputTestCase (line 22) | type outputTestCase struct
type pkginfo (line 29) | type pkginfo struct
function resolvePURLType (line 40) | func resolvePURLType(eco string) string {
function newPackageInfo (line 53) | func newPackageInfo(source string, pi pkginfo) models.PackageInfo {
function testOutputWithVulnerabilities (line 74) | func testOutputWithVulnerabilities(t *testing.T, run outputTestRunner) {
function testOutputWithLicenseViolations (line 1359) | func testOutputWithLicenseViolations(t *testing.T, run outputTestRunner) {
function testOutputWithMixedIssues (line 2044) | func testOutputWithMixedIssues(t *testing.T, run outputTestRunner) {
FILE: internal/output/html.go
constant TemplateDir (line 15) | TemplateDir = "html/*"
function uniqueIndex (line 24) | func uniqueIndex(index *int) func() int {
function formatSlice (line 31) | func formatSlice(slice []string) string {
function formatLicense (line 35) | func formatLicense(slice []models.License) string {
function formatRating (line 44) | func formatRating(rating severity.Rating) string {
type VulnTableEntryArgument (line 48) | type VulnTableEntryArgument struct
function buildVulnTableEntryArgument (line 53) | func buildVulnTableEntryArgument(element VulnResult, isHidden bool) Vuln...
function hasOSResult (line 60) | func hasOSResult(ecosystems []EcosystemResult) bool {
function PrintHTMLResults (line 70) | func PrintHTMLResults(vulnResult *models.VulnerabilityResults, outputWri...
FILE: internal/output/html/script.js
function toggleDetails (line 4) | function toggleDetails(summaryID) {
function quickFilterByLayer (line 14) | function quickFilterByLayer(DiffID, layerCommand) {
function showBaseImageLayer (line 21) | function showBaseImageLayer(imageID) {
function showPackageDetails (line 33) | function showPackageDetails(detailsId) {
function openVulnInNewTab (line 43) | function openVulnInNewTab(inputString) {
function closeVulnTab (line 112) | function closeVulnTab(inputString) {
function openTab (line 133) | function openTab(activeTabId) {
function hideAllFilterOptions (line 145) | function hideAllFilterOptions() {
function toggleFilter (line 153) | function toggleFilter(input) {
function showAndHideParentSections (line 166) | function showAndHideParentSections() {
function showAllVulns (line 215) | function showAllVulns() {
function applyFilters (line 225) | function applyFilters(selectedTypeFilterValue, selectedLayerFilterValue) {
function applyTypeFilter (line 233) | function applyTypeFilter(selectedValue) {
function applyLayerFilter (line 259) | function applyLayerFilter(selectedLayerID) {
function updateTypeFilterText (line 273) | function updateTypeFilterText() {
function resetFilterText (line 320) | function resetFilterText() {
function resetSearchText (line 355) | function resetSearchText() {
function resetTypeCheckbox (line 363) | function resetTypeCheckbox() {
FILE: internal/output/html_test.go
function TestPrintHTMLResults_WithVulnerabilities (line 10) | func TestPrintHTMLResults_WithVulnerabilities(t *testing.T) {
function TestPrintHTMLResults_WithLicenseViolations (line 25) | func TestPrintHTMLResults_WithLicenseViolations(t *testing.T) {
function TestPrintHTMLResults_WithMixedIssues (line 40) | func TestPrintHTMLResults_WithMixedIssues(t *testing.T) {
FILE: internal/output/machinejson.go
function PrintJSONResults (line 11) | func PrintJSONResults(vulnResult *models.VulnerabilityResults, outputWri...
FILE: internal/output/machinejson_test.go
function TestPrintJSONResults_WithVulnerabilities (line 11) | func TestPrintJSONResults_WithVulnerabilities(t *testing.T) {
function TestPrintJSONResults_WithLicenseViolations (line 28) | func TestPrintJSONResults_WithLicenseViolations(t *testing.T) {
function TestPrintJSONResults_WithMixedIssues (line 45) | func TestPrintJSONResults_WithMixedIssues(t *testing.T) {
FILE: internal/output/markdowntable.go
function PrintMarkdownTableResults (line 14) | func PrintMarkdownTableResults(vulnResult *models.VulnerabilityResults, ...
FILE: internal/output/markdowntable_test.go
function TestPrintMarkdownTableResults_WithVulnerabilities (line 11) | func TestPrintMarkdownTableResults_WithVulnerabilities(t *testing.T) {
function TestPrintMarkdownTableResults_WithLicenseViolations (line 24) | func TestPrintMarkdownTableResults_WithLicenseViolations(t *testing.T) {
function TestPrintMarkdownTableResults_WithMixedIssues (line 37) | func TestPrintMarkdownTableResults_WithMixedIssues(t *testing.T) {
FILE: internal/output/output_result.go
type Result (line 25) | type Result struct
type EcosystemResult (line 38) | type EcosystemResult struct
type SourceResult (line 45) | type SourceResult struct
type PackageResult (line 56) | type PackageResult struct
type VulnResult (line 76) | type VulnResult struct
type ImageInfo (line 89) | type ImageInfo struct
type LicenseSummary (line 95) | type LicenseSummary struct
type PackageContainerInfo (line 102) | type PackageContainerInfo struct
type BaseImageGroupInfo (line 108) | type BaseImageGroupInfo struct
type LayerInfo (line 115) | type LayerInfo struct
type VulnTypeSummary (line 123) | type VulnTypeSummary struct
type VulnCount (line 131) | type VulnCount struct
method Add (line 641) | func (v *VulnCount) Add(other VulnCount) {
type SeverityCount (line 139) | type SeverityCount struct
method Add (line 648) | func (c *SeverityCount) Add(other SeverityCount) {
type AnalysisCount (line 148) | type AnalysisCount struct
method Add (line 657) | func (c *AnalysisCount) Add(other AnalysisCount) {
type FixableCount (line 154) | type FixableCount struct
method Add (line 663) | func (c *FixableCount) Add(other FixableCount) {
type VulnAnalysisType (line 159) | type VulnAnalysisType
method String (line 668) | func (vt VulnAnalysisType) String() string {
constant VulnTypeRegular (line 162) | VulnTypeRegular VulnAnalysisType = iota
constant VulnTypeUncalled (line 163) | VulnTypeUncalled
constant VulnTypeUnimportant (line 164) | VulnTypeUnimportant
constant UnfixedDescription (line 167) | UnfixedDescription = "No fix available"
constant VersionUnsupported (line 168) | VersionUnsupported = "N/A"
function PrintResults (line 175) | func PrintResults(vulnResult *models.VulnerabilityResults, outputWriter ...
function BuildResults (line 188) | func BuildResults(vulnResult *models.VulnerabilityResults) Result {
function buildResult (line 214) | func buildResult(ecosystemMap map[string][]SourceResult, resultCount Vul...
function populateResultWithImageMetadata (line 275) | func populateResultWithImageMetadata(result *Result, imageMetadata model...
function buildBaseImages (line 344) | func buildBaseImages(baseImages [][]models.BaseImageDetails) []BaseImage...
function buildLayers (line 356) | func buildLayers(layerMetadata []models.LayerMetadata) []LayerInfo {
function processSource (line 369) | func processSource(packageSource models.PackageSource) map[string]Source...
function processPackage (line 460) | func processPackage(vulnPkg models.PackageVulns) PackageResult {
function processVulnGroups (line 496) | func processVulnGroups(vulnPkg models.PackageVulns) (map[string]VulnResu...
function updateVuln (line 539) | func updateVuln(vulnMap map[string]VulnResult, vulnPkg models.PackageVul...
function getVulnList (line 554) | func getVulnList(vulnMap map[string]VulnResult) []VulnResult {
function getNextFixVersion (line 570) | func getNextFixVersion(allAffected []*osvschema.Affected, installedVersi...
function calculatePackageFixedVersion (line 605) | func calculatePackageFixedVersion(ecosystem string, allVulns []VulnResul...
function getFilteredVulnReasons (line 681) | func getFilteredVulnReasons(vulns []VulnResult) string {
function getBaseImageName (line 699) | func getBaseImageName(baseImageInfo BaseImageGroupInfo) string {
function increaseSeverityCount (line 707) | func increaseSeverityCount(severityCount SeverityCount, severityType sev...
function isOSEcosystem (line 724) | func isOSEcosystem(ecosystem string) bool {
function getVulnTypeSummary (line 734) | func getVulnTypeSummary(result []EcosystemResult) VulnTypeSummary {
function getPackageTypeCount (line 753) | func getPackageTypeCount(result []EcosystemResult) AnalysisCount {
function calculateCount (line 768) | func calculateCount(regularVulnList, hiddenVulnList []VulnResult) VulnCo...
function formatLayerCommand (line 788) | func formatLayerCommand(command string) []string {
function cleanupSpaces (line 805) | func cleanupSpaces(s string) string {
function printSummary (line 813) | func printSummary(result Result, out io.Writer) {
function printPkgDeprecatedSummary (line 839) | func printPkgDeprecatedSummary(result Result, out io.Writer) {
function getInstalledVersionOrCommit (line 845) | func getInstalledVersionOrCommit(pkg PackageResult) string {
function isOSResult (line 854) | func isOSResult(sourceType models.SourceType) bool {
function containsOSResult (line 858) | func containsOSResult(result Result) bool {
function ecosystemHasRegVuln (line 870) | func ecosystemHasRegVuln(ecosystem EcosystemResult) bool {
function removeVariants (line 880) | func removeVariants(ecosystem string) string {
function formatHiddenVulnsPrompt (line 889) | func formatHiddenVulnsPrompt(hiddenVulns int) string {
function GetContainerScanningHeader (line 893) | func GetContainerScanningHeader(result Result) string {
FILE: internal/output/output_result_test.go
function TestPrintOutputResults_WithVulnerabilities (line 11) | func TestPrintOutputResults_WithVulnerabilities(t *testing.T) {
FILE: internal/output/result.go
type pkgWithSource (line 19) | type pkgWithSource struct
type pkgSourceSet (line 25) | type pkgSourceSet
method StableKeys (line 28) | func (pss *pkgSourceSet) StableKeys() []pkgWithSource {
method MarshalJSON (line 49) | func (pss *pkgSourceSet) MarshalJSON() ([]byte, error) {
method UnmarshalJSON (line 59) | func (pss *pkgSourceSet) UnmarshalJSON(data []byte) error {
function mustGetWorkingDirectory (line 74) | func mustGetWorkingDirectory() string {
function groupFixedVersions (line 85) | func groupFixedVersions(flattened []models.VulnerabilityFlattened) map[s...
type groupedSARIFFinding (line 115) | type groupedSARIFFinding struct
method UnmarshalJSON (line 129) | func (g *groupedSARIFFinding) UnmarshalJSON(data []byte) error {
method MarshalJSON (line 166) | func (g *groupedSARIFFinding) MarshalJSON() ([]byte, error) {
function mapIDsToGroupedSARIFFinding (line 205) | func mapIDsToGroupedSARIFFinding(vulnResults *models.VulnerabilityResult...
FILE: internal/output/result_test.go
function Test_groupFixedVersions (line 10) | func Test_groupFixedVersions(t *testing.T) {
function Test_mapIDsToGroupedSARIFFinding (line 49) | func Test_mapIDsToGroupedSARIFFinding(t *testing.T) {
FILE: internal/output/sarif.go
type HelpTemplateData (line 26) | type HelpTemplateData struct
type FixedPkgTableData (line 36) | type FixedPkgTableData struct
type VulnDescription (line 41) | type VulnDescription struct
constant SARIFTemplate (line 50) | SARIFTemplate = `
function createSARIFAffectedPkgTable (line 104) | func createSARIFAffectedPkgTable(pkgWithSrc []pkgWithSource) table.Writer {
function createSARIFFixedPkgTable (line 141) | func createSARIFFixedPkgTable(fixedPkgTableData []FixedPkgTableData) tab...
function stripGitHubWorkspace (line 161) | func stripGitHubWorkspace(path string) string {
function createSARIFFingerprint (line 179) | func createSARIFFingerprint(vulnID string, artifactPath string, pkg mode...
function createSARIFHelpText (line 191) | func createSARIFHelpText(gv *groupedSARIFFinding) string {
function PrintSARIFReport (line 253) | func PrintSARIFReport(vulnResult *models.VulnerabilityResults, outputWri...
FILE: internal/output/sarif_fingerprint_test.go
function Test_createSARIFFingerprint (line 22) | func Test_createSARIFFingerprint(t *testing.T) {
function Test_createSARIFFingerprint_DifferentInputs (line 52) | func Test_createSARIFFingerprint_DifferentInputs(t *testing.T) {
FILE: internal/output/sarif_internal_test.go
function Test_createSARIFHelpText (line 9) | func Test_createSARIFHelpText(t *testing.T) {
FILE: internal/output/sarif_test.go
function TestPrintSARIFReport (line 14) | func TestPrintSARIFReport(t *testing.T) {
function TestPrintSARIFReport_WithVulnerabilities (line 53) | func TestPrintSARIFReport_WithVulnerabilities(t *testing.T) {
function TestPrintSARIFReport_WithLicenseViolations (line 74) | func TestPrintSARIFReport_WithLicenseViolations(t *testing.T) {
function TestPrintSARIFReport_WithMixedIssues (line 95) | func TestPrintSARIFReport_WithMixedIssues(t *testing.T) {
function buildJSONSarifReport (line 116) | func buildJSONSarifReport(t *testing.T, res *models.VulnerabilityResults...
FILE: internal/output/sbom/cyclonedx_1_4.go
function ToCycloneDX14Bom (line 10) | func ToCycloneDX14Bom(uniquePackages map[string]models.PackageVulns) *cy...
FILE: internal/output/sbom/cyclonedx_1_5.go
function ToCycloneDX15Bom (line 8) | func ToCycloneDX15Bom(uniquePackages map[string]models.PackageVulns) *cy...
FILE: internal/output/sbom/cyclonedx_1_6.go
function ToCycloneDX16Bom (line 8) | func ToCycloneDX16Bom(uniquePackages map[string]models.PackageVulns) *cy...
FILE: internal/output/sbom/cyclonedx_common.go
function buildCycloneDXBom (line 14) | func buildCycloneDXBom(uniquePackages map[string]models.PackageVulns) *c...
function fillLicenses (line 55) | func fillLicenses(component *cyclonedx.Component, packageDetail models.P...
function addVulnerabilities (line 68) | func addVulnerabilities(vulnerabilities map[string]cyclonedx.Vulnerabili...
function addDeprecatedProperty (line 92) | func addDeprecatedProperty(component *cyclonedx.Component, packageDetail...
function formatDateIfExists (line 105) | func formatDateIfExists(ts *timestamppb.Timestamp) string {
function buildCredits (line 117) | func buildCredits(vulnerability *osvschema.Vulnerability) *cyclonedx.Cre...
function buildAffectedPackages (line 132) | func buildAffectedPackages(vulnerability *osvschema.Vulnerability) *[]cy...
function buildRatings (line 149) | func buildRatings(vulnerability *osvschema.Vulnerability) *[]cyclonedx.V...
function buildReferences (line 161) | func buildReferences(vulnerability *osvschema.Vulnerability) *[]cycloned...
function buildAdvisories (line 174) | func buildAdvisories(vulnerability *osvschema.Vulnerability) *[]cycloned...
FILE: internal/output/sbom/models.go
type CycloneDXBomCreator (line 16) | type CycloneDXBomCreator
constant cycloneDx14Schema (line 19) | cycloneDx14Schema = "http://cyclonedx.org/schema/bom-1.4.schema.json"
constant cycloneDx15Schema (line 20) | cycloneDx15Schema = "http://cyclonedx.org/schema/bom-1.5.schema.json"
constant cycloneDx16Schema (line 21) | cycloneDx16Schema = "http://cyclonedx.org/schema/bom-1.6.schema.json"
constant libraryComponentType (line 24) | libraryComponentType = "library"
FILE: internal/output/spdx.go
function PrintSPDXResults (line 13) | func PrintSPDXResults(vulnResult *models.VulnerabilityResults, outputWri...
FILE: internal/output/spdx_test.go
function normalizeSPDXOutput (line 13) | func normalizeSPDXOutput(t *testing.T, str string) string {
function TestPrintSPDXResults_WithVulnerabilities (line 23) | func TestPrintSPDXResults_WithVulnerabilities(t *testing.T) {
function TestPrintSPDXResults_WithLicenseViolations (line 40) | func TestPrintSPDXResults_WithLicenseViolations(t *testing.T) {
function TestPrintSPDXResults_WithMixedIssues (line 57) | func TestPrintSPDXResults_WithMixedIssues(t *testing.T) {
FILE: internal/output/table.go
constant OSVBaseVulnerabilityURL (line 22) | OSVBaseVulnerabilityURL = "https://osv.dev/"
function PrintTableResults (line 25) | func PrintTableResults(vulnResult *models.VulnerabilityResults, outputWr...
function newTable (line 65) | func newTable(outputWriter io.Writer, terminalWidth int) table.Writer {
function tableBuilder (line 82) | func tableBuilder(outputTable table.Writer, result Result, showAllVulns ...
function printSummaryResult (line 114) | func printSummaryResult(result Result, outputWriter io.Writer, terminalW...
function printLicenseSummary (line 262) | func printLicenseSummary(licenseSummary LicenseSummary, outputWriter io....
type tbInnerResponse (line 274) | type tbInnerResponse struct
function tableBuilderInner (line 279) | func tableBuilderInner(result Result, vulnAnalysisType VulnAnalysisType)...
function MaxSeverity (line 366) | func MaxSeverity(group models.GroupInfo, pkg models.PackageVulns) string {
function buildLicenseSummaryTable (line 386) | func buildLicenseSummaryTable(outputWriter io.Writer, terminalWidth int,...
function licenseSummaryTableBuilder (line 395) | func licenseSummaryTableBuilder(outputTable table.Writer, vulnResult *mo...
function buildLicenseViolationsTable (line 404) | func buildLicenseViolationsTable(outputWriter io.Writer, terminalWidth i...
function licenseViolationsTableBuilder (line 414) | func licenseViolationsTableBuilder(outputTable table.Writer, vulnResult ...
function buildDeprecatedPackagesTable (line 443) | func buildDeprecatedPackagesTable(outputWriter io.Writer, terminalWidth ...
function deprecatedPackagesTableBuilder (line 453) | func deprecatedPackagesTableBuilder(outputTable table.Writer, vulnResult...
function formatBinaryPackages (line 478) | func formatBinaryPackages(slice []string) string {
FILE: internal/output/table_test.go
function TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities (line 12) | func TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities(t *...
function TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations (line 25) | func TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations(t...
function TestPrintTableResults_StandardTerminalWidth_WithMixedIssues (line 38) | func TestPrintTableResults_StandardTerminalWidth_WithMixedIssues(t *test...
function TestPrintTableResults_LongTerminalWidth_WithVulnerabilities (line 51) | func TestPrintTableResults_LongTerminalWidth_WithVulnerabilities(t *test...
function TestPrintTableResults_LongTerminalWidth_WithLicenseViolations (line 64) | func TestPrintTableResults_LongTerminalWidth_WithLicenseViolations(t *te...
function TestPrintTableResults_LongTerminalWidth_WithMixedIssues (line 77) | func TestPrintTableResults_LongTerminalWidth_WithMixedIssues(t *testing....
function TestPrintTableResults_NoTerminalWidth_WithVulnerabilities (line 90) | func TestPrintTableResults_NoTerminalWidth_WithVulnerabilities(t *testin...
function TestPrintTableResults_NoTerminalWidth_WithLicenseViolations (line 103) | func TestPrintTableResults_NoTerminalWidth_WithLicenseViolations(t *test...
function TestPrintTableResults_NoTerminalWidth_WithMixedIssues (line 116) | func TestPrintTableResults_NoTerminalWidth_WithMixedIssues(t *testing.T) {
FILE: internal/output/testmain_test.go
function TestMain (line 9) | func TestMain(m *testing.M) {
FILE: internal/output/vertical.go
function PrintVerticalResults (line 14) | func PrintVerticalResults(vulnResult *models.VulnerabilityResults, outpu...
function printVerticalLicenseSummary (line 57) | func printVerticalLicenseSummary(licenseSummary LicenseSummary, out io.W...
function printVerticalLicenseViolations (line 66) | func printVerticalLicenseViolations(source SourceResult, out io.Writer) {
function printVerticalPkgDeprecatedSummary (line 108) | func printVerticalPkgDeprecatedSummary(source SourceResult, out io.Write...
function printBaseImages (line 123) | func printBaseImages(imageResult ImageInfo, out io.Writer) {
function printVerticalHeader (line 154) | func printVerticalHeader(result SourceResult, out io.Writer) {
function printVerticalPackageContainerInfo (line 164) | func printVerticalPackageContainerInfo(pkg PackageResult, out io.Writer) {
function printVerticalVulnerabilitiesCountSummary (line 173) | func printVerticalVulnerabilitiesCountSummary(count int, printingCalled ...
function printVerticalVulnerabilitiesForPackages (line 197) | func printVerticalVulnerabilitiesForPackages(packages []PackageResult, o...
function printVerticalVulnerabilities (line 250) | func printVerticalVulnerabilities(sourceResult SourceResult, isContainer...
function truncate (line 288) | func truncate(str string, limit int) string {
function describe (line 313) | func describe(vulnerability VulnResult) string {
FILE: internal/output/vertical_test.go
function TestPrintVerticalResults_WithVulnerabilities (line 12) | func TestPrintVerticalResults_WithVulnerabilities(t *testing.T) {
function TestPrintVerticalResults_WithLicenseViolations (line 25) | func TestPrintVerticalResults_WithLicenseViolations(t *testing.T) {
function TestPrintVerticalResults_WithMixedIssues (line 38) | func TestPrintVerticalResults_WithMixedIssues(t *testing.T) {
FILE: internal/remediation/in_place.go
type InPlacePatch (line 24) | type InPlacePatch struct
type InPlaceResult (line 30) | type InPlaceResult struct
method VulnCount (line 48) | func (r InPlaceResult) VulnCount() VulnCount {
type VulnCount (line 35) | type VulnCount struct
method Total (line 44) | func (vc VulnCount) Total() int {
function ComputeInPlacePatches (line 111) | func ComputeInPlacePatches(ctx context.Context, cl client.ResolutionClie...
function findFixedVersion (line 219) | func findFixedVersion(ctx context.Context, cl client.DependencyClient, p...
type inPlaceVulnsNodesResult (line 237) | type inPlaceVulnsNodesResult struct
function inPlaceVulnsNodes (line 243) | func inPlaceVulnsNodes(ctx context.Context, m clientinterfaces.Vulnerabi...
function buildConstraintSet (line 299) | func buildConstraintSet(sys semver.System, requiredVers []string) (semve...
function dependenciesSatisfied (line 329) | func dependenciesSatisfied(ctx context.Context, cl client.DependencyClie...
FILE: internal/remediation/in_place_test.go
function parseInPlaceFixture (line 20) | func parseInPlaceFixture(t *testing.T, universePath, vulnPath, lockfileP...
function checkInPlaceResults (line 42) | func checkInPlaceResults(t *testing.T, res remediation.InPlaceResult) {
function TestComputeInPlacePatches (line 107) | func TestComputeInPlacePatches(t *testing.T) {
FILE: internal/remediation/override.go
type overridePatch (line 22) | type overridePatch struct
function ComputeOverridePatches (line 32) | func ComputeOverridePatches(ctx context.Context, cl client.ResolutionCli...
function overridePatchVulns (line 124) | func overridePatchVulns(ctx context.Context, cl client.ResolutionClient,...
function getVersionsGreater (line 254) | func getVersionsGreater(ctx context.Context, cl client.DependencyClient,...
function patchManifest (line 289) | func patchManifest(patches []overridePatch, m manifest.Manifest) (manife...
FILE: internal/remediation/override_test.go
function TestComputeOverridePatches (line 11) | func TestComputeOverridePatches(t *testing.T) {
FILE: internal/remediation/relax.go
function ComputeRelaxPatches (line 16) | func ComputeRelaxPatches(ctx context.Context, cl client.ResolutionClient...
function tryRelaxRemediate (line 77) | func tryRelaxRemediate(
function reqsToRelax (line 118) | func reqsToRelax(ctx context.Context, cl resolve.Client, res *resolution...
FILE: internal/remediation/relax/npm.go
type NpmRelaxer (line 12) | type NpmRelaxer struct
method Relax (line 14) | func (r NpmRelaxer) Relax(ctx context.Context, cl resolve.Client, req ...
FILE: internal/remediation/relax/npm_test.go
function TestRelaxNpm (line 11) | func TestRelaxNpm(t *testing.T) {
FILE: internal/remediation/relax/relax.go
type RequirementRelaxer (line 21) | type RequirementRelaxer interface
function GetRelaxer (line 28) | func GetRelaxer(ecosystem resolve.System) (RequirementRelaxer, error) {
FILE: internal/remediation/relax_test.go
function TestComputeRelaxPatches (line 10) | func TestComputeRelaxPatches(t *testing.T) {
FILE: internal/remediation/remediation.go
function SupportsRelax (line 16) | func SupportsRelax(m manifest.ReadWriter) bool {
function SupportsOverride (line 25) | func SupportsOverride(m manifest.ReadWriter) bool {
function SupportsInPlace (line 34) | func SupportsInPlace(l lockfile.ReadWriter) bool {
type Options (line 43) | type Options struct
method MatchVuln (line 56) | func (opts Options) MatchVuln(v resolution.Vulnerability) bool {
method matchID (line 72) | func (opts Options) matchID(v resolution.Vulnerability, ids []string) ...
method matchSeverity (line 86) | func (opts Options) matchSeverity(v resolution.Vulnerability) bool {
method matchDepth (line 102) | func (opts Options) matchDepth(v resolution.Vulnerability) bool {
FILE: internal/remediation/remediation_test.go
function TestMatchVuln (line 12) | func TestMatchVuln(t *testing.T) {
FILE: internal/remediation/suggest/maven.go
type MavenSuggester (line 18) | type MavenSuggester struct
method Suggest (line 23) | func (ms *MavenSuggester) Suggest(ctx context.Context, cl resolve.Clie...
function suggestMavenVersion (line 75) | func suggestMavenVersion(ctx context.Context, cl resolve.Client, req res...
FILE: internal/remediation/suggest/maven_test.go
function depTypeWithOrigin (line 23) | func depTypeWithOrigin(origin string) dep.Type {
function mavenReqKey (line 30) | func mavenReqKey(t *testing.T, name, artifactType, classifier string) ma...
function TestMavenSuggester_Suggest (line 51) | func TestMavenSuggester_Suggest(t *testing.T) {
function Test_suggestMavenVersion (line 368) | func Test_suggestMavenVersion(t *testing.T) {
function TestSuggestVersion_Guava (line 429) | func TestSuggestVersion_Guava(t *testing.T) {
function TestSuggestVersion_Commons (line 487) | func TestSuggestVersion_Commons(t *testing.T) {
FILE: internal/remediation/suggest/suggest.go
type Options (line 14) | type Options struct
type PatchSuggester (line 21) | type PatchSuggester interface
function GetSuggester (line 28) | func GetSuggester(system resolve.System) (PatchSuggester, error) {
FILE: internal/remediation/testhelpers_test.go
function parseRemediationFixture (line 18) | func parseRemediationFixture(t *testing.T, universePath, vulnPath, manif...
function checkRemediationResults (line 47) | func checkRemediationResults(t *testing.T, res []resolution.Difference) {
FILE: internal/remediation/testmain_test.go
function TestMain (line 9) | func TestMain(m *testing.M) {
FILE: internal/remediation/upgrade/config.go
type Config (line 10) | type Config
method Set (line 19) | func (c Config) Set(pkg string, level Level) bool {
method SetDefault (line 29) | func (c Config) SetDefault(level Level) bool {
method Get (line 35) | func (c Config) Get(pkg string) Level {
function NewConfig (line 12) | func NewConfig() Config {
function ParseUpgradeConfig (line 44) | func ParseUpgradeConfig(specs []string) Config {
FILE: internal/remediation/upgrade/config_test.go
function configSetExpect (line 9) | func configSetExpect(t *testing.T, config upgrade.Config, pkg string, le...
function configSetDefaultExpect (line 17) | func configSetDefaultExpect(t *testing.T, config upgrade.Config, level u...
function configGetExpect (line 25) | func configGetExpect(t *testing.T, config upgrade.Config, pkg string, wa...
function TestConfig (line 32) | func TestConfig(t *testing.T) {
FILE: internal/remediation/upgrade/level.go
type Level (line 7) | type Level
method Allows (line 17) | func (level Level) Allows(diff semver.Diff) bool {
constant Major (line 10) | Major Level = iota
constant Minor (line 11) | Minor
constant Patch (line 12) | Patch
constant None (line 13) | None
FILE: internal/remediation/upgrade/level_test.go
function TestLevelAllows (line 11) | func TestLevelAllows(t *testing.T) {
FILE: internal/reporter/cyclonedx.go
type cycloneDXReporter (line 12) | type cycloneDXReporter struct
method PrintResult (line 17) | func (r *cycloneDXReporter) PrintResult(vulnerabilityResults *models.V...
FILE: internal/reporter/format.go
function Format (line 12) | func Format() []string {
function newResultPrinter (line 16) | func newResultPrinter(format string, writer io.Writer, terminalWidth int...
FILE: internal/reporter/gh-annotations_reporter.go
type ghAnnotationsReporter (line 10) | type ghAnnotationsReporter struct
method PrintResult (line 14) | func (r *ghAnnotationsReporter) PrintResult(vulnResult *models.Vulnera...
FILE: internal/reporter/html_reporter.go
type htmlReporter (line 10) | type htmlReporter struct
method PrintResult (line 14) | func (r *htmlReporter) PrintResult(vulnResult *models.VulnerabilityRes...
FILE: internal/reporter/json_reporter.go
type jsonReporter (line 10) | type jsonReporter struct
method PrintResult (line 14) | func (r *jsonReporter) PrintResult(vulnResult *models.VulnerabilityRes...
FILE: internal/reporter/reporter.go
type resultPrinter (line 10) | type resultPrinter interface
function PrintResult (line 16) | func PrintResult(
FILE: internal/reporter/reporter_test.go
function TestPrintResult (line 11) | func TestPrintResult(t *testing.T) {
function TestPrintResult_UnsupportedFormatter (line 24) | func TestPrintResult_UnsupportedFormatter(t *testing.T) {
FILE: internal/reporter/sarif_reporter.go
type sarifReporter (line 10) | type sarifReporter struct
method PrintResult (line 14) | func (r *sarifReporter) PrintResult(vulnResult *models.VulnerabilityRe...
FILE: internal/reporter/spdx.go
type spdxReporter (line 10) | type spdxReporter struct
method PrintResult (line 14) | func (r *spdxReporter) PrintResult(vulnResult *models.VulnerabilityRes...
FILE: internal/reporter/table_reporter.go
type tableReporter (line 12) | type tableReporter struct
method PrintResult (line 20) | func (r *tableReporter) PrintResult(vulnResult *models.VulnerabilityRe...
FILE: internal/reporter/vertical_reporter.go
type verticalReporter (line 13) | type verticalReporter struct
method PrintResult (line 20) | func (r *verticalReporter) PrintResult(vulnResult *models.Vulnerabilit...
FILE: internal/resolution/client/client.go
type ResolutionClient (line 19) | type ResolutionClient struct
type DependencyClient (line 24) | type DependencyClient interface
type Registry (line 34) | type Registry
function PreFetch (line 37) | func PreFetch(ctx context.Context, c DependencyClient, requirements []re...
FILE: internal/resolution/client/depsdev_client.go
constant depsDevCacheExt (line 11) | depsDevCacheExt = ".resolve.deps"
type DepsDevClient (line 14) | type DepsDevClient struct
method AddRegistries (line 29) | func (d *DepsDevClient) AddRegistries(_ []Registry) error { return nil }
method WriteCache (line 31) | func (d *DepsDevClient) WriteCache(path string) error {
method LoadCache (line 41) | func (d *DepsDevClient) LoadCache(path string) error {
function NewDepsDevClient (line 20) | func NewDepsDevClient(addr string, userAgent string) (*DepsDevClient, er...
FILE: internal/resolution/client/helper.go
function GraphToInventory (line 10) | func GraphToInventory(g *resolve.Graph) []*extractor.Package {
FILE: internal/resolution/client/maven_registry_client.go
constant mavenRegistryCacheExt (line 18) | mavenRegistryCacheExt = ".resolve.maven"
type MavenRegistryClient (line 20) | type MavenRegistryClient struct
method Version (line 33) | func (c *MavenRegistryClient) Version(ctx context.Context, vk resolve....
method Versions (line 67) | func (c *MavenRegistryClient) Versions(ctx context.Context, pk resolve...
method Requirements (line 94) | func (c *MavenRegistryClient) Requirements(ctx context.Context, vk res...
method MatchingVersions (line 141) | func (c *MavenRegistryClient) MatchingVersions(ctx context.Context, vk...
method AddRegistries (line 154) | func (c *MavenRegistryClient) AddRegistries(registries []Registry) err...
method WriteCache (line 168) | func (c *MavenRegistryClient) WriteCache(path string) error {
method LoadCache (line 178) | func (c *MavenRegistryClient) LoadCache(path string) error {
function NewMavenRegistryClient (line 24) | func NewMavenRegistryClient(registry string) (*MavenRegistryClient, erro...
FILE: internal/resolution/client/npm_registry_client.go
constant npmRegistryCacheExt (line 23) | npmRegistryCacheExt = ".resolve.npm"
type NpmRegistryClient (line 25) | type NpmRegistryClient struct
method Version (line 62) | func (c *NpmRegistryClient) Version(ctx context.Context, vk resolve.Ve...
method Versions (line 70) | func (c *NpmRegistryClient) Versions(ctx context.Context, pk resolve.P...
method Requirements (line 95) | func (c *NpmRegistryClient) Requirements(ctx context.Context, vk resol...
method MatchingVersions (line 190) | func (c *NpmRegistryClient) MatchingVersions(ctx context.Context, vk r...
method AddRegistries (line 231) | func (c *NpmRegistryClient) AddRegistries(_ []Registry) error { return...
method WriteCache (line 233) | func (c *NpmRegistryClient) WriteCache(path string) error {
method LoadCache (line 243) | func (c *NpmRegistryClient) LoadCache(path string) error {
function NewNpmRegistryClient (line 33) | func NewNpmRegistryClient(workdir string) (*NpmRegistryClient, error) {
function isNpmBundle (line 225) | func isNpmBundle(pk resolve.PackageKey) bool {
FILE: internal/resolution/client/override_client.go
type OverrideClient (line 11) | type OverrideClient struct
method AddVersion (line 27) | func (c *OverrideClient) AddVersion(v resolve.Version, deps []resolve....
method Version (line 42) | func (c *OverrideClient) Version(ctx context.Context, vk resolve.Versi...
method Versions (line 52) | func (c *OverrideClient) Versions(ctx context.Context, pk resolve.Pack...
method Requirements (line 60) | func (c *OverrideClient) Requirements(ctx context.Context, vk resolve....
method MatchingVersions (line 68) | func (c *OverrideClient) MatchingVersions(ctx context.Context, vk reso...
function NewOverrideClient (line 19) | func NewOverrideClient(c DependencyClient) *OverrideClient {
FILE: internal/resolution/clienttest/mock_resolution_client.go
type ResolutionUniverse (line 21) | type ResolutionUniverse struct
type VulnerabilityMatcher (line 26) | type VulnerabilityMatcher struct
method UnmarshalJSON (line 32) | func (vm *VulnerabilityMatcher) UnmarshalJSON(data []byte) error {
method MatchVulnerabilities (line 52) | func (vm *VulnerabilityMatcher) MatchVulnerabilities(_ context.Context...
type mockDependencyClient (line 61) | type mockDependencyClient struct
method LoadCache (line 65) | func (mdc mockDependencyClient) LoadCache(string) error ...
method WriteCache (line 66) | func (mdc mockDependencyClient) WriteCache(string) error ...
method AddRegistries (line 67) | func (mdc mockDependencyClient) AddRegistries(_ []client.Registry) err...
function NewMockResolutionClient (line 69) | func NewMockResolutionClient(t *testing.T, universeYaml, vulnJSON string...
FILE: internal/resolution/dependency_subgraph.go
type GraphNode (line 15) | type GraphNode struct
type DependencySubgraph (line 22) | type DependencySubgraph struct
method IsDevOnly (line 92) | func (ds *DependencySubgraph) IsDevOnly(groups map[manifest.Requiremen...
method ConstrainingSubgraph (line 152) | func (ds *DependencySubgraph) ConstrainingSubgraph(ctx context.Context...
function ComputeSubgraphs (line 31) | func ComputeSubgraphs(g *resolve.Graph, nodes []resolve.NodeID) []*Depen...
FILE: internal/resolution/dependency_subgraph_test.go
function TestDependencySubgraph (line 17) | func TestDependencySubgraph(t *testing.T) {
function TestConstrainingSubgraph (line 51) | func TestConstrainingSubgraph(t *testing.T) {
function TestSubgraphIsDevOnly (line 142) | func TestSubgraphIsDevOnly(t *testing.T) {
function checkSubgraphVersions (line 190) | func checkSubgraphVersions(t *testing.T, sg *resolution.DependencySubgra...
function checkSubgraphEdges (line 212) | func checkSubgraphEdges(t *testing.T, sg *resolution.DependencySubgraph) {
function checkSubgraphNodesReachable (line 274) | func checkSubgraphNodesReachable(t *testing.T, sg *resolution.Dependency...
function checkSubgraphDistances (line 304) | func checkSubgraphDistances(t *testing.T, sg *resolution.DependencySubgr...
FILE: internal/resolution/depfile/depfile.go
type DepFile (line 13) | type DepFile interface
type NestedDepFile (line 27) | type NestedDepFile interface
type LocalFile (line 33) | type LocalFile struct
method Open (line 40) | func (f LocalFile) Open(path string) (NestedDepFile, error) {
method Path (line 48) | func (f LocalFile) Path() string { return f.path }
function OpenLocalDepFile (line 50) | func OpenLocalDepFile(path string) (NestedDepFile, error) {
FILE: internal/resolution/lockfile/lockfile.go
type DependencyPatch (line 15) | type DependencyPatch struct
type ReadWriter (line 21) | type ReadWriter interface
function Overwrite (line 31) | func Overwrite(rw ReadWriter, filename string, patches []DependencyPatch...
function GetReadWriter (line 52) | func GetReadWriter(pathToLockfile string) (ReadWriter, error) {
FILE: internal/resolution/lockfile/npm.go
type NpmReadWriter (line 18) | type NpmReadWriter struct
method System (line 20) | func (NpmReadWriter) System() resolve.System { return resolve.NPM }
method Read (line 76) | func (rw NpmReadWriter) Read(file depfile.DepFile) (*resolve.Graph, er...
method findDependencyNode (line 160) | func (rw NpmReadWriter) findDependencyNode(node *npmNodeModule, depNam...
method reVersionAliasedDeps (line 172) | func (rw NpmReadWriter) reVersionAliasedDeps(deps map[string]npmDepend...
method Write (line 180) | func (rw NpmReadWriter) Write(original depfile.DepFile, output io.Writ...
type npmLockDependency (line 22) | type npmLockDependency struct
type npmLockPackage (line 33) | type npmLockPackage struct
type npmLockfile (line 51) | type npmLockfile struct
type npmDependencyVersionSpec (line 59) | type npmDependencyVersionSpec struct
type npmNodeModule (line 64) | type npmNodeModule struct
method IsAliased (line 72) | func (n npmNodeModule) IsAliased() bool {
FILE: internal/resolution/lockfile/npm_test.go
function TestNpmReadV2 (line 17) | func TestNpmReadV2(t *testing.T) {
function TestNpmReadV1 (line 68) | func TestNpmReadV1(t *testing.T) {
function TestNpmReadTypeOrder (line 115) | func TestNpmReadTypeOrder(t *testing.T) {
function TestNpmWrite (line 158) | func TestNpmWrite(t *testing.T) {
FILE: internal/resolution/lockfile/npm_v1.go
method nodesFromDependencies (line 23) | func (rw NpmReadWriter) nodesFromDependencies(lockJSON npmLockfile, mani...
method computeDependenciesRecursive (line 68) | func (rw NpmReadWriter) computeDependenciesRecursive(g *resolve.Graph, p...
method modifyPackageLockDependencies (line 106) | func (rw NpmReadWriter) modifyPackageLockDependencies(lockJSON string, p...
method modifyPackageLockDependenciesRecurse (line 114) | func (rw NpmReadWriter) modifyPackageLockDependenciesRecurse(lockJSON, p...
FILE: internal/resolution/lockfile/npm_v2.go
method nodesFromPackages (line 25) | func (rw NpmReadWriter) nodesFromPackages(lockJSON npmLockfile) (*resolv...
method makeNodeModuleDeps (line 149) | func (rw NpmReadWriter) makeNodeModuleDeps(pkg npmLockPackage, includeDe...
method packageNamesByNodeModuleDepth (line 178) | func (rw NpmReadWriter) packageNamesByNodeModuleDepth(packages map[strin...
method modifyPackageLockPackages (line 193) | func (rw NpmReadWriter) modifyPackageLockPackages(lockJSON string, patch...
method updatePackage (line 222) | func (rw NpmReadWriter) updatePackage(jsonText, jsonPath, packageName, n...
FILE: internal/resolution/lockfile/testmain_test.go
function TestMain (line 9) | func TestMain(m *testing.M) {
FILE: internal/resolution/manifest/manifest.go
type Manifest (line 18) | type Manifest struct
method System (line 33) | func (m Manifest) System() resolve.System {
method Clone (line 37) | func (m Manifest) Clone() Manifest {
function newManifest (line 27) | func newManifest() Manifest {
type DependencyPatch (line 48) | type DependencyPatch struct
type Patch (line 57) | type Patch struct
type ReadWriter (line 63) | type ReadWriter interface
function Overwrite (line 75) | func Overwrite(rw ReadWriter, filename string, p Patch) error {
function GetReadWriter (line 96) | func GetReadWriter(pathToManifest string, registry string) (ReadWriter, ...
type RequirementKey (line 110) | type RequirementKey struct
function MakeRequirementKey (line 116) | func MakeRequirementKey(requirement resolve.RequirementVersion) Requirem...
FILE: internal/resolution/manifest/maven.go
function mavenRequirementKey (line 23) | func mavenRequirementKey(requirement resolve.RequirementVersion) Require...
type MavenReadWriter (line 37) | type MavenReadWriter struct
method System (line 41) | func (MavenReadWriter) System() resolve.System { return resolve.Maven }
method Read (line 72) | func (m MavenReadWriter) Read(df depfile.DepFile) (Manifest, error) {
method Write (line 295) | func (MavenReadWriter) Write(df depfile.DepFile, w io.Writer, patch Pa...
function NewMavenReadWriter (line 43) | func NewMavenReadWriter(registry string) (MavenReadWriter, error) {
type MavenManifestSpecific (line 52) | type MavenManifestSpecific struct
type PropertyWithOrigin (line 60) | type PropertyWithOrigin struct
type DependencyWithOrigin (line 66) | type DependencyWithOrigin struct
function addRequirements (line 174) | func addRequirements(reqs []resolve.RequirementVersion, groups map[Requi...
function buildPropertiesWithOrigins (line 187) | func buildPropertiesWithOrigins(project maven.Project, originPrefix stri...
function buildOriginalRequirements (line 208) | func buildOriginalRequirements(project maven.Project, originPrefix strin...
function makeRequirementVersion (line 261) | func makeRequirementVersion(dependency maven.Dependency, origin string) ...
function mavenOrigin (line 281) | func mavenOrigin(list ...string) string {
type MavenPatches (line 384) | type MavenPatches struct
type MavenPatch (line 389) | type MavenPatch struct
type MavenDependencyPatches (line 397) | type MavenDependencyPatches
method addPatch (line 401) | func (m MavenDependencyPatches) addPatch(changedDep DependencyPatch, e...
type MavenPropertyPatches (line 432) | type MavenPropertyPatches
function parentPathFromOrigin (line 436) | func parentPathFromOrigin(origin string) (string, string) {
function buildPatches (line 449) | func buildPatches(patches []DependencyPatch, specific MavenManifestSpeci...
function originalDependency (line 537) | func originalDependency(patch DependencyPatch, origDeps []DependencyWith...
function generatePropertyPatches (line 560) | func generatePropertyPatches(s1, s2 string) (map[string]string, bool) {
function generatePropertyPatchesAux (line 569) | func generatePropertyPatchesAux(s1, s2 string, patches map[string]string...
function projectStartElement (line 593) | func projectStartElement(raw string) string {
type dependencyManagement (line 607) | type dependencyManagement struct
type dependency (line 611) | type dependency struct
function makeDependency (line 619) | func makeDependency(patch MavenPatch) dependency {
function compareDependency (line 633) | func compareDependency(d1, d2 dependency) int {
function write (line 650) | func write(raw string, w io.Writer, patches MavenPatches) error {
function writeProject (line 729) | func writeProject(w io.Writer, enc *internalxml.Encoder, raw, prefix, id...
function indentation (line 867) | func indentation(raw string) string {
function writeDependency (line 890) | func writeDependency(w io.Writer, enc *internalxml.Encoder, raw string, ...
function writeString (line 976) | func writeString(enc *internalxml.Encoder, raw string, values map[string...
FILE: internal/resolution/manifest/maven_test.go
function depTypeWithOrigin (line 27) | func depTypeWithOrigin(origin string) dep.Type {
function mavenReqKey (line 34) | func mavenReqKey(t *testing.T, name, artifactType, classifier string) Re...
function TestMavenReadWrite (line 55) | func TestMavenReadWrite(t *testing.T) {
function TestMavenWrite (line 425) | func TestMavenWrite(t *testing.T) {
function TestMavenWriteDM (line 534) | func TestMavenWriteDM(t *testing.T) {
function Test_buildPatches (line 599) | func Test_buildPatches(t *testing.T) {
function Test_generatePropertyPatches (line 947) | func Test_generatePropertyPatches(t *testing.T) {
FILE: internal/resolution/manifest/npm.go
function npmRequirementKey (line 18) | func npmRequirementKey(requirement resolve.RequirementVersion) Requireme...
type NpmReadWriter (line 29) | type NpmReadWriter struct
method System (line 31) | func (NpmReadWriter) System() resolve.System { return resolve.NPM }
method Read (line 48) | func (rw NpmReadWriter) Read(f depfile.DepFile) (Manifest, error) {
method makeNPMReqVer (line 197) | func (rw NpmReadWriter) makeNPMReqVer(pkg, ver string) resolve.Require...
method Write (line 238) | func (NpmReadWriter) Write(r depfile.DepFile, w io.Writer, patch Patch...
type PackageJSON (line 33) | type PackageJSON struct
function SplitNPMAlias (line 314) | func SplitNPMAlias(v string) (name, version string) {
FILE: internal/resolution/manifest/npm_test.go
function aliasType (line 16) | func aliasType(t *testing.T, aliasedName string) dep.Type {
function npmVK (line 24) | func npmVK(t *testing.T, name, version string, versionType resolve.Versi...
function npmReqKey (line 36) | func npmReqKey(t *testing.T, name, knownAs string) manifest.RequirementK...
function TestNpmRead (line 54) | func TestNpmRead(t *testing.T) {
function TestNpmWorkspaceRead (line 116) | func TestNpmWorkspaceRead(t *testing.T) {
function TestNpmWrite (line 216) | func TestNpmWrite(t *testing.T) {
FILE: internal/resolution/manifest/testmain_test.go
function TestMain (line 9) | func TestMain(m *testing.M) {
FILE: internal/resolution/resolve.go
type Vulnerability (line 21) | type Vulnerability struct
method IsDirect (line 30) | func (rv Vulnerability) IsDirect() bool {
type Result (line 40) | type Result struct
method Errors (line 52) | func (res *Result) Errors() []NodeError {
method computeVulns (line 211) | func (res *Result) computeVulns(ctx context.Context, cl client.Resolut...
method FilterVulns (line 256) | func (res *Result) FilterVulns(matchFn func(Vulnerability) bool) {
method CalculateDiff (line 275) | func (res *Result) CalculateDiff(other *Result) Difference {
type NodeError (line 47) | type NodeError struct
function getResolver (line 66) | func getResolver(sys resolve.System, cl resolve.Client) (resolve.Resolve...
type ResolveOpts (line 77) | type ResolveOpts struct
function Resolve (line 81) | func Resolve(ctx context.Context, cl client.ResolutionClient, m manifest...
function resolvePostProcess (line 122) | func resolvePostProcess(ctx context.Context, cl client.ResolutionClient,...
type Difference (line 266) | type Difference struct
method Compare (line 346) | func (a Difference) Compare(b Difference) int {
FILE: internal/resolution/resolve_test.go
function checkResult (line 16) | func checkResult(t *testing.T, result *resolution.Result) {
function TestResolve (line 41) | func TestResolve(t *testing.T) {
FILE: internal/resolution/testmain_test.go
function TestMain (line 9) | func TestMain(m *testing.M) {
FILE: internal/resolution/util/depsdev.go
function VKToPackageInfo (line 24) | func VKToPackageInfo(vk resolve.VersionKey) *extractor.Package {
FILE: internal/scalibrenricher/govulncheck/source/govulncheck.go
constant Name (line 39) | Name = "enricher/reachability/govulncheck/source"
type Enricher (line 43) | type Enricher struct
method Name (line 46) | func (e *Enricher) Name() string {
method Version (line 51) | func (e *Enricher) Version() int {
method Requirements (line 56) | func (e *Enricher) Requirements() *plugin.Capabilities {
method RequiredPlugins (line 64) | func (e *Enricher) RequiredPlugins() []string {
method Enrich (line 73) | func (e *Enricher) Enrich(ctx context.Context, input *enricher.ScanInp...
method addSignals (line 117) | func (e *Enricher) addSignals(inv *inventory.Inventory, idToFindings m...
method runGovulncheck (line 142) | func (e *Enricher) runGovulncheck(ctx context.Context, absModDir strin...
function NewEnricher (line 68) | func NewEnricher() Enricher {
type osvHandler (line 165) | type osvHandler struct
method Finding (line 169) | func (h *osvHandler) Finding(f *Finding) {
function handleJSON (line 173) | func handleJSON(from io.Reader, to *osvHandler) error {
function New (line 189) | func New() enricher.Enricher {
FILE: internal/scalibrenricher/govulncheck/source/govulncheck_test.go
constant testdata (line 31) | testdata = "./testdata"
constant reachableVulnID (line 32) | reachableVulnID = "GO-2023-1558"
constant unreachableVulnID (line 33) | unreachableVulnID = "GO-2021-0053"
function TestEnricher (line 35) | func TestEnricher(t *testing.T) {
function setupPackages (line 72) | func setupPackages() []*extractor.Package {
function setupPackageVulns (line 105) | func setupPackageVulns() []*inventory.PackageVuln {
FILE: internal/scalibrenricher/govulncheck/source/result.go
type Message (line 9) | type Message struct
type Finding (line 17) | type Finding struct
type Frame (line 52) | type Frame struct
type Position (line 81) | type Position struct
FILE: internal/scalibrenricher/govulncheck/source/testdata/main.go
function main (line 12) | func main() {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/adler32.c
function uLong (line 61) | uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf, z_size_t len) {
function uLong (line 128) | uLong ZEXPORT adler32(uLong adler, const Bytef *buf, uInt len) {
function local (line 133) | local uLong adler32_combine_(uLong adler1, uLong adler2, z_off64_t len2) {
function uLong (line 158) | uLong ZEXPORT adler32_combine(uLong adler1, uLong adler2, z_off_t len2) {
function uLong (line 162) | uLong ZEXPORT adler32_combine64(uLong adler1, uLong adler2, z_off64_t le...
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/compress.c
function compress2 (line 22) | int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source,
function compress (line 63) | int ZEXPORT compress(Bytef *dest, uLongf *destLen, const Bytef *source,
function uLong (line 72) | uLong ZEXPORT compressBound(uLong sourceLen) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/crc32.c
type Z_U8 (line 91) | typedef Z_U8 z_word_t;
type Z_U4 (line 95) | typedef Z_U4 z_word_t;
function local (line 113) | local z_word_t byte_swap(z_word_t word) {
function local (line 155) | local z_crc_t multmodp(z_crc_t a, z_crc_t b) {
function local (line 176) | local z_crc_t x2nmodp(z_off64_t n, unsigned k) {
type once_t (line 216) | typedef struct once_s once_t;
type once_s (line 225) | struct once_s {
function local (line 236) | local void once(once_t *state, void (*init)(void)) {
type once_s (line 251) | struct once_s {
function local (line 259) | local int test_and_set(int volatile *flag) {
function local (line 268) | local void once(once_t *state, void (*init)(void)) {
function local (line 310) | local void make_crc_table(void) {
function local (line 477) | local void write_table(FILE *out, const z_crc_t FAR *table, int k) {
function local (line 490) | local void write_table32hi(FILE *out, const z_word_t FAR *table, int k) {
function local (line 506) | local void write_table64(FILE *out, const z_word_t FAR *table, int k) {
function main (line 516) | int main(void) {
function local (line 528) | local void braid(z_crc_t ltl[][256], z_word_t big[][256], int n, int w) {
function z_crc_t (line 549) | const z_crc_t FAR * ZEXPORT get_crc_table(void) {
function crc32_z (line 575) | unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR...
function local (line 676) | local z_crc_t crc_word(z_word_t data) {
function local (line 683) | local z_word_t crc_word_big(z_word_t data) {
function crc32_z (line 694) | unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR...
function crc32 (line 1015) | unsigned long ZEXPORT crc32(unsigned long crc, const unsigned char FAR *...
function uLong (line 1021) | uLong ZEXPORT crc32_combine64(uLong crc1, uLong crc2, z_off64_t len2) {
function uLong (line 1029) | uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2) {
function uLong (line 1034) | uLong ZEXPORT crc32_combine_gen64(z_off64_t len2) {
function uLong (line 1042) | uLong ZEXPORT crc32_combine_gen(z_off_t len2) {
function uLong (line 1047) | uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/deflate.c
type block_state (line 63) | typedef enum {
type block_state (line 70) | typedef block_state (*compress_func)(deflate_state *s, int flush);
type config (line 98) | typedef struct config_s {
function local (line 187) | local void slide_hash(deflate_state *s) {
function read_buf (line 218) | local unsigned read_buf(z_streamp strm, Bytef *buf, unsigned size) {
function local (line 251) | local void fill_window(deflate_state *s) {
function deflateInit_ (line 371) | int ZEXPORT deflateInit_(z_streamp strm, int level, const char *version,
function deflateInit2_ (line 379) | int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
function local (line 523) | local int deflateStateCheck(z_streamp strm) {
function deflateSetDictionary (line 544) | int ZEXPORT deflateSetDictionary(z_streamp strm, const Bytef *dictionary,
function deflateGetDictionary (line 610) | int ZEXPORT deflateGetDictionary(z_streamp strm, Bytef *dictionary,
function local (line 667) | local void lm_init(deflate_state *s) {
function deflateReset (line 689) | int ZEXPORT deflateReset(z_streamp strm) {
function deflateSetHeader (line 699) | int ZEXPORT deflateSetHeader(z_streamp strm, gz_headerp head) {
function deflatePending (line 707) | int ZEXPORT deflatePending(z_streamp strm, unsigned *pending, int *bits) {
function deflatePrime (line 717) | int ZEXPORT deflatePrime(z_streamp strm, int bits, int value) {
function deflateParams (line 740) | int ZEXPORT deflateParams(z_streamp strm, int level, int strategy) {
function deflateTune (line 785) | int ZEXPORT deflateTune(z_streamp strm, int good_length, int max_lazy,
function uLong (line 822) | uLong ZEXPORT deflateBound(z_streamp strm, uLong sourceLen) {
function local (line 892) | local void putShortMSB(deflate_state *s, uInt b) {
function local (line 903) | local void flush_pending(z_streamp strm) {
function deflate (line 934) | int ZEXPORT deflate(z_streamp strm, int flush) {
function deflateEnd (line 1246) | int ZEXPORT deflateEnd(z_streamp strm) {
function deflateCopy (line 1270) | int ZEXPORT deflateCopy(z_streamp dest, z_streamp source) {
function local (line 1331) | local uInt longest_match(deflate_state *s, IPos cur_match) {
function local (line 1479) | local uInt longest_match(deflate_state *s, IPos cur_match) {
function local (line 1540) | local void check_match(deflate_state *s, IPos start, IPos match, int len...
function local (line 1602) | local block_state deflate_stored(deflate_state *s, int flush) {
function local (line 1786) | local block_state deflate_fast(deflate_state *s, int flush) {
function local (line 1885) | local block_state deflate_slow(deflate_state *s, int flush) {
function local (line 2013) | local block_state deflate_rle(deflate_state *s, int flush) {
function local (line 2084) | local block_state deflate_huff(deflate_state *s, int flush) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/deflate.h
type ct_data (line 68) | typedef struct ct_data_s {
type static_tree_desc (line 84) | typedef struct static_tree_desc_s static_tree_desc;
type tree_desc (line 86) | typedef struct tree_desc_s {
type ush (line 92) | typedef ush Pos;
type Pos (line 93) | typedef Pos FAR Posf;
type IPos (line 94) | typedef unsigned IPos;
type deflate_state (line 100) | typedef struct internal_state {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/enough.c
type uintmax_t (line 115) | typedef uintmax_t big_t;
type uintmax_t (line 117) | typedef uintmax_t code_t;
type tab (line 118) | struct tab { // type for been-here check
type string_t (line 174) | typedef struct {
function local (line 181) | local void string_clear(string_t *s) {
function local (line 187) | local void string_init(string_t *s) {
function local (line 195) | local void string_free(string_t *s) {
function local (line 204) | local void string_printf(string_t *s, char *fmt, ...) {
type tab (line 233) | struct tab
function local (line 237) | local inline size_t map(int syms, int left, int len) {
function local (line 244) | local void cleanup(void) {
function local (line 261) | local big_t count(int syms, int left, int len) {
function local (line 308) | local int been_here(int syms, int left, int len, int mem, int rem) {
function local (line 361) | local void examine(int syms, int left, int len, int mem, int rem) {
function local (line 454) | local void enough(int syms) {
function main (line 498) | int main(int argc, char **argv) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/fitblk.c
function local (line 62) | local void quit(char *why)
function local (line 73) | local int partcompress(FILE *in, z_streamp def)
function local (line 96) | local int recompress(z_streamp inf, z_streamp def)
function main (line 127) | int main(int argc, char **argv)
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/gun.c
type ind (line 81) | struct ind {
function in (line 89) | local unsigned in(void *in_desc, z_const unsigned char **buf)
type outd (line 119) | struct outd {
function local (line 131) | local int out(void *out_desc, unsigned char *buf, unsigned len)
function local (line 200) | local int lunpipe(unsigned have, z_const unsigned char *next, struct ind...
function local (line 383) | local int gunpipe(z_stream *strm, int infile, int outfile)
function local (line 517) | local void copymeta(char *from, char *to)
function local (line 548) | local int gunzip(z_stream *strm, char *inname, char *outname, int test)
function main (line 631) | int main(int argc, char **argv)
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/gzappend.c
function local (line 93) | local void bye(char *msg1, char *msg2)
function gcd (line 102) | local unsigned gcd(unsigned a, unsigned b)
function local (line 123) | local void rotate(unsigned char *list, unsigned len, unsigned rot)
type file (line 170) | typedef struct {
function local (line 180) | local int readin(file *in)
function local (line 192) | local int readmore(file *in)
function local (line 202) | local void skip(file *in, unsigned n)
function read4 (line 223) | unsigned long read4(file *in)
function local (line 235) | local void gzheader(file *in)
function local (line 259) | local int gzscan(char *name, z_stream *strm, int level)
function local (line 388) | local void gztack(char *name, int gd, z_stream *strm, int last)
function main (line 466) | int main(int argc, char **argv)
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/gzjoin.c
function local (line 66) | local int bail(char *why1, char *why2)
type bin (line 78) | typedef struct {
function local (line 87) | local void bclose(bin *in)
function local (line 100) | local bin *bopen(char *name)
function local (line 121) | local int bload(bin *in)
function bget4 (line 145) | local unsigned long bget4(bin *in)
function local (line 157) | local void bskip(bin *in, unsigned skip)
function local (line 204) | local void gzhead(bin *in)
function local (line 245) | local void put4(unsigned long val, FILE *out)
function local (line 254) | local void zpull(z_streamp strm, bin *in)
function local (line 265) | local void gzinit(unsigned long *crc, unsigned long *tot, FILE *out)
function local (line 279) | local void gzcopy(char *name, int clr, unsigned long *crc, unsigned long...
function main (line 427) | int main(int argc, char **argv)
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/gzlog.c
type uint (line 242) | typedef unsigned int uint;
type ulong (line 243) | typedef unsigned long ulong;
type log (line 289) | struct log {
function local (line 348) | local int log_lock(struct log *log)
function local (line 372) | local void log_touch(struct log *log)
function local (line 384) | local int log_check(struct log *log)
function local (line 396) | local void log_unlock(struct log *log)
function local (line 410) | local int log_head(struct log *log)
function local (line 437) | local int log_mark(struct log *log, int op)
function local (line 462) | local int log_last(struct log *log, int last)
function local (line 501) | local int log_append(struct log *log, unsigned char *data, size_t len)
function local (line 571) | local int log_replace(struct log *log)
function local (line 608) | local int log_compress(struct log *log, unsigned char *data, size_t len)
function local (line 718) | local void log_log(struct log *log, int op, char *record)
function local (line 738) | local int log_recover(struct log *log, int op)
function local (line 798) | local void log_close(struct log *log)
function local (line 815) | local int log_open(struct log *log)
function gzlog (line 867) | gzlog *gzlog_open(char *path)
function gzlog_compress (line 910) | int gzlog_compress(gzlog *logd)
function gzlog_write (line 997) | int gzlog_write(gzlog *logd, void *data, size_t len)
function gzlog_close (line 1044) | int gzlog_close(gzlog *logd)
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/gzlog.h
type gzlog (line 52) | typedef void gzlog;
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/gznorm.c
function local (line 36) | local char *aprintf(char *fmt, ...) {
function local (line 86) | local int gzip_normalize(FILE *in, FILE *out, char **err) {
function main (line 458) | int main(void) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/zpipe.c
function def (line 36) | int def(FILE *source, FILE *dest, int level)
function inf (line 92) | int inf(FILE *source, FILE *dest)
function zerr (line 151) | void zerr(int ret)
function main (line 176) | int main(int argc, char **argv)
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/zran.c
function deflate_index_free (line 68) | void deflate_index_free(struct deflate_index *index) {
type deflate_index (line 79) | struct deflate_index
type deflate_index (line 79) | struct deflate_index
type deflate_index (line 84) | struct deflate_index
function deflate_index_build (line 132) | int deflate_index_build(FILE *in, off_t span, struct deflate_index **bui...
function append_bits (line 252) | static inline void append_bits(unsigned value, int bits,
function inflatePreface (line 276) | static int inflatePreface(z_stream *strm, int bits, int value) {
function deflate_index_extract (line 330) | ptrdiff_t deflate_index_extract(FILE *in, struct deflate_index *index,
function main (line 466) | int main(int argc, char **argv) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/examples/zran.h
type point_t (line 10) | typedef struct point {
type deflate_index (line 18) | struct deflate_index {
type deflate_index (line 34) | struct deflate_index
type deflate_index (line 47) | struct deflate_index
type deflate_index (line 51) | struct deflate_index
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/gzclose.c
function gzclose (line 11) | int ZEXPORT gzclose(gzFile file) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/gzguts.h
type gz_state (line 169) | typedef struct {
type gz_state (line 202) | typedef gz_state FAR *gz_statep;
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/gzlib.c
function local (line 69) | local void gz_reset(gz_statep state) {
function local (line 85) | local gzFile gz_open(const void *path, int fd, const char *mode) {
function gzFile (line 260) | gzFile ZEXPORT gzopen(const char *path, const char *mode) {
function gzFile (line 265) | gzFile ZEXPORT gzopen64(const char *path, const char *mode) {
function gzFile (line 270) | gzFile ZEXPORT gzdopen(int fd, const char *mode) {
function gzFile (line 288) | gzFile ZEXPORT gzopen_w(const wchar_t *path, const char *mode) {
function gzbuffer (line 294) | int ZEXPORT gzbuffer(gzFile file, unsigned size) {
function gzrewind (line 318) | int ZEXPORT gzrewind(gzFile file) {
function z_off64_t (line 339) | z_off64_t ZEXPORT gzseek64(gzFile file, z_off64_t offset, int whence) {
function z_off_t (line 412) | z_off_t ZEXPORT gzseek(gzFile file, z_off_t offset, int whence) {
function z_off64_t (line 420) | z_off64_t ZEXPORT gztell64(gzFile file) {
function z_off_t (line 435) | z_off_t ZEXPORT gztell(gzFile file) {
function z_off64_t (line 443) | z_off64_t ZEXPORT gzoffset64(gzFile file) {
function z_off_t (line 464) | z_off_t ZEXPORT gzoffset(gzFile file) {
function gzeof (line 472) | int ZEXPORT gzeof(gzFile file) {
function gzclearerr (line 505) | void ZEXPORT gzclearerr(gzFile file) {
function gz_error (line 529) | void ZLIB_INTERNAL gz_error(gz_statep state, int err, const char *msg) {
function gz_intmax (line 571) | unsigned ZLIB_INTERNAL gz_intmax(void) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/gzread.c
function local (line 12) | local int gz_load(gz_statep state, unsigned char *buf, unsigned len,
function local (line 43) | local int gz_avail(gz_statep state) {
function local (line 76) | local int gz_look(gz_statep state) {
function local (line 156) | local int gz_decomp(gz_statep state) {
function local (line 208) | local int gz_fetch(gz_statep state) {
function local (line 236) | local int gz_skip(gz_statep state, z_off64_t len) {
function local (line 268) | local z_size_t gz_read(gz_statep state, voidp buf, z_size_t len) {
function gzread (line 345) | int ZEXPORT gzread(gzFile file, voidp buf, unsigned len) {
function z_size_t (line 377) | z_size_t ZEXPORT gzfread(voidp buf, z_size_t size, z_size_t nitems, gzFi...
function gzgetc (line 408) | int ZEXPORT gzgetc(gzFile file) {
function gzgetc_ (line 433) | int ZEXPORT gzgetc_(gzFile file) {
function gzungetc (line 438) | int ZEXPORT gzungetc(int c, gzFile file) {
function gzdirect (line 559) | int ZEXPORT gzdirect(gzFile file) {
function gzclose_r (line 577) | int ZEXPORT gzclose_r(gzFile file) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/gzwrite.c
function local (line 11) | local int gz_init(gz_statep state) {
function local (line 65) | local int gz_comp(gz_statep state, int flush) {
function local (line 143) | local int gz_zero(gz_statep state, z_off64_t len) {
function local (line 173) | local z_size_t gz_write(gz_statep state, voidpc buf, z_size_t len) {
function gzwrite (line 237) | int ZEXPORT gzwrite(gzFile file, voidpc buf, unsigned len) {
function z_size_t (line 261) | z_size_t ZEXPORT gzfwrite(voidpc buf, z_size_t size, z_size_t nitems,
function gzputc (line 287) | int ZEXPORT gzputc(gzFile file, int c) {
function gzputs (line 332) | int ZEXPORT gzputs(gzFile file, const char *s) {
function gzvprintf (line 359) | int ZEXPORTVA gzvprintf(gzFile file, const char *format, va_list va) {
function gzprintf (line 430) | int ZEXPORTVA gzprintf(gzFile file, const char *format, ...) {
function gzprintf (line 443) | int ZEXPORTVA gzprintf(gzFile file, const char *format, int a1, int a2, ...
function gzflush (line 528) | int ZEXPORT gzflush(gzFile file, int flush) {
function gzsetparams (line 557) | int ZEXPORT gzsetparams(gzFile file, int level, int strategy) {
function gzclose_w (line 595) | int ZEXPORT gzclose_w(gzFile file) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/infback.c
function inflateBackInit_ (line 25) | int ZEXPORT inflateBackInit_(z_streamp strm, int windowBits,
function local (line 76) | local void fixedtables(struct inflate_state FAR *state) {
function inflateBack (line 242) | int ZEXPORT inflateBack(z_streamp strm, in_func in, void FAR *in_desc,
function inflateBackEnd (line 621) | int ZEXPORT inflateBackEnd(z_streamp strm) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/inffast.c
function inflate_fast (line 50) | void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/inflate.c
function local (line 94) | local int inflateStateCheck(z_streamp strm) {
function inflateResetKeep (line 106) | int ZEXPORT inflateResetKeep(z_streamp strm) {
function inflateReset (line 130) | int ZEXPORT inflateReset(z_streamp strm) {
function inflateReset2 (line 141) | int ZEXPORT inflateReset2(z_streamp strm, int windowBits) {
function inflateInit2_ (line 178) | int ZEXPORT inflateInit2_(z_streamp strm, int windowBits,
function inflateInit_ (line 218) | int ZEXPORT inflateInit_(z_streamp strm, const char *version,
function inflatePrime (line 223) | int ZEXPORT inflatePrime(z_streamp strm, int bits, int value) {
function local (line 252) | local void fixedtables(struct inflate_state FAR *state) {
function makefixed (line 314) | void makefixed(void)
function local (line 368) | local int updatewindow(z_streamp strm, const Bytef *end, unsigned copy) {
type inflate_state (line 591) | struct inflate_state
type inflate_state (line 614) | struct inflate_state
type inflate_state (line 1267) | struct inflate_state
type inflate_state (line 1270) | struct inflate_state
type inflate_state (line 1280) | struct inflate_state
type inflate_state (line 1284) | struct inflate_state
type inflate_state (line 1300) | struct inflate_state
type inflate_state (line 1306) | struct inflate_state
type inflate_state (line 1331) | struct inflate_state
type inflate_state (line 1335) | struct inflate_state
type inflate_state (line 1380) | struct inflate_state
type inflate_state (line 1384) | struct inflate_state
type inflate_state (line 1432) | struct inflate_state
type inflate_state (line 1435) | struct inflate_state
type inflate_state (line 1440) | struct inflate_state
type inflate_state (line 1441) | struct inflate_state
type inflate_state (line 1448) | struct inflate_state
type inflate_state (line 1451) | struct inflate_state
type inflate_state (line 1452) | struct inflate_state
type inflate_state (line 1466) | struct inflate_state
type internal_state (line 1479) | struct internal_state
type inflate_state (line 1484) | struct inflate_state
type inflate_state (line 1487) | struct inflate_state
type inflate_state (line 1499) | struct inflate_state
type inflate_state (line 1502) | struct inflate_state
type inflate_state (line 1511) | struct inflate_state
type inflate_state (line 1515) | struct inflate_state
type inflate_state (line 1522) | struct inflate_state
type inflate_state (line 1524) | struct inflate_state
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/inflate.h
type inflate_mode (line 20) | typedef enum {
type inflate_state (line 82) | struct inflate_state {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/inftrees.c
function inflate_table (line 32) | int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens,
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/inftrees.h
type code (line 24) | typedef struct {
type codetype (line 54) | typedef enum {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/test/example.c
function myfree (line 44) | void myfree(void *q, void *p) {
function test_compress (line 60) | void test_compress(Byte *compr, uLong comprLen, Byte *uncompr,
function test_gzio (line 84) | void test_gzio(const char *fname, Byte *uncompr, uLong uncomprLen) {
function test_deflate (line 166) | void test_deflate(Byte *compr, uLong comprLen) {
function test_inflate (line 201) | void test_inflate(Byte *compr, uLong comprLen, Byte *uncompr,
function test_large_deflate (line 240) | void test_large_deflate(Byte *compr, uLong comprLen, Byte *uncompr,
function test_large_inflate (line 293) | void test_large_inflate(Byte *compr, uLong comprLen, Byte *uncompr,
function test_flush (line 332) | void test_flush(Byte *compr, uLong *comprLen) {
function test_sync (line 367) | void test_sync(Byte *compr, uLong comprLen, Byte *uncompr, uLong uncompr...
function test_dict_deflate (line 407) | void test_dict_deflate(Byte *compr, uLong comprLen) {
function test_dict_inflate (line 441) | void test_dict_inflate(Byte *compr, uLong comprLen, Byte *uncompr,
function main (line 490) | int main(int argc, char *argv[]) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/test/infcover.c
type mem_item (line 56) | struct mem_item {
type mem_zone (line 63) | struct mem_zone {
function local (line 71) | local void *mem_alloc(void *mem, unsigned count, unsigned size)
function local (line 112) | local void mem_free(void *mem, void *ptr)
function local (line 158) | local void mem_setup(z_stream *strm)
function local (line 176) | local void mem_limit(z_stream *strm, size_t limit)
function local (line 184) | local void mem_used(z_stream *strm, char *prefix)
function local (line 192) | local void mem_high(z_stream *strm, char *prefix)
function local (line 200) | local void mem_done(z_stream *strm, char *prefix)
function local (line 284) | local void inf(char *hex, char *what, unsigned step, int win, unsigned len,
function local (line 350) | local void cover_support(void)
function local (line 388) | local void cover_wrap(void)
function pull (line 447) | local unsigned pull(void *desc, unsigned char **buf)
function local (line 463) | local int push(void *desc, unsigned char *buf, unsigned len)
function local (line 471) | local void cover_back(void)
function local (line 508) | local int try(char *hex, char *id, int err)
function local (line 582) | local void cover_inflate(void)
function local (line 618) | local void cover_trees(void)
function local (line 642) | local void cover_fast(void)
function main (line 662) | int main(void)
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/test/minigzip.c
function pwinerror (line 119) | static void pwinerror (s)
function myfree (line 157) | void myfree(void *q, void *p) {
type gzFile_s (line 162) | struct gzFile_s {
function gzFile (line 170) | gzFile gz_open(const char *path, int fd, const char *mode) {
function gzFile (line 204) | gzFile gzopen(const char *path, const char *mode) {
function gzFile (line 208) | gzFile gzdopen(int fd, const char *mode) {
function gzwrite (line 212) | int gzwrite(gzFile gz, const void *buf, unsigned len) {
function gzread (line 230) | int gzread(gzFile gz, void *buf, unsigned len) {
function gzclose (line 261) | int gzclose(gzFile gz) {
function error (line 298) | void error(const char *msg) {
function gz_compress_mmap (line 308) | int gz_compress_mmap(FILE *in, gzFile out) {
function gz_compress (line 341) | void gz_compress(FILE *in, gzFile out) {
function gz_uncompress (line 369) | void gz_uncompress(gzFile in, FILE *out) {
function file_compress (line 393) | void file_compress(char *file, char *mode) {
function file_uncompress (line 429) | void file_uncompress(char *file) {
function main (line 487) | int main(int argc, char *argv[]) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/trees.c
type static_tree_desc_s (line 117) | struct static_tree_desc_s {
function bi_reverse (line 154) | local unsigned bi_reverse(unsigned code, int len) {
function local (line 166) | local void bi_flush(deflate_state *s) {
function local (line 181) | local void bi_windup(deflate_state *s) {
function local (line 202) | local void gen_codes(ct_data *tree, int max_code, ushf *bl_count) {
function local (line 252) | local void send_bits(deflate_state *s, int value, int length) {
function local (line 294) | local void tr_static_init(void) {
function gen_trees_header (line 387) | void gen_trees_header(void) {
function local (line 439) | local void init_block(deflate_state *s) {
function _tr_init (line 455) | void ZLIB_INTERNAL _tr_init(deflate_state *s) {
function local (line 507) | local void pqdownheap(deflate_state *s, ct_data *tree, int k) {
function local (line 538) | local void gen_bitlen(deflate_state *s, tree_desc *desc) {
function local (line 625) | local void build_tree(deflate_state *s, tree_desc *desc) {
function local (line 710) | local void scan_tree(deflate_state *s, ct_data *tree, int max_code) {
function local (line 751) | local void send_tree(deflate_state *s, ct_data *tree, int max_code) {
function local (line 798) | local int build_bl_tree(deflate_state *s) {
function local (line 831) | local void send_all_trees(deflate_state *s, int lcodes, int dcodes,
function _tr_stored_block (line 858) | void ZLIB_INTERNAL _tr_stored_block(deflate_state *s, charf *buf,
function _tr_flush_bits (line 878) | void ZLIB_INTERNAL _tr_flush_bits(deflate_state *s) {
function _tr_align (line 886) | void ZLIB_INTERNAL _tr_align(deflate_state *s) {
function local (line 898) | local void compress_block(deflate_state *s, const ct_data *ltree,
function local (line 955) | local int detect_data_type(deflate_state *s) {
function _tr_tally (line 1084) | int ZLIB_INTERNAL _tr_tally(deflate_state *s, unsigned dist, unsigned lc) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/uncompr.c
function uncompress2 (line 27) | int ZEXPORT uncompress2(Bytef *dest, uLongf *destLen, const Bytef *source,
function uncompress (line 82) | int ZEXPORT uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/zconf.h
type z_size_t (line 245) | typedef unsigned long long z_size_t;
type z_size_t (line 247) | typedef unsigned long z_size_t;
type z_size_t (line 252) | typedef unsigned NO_SIZE_T z_size_t;
type z_size_t (line 255) | typedef size_t z_size_t;
type z_size_t (line 257) | typedef unsigned long z_size_t;
type Byte (line 401) | typedef unsigned char Byte;
type uInt (line 403) | typedef unsigned int uInt;
type uLong (line 404) | typedef unsigned long uLong;
type Byte (line 410) | typedef Byte FAR Bytef;
type charf (line 412) | typedef char FAR charf;
type intf (line 413) | typedef int FAR intf;
type uInt (line 414) | typedef uInt FAR uIntf;
type uLong (line 415) | typedef uLong FAR uLongf;
type Byte (line 422) | typedef Byte const *voidpc;
type Byte (line 423) | typedef Byte FAR *voidpf;
type Byte (line 424) | typedef Byte *voidp;
type Z_U4 (line 439) | typedef Z_U4 z_crc_t;
type z_crc_t (line 441) | typedef unsigned long z_crc_t;
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/zlib.h
type voidpf (line 81) | typedef voidpf (*alloc_func)(voidpf opaque, uInt items, uInt size);
type internal_state (line 84) | struct internal_state
type z_stream (line 86) | typedef struct z_stream_s {
type z_stream (line 108) | typedef z_stream FAR *z_streamp;
type gz_header (line 114) | typedef struct gz_header_s {
type gz_header (line 131) | typedef gz_header FAR *gz_headerp;
type gzFile_s (line 1305) | struct gzFile_s
type gzFile_s (line 1837) | struct gzFile_s {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/zutil.c
function uLong (line 31) | uLong ZEXPORT zlibCompileFlags(void) {
function z_error (line 122) | void ZLIB_INTERNAL z_error(char *m) {
function zmemcpy (line 145) | void ZLIB_INTERNAL zmemcpy(Bytef* dest, const Bytef* source, uInt len) {
function zmemcmp (line 152) | int ZLIB_INTERNAL zmemcmp(const Bytef* s1, const Bytef* s2, uInt len) {
function zmemzero (line 161) | void ZLIB_INTERNAL zmemzero(Bytef* dest, uInt len) {
type ptr_table (line 189) | typedef struct ptr_table_s {
function voidpf (line 202) | voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned siz...
function zcfree (line 227) | void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
function voidpf (line 263) | voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, uInt items, uInt size) {
function zcfree (line 268) | void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
function voidpf (line 286) | voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned siz...
function zcfree (line 292) | void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
FILE: internal/scalibrextract/filesystem/vendored/testdata/thirdparty/zlib/zutil.h
type uch (line 39) | typedef unsigned char uch;
type uch (line 40) | typedef uch FAR uchf;
type ush (line 41) | typedef unsigned short ush;
type ush (line 42) | typedef ush FAR ushf;
type ulg (line 43) | typedef unsigned long ulg;
FILE: internal/scalibrextract/filesystem/vendored/vendored.go
constant Name (line 56) | Name = "filesystem/vendored"
constant determineVersionThreshold (line 61) | determineVersionThreshold = 0.15
constant maxDetermineVersionFiles (line 62) | maxDetermineVersionFiles = 10000
type Config (line 65) | type Config struct
type Extractor (line 72) | type Extractor struct
method Name (line 85) | func (e *Extractor) Name() string { return Name }
method Version (line 88) | func (e *Extractor) Version() int { return 0 }
method Requirements (line 91) | func (e *Extractor) Requirements() *plugin.Capabilities {
method FileRequired (line 98) | func (e *Extractor) FileRequired(fapi filesystem.FileAPI) bool {
method Extract (line 118) | func (e *Extractor) Extract(ctx context.Context, input *filesystem.Sca...
method ToPURL (line 143) | func (e *Extractor) ToPURL(_ *extractor.Package) *purl.PackageURL {
method Ecosystem (line 148) | func (e *Extractor) Ecosystem(_ *extractor.Package) string {
method queryDetermineVersions (line 152) | func (e *Extractor) queryDetermineVersions(ctx context.Context, repoDi...
method Configure (line 222) | func (e *Extractor) Configure(config Config) {
function New (line 80) | func New(_ *cpb.PluginConfig) (filesystem.Extractor, error) {
type configurable (line 218) | type configurable interface
function Configure (line 229) | func Configure(plug plugin.Plugin, config Config) {
FILE: internal/scalibrextract/filesystem/vendored/vendored_test.go
function TestExtractor_FileRequired (line 20) | func TestExtractor_FileRequired(t *testing.T) {
function TestExtractor_Extract (line 96) | func TestExtractor_Extract(t *testing.T) {
FILE: internal/scalibrextract/language/javascript/nodemodules/extractor.go
constant Name (line 17) | Name = "javascript/nodemodules"
type Extractor (line 20) | type Extractor struct
method Name (line 30) | func (e Extractor) Name() string { return Name }
method Version (line 33) | func (e Extractor) Version() int { return 0 }
method Requirements (line 36) | func (e Extractor) Requirements() *plugin.Capabilities {
method FileRequired (line 41) | func (e Extractor) FileRequired(fapi filesystem.FileAPI) bool {
method Extract (line 46) | func (e Extractor) Extract(ctx context.Context, input *filesystem.Scan...
function New (line 25) | func New(_ *cpb.PluginConfig) (filesystem.Extractor, error) {
FILE: internal/scalibrextract/language/osv/osvscannerjson/extractor.go
constant Name (line 20) | Name = "osv/osvscannerjson"
type Extractor (line 24) | type Extractor struct
method Name (line 27) | func (e Extractor) Name() string { return Name }
method Version (line 30) | func (e Extractor) Version() int { return 0 }
method Requirements (line 33) | func (e Extractor) Requirements() *plugin.Capabilities {
method FileRequired (line 43) | func (e Extractor) FileRequired(fapi filesystem.FileAPI) bool {
method Extract (line 48) | func (e Extractor) Extract(_ context.Context, input *filesystem.ScanIn...
function New (line 37) | func New(_ *cpb.PluginConfig) (filesystem.Extractor, error) {
FILE: internal/scalibrextract/language/osv/osvscannerjson/extractor_test.go
function TestExtractor_Extract (line 14) | func TestExtractor_Extract(t *testing.T) {
FILE: internal/scalibrextract/language/osv/osvscannerjson/metadata.go
type Metadata (line 6) | type Metadata struct
FILE: internal/scalibrextract/vcs/gitcommitdirect/extractor.go
constant Name (line 15) | Name = "vcs/gitcommitdirect"
type Extractor (line 20) | type Extractor struct
method Name (line 32) | func (e *Extractor) Name() string { return Name }
method Version (line 35) | func (e *Extractor) Version() int { return 0 }
method Requirements (line 38) | func (e *Extractor) Requirements() *plugin.Capabilities {
method Extract (line 42) | func (e *Extractor) Extract(_ context.Context, _ *standalone.ScanInput...
function New (line 25) | func New(commits []string) standalone.Extractor {
FILE: internal/scalibrextract/vcs/gitrepo/extractor.go
constant Name (line 20) | Name = "vcs/gitrepo"
type Extractor (line 25) | type Extractor struct
method Name (line 71) | func (e *Extractor) Name() string { return Name }
method Version (line 74) | func (e *Extractor) Version() int { return 0 }
method Requirements (line 77) | func (e *Extractor) Requirements() *plugin.Capabilities {
method FileRequired (line 84) | func (e *Extractor) FileRequired(fapi filesystem.FileAPI) bool {
method Extract (line 99) | func (e *Extractor) Extract(_ context.Context, input *filesystem.ScanI...
method ToPURL (line 134) | func (e *Extractor) ToPURL(_ *extractor.Package) *purl.PackageURL {
method Ecosystem (line 139) | func (e *Extractor) Ecosystem(_ *extractor.Package) string {
function getCommitSHA (line 27) | func getCommitSHA(repo *git.Repository) (string, error) {
function getSubmodules (line 36) | func getSubmodules(repo *git.Repository) (submodules []*git.SubmoduleSta...
function createCommitQueryInventory (line 56) | func createCommitQueryInventory(commit string, location string) *extract...
function New (line 66) | func New(_ *cpb.PluginConfig) (filesystem.Extractor, error) {
FILE: internal/scalibrextract/vcs/gitrepo/extractor_test.go
function TestExtractor_Extract (line 16) | func TestExtractor_Extract(t *testing.T) {
FILE: internal/scalibrplugin/presets.go
function baseImageEnricher (line 178) | func baseImageEnricher(_ *cpb.PluginConfig) (enricher.Enricher, error) {
FILE: internal/scalibrplugin/resolve.go
function resolveFromName (line 19) | func resolveFromName(name string, cfg *cpb.PluginConfig) (plugin.Plugin,...
function Resolve (line 42) | func Resolve(enabledPlugins []string, disabledPlugins []string, cfg *cpb...
function filterPluginsMissingRequiredPlugins (line 107) | func filterPluginsMissingRequiredPlugins(pluginStatues map[string]bool, ...
FILE: internal/scalibrplugin/resolve_test.go
function TestResolve (line 41) | func TestResolve(t *testing.T) {
function TestResolve_Detectors (line 187) | func TestResolve_Detectors(t *testing.T) {
function TestResolve_RequiredPlugins (line 357) | func TestResolve_RequiredPlugins(t *testing.T) {
function TestResolve_AllPresets (line 442) | func TestResolve_AllPresets(t *testing.T) {
function TestResolve_Extractors (line 469) | func TestResolve_Extractors(t *testing.T) {
function TestResolve_Detectors_Presets (line 654) | func TestResolve_Detectors_Presets(t *testing.T) {
function TestResolve_Extractors_Presets (line 675) | func TestResolve_Extractors_Presets(t *testing.T) {
function TestResolve_Enrichers_Presets (line 696) | func TestResolve_Enrichers_Presets(t *testing.T) {
function TestResolve_Annotators_Presets (line 717) | func TestResolve_Annotators_Presets(t *testing.T) {
FILE: internal/scalibrplugin/testmain_test.go
function TestMain (line 9) | func TestMain(m *testing.M) {
FILE: internal/sourceanalysis/go.go
function goAnalysis (line 23) | func goAnalysis(pkgs []models.PackageVulns, source models.SourceInfo) {
function matchAnalysisWithPackageVulns (line 64) | func matchAnalysisWithPackageVulns(pkgs []models.PackageVulns, idToFindi...
function vulnHasImportsField (line 104) | func vulnHasImportsField(vuln *osvschema.Vulnerability, pkg *models.Pack...
function fillNotImportedAnalysisInfo (line 129) | func fillNotImportedAnalysisInfo(vulnsByID map[string]*osvschema.Vulnera...
function runGovulncheck (line 139) | func runGovulncheck(moddir string, vulns []*osvschema.Vulnerability, goV...
type osvHandler (line 194) | type osvHandler struct
method Finding (line 198) | func (h *osvHandler) Finding(f *govulncheck.Finding) {
function handleJSON (line 202) | func handleJSON(from io.Reader, to *osvHandler) error {
FILE: internal/sourceanalysis/go_test.go
function Test_matchAnalysisWithPackageVulns (line 11) | func Test_matchAnalysisWithPackageVulns(t *testing.T) {
function Test_matchEmptyAnalysisWithPackageVulns (line 23) | func Test_matchEmptyAnalysisWithPackageVulns(t *testing.T) {
FILE: internal/sourceanalysis/govulncheck/result.go
type Message (line 9) | type Message struct
type Finding (line 17) | type Finding struct
type Frame (line 52) | type Frame struct
type Position (line 81) | type Position struct
FILE: internal/sourceanalysis/integration_test.go
function Test_runGovulncheck (line 16) | func Test_runGovulncheck(t *testing.T) {
FILE: internal/sourceanalysis/rust.go
constant RustFlagsEnv (line 32) | RustFlagsEnv = "RUSTFLAGS=-C opt-level=3 -C debuginfo=1 -C embed-bit...
constant RustLibExtension (line 33) | RustLibExtension = ".rcgu.o/"
function rustAnalysis (line 36) | func rustAnalysis(pkgs []models.PackageVulns, source models.SourceInfo) {
function functionsFromDWARF (line 133) | func functionsFromDWARF(readAt io.ReaderAt) (map[string]struct{}, error) {
function extractRlibArchive (line 183) | func extractRlibArchive(rlibPath string) (bytes.Buffer, error) {
function rustBuildSource (line 228) | func rustBuildSource(source models.SourceInfo) ([]string, error) {
function cleanRustFunctionSymbols (line 286) | func cleanRustFunctionSymbols(val string) string {
FILE: internal/sourceanalysis/rust_test.go
function Test_extractRlibArchive (line 15) | func Test_extractRlibArchive(t *testing.T) {
function Test_functionsFromDWARF (line 42) | func Test_functionsFromDWARF(t *testing.T) {
function Test_rustBuildSource (line 66) | func Test_rustBuildSource(t *testing.T) {
FILE: internal/sourceanalysis/sourceanalysis.go
function vulnsFromAllPkgs (line 11) | func vulnsFromAllPkgs(pkgs []models.PackageVulns) ([]*osvschema.Vulnerab...
function Run (line 28) | func Run(source models.SourceInfo, pkgs []models.PackageVulns, callAnaly...
FILE: internal/sourceanalysis/testdata/go-integration/test-project/main.go
function main (line 12) | func main() {
FILE: internal/sourceanalysis/testdata/rust/rust-project/src/main.rs
function main (line 1) | fn main() {
function test_func (line 6) | fn test_func() {
FILE: internal/sourceanalysis/testmain_test.go
function TestMain (line 9) | func TestMain(m *testing.M) {
FILE: internal/spdx/gen.go
type License (line 16) | type License struct
function main (line 20) | func main() {
FILE: internal/spdx/satisfies.go
type node (line 13) | type node interface
type nodeBranch (line 20) | type nodeBranch struct
method satisfiedBy (line 26) | func (n nodeBranch) satisfiedBy(licenses []string) bool {
type nodeLeaf (line 40) | type nodeLeaf struct
method satisfiedBy (line 44) | func (n nodeLeaf) satisfiedBy(licenses []string) bool {
type tokens (line 58) | type tokens struct
method peek (line 63) | func (ts *tokens) peek() string {
method next (line 72) | func (ts *tokens) next() string {
method nextAndIsNextNextValid (line 91) | func (ts *tokens) nextAndIsNextNextValid() (string, error) {
method isNextValid (line 98) | func (ts *tokens) isNextValid(cur string) error {
function tokenise (line 126) | func tokenise(license models.License) tokens {
function parse (line 157) | func parse(tokens *tokens) (node, error) {
function parseOr (line 161) | func parseOr(tokens *tokens) (node, error) {
function parseAnd (line 188) | func parseAnd(tokens *tokens) (node, error) {
function parseExpression (line 215) | func parseExpression(tokens *tokens) (node, error) {
function Satisfies (line 253) | func Satisfies(license models.License, allowlist []string) (bool, error) {
FILE: internal/spdx/satisfies_test.go
function namer (line 11) | func namer(t *testing.T, license models.License, licenses []string, expe...
function TestSatisfies (line 23) | func TestSatisfies(t *testing.T) {
function TestSatisfies_Invalid (line 330) | func TestSatisfies_Invalid(t *testing.T) {
FILE: internal/spdx/verify.go
function Unrecognized (line 7) | func Unrecognized(licenses []string) (unrecognized []string) {
FILE: internal/spdx/verify_test.go
function TestUnrecognized (line 10) | func TestUnrecognized(t *testing.T) {
FILE: internal/testlogger/handler.go
type Handler (line 25) | type Handler struct
method getLogger (line 29) | func (tl *Handler) getLogger() cmdlogger.CmdLogger {
method AddInstance (line 45) | func (tl *Handler) AddInstance(logger cmdlogger.CmdLogger) {
method Delete (line 57) | func (tl *Handler) Delete() {
method SendEverythingToStderr (line 66) | func (tl *Handler) SendEverythingToStderr() {
method SetLevel (line 70) | func (tl *Handler) SetLevel(level slog.Leveler) {
method Enabled (line 74) | func (tl *Handler) Enabled(ctx context.Context, level slog.Level) bool {
method Handle (line 78) | func (tl *Handler) Handle(ctx context.Context, record slog.Record) err...
method SetHasErrored (line 109) | func (tl *Handler) SetHasErrored() {
method HasErrored (line 115) | func (tl *Handler) HasErrored() bool {
method HasErroredBecauseInvalidConfig (line 121) | func (tl *Handler) HasErroredBecauseInvalidConfig() bool {
method WithAttrs (line 125) | func (tl *Handler) WithAttrs(attrs []slog.Attr) slog.Handler {
method WithGroup (line 129) | func (tl *Handler) WithGroup(g string) slog.Handler {
function New (line 135) | func New() *Handler {
function getCallerInstance (line 153) | func getCallerInstance() string {
FILE: internal/testlogger/markers.go
constant BeginDirectoryScan (line 9) | BeginDirectoryScan = "---Begin Directory Scan---"
constant EndDirectoryScan (line 10) | EndDirectoryScan = "---End Directory Scan---"
function BeginDirScanMarker (line 14) | func BeginDirScanMarker() {
function EndDirScanMarker (line 21) | func EndDirScanMarker() {
FILE: internal/testutility/fixture.go
function load (line 14) | func load(t *testing.T, path string, windowsReplacements map[string]stri...
function LoadJSONFixture (line 30) | func LoadJSONFixture[V any](t *testing.T, path string) V {
function LoadJSONFixtureWithWindowsReplacements (line 38) | func LoadJSONFixtureWithWindowsReplacements[V any](
function LoadVulnMapFixture (line 57) | func LoadVulnMapFixture(t *testing.T, path string) map[string]*osvschema...
FILE: internal/testutility/jsonreplace.go
type JSONReplaceRule (line 13) | type JSONReplaceRule struct
function expandArrayPaths (line 105) | func expandArrayPaths(t *testing.T, jsonInput string, path string) []str...
function ReplaceJSONInput (line 145) | func ReplaceJSONInput(t *testing.T, jsonInput string, path string, repla...
FILE: internal/testutility/jsonreplace_test.go
function Test_replaceJSONInput (line 15) | func Test_replaceJSONInput(t *testing.T) {
function Test_replaceJSONInput_More (line 410) | func Test_replaceJSONInput_More(t *testing.T) {
FILE: internal/testutility/mock_http.go
type MockHTTPServer (line 13) | type MockHTTPServer struct
method SetResponse (line 35) | func (m *MockHTTPServer) SetResponse(t *testing.T, path string, respon...
method SetResponseFromFile (line 44) | func (m *MockHTTPServer) SetResponseFromFile(t *testing.T, path string...
method SetAuthorization (line 57) | func (m *MockHTTPServer) SetAuthorization(t *testing.T, auth string) {
method ServeHTTP (line 65) | func (m *MockHTTPServer) ServeHTTP(w http.ResponseWriter, r *http.Requ...
function NewMockHTTPServer (line 25) | func NewMockHTTPServer(t *testing.T) *MockHTTPServer {
FILE: internal/testutility/normalize.go
function normalizeFilePathsOnOutput (line 17) | func normalizeFilePathsOnOutput(t *testing.T, output string) string {
function normalizeFilePaths (line 47) | func normalizeFilePaths(t *testing.T, output string) string {
function normalizeRootDirectory (line 54) | func normalizeRootDirectory(t *testing.T, str string) string {
function normalizeUserCacheDirectory (line 71) | func normalizeUserCacheDirectory(t *testing.T, str string) string {
function normalizeTempDirectory (line 89) | func normalizeTempDirectory(t *testing.T, str string) string {
function normalizeErrors (line 105) | func normalizeErrors(t *testing.T, str string) string {
function removeUntestableLines (line 119) | func removeUntestableLines(t *testing.T, str string) string {
function normalizeSnapshot (line 129) | func normalizeSnapshot(t *testing.T, str string) string {
function pathWithoutRoot (line 146) | func pathWithoutRoot(t *testing.T, str string) string {
FILE: internal/testutility/snapshot.go
type Snapshot (line 10) | type Snapshot struct
method WithWindowsReplacements (line 21) | func (s Snapshot) WithWindowsReplacements(replacements map[string]stri...
method WithCRLFReplacement (line 29) | func (s Snapshot) WithCRLFReplacement() Snapshot {
method MatchJSON (line 37) | func (s Snapshot) MatchJSON(t *testing.T, got any) {
method MatchText (line 50) | func (s Snapshot) MatchText(t *testing.T, got string) {
function NewSnapshot (line 15) | func NewSnapshot() Snapshot {
FILE: internal/testutility/utility.go
function GetCurrentWorkingDirectory (line 18) | func GetCurrentWorkingDirectory(t *testing.T) string {
function applyWindowsReplacements (line 30) | func applyWindowsReplacements(content string, replacements map[string]st...
function CleanSnapshots (line 41) | func CleanSnapshots(m *testing.M) {
function Skip (line 56) | func Skip(t *testing.T, args ...any) {
function isThisTestRunTarget (line 66) | func isThisTestRunTarget(t *testing.T) bool {
function IsAcceptanceTesting (line 76) | func IsAcceptanceTesting() bool {
function SkipIfNotAcceptanceTesting (line 84) | func SkipIfNotAcceptanceTesting(t *testing.T, reason string) {
function SkipIfShort (line 94) | func SkipIfShort(t *testing.T) {
function ValueIfOnWindows (line 102) | func ValueIfOnWindows(win, or string) string {
function fixedLengthTempDir (line 110) | func fixedLengthTempDir(parent string) (string, error) {
function CreateTestDir (line 123) | func CreateTestDir(t *testing.T) string {
FILE: internal/thirdparty/ar/reader.go
constant HeaderByteSize (line 34) | HeaderByteSize = 60
constant ArSignature (line 35) | ArSignature = "!<arch>\n"
type Header (line 38) | type Header struct
type slicer (line 43) | type slicer
method next (line 45) | func (sp *slicer) next(n int) []byte {
type Reader (line 71) | type Reader struct
method Next (line 92) | func (rd *Reader) Next() (*Header, error) {
method Read (line 102) | func (rd *Reader) Read(b []byte) (n int, err error) {
method skipUnread (line 115) | func (rd *Reader) skipUnread() error {
method readHeader (line 128) | func (rd *Reader) readHeader() (*Header, error) {
function NewReader (line 78) | func NewReader(r io.Reader) (*Reader, error) {
function byteToString (line 148) | func byteToString(b []byte) string {
function byteToDecimal (line 152) | func byteToDecimal(b []byte) int {
FILE: internal/thirdparty/xml/atom_test.go
function ParseTime (line 44) | func ParseTime(str string) time.Time {
function NewText (line 52) | func NewText(text string) Text {
FILE: internal/thirdparty/xml/marshal.go
constant Header (line 23) | Header = `<?xml version="1.0" encoding="UTF-8"?>` + "\n"
function Marshal (line 80) | func Marshal(v any) ([]byte, error) {
type Marshaler (line 108) | type Marshaler interface
type MarshalerAttr (line 123) | type MarshalerAttr interface
function MarshalIndent (line 130) | func MarshalIndent(v any, prefix, indent string) ([]byte, error) {
type Encoder (line 144) | type Encoder struct
method Indent (line 158) | func (enc *Encoder) Indent(prefix, indent string) {
method Encode (line 169) | func (enc *Encoder) Encode(v any) error {
method EncodeElement (line 184) | func (enc *Encoder) EncodeElement(v any, start StartElement) error {
method EncodeToken (line 210) | func (enc *Encoder) EncodeToken(t Token) error {
method Flush (line 318) | func (enc *Encoder) Flush() error {
method Close (line 325) | func (enc *Encoder) Close() error {
function NewEncoder (line 149) | func NewEncoder(w io.Writer) *Encoder {
function isValidDirective (line 278) | func isValidDirective(dir Directive) bool {
type printer (line 329) | type printer struct
method createAttrPrefix (line 348) | func (p *printer) createAttrPrefix(url string) string {
method deleteAttrPrefix (line 408) | func (p *printer) deleteAttrPrefix(prefix string) {
method markPrefix (line 413) | func (p *printer) markPrefix() {
method popPrefix (line 417) | func (p *printer) popPrefix() {
method marshalValue (line 436) | func (p *printer) marshalValue(val reflect.Value, finfo *fieldInfo, st...
method marshalAttr (line 592) | func (p *printer) marshalAttr(start *StartElement, name Name, val refl...
method marshalInterface (line 698) | func (p *printer) marshalInterface(val Marshaler, start StartElement) ...
method marshalTextInterface (line 718) | func (p *printer) marshalTextInterface(val encoding.TextMarshaler, sta...
method writeStart (line 731) | func (p *printer) writeStart(start *StartElement) error {
method writeEnd (line 781) | func (p *printer) writeEnd(name Name, empty bool) error {
method marshalSimple (line 807) | func (p *printer) marshalSimple(typ reflect.Type, val reflect.Value) (...
method marshalStruct (line 858) | func (p *printer) marshalStruct(tinfo *typeInfo, val reflect.Value) er...
method Write (line 1014) | func (p *printer) Write(b []byte) (n int, err error) {
method WriteString (line 1025) | func (p *printer) WriteString(s string) (n int, err error) {
method WriteByte (line 1036) | func (p *printer) WriteByte(c byte) error {
method Close (line 1049) | func (p *printer) Close() error {
method cachedWriteError (line 1064) | func (p *printer) cachedWriteError() error {
method writeIndent (line 1069) | func (p *printer) writeIndent(depthDelta int) {
function defaultStart (line 677) | func defaultStart(typ reflect.Type, finfo *fieldInfo, startTemplate *Sta...
function indirect (line 848) | func indirect(vf reflect.Value) reflect.Value {
type parentStack (line 1100) | type parentStack struct
method trim (line 1108) | func (s *parentStack) trim(parents []string) error {
method push (line 1125) | func (s *parentStack) push(parents []string) error {
type UnsupportedTypeError (line 1137) | type UnsupportedTypeError struct
method Error (line 1141) | func (e *UnsupportedTypeError) Error() string {
function isEmptyValue (line 1145) | func isEmptyValue(v reflect.Value) bool {
FILE: internal/thirdparty/xml/marshal_test.go
type DriveType (line 20) | type DriveType
constant HyperDrive (line 23) | HyperDrive DriveType = iota
constant ImprobabilityDrive (line 24) | ImprobabilityDrive
type Passenger (line 27) | type Passenger struct
type Ship (line 32) | type Ship struct
type NamedType (line 43) | type NamedType
type Port (line 45) | type Port struct
type Domain (line 52) | type Domain struct
type Book (line 59) | type Book struct
type Event (line 64) | type Event struct
type Movie (line 69) | type Movie struct
type Pi (line 74) | type Pi struct
type Universe (line 79) | type Universe struct
type Particle (line 84) | type Particle struct
type Departure (line 89) | type Departure struct
type SecretAgent (line 94) | type SecretAgent struct
type NestedItems (line 101) | type NestedItems struct
type NestedOrder (line 107) | type NestedOrder struct
type MixedNested (line 114) | type MixedNested struct
type NilTest (line 122) | type NilTest struct
type Service (line 128) | type Service struct
type EmbedA (line 138) | type EmbedA struct
type EmbedB (line 145) | type EmbedB struct
type EmbedC (line 150) | type EmbedC struct
type embedD (line 157) | type embedD struct
type NameCasing (line 162) | type NameCasing struct
type NamePrecedence (line 170) | type NamePrecedence struct
type XMLNameWithTag (line 178) | type XMLNameWithTag struct
type XMLNameWithoutTag (line 183) | type XMLNameWithoutTag struct
type NameInField (line 188) | type NameInField struct
type AttrTest (line 192) | type AttrTest struct
type AttrsTest (line 202) | type AttrsTest struct
type OmitAttrTest (line 213) | type OmitAttrTest struct
type OmitFieldTest (line 224) | type OmitFieldTest struct
type AnyTest (line 236) | type AnyTest struct
type AnyOmitTest (line 242) | type AnyOmitTest struct
type AnySliceTest (line 248) | type AnySliceTest struct
type AnyHolder (line 254) | type AnyHolder struct
type RecurseA (line 259) | type RecurseA struct
type RecurseB (line 264) | type RecurseB struct
type PresenceTest (line 269) | type PresenceTest struct
type IgnoreTest (line 273) | type IgnoreTest struct
type MyBytes (line 277) | type MyBytes
type Data (line 279) | type Data struct
type Plain (line 285) | type Plain struct
type MyInt (line 289) | type MyInt
type EmbedInt (line 291) | type EmbedInt struct
type Strings (line 295) | type Strings struct
type PointerFieldsTest (line 299) | type PointerFieldsTest struct
type ChardataEmptyTest (line 307) | type ChardataEmptyTest struct
type PointerAnonFields (line 312) | type PointerAnonFields struct
type MyMarshalerTest (line 317) | type MyMarshalerTest struct
method MarshalXML (line 322) | func (m *MyMarshalerTest) MarshalXML(e *Encoder, start StartElement) e...
type MyMarshalerAttrTest (line 329) | type MyMarshalerAttrTest struct
method MarshalXMLAttr (line 334) | func (m *MyMarshalerAttrTest) MarshalXMLAttr(name Name) (Attr, error) {
method UnmarshalXMLAttr (line 338) | func (m *MyMarshalerAttrTest) UnmarshalXMLAttr(attr Attr) error {
type MarshalerStruct (line 342) | type MarshalerStruct struct
type InnerStruct (line 346) | type InnerStruct struct
type OuterStruct (line 350) | type OuterStruct struct
type OuterNamedStruct (line 355) | type OuterNamedStruct struct
type OuterNamedOrderedStruct (line 361) | type OuterNamedOrderedStruct struct
type OuterOuterStruct (line 367) | type OuterOuterStruct struct
type NestedAndChardata (line 371) | type NestedAndChardata struct
type NestedAndComment (line 376) | type NestedAndComment struct
type CDataTest (line 381) | type CDataTest struct
type NestedAndCData (line 385) | type NestedAndCData struct
function ifaceptr (line 390) | func ifaceptr(x any) any {
function stringptr (line 394) | func stringptr(x string) *string {
type T1 (line 398) | type T1 struct
type T2 (line 399) | type T2 struct
type IndirComment (line 401) | type IndirComment struct
type DirectComment (line 407) | type DirectComment struct
type IfaceComment (line 413) | type IfaceComment struct
type IndirChardata (line 419) | type IndirChardata struct
type DirectChardata (line 425) | type DirectChardata struct
type IfaceChardata (line 431) | type IfaceChardata struct
type IndirCDATA (line 437) | type IndirCDATA struct
type DirectCDATA (line 443) | type DirectCDATA struct
type IfaceCDATA (line 449) | type IfaceCDATA struct
type IndirInnerXML (line 455) | type IndirInnerXML struct
type DirectInnerXML (line 461) | type DirectInnerXML struct
type IfaceInnerXML (line 467) | type IfaceInnerXML struct
type IndirElement (line 473) | type IndirElement struct
type DirectElement (line 479) | type DirectElement struct
type IfaceElement (line 485) | type IfaceElement struct
type IndirOmitEmpty (line 491) | type IndirOmitEmpty struct
type DirectOmitEmpty (line 497) | type DirectOmitEmpty struct
type IfaceOmitEmpty (line 503) | type IfaceOmitEmpty struct
type IndirAny (line 509) | type IndirAny struct
type DirectAny (line 515) | type DirectAny struct
type IfaceAny (line 521) | type IfaceAny struct
type Generic (line 527) | type Generic struct
function TestMarshal (line 1661) | func TestMarshal(t *testing.T) {
type AttrParent (line 1694) | type AttrParent struct
type BadAttr (line 1698) | type BadAttr struct
function TestMarshalErrors (line 1758) | func TestMarshalErrors(t *testing.T) {
function TestUnmarshal (line 1777) | func TestUnmarshal(t *testing.T) {
function TestMarshalIndent (line 1824) | func TestMarshalIndent(t *testing.T) {
type limitedBytesWriter (line 1837) | type limitedBytesWriter struct
method Write (line 1842) | func (lw *limitedBytesWriter) Write(p []byte) (n int, err error) {
function TestMarshalWriteErrors (line 1858) | func TestMarshalWriteErrors(t *testing.T) {
function TestMarshalWriteIOErrors (line 1886) | func TestMarshalWriteIOErrors(t *testing.T) {
function TestMarshalFlush (line 1896) | func TestMarshalFlush(t *testing.T) {
function BenchmarkMarshal (line 1913) | func BenchmarkMarshal(b *testing.B) {
function BenchmarkUnmarshal (line 1922) | func BenchmarkUnmarshal(b *testing.B) {
function TestStructPointerMarshal (line 1933) | func TestStructPointerMarshal(t *testing.T) {
function TestEncodeToken (line 2340) | func TestEncodeToken(t *testing.T) {
function TestProcInstEncodeToken (line 2378) | func TestProcInstEncodeToken(t *testing.T) {
function TestDecodeEncode (line 2395) | func TestDecodeEncode(t *testing.T) {
function TestRace9796 (line 2413) | func TestRace9796(t *testing.T) {
function TestIsValidDirective (line 2429) | func TestIsValidDirective(t *testing.T) {
function TestSimpleUseOfEncodeToken (line 2462) | func TestSimpleUseOfEncodeToken(t *testing.T) {
function TestIssue16158 (line 2493) | func TestIssue16158(t *testing.T) {
type InvalidXMLName (line 2505) | type InvalidXMLName struct
function TestInvalidXMLName (line 2512) | func TestInvalidXMLName(t *testing.T) {
type LayerOne (line 2523) | type LayerOne struct
type LayerTwo (line 2530) | type LayerTwo struct
function TestMarshalZeroValue (line 2534) | func TestMarshalZeroValue(t *testing.T) {
function TestClose (line 2585) | func TestClose(t *testing.T) {
FILE: internal/thirdparty/xml/read.go
function Unmarshal (line 133) | func Unmarshal(data []byte, v any) error {
method Decode (line 139) | func (d *Decoder) Decode(v any) error {
method DecodeElement (line 147) | func (d *Decoder) DecodeElement(v any, start *StartElement) error {
type UnmarshalError (line 160) | type UnmarshalError
method Error (line 162) | func (e UnmarshalError) Error() string { return string(e) }
type Unmarshaler (line 179) | type Unmarshaler interface
type UnmarshalerAttr (line 191) | type UnmarshalerAttr interface
function receiverType (line 196) | func receiverType(val any) string {
method unmarshalInterface (line 206) | func (d *Decoder) unmarshalInterface(val Unmarshaler, start *StartElemen...
method unmarshalTextInterface (line 228) | func (d *Decoder) unmarshalTextInterface(val encoding.TextUnmarshaler) e...
method unmarshalAttr (line 251) | func (d *Decoder) unmarshalAttr(val reflect.Value, attr Attr) error {
constant maxUnmarshalDepth (line 314) | maxUnmarshalDepth = 10000
constant maxUnmarshalDepthWasm (line 315) | maxUnmarshalDepthWasm = 5000
method unmarshal (line 321) | func (d *Decoder) unmarshal(val reflect.Value, start *StartElement, dept...
function copyValue (line 621) | func copyValue(dst reflect.Value, src []byte) (err error) {
method unmarshalPath (line 694) | func (d *Decoder) unmarshalPath(tinfo *typeInfo, sv reflect.Value, paren...
method Skip (line 760) | func (d *Decoder) Skip() error {
FILE: internal/thirdparty/xml/read_test.go
function TestUnmarshalFeed (line 20) | func TestUnmarshalFeed(t *testing.T) {
constant atomFeedString (line 31) | atomFeedString = `
type Feed (line 86) | type Feed struct
type Entry (line 96) | type Entry struct
type Link (line 105) | type Link struct
type Person (line 110) | type Person struct
type Text (line 117) | type Text struct
constant pathTestString (line 220) | pathTestString = `
type PathTestItem (line 242) | type PathTestItem struct
type PathTestA (line 246) | type PathTestA struct
type PathTestB (line 251) | type PathTestB struct
type PathTestC (line 256) | type PathTestC struct
type PathTestSet (line 262) | type PathTestSet struct
type PathTestD (line 266) | type PathTestD struct
type PathTestE (line 271) | type PathTestE struct
function TestUnmarshalPaths (line 284) | func TestUnmarshalPaths(t *testing.T) {
type BadPathTestA (line 296) | type BadPathTestA struct
type BadPathTestB (line 302) | type BadPathTestB struct
type BadPathTestC (line 308) | type BadPathTestC struct
type BadPathTestD (line 313) | type BadPathTestD struct
type BadPathEmbeddedA (line 318) | type BadPathEmbeddedA struct
type BadPathEmbeddedB (line 322) | type BadPathEmbeddedB struct
function TestUnmarshalBadPaths (line 335) | func TestUnmarshalBadPaths(t *testing.T) {
constant OK (line 344) | OK = "OK"
constant withoutNameTypeData (line 345) | withoutNameTypeData = `
type TestThree (line 349) | type TestThree struct
function TestUnmarshalWithoutNameType (line 354) | func TestUnmarshalWithoutNameType(t *testing.T) {
function TestUnmarshalAttr (line 364) | func TestUnmarshalAttr(t *testing.T) {
type Tables (line 408) | type Tables struct
function TestUnmarshalNS (line 468) | func TestUnmarshalNS(t *testing.T) {
function TestMarshalNS (line 490) | func TestMarshalNS(t *testing.T) {
type TableAttrs (line 503) | type TableAttrs struct
type TAttr (line 507) | type TAttr struct
function TestUnmarshalNSAttr (line 585) | func TestUnmarshalNSAttr(t *testing.T) {
function TestMarshalNSAttr (line 607) | func TestMarshalNSAttr(t *testing.T) {
type MyCharData (line 629) | type MyCharData struct
method UnmarshalXML (line 633) | func (m *MyCharData) UnmarshalXML(d *Decoder, start StartElement) error {
method UnmarshalXMLAttr (line 651) | func (m *MyCharData) UnmarshalXMLAttr(attr Attr) error {
type MyAttr (line 655) | type MyAttr struct
method UnmarshalXMLAttr (line 659) | func (m *MyAttr) UnmarshalXMLAttr(attr Attr) error {
type MyStruct (line 666) | type MyStruct struct
function TestUnmarshaler (line 674) | func TestUnmarshaler(t *testing.T) {
type Pea (line 692) | type Pea struct
type Pod (line 696) | type Pod struct
function TestUnmarshalIntoInterface (line 701) | func TestUnmarshalIntoInterface(t *testing.T) {
type X (line 719) | type X struct
function TestMalformedComment (line 724) | func TestMalformedComment(t *testing.T) {
type IXField (line 740) | type IXField struct
function TestInvalidInnerXMLType (line 746) | func TestInvalidInnerXMLType(t *testing.T) {
type Child (line 759) | type Child struct
type ChildToEmbed (line 765) | type ChildToEmbed struct
type Parent (line 769) | type Parent struct
constant emptyXML (line 796) | emptyXML = `
function TestUnmarshalEmptyValues (line 826) | func TestUnmarshalEmptyValues(t *testing.T) {
type WhitespaceValuesParent (line 915) | type WhitespaceValuesParent struct
constant whitespaceValuesXML (line 939) | whitespaceValuesXML = `
function TestUnmarshalWhitespaceValues (line 966) | func TestUnmarshalWhitespaceValues(t *testing.T) {
type WhitespaceAttrsParent (line 1000) | type WhitespaceAttrsParent struct
constant whitespaceAttrsXML (line 1024) | whitespaceAttrsXML = `
function TestUnmarshalWhitespaceAttrs (line 1052) | func TestUnmarshalWhitespaceAttrs(t *testing.T) {
function TestUnmarshalIntoNil (line 1087) | func TestUnmarshalIntoNil(t *testing.T) {
function TestCVE202228131 (line 1101) | func TestCVE202228131(t *testing.T) {
function TestCVE202230633 (line 1114) | func TestCVE202230633(t *testing.T) {
FILE: internal/thirdparty/xml/typeinfo.go
type typeInfo (line 15) | type typeInfo struct
type fieldInfo (line 21) | type fieldInfo struct
method value (line 350) | func (finfo *fieldInfo) value(v reflect.Value, shouldInitNilPointers b...
type fieldFlags (line 29) | type fieldFlags
constant fElement (line 32) | fElement fieldFlags = 1 << iota
constant fAttr (line 33) | fAttr
constant fCDATA (line 34) | fCDATA
constant fCharData (line 35) | fCharData
constant fInnerXML (line 36) | fInnerXML
constant fComment (line 37) | fComment
constant fAny (line 38) | fAny
constant fOmitEmpty (line 40) | fOmitEmpty
constant fMode (line 42) | fMode = fElement | fAttr | fCDATA | fCharData | fInnerXML | fComment | fAny
constant xmlName (line 44) | xmlName = "XMLName"
function getTypeInfo (line 53) | func getTypeInfo(typ reflect.Type) (*typeInfo, error) {
function structFieldInfo (line 113) | func structFieldInfo(typ reflect.Type, f *reflect.StructField) (*fieldIn...
function lookupXMLName (line 231) | func lookupXMLName(typ reflect.Type) (xmlname *fieldInfo) {
function addFieldInfo (line 261) | func addFieldInfo(typ reflect.Type, tinfo *typeInfo, newf *fieldInfo) er...
type TagPathError (line 330) | type TagPathError struct
method Error (line 336) | func (e *TagPathError) Error() string {
constant initNilPointers (line 341) | initNilPointers = true
constant dontInitNilPointers (line 342) | dontInitNilPointers = false
FILE: internal/thirdparty/xml/xml.go
type SyntaxError (line 33) | type SyntaxError struct
method Error (line 38) | func (e *SyntaxError) Error() string {
type Name (line 47) | type Name struct
type Attr (line 52) | type Attr struct
type Token (line 60) | type Token
type StartElement (line 63) | type StartElement struct
method Copy (line 72) | func (e StartElement) Copy() StartElement {
method End (line 80) | func (e StartElement) End() EndElement {
type EndElement (line 85) | type EndElement struct
type CharData (line 94) | type CharData struct
method Copy (line 101) | func (c CharData) Copy() CharData {
type Comment (line 107) | type Comment
method Copy (line 110) | func (c Comment) Copy() Comment { return Comment(bytes.Clone(c)) }
type ProcInst (line 113) | type ProcInst struct
method Copy (line 119) | func (p ProcInst) Copy() ProcInst {
type Directive (line 126) | type Directive
method Copy (line 129) | func (d Directive) Copy() Directive { return Directive(bytes.Clone(d)) }
function CopyToken (line 132) | func CopyToken(t Token) Token {
type TokenReader (line 161) | type TokenReader interface
type Decoder (line 167) | type Decoder struct
method Token (line 293) | func (d *Decoder) Token() (Token, error) {
method translate (line 364) | func (d *Decoder) translate(n *Name, isElementName bool) {
method switchToReader (line 382) | func (d *Decoder) switchToReader(r io.Reader) {
method push (line 411) | func (d *Decoder) push(kind int) *stack {
method pop (line 424) | func (d *Decoder) pop() *stack {
method pushEOF (line 437) | func (d *Decoder) pushEOF() {
method popEOF (line 463) | func (d *Decoder) popEOF() bool {
method pushElement (line 472) | func (d *Decoder) pushElement(name Name) {
method pushNs (line 479) | func (d *Decoder) pushNs(local string, url string, ok bool) {
method syntaxError (line 487) | func (d *Decoder) syntaxError(msg string) error {
method popElement (line 497) | func (d *Decoder) popElement(t *EndElement) bool {
method autoClose (line 541) | func (d *Decoder) autoClose(t Token) (Token, bool) {
method RawToken (line 563) | func (d *Decoder) RawToken() (Token, error) {
method rawToken (line 570) | func (d *Decoder) rawToken() (Token, error) {
method attrval (line 880) | func (d *Decoder) attrval() []byte {
method space (line 916) | func (d *Decoder) space() (diff []byte) {
method getc (line 936) | func (d *Decoder) getc() (b byte, ok bool) {
method InputOffset (line 963) | func (d *Decoder) InputOffset() int64 {
method InputPos (line 970) | func (d *Decoder) InputPos() (line, column int) {
method savedOffset (line 976) | func (d *Decoder) savedOffset() int {
method mustgetc (line 988) | func (d *Decoder) mustgetc() (b byte, ok bool) {
method ungetc (line 998) | func (d *Decoder) ungetc(b byte) {
method text (line 1019) | func (d *Decoder) text(quote int, cdata bool) ([]byte, []byte) {
method nsname (line 1212) | func (d *Decoder) nsname() (name Name, ok bool) {
method name (line 1231) | func (d *Decoder) name() (s string, ok bool) {
method readName (line 1249) | func (d *Decoder) readName(buf *bytes.Buffer) (ok bool) {
function NewDecoder (line 240) | func NewDecoder(r io.Reader) *Decoder {
function NewTokenDecoder (line 252) | func NewTokenDecoder(t TokenReader) *Decoder {
constant xmlURL (line 356) | xmlURL = "http://www.w3.org/XML/1998/namespace"
constant xmlnsPrefix (line 357) | xmlnsPrefix = "xmlns"
constant xmlPrefix (line 358) | xmlPrefix = "xml"
type stack (line 398) | type stack struct
constant stkStart (line 406) | stkStart = iota
constant stkNs (line 407) | stkNs
constant stkEOF (line 408) | stkEOF
function isInCharacterRange (line 1201) | func isInCharacterRange(r rune) (inrange bool) {
function isNameByte (line 1279) | func isNameByte(c byte) bool {
function isName (line 1286) | func isName(s []byte) bool {
function isNameString (line 1310) | func isNameString(s string) bool {
function EscapeText (line 1960) | func EscapeText(w io.Writer, s []byte) error {
function escapeText (line 1966) | func escapeText(w io.Writer, s []byte, escape bool) error {
method EscapeString (line 2014) | func (p *printer) EscapeString(s string, escape bool) {
function Escape (line 2057) | func Escape(w io.Writer, s []byte) {
function emitCDATA (line 2069) | func emitCDATA(w io.Writer, s []byte) error {
function procInst (line 2102) | func procInst(param, s string) string {
FILE: internal/thirdparty/xml/xml_test.go
type toks (line 17) | type toks struct
method Token (line 22) | func (t *toks) Token() (Token, error) {
function TestDecodeEOF (line 34) | func TestDecodeEOF(t *testing.T) {
type toksNil (line 81) | type toksNil struct
method Token (line 86) | func (t *toksNil) Token() (Token, error) {
function TestDecodeNilToken (line 101) | func TestDecodeNilToken(t *testing.T) {
constant testInput (line 122) | testInput = `
constant testInputAltEncoding (line 215) | testInputAltEncoding = `
function TestRawToken (line 275) | func TestRawToken(t *testing.T) {
constant nonStrictInput (line 281) | nonStrictInput = `
function TestNonStrictRawToken (line 328) | func TestNonStrictRawToken(t *testing.T) {
type downCaser (line 334) | type downCaser struct
method ReadByte (line 339) | func (d *downCaser) ReadByte() (c byte, err error) {
method Read (line 347) | func (d *downCaser) Read(p []byte) (int, error) {
function TestRawTokenAltEncoding (line 352) | func TestRawTokenAltEncoding(t *testing.T) {
function TestRawTokenAltEncodingNoConverter (line 363) | func TestRawTokenAltEncodingNoConverter(t *testing.T) {
function testRawToken (line 386) | func testRawToken(t *testing.T, d *Decoder, raw string, rawTokens []Toke...
function TestNestedDirectives (line 464) | func TestNestedDirectives(t *testing.T) {
function TestToken (line 478) | func TestToken(t *testing.T) {
function TestSyntax (line 493) | func TestSyntax(t *testing.T) {
function TestInputLinePos (line 505) | func TestInputLinePos(t *testing.T) {
type allScalars (line 544) | type allScalars struct
constant testScalarsInput (line 590) | testScalarsInput = `<allscalars>
function TestAllScalars (line 613) | func TestAllScalars(t *testing.T) {
type item (line 625) | type item struct
function TestIssue569 (line 629) | func TestIssue569(t *testing.T) {
function TestUnquotedAttrs (line 639) | func TestUnquotedAttrs(t *testing.T) {
function TestValuelessAttrs (line 659) | func TestValuelessAttrs(t *testing.T) {
function TestCopyTokenCharData (line 686) | func TestCopyTokenCharData(t *testing.T) {
function TestCopyTokenStartElement (line 699) | func TestCopyTokenStartElement(t *testing.T) {
function TestCopyTokenComment (line 715) | func TestCopyTokenComment(t *testing.T) {
function TestSyntaxErrorLineNum (line 728) | func TestSyntaxErrorLineNum(t *testing.T) {
function TestTrailingRawToken (line 743) | func TestTrailingRawToken(t *testing.T) {
function TestTrailingToken (line 754) | func TestTrailingToken(t *testing.T) {
function TestEntityInsideCDATA (line 765) | func TestEntityInsideCDATA(t *testing.T) {
function TestDisallowedCharacters (line 791) | func TestDisallowedCharacters(t *testing.T) {
function TestIsInCharacterRange (line 810) | func TestIsInCharacterRange(t *testing.T) {
function TestProcInstEncoding (line 842) | func TestProcInstEncoding(t *testing.T) {
function TestDirectivesWithComments (line 872) | func TestDirectivesWithComments(t *testing.T) {
type errWriter (line 887) | type errWriter struct
method Write (line 889) | func (errWriter) Write(p []byte) (n int, err error) { return 0, fmt.Er...
function TestEscapeTextIOErrors (line 891) | func TestEscapeTextIOErrors(t *testing.T) {
function TestEscapeTextInvalidChar (line 900) | func TestEscapeTextInvalidChar(t *testing.T) {
function TestIssue5880 (line 915) | func TestIssue5880(t *testing.T) {
function TestIssue8535 (line 926) | func TestIssue8535(t *testing.T) {
function TestEncodeXMLNS (line 947) | func TestEncodeXMLNS(t *testing.T) {
function encodeXMLNS1 (line 970) | func encodeXMLNS1() ([]byte, error) {
function encodeXMLNS2 (line 982) | func encodeXMLNS2() ([]byte, error) {
function encodeXMLNS3 (line 992) | func encodeXMLNS3() ([]byte, error) {
function encodeXMLNS4 (line 1005) | func encodeXMLNS4() ([]byte, error) {
function TestIssue11405 (line 1016) | func TestIssue11405(t *testing.T) {
function TestIssue12417 (line 1037) | func TestIssue12417(t *testing.T) {
function TestIssue7113 (line 1069) | func TestIssue7113(t *testing.T) {
function TestIssue20396 (line 1124) | func TestIssue20396(t *testing.T) {
function TestIssue20685 (line 1158) | func TestIssue20685(t *testing.T) {
function tokenMap (line 1193) | func tokenMap(mapping func(t Token) Token) func(TokenReader) TokenReader {
type mapper (line 1202) | type mapper struct
method Token (line 1207) | func (m mapper) Token() (Token, error) {
function TestNewTokenDecoderIdempotent (line 1215) | func TestNewTokenDecoderIdempotent(t *testing.T) {
function TestWrapDecoder (line 1223) | func TestWrapDecoder(t *testing.T) {
type tokReader (line 1257) | type tokReader struct
method Token (line 1259) | func (tokReader) Token() (Token, error) {
type Failure (line 1263) | type Failure struct
method UnmarshalXML (line 1265) | func (Failure) UnmarshalXML(*Decoder, StartElement) error {
function TestTokenUnmarshaler (line 1269) | func TestTokenUnmarshaler(t *testing.T) {
function testRoundTrip (line 1280) | func testRoundTrip(t *testing.T, input string) {
function TestRoundTrip (line 1325) | func TestRoundTrip(t *testing.T) {
function TestParseErrors (line 1335) | func TestParseErrors(t *testing.T) {
constant testInputHTMLAutoClose (line 1388) | testInputHTMLAutoClose = `<?xml version="1.0" encoding="UTF-8"?>
function BenchmarkHTMLAutoClose (line 1398) | func BenchmarkHTMLAutoClose(b *testing.B) {
function TestHTMLAutoClose (line 1418) | func TestHTMLAutoClose(t *testing.T) {
FILE: internal/tui/dependency-graph.go
type chainGraphNode (line 13) | type chainGraphNode struct
method subString (line 105) | func (c *chainGraphNode) subString(isVuln bool) (string, int) {
type ChainGraph (line 21) | type ChainGraph struct
method String (line 85) | func (c ChainGraph) String() string {
function subgraphEdges (line 25) | func subgraphEdges(sg *resolution.DependencySubgraph, direct resolve.Nod...
function FindChainGraphs (line 46) | func FindChainGraphs(subgraphs []*resolution.DependencySubgraph) []Chain...
FILE: internal/tui/in-place-info.go
type inPlaceInfo (line 16) | type inPlaceInfo struct
method Resize (line 102) | func (ip *inPlaceInfo) Resize(w, h int) {
method Update (line 112) | func (ip *inPlaceInfo) Update(msg tea.Msg) (ViewModel, tea.Cmd) {
method View (line 135) | func (ip *inPlaceInfo) View() string {
function NewInPlaceInfo (line 27) | func NewInPlaceInfo(res remediation.InPlaceResult) *inPlaceInfo {
FILE: internal/tui/relock-info.go
type relockInfo (line 15) | type relockInfo struct
method Resize (line 66) | func (r *relockInfo) Resize(w, h int) {
method Update (line 74) | func (r *relockInfo) Update(msg tea.Msg) (ViewModel, tea.Cmd) {
method View (line 115) | func (r *relockInfo) View() string {
function NewRelockInfo (line 23) | func NewRelockInfo(change resolution.Difference) *relockInfo {
FILE: internal/tui/severity.go
function RenderSeverity (line 27) | func RenderSeverity(severities []*osvschema.Severity) string {
function RenderSeverityShort (line 37) | func RenderSeverityShort(severities []*osvschema.Severity) string {
FILE: internal/tui/styles.go
constant ViewMinHeight (line 25) | ViewMinHeight = 20
constant ViewVPad (line 26) | ViewVPad = 1
constant ViewMinWidth (line 28) | ViewMinWidth = 60
constant ViewWidthPct (line 29) | ViewWidthPct = 0.4
constant ViewHPad (line 30) | ViewHPad = 2
FILE: internal/tui/tui.go
type KeyMap (line 15) | type KeyMap struct
method ShortHelp (line 26) | func (k KeyMap) ShortHelp() []key.Binding {
method FullHelp (line 30) | func (k KeyMap) FullHelp() [][]key.Binding {
function NewSpinner (line 72) | func NewSpinner() spinner.Model {
function RenderSelectorOption (line 81) | func RenderSelectorOption(
type ViewModel (line 101) | type ViewModel interface
type ViewModelCloseMsg (line 108) | type ViewModelCloseMsg struct
FILE: internal/tui/vuln-info.go
type vulnInfo (line 20) | type vulnInfo struct
method Resize (line 76) | func (v *vulnInfo) Resize(w, h int) {
method Update (line 86) | func (v *vulnInfo) Update(msg tea.Msg) (ViewModel, tea.Cmd) {
method View (line 130) | func (v *vulnInfo) View() string {
method detailsOnlyView (line 183) | func (v *vulnInfo) detailsOnlyView() string {
method graphOnlyView (line 203) | func (v *vulnInfo) graphOnlyView() string {
method headingStyle (line 218) | func (v *vulnInfo) headingStyle(idx int) lipgloss.Style {
method fallbackDetails (line 226) | func (v *vulnInfo) fallbackDetails(width int) string {
function NewVulnInfo (line 46) | func NewVulnInfo(vuln *resolution.Vulnerability) *vulnInfo {
FILE: internal/tui/vuln-list.go
type vulnList (line 20) | type vulnList struct
method preambleHeight (line 87) | func (v *vulnList) preambleHeight() int {
method Resize (line 95) | func (v *vulnList) Resize(w, h int) {
method Update (line 104) | func (v *vulnList) Update(msg tea.Msg) (ViewModel, tea.Cmd) {
method View (line 132) | func (v *vulnList) View() string {
method Blur (line 144) | func (v *vulnList) Blur() {
method Focus (line 149) | func (v *vulnList) Focus() {
function NewVulnList (line 33) | func NewVulnList(vulns []*resolution.Vulnerability, preamble string) *vu...
type vulnListItem (line 155) | type vulnListItem struct
method FilterValue (line 159) | func (v vulnListItem) FilterValue() string {
type vulnListItemDelegate (line 163) | type vulnListItemDelegate struct
method Height (line 167) | func (d vulnListItemDelegate) Height() int { r...
method Spacing (line 168) | func (d vulnListItemDelegate) Spacing() int { r...
method Update (line 169) | func (d vulnListItemDelegate) Update(tea.Msg, *list.Model) tea.Cmd { r...
method Render (line 171) | func (d vulnListItemDelegate) Render(w io.Writer, m list.Model, index ...
type blurredDelegate (line 190) | type blurredDelegate struct
method Render (line 194) | func (d blurredDelegate) Render(w io.Writer, m list.Model, _ int, list...
FILE: internal/url/url.go
function FromFilePath (line 22) | func FromFilePath(path string) (*url.URL, error) {
FILE: internal/url/url_test.go
function TestURLFromFilePath (line 13) | func TestURLFromFilePath(t *testing.T) {
FILE: internal/utility/depgroup/devgroup.go
function IsDevGroup (line 11) | func IsDevGroup(sys osvconstants.Ecosystem, groups []string) bool {
FILE: internal/utility/maven/maven.go
constant OriginManagement (line 19) | OriginManagement = "management"
constant OriginParent (line 20) | OriginParent = "parent"
constant OriginPlugin (line 21) | OriginPlugin = "plugin"
constant OriginProfile (line 22) | OriginProfile = "profile"
constant MaxParent (line 26) | MaxParent = 100
function MergeParents (line 37) | func MergeParents(ctx context.Context, mavenClient *datasource.MavenRegi...
function ProjectKey (line 111) | func ProjectKey(proj maven.Project) maven.ProjectKey {
function ParentPOMPath (line 126) | func ParentPOMPath(currentPath, relativePath string) string {
function GetDependencyManagement (line 146) | func GetDependencyManagement(ctx context.Context, client *datasource.Mav...
function CompareVersions (line 161) | func CompareVersions(vk resolve.VersionKey, a *semver.Version, b *semver...
FILE: internal/utility/maven/maven_test.go
function TestParentPOMPath (line 12) | func TestParentPOMPath(t *testing.T) {
function TestCompareVersions (line 70) | func TestCompareVersions(t *testing.T) {
FILE: internal/utility/purl/composer.go
function FromComposer (line 10) | func FromComposer(packageInfo models.PackageInfo) (namespace string, nam...
FILE: internal/utility/purl/composer_test.go
function TestComposerExtraction_shouldExtractPackages (line 11) | func TestComposerExtraction_shouldExtractPackages(t *testing.T) {
function TestComposerExtraction_shouldFilterPackages (line 41) | func TestComposerExtraction_shouldFilterPackages(t *testing.T) {
FILE: internal/utility/purl/golang.go
function FromGo (line 10) | func FromGo(packageInfo models.PackageInfo) (namespace string, name stri...
FILE: internal/utility/purl/golang_test.go
function TestGolangExtraction_shouldExtractPackages (line 11) | func TestGolangExtraction_shouldExtractPackages(t *testing.T) {
function TestGolangExtraction_shouldFilterPackages (line 73) | func TestGolangExtraction_shouldFilterPackages(t *testing.T) {
FILE: internal/utility/purl/maven.go
function FromMaven (line 10) | func FromMaven(packageInfo models.PackageInfo) (namespace string, name s...
FILE: internal/utility/purl/maven_test.go
function TestMavenExtraction_shouldExtractPackages (line 11) | func TestMavenExtraction_shouldExtractPackages(t *testing.T) {
function TestMavenExtraction_shouldFilterPackages (line 41) | func TestMavenExtraction_shouldFilterPackages(t *testing.T) {
FILE: internal/utility/purl/package_grouper.go
function Group (line 14) | func Group(packageSources []models.PackageSource) (map[string]models.Pac...
FILE: internal/utility/purl/package_grouper_test.go
function TestGroupPackageByPURL_ShouldUnifyPackages (line 13) | func TestGroupPackageByPURL_ShouldUnifyPackages(t *testing.T) {
FILE: internal/utility/purl/purl.go
type ParameterExtractor (line 13) | type ParameterExtractor
function FromPackage (line 36) | func FromPackage(packageInfo models.PackageInfo) (*packageurl.PackageURL...
FILE: internal/utility/purl/purl_to_package.go
function getPURLEcosystem (line 37) | func getPURLEcosystem(pkgURL packageurl.PackageURL) osvconstants.Ecosyst...
function ToPackage (line 57) | func ToPackage(purl string) (models.PackageInfo, error) {
FILE: internal/utility/purl/purl_to_package_test.go
function TestPURLToPackage (line 12) | func TestPURLToPackage(t *testing.T) {
FILE: internal/utility/results/results.go
constant ShortCommitLen (line 11) | ShortCommitLen = 8
function PkgToString (line 13) | func PkgToString(pkgInfo models.PackageInfo) string {
function GetShortCommit (line 27) | func GetShortCommit(commit string) string {
FILE: internal/utility/semverlike/version-semver-like.go
type Components (line 15) | type Components
method Fetch (line 17) | func (components *Components) Fetch(n int) *big.Int {
method Cmp (line 25) | func (components *Components) Cmp(b Components) int {
type Version (line 42) | type Version struct
method fetchComponentsAndBuild (line 49) | func (v *Version) fetchComponentsAndBuild(maxComponents int) (Componen...
function ParseSemverLikeVersion (line 68) | func ParseSemverLikeVersion(line string, maxComponents int) Version {
function parseSemverLike (line 81) | func parseSemverLike(line string) Version {
FILE: internal/utility/severity/severity.go
type Rating (line 16) | type Rating
constant CriticalRating (line 19) | CriticalRating Rating = "CRITICAL"
constant HighRating (line 20) | HighRating Rating = "HIGH"
constant MediumRating (line 21) | MediumRating Rating = "MEDIUM"
constant LowRating (line 22) | LowRating Rating = "LOW"
constant UnknownRating (line 23) | UnknownRating Rating = "UNKNOWN"
function CalculateScore (line 26) | func CalculateScore(severity *osvschema.Severity) (float64, string, erro...
function CalculateOverallScore (line 72) | func CalculateOverallScore(severities []*osvschema.Severity) (float64, s...
function CalculateRating (line 90) | func CalculateRating(score string) (Rating, error) {
FILE: internal/utility/severity/severity_test.go
function TestSeverity_CalculateScore (line 11) | func TestSeverity_CalculateScore(t *testing.T) {
FILE: internal/utility/vulns/vulnerabilities.go
function Include (line 6) | func Include(vs []*osvschema.Vulnerability, vulnerability *osvschema.Vul...
FILE: internal/utility/vulns/vulnerabilities_test.go
function TestVulnerabilities_Includes (line 10) | func TestVulnerabilities_Includes(t *testing.T) {
FILE: internal/utility/vulns/vulnerability.go
function eventVersion (line 16) | func eventVersion(e *osvschema.Event) string {
function rangeContainsVersion (line 36) | func rangeContainsVersion(ar *osvschema.Range, pkg *extractor.Package) b...
function rangeAffectsVersion (line 86) | func rangeAffectsVersion(a []*osvschema.Range, pkg *extractor.Package) b...
function AffectsEcosystem (line 99) | func AffectsEcosystem(v *osvschema.Vulnerability, ecosystemAffected osve...
function NormalizeRepo (line 115) | func NormalizeRepo(repo string) string {
function hasGitRangeForRepo (line 123) | func hasGitRangeForRepo(affected *osvschema.Affected, repo string) bool {
function IsAffected (line 133) | func IsAffected(v *osvschema.Vulnerability, pkg *extractor.Package) bool {
type PackageKey (line 175) | type PackageKey struct
function NewPackageKey (line 182) | func NewPackageKey(pkg *osvschema.Package) PackageKey {
function GetFixedVersions (line 191) | func GetFixedVersions(v *osvschema.Vulnerability) map[PackageKey][]string {
FILE: internal/utility/vulns/vulnerability_test.go
function expectIsAffected (line 15) | func expectIsAffected(t *testing.T, vuln *osvschema.Vulnerability, versi...
function buildOSVWithAffected (line 33) | func buildOSVWithAffected(affected ...*osvschema.Affected) *osvschema.Vu...
function buildEcosystemAffectsRange (line 43) | func buildEcosystemAffectsRange(events ...*osvschema.Event) *osvschema.R...
function buildSemverAffectsRange (line 47) | func buildSemverAffectsRange(events ...*osvschema.Event) *osvschema.Range {
function TestOSV_AffectsEcosystem (line 51) | func TestOSV_AffectsEcosystem(t *testing.T) {
function TestOSV_IsAffected_AffectsWithEcosystem_DifferentEcosystem (line 126) | func TestOSV_IsAffected_AffectsWithEcosystem_DifferentEcosystem(t *testi...
function TestOSV_IsAffected_AffectsWithEcosystem_SingleAffected (line 143) | func TestOSV_IsAffected_AffectsWithEcosystem_SingleAffected(t *testing.T) {
function TestOSV_IsAffected_AffectsWithEcosystem_MultipleAffected (line 282) | func TestOSV_IsAffected_AffectsWithEcosystem_MultipleAffected(t *testing...
function TestOSV_IsAffected_AffectsWithEcosystem_Unsorted (line 339) | func TestOSV_IsAffected_AffectsWithEcosystem_Unsorted(t *testing.T) {
function TestOSV_IsAffected_AffectsWithSemver_DifferentEcosystem (line 411) | func TestOSV_IsAffected_AffectsWithSemver_DifferentEcosystem(t *testing....
function TestOSV_IsAffected_AffectsWithSemver_SingleAffected (line 428) | func TestOSV_IsAffected_AffectsWithSemver_SingleAffected(t *testing.T) {
function TestOSV_IsAffected_AffectsWithSemver_MultipleAffected (line 558) | func TestOSV_IsAffected_AffectsWithSemver_MultipleAffected(t *testing.T) {
function TestOSV_IsAffected_AffectsWithSemver_Unsorted (line 615) | func TestOSV_IsAffected_AffectsWithSemver_Unsorted(t *testing.T) {
function TestOSV_IsAffected_OnlyVersions (line 691) | func TestOSV_IsAffected_OnlyVersions(t *testing.T) {
function TestOSV_EcosystemsWithSuffix (line 710) | func TestOSV_EcosystemsWithSuffix(t *testing.T) {
FILE: internal/version/version.go
constant OSVVersion (line 5) | OSVVersion = "2.3.4"
FILE: pkg/models/cyclonedx.go
type CycloneDXVersion (line 4) | type CycloneDXVersion
constant CycloneDXVersion14 (line 7) | CycloneDXVersion14 CycloneDXVersion = iota
constant CycloneDXVersion15 (line 8) | CycloneDXVersion15
constant CycloneDXVersion16 (line 9) | CycloneDXVersion16
FILE: pkg/models/image.go
type ImageOriginDetails (line 5) | type ImageOriginDetails struct
type ImageMetadata (line 9) | type ImageMetadata struct
type BaseImageDetails (line 15) | type BaseImageDetails struct
type LayerMetadata (line 21) | type LayerMetadata struct
FILE: pkg/models/results.go
type VulnerabilityResults (line 17) | type VulnerabilityResults struct
method Flatten (line 42) | func (vulns *VulnerabilityResults) Flatten() []VulnerabilityFlattened {
type LicenseCount (line 25) | type LicenseCount struct
type ExperimentalAnalysisConfig (line 32) | type ExperimentalAnalysisConfig struct
type ExperimentalLicenseConfig (line 36) | type ExperimentalLicenseConfig struct
function getGroupInfoForVuln (line 77) | func getGroupInfoForVuln(groups []GroupInfo, vulnID string) GroupInfo {
type VulnerabilityFlattened (line 86) | type VulnerabilityFlattened struct
method MarshalJSON (line 101) | func (v *VulnerabilityFlattened) MarshalJSON() ([]byte, error) {
method UnmarshalJSON (line 139) | func (v *VulnerabilityFlattened) UnmarshalJSON(data []byte) error {
type SourceType (line 168) | type SourceType
constant SourceTypeUnknown (line 171) | SourceTypeUnknown SourceType = "unknown"
constant SourceTypeOSPackage (line 172) | SourceTypeOSPackage SourceType = "os"
constant SourceTypeProjectPackage (line 173) | SourceTypeProjectPackage SourceType = "lockfile"
constant SourceTypeArtifact (line 174) | SourceTypeArtifact SourceType = "artifact"
constant SourceTypeSBOM (line 175) | SourceTypeSBOM SourceType = "sbom"
constant SourceTypeGit (line 176) | SourceTypeGit SourceType = "git"
type SourceInfo (line 179) | type SourceInfo struct
method String (line 189) | func (s SourceInfo) String() string {
type Metad
Copy disabled (too large)
Download .json
Condensed preview — 837 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (14,886K chars).
[
{
"path": ".dockerignore",
"chars": 39,
"preview": "docs/vendor\ndocs/_site\ndist/\n.history/\n"
},
{
"path": ".editorconfig",
"chars": 404,
"preview": "# EditorConfig helps developers define and maintain consistent\n# coding styles between different editors and IDEs\n# edit"
},
{
"path": ".gemini/config.yaml",
"chars": 235,
"preview": "have_fun: false\ncode_review:\n disable: false\n comment_severity_threshold: MEDIUM\n max_review_comments: -1\n pull_requ"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md",
"chars": 1100,
"preview": "## Overview\n\n**Please create an issue to discuss the proposed changes before sending a pull request.**\n\nA brief descript"
},
{
"path": ".github/workflows/cassettes.yml",
"chars": 1630,
"preview": "name: Cassettes\n\non:\n schedule:\n - cron: \"47 20 * * *\"\n workflow_dispatch:\nconcurrency:\n # Pushing new changes to "
},
{
"path": ".github/workflows/checks.yml",
"chars": 6732,
"preview": "# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": ".github/workflows/codeql-analysis.yml",
"chars": 2934,
"preview": "# For most projects, this workflow file will not need changing; you simply need\n# to commit it to your repository.\n#\n# Y"
},
{
"path": ".github/workflows/dependencies.yml",
"chars": 2014,
"preview": "name: Dependencies\n\non:\n schedule:\n - cron: \"47 18 * * *\"\n workflow_dispatch:\nconcurrency:\n # Pushing new changes "
},
{
"path": ".github/workflows/format-action/action.yml",
"chars": 744,
"preview": "# Copyright 2023 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": ".github/workflows/goreleaser-nightly.yml",
"chars": 2015,
"preview": "name: Release nightly github action image\n\non:\n schedule:\n # we want the nightly builds only on work days\n - cron"
},
{
"path": ".github/workflows/goreleaser.yml",
"chars": 3140,
"preview": "name: Release new version\n\non:\n push:\n tags:\n - \"*\" # triggers only if push new tag version, like `v0.8.4`\n\n# R"
},
{
"path": ".github/workflows/links.yml",
"chars": 854,
"preview": "name: Check markdown links\n\non:\n push:\n paths:\n - \"**.md\"\n pull_request:\n paths:\n - \"**.md\"\n schedule"
},
{
"path": ".github/workflows/lint-action/action.yml",
"chars": 857,
"preview": "# Copyright 2023 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": ".github/workflows/osv-scanner-reusable-pr.yml",
"chars": 2022,
"preview": "# Copyright 2023 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": ".github/workflows/osv-scanner-reusable.yml",
"chars": 2176,
"preview": "# Copyright 2023 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": ".github/workflows/osv-scanner-unified-action.yml",
"chars": 1847,
"preview": "# Copyright 2023 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": ".github/workflows/prerelease-check.yml",
"chars": 5794,
"preview": "name: Pre-release check\n\non:\n workflow_dispatch:\n inputs:\n version:\n description: \"The version tag to re"
},
{
"path": ".github/workflows/renovate-validator.yml",
"chars": 914,
"preview": "name: Renovate Config Validator\n\non:\n push:\n branches: [main, v2]\n paths:\n - \"renovate.json\"\n pull_request:"
},
{
"path": ".github/workflows/scorecards.yml",
"chars": 3093,
"preview": "# This workflow uses actions that are not certified by GitHub. They are provided\n# by a third-party and are governed by "
},
{
"path": ".github/workflows/snapshots.yml",
"chars": 1641,
"preview": "name: Snapshots\n\non:\n schedule:\n - cron: \"47 18 * * *\"\n workflow_dispatch:\nconcurrency:\n # Pushing new changes to "
},
{
"path": ".github/workflows/staleness.yml",
"chars": 1326,
"preview": "name: \"Close stale issues and PRs\"\n\npermissions: read-all\n\non:\n schedule:\n - cron: \"0 * * * *\"\n\njobs:\n stale:\n p"
},
{
"path": ".github/workflows/test-action/action.yml",
"chars": 1090,
"preview": "# Copyright 2023 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": ".github/workflows/title.yml",
"chars": 994,
"preview": "# Copyright 2024 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": ".github/workflows/zizmor.yml",
"chars": 583,
"preview": "name: GitHub Actions Security Analysis with zizmor 🌈\n\non:\n pull_request:\n paths: [\".github/workflows/**\"]\n push:\n "
},
{
"path": ".gitignore",
"chars": 261,
"preview": ".history/\n.vscode/\n.idea/\n/dist/\n/osv-scanner\n/temp\n/coverage.out\n/coverage.html\n*.tar\n*.pprof\n.go-version\nnode_modules\n"
},
{
"path": ".golangci-lint-version",
"chars": 5,
"preview": "v2.9\n"
},
{
"path": ".golangci.yaml",
"chars": 4850,
"preview": "version: \"2\"\n\nlinters:\n default: all\n # prettier-ignore\n disable:\n - cyclop #\n - err113 # w"
},
{
"path": ".goreleaser-nightly.yml",
"chars": 4032,
"preview": "version: 2\n\nbefore:\n hooks:\n - go mod tidy\nbuilds:\n - main: ./cmd/osv-scanner/\n id: osv-scanner\n binary: osv-"
},
{
"path": ".goreleaser.yml",
"chars": 5979,
"preview": "version: 2\n\nbefore:\n hooks:\n - go mod tidy\nbuilds:\n - main: ./cmd/osv-scanner/\n id: osv-scanner\n binary: osv-"
},
{
"path": ".pre-commit-hooks.yaml",
"chars": 321,
"preview": "---\n- id: osv-scanner\n name: osv-scanner\n description: Scan the current working directory for vulnerable dependencies\n"
},
{
"path": ".prettierignore",
"chars": 78,
"preview": "**/testdata/**\n/docs/vendor/**\n/docs/_sites/**\n/internal/output/html/*.gohtml\n"
},
{
"path": ".prettierrc.json",
"chars": 225,
"preview": "{\n \"$schema\": \"https://json.schemastore.org/prettierrc\",\n \"singleQuote\": false,\n \"proseWrap\": \"preserve\",\n \"endOfLin"
},
{
"path": "CHANGELOG.md",
"chars": 55803,
"preview": "# v2.3.4\n\n### Features:\n\n- [Feature #2571](https://github.com/google/osv-scanner/pull/2571) Enable transitive scanning f"
},
{
"path": "CONTRIBUTING.md",
"chars": 6844,
"preview": "# How to Contribute\n\nWe'd love to accept your patches and contributions to this project. There are\njust a few small guid"
},
{
"path": "Dockerfile",
"chars": 1083,
"preview": "# Copyright 2022 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": "LICENSE",
"chars": 11358,
"preview": "\n Apache License\n Version 2.0, January 2004\n "
},
{
"path": "Makefile",
"chars": 2237,
"preview": "export PATH := $(PATH):$(shell go env GOPATH)/bin\n\n# Default - run help\n.DEFAULT_GOAL := help\n\n# Defaults for test\nSHORT"
},
{
"path": "README.md",
"chars": 10685,
"preview": "<picture>\n <source srcset=\"/docs/images/osv-scanner-full-logo-darkmode.svg\" media=\"(prefers-color-scheme: dark)\">\n "
},
{
"path": "action.dockerfile",
"chars": 1606,
"preview": "# Copyright 2023 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this f"
},
{
"path": "actions/reporter/action.yml",
"chars": 369,
"preview": "# Currently experimental.\nname: \"osv-scanner-reporter\"\ndescription: \"Specialized reporting of scanner results for github"
},
{
"path": "actions/scanner/action.yml",
"chars": 478,
"preview": "# Currently experimental.\n# WARNING, this workflow is for legacy purposes. To view the current workflow see: https://git"
},
{
"path": "cmd/osv-reporter/main.go",
"chars": 8004,
"preview": "// Package main implements the osv-reporter command, which generates GitHub Action\n// output for OSV scanner results.\npa"
},
{
"path": "cmd/osv-reporter/main_test.go",
"chars": 600,
"preview": "package main\n\nimport (\n\t\"reflect\"\n\t\"testing\"\n)\n\nfunc Test_splitLastArg(t *testing.T) {\n\tt.Parallel()\n\n\ttests := []struct"
},
{
"path": "cmd/osv-scanner/__snapshots__/main_test.snap",
"chars": 3156,
"preview": "\n[Test_run/#00 - 1]\nNAME:\n osv-scanner scan - scans projects and container images for dependencies, and checks them ag"
},
{
"path": "cmd/osv-scanner/fix/__snapshots__/command_test.snap",
"chars": 528221,
"preview": "\n[TestCommand/errors_when_in_place_used_without_lockfile - 1]\n\n---\n\n[TestCommand/errors_when_in_place_used_without_lockf"
},
{
"path": "cmd/osv-scanner/fix/command.go",
"chars": 11696,
"preview": "// Package fix implements the `fix` command for osv-scanner.\n// It scans a manifest and/or lockfile for vulnerabilities "
},
{
"path": "cmd/osv-scanner/fix/command_test.go",
"chars": 7836,
"preview": "package fix_test\n\nimport (\n\t\"context\"\n\t\"os\"\n\t\"slices\"\n\t\"testing\"\n\n\t\"github.com/google/osv-scanner/v2/cmd/osv-scanner/fix"
},
{
"path": "cmd/osv-scanner/fix/interactive.go",
"chars": 876,
"preview": "package fix\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\ttea \"charm.land/bubbletea/v2\"\n\t\"github.com/google/osv-scanner/v2/internal/r"
},
{
"path": "cmd/osv-scanner/fix/model.go",
"chars": 8268,
"preview": "package fix\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\n\t\"charm.land/bubbles/v2/help\"\n\t\"charm.land/bubbles/v2/key\"\n\tte"
},
{
"path": "cmd/osv-scanner/fix/noninteractive.go",
"chars": 15247,
"preview": "package fix\n\nimport (\n\t\"cmp\"\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"maps\"\n\t\"slices\"\n\n\t\"deps.dev/util/resolve\"\n\t\"deps.dev/util/res"
},
{
"path": "cmd/osv-scanner/fix/output.go",
"chars": 5861,
"preview": "package fix\n\nimport (\n\t\"encoding/json\"\n\t\"io\"\n\t\"slices\"\n\t\"strings\"\n\n\t\"github.com/google/osv-scanner/v2/internal/cmdlogger"
},
{
"path": "cmd/osv-scanner/fix/regen_lockfile.go",
"chars": 714,
"preview": "package fix\n\nimport (\n\t\"context\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n)\n\nfunc regenerateLockfileCmd(ctx context.Context, op"
},
{
"path": "cmd/osv-scanner/fix/state-choose-in-place-patches.go",
"chars": 5181,
"preview": "package fix\n\nimport (\n\t\"fmt\"\n\t\"slices\"\n\n\t\"charm.land/bubbles/v2/key\"\n\t\"charm.land/bubbles/v2/table\"\n\ttea \"charm.land/bub"
},
{
"path": "cmd/osv-scanner/fix/state-choose-strategy.go",
"chars": 9438,
"preview": "package fix\n\nimport (\n\t\"fmt\"\n\t\"slices\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"charm.land/bubbles/v2/key\"\n\t\"charm.land/bubbles/v2/texti"
},
{
"path": "cmd/osv-scanner/fix/state-in-place-result.go",
"chars": 7548,
"preview": "package fix\n\nimport (\n\t\"fmt\"\n\t\"slices\"\n\t\"strings\"\n\n\t\"charm.land/bubbles/v2/key\"\n\ttea \"charm.land/bubbletea/v2\"\n\t\"github."
},
{
"path": "cmd/osv-scanner/fix/state-initialize.go",
"chars": 2934,
"preview": "package fix\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"charm.land/bubbles/v2/spinner\"\n\ttea \"charm.land/bubbletea/v2\"\n\t\"github.com/go"
},
{
"path": "cmd/osv-scanner/fix/state-relock-result.go",
"chars": 16257,
"preview": "package fix\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"strings\"\n\n\t\"charm.land/bubbles/v2/key\"\n\t\"charm.land/bubbles/v2/spinner\"\n\ttea \""
},
{
"path": "cmd/osv-scanner/fix/testdata/in-place-npm/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/fix/testdata/override-maven/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/fix/testdata/override-maven/pom.xml",
"chars": 1025,
"preview": "<project>\n <modelVersion>4.0.0</modelVersion>\n\n <groupId>dev.osv</groupId>\n <artifactId>osv-fix</artifactId>\n <versi"
},
{
"path": "cmd/osv-scanner/fix/testdata/relax-npm/package.json",
"chars": 263,
"preview": "{\n \"name\": \"osv-fix\",\n \"version\": \"1.0.0\",\n \"description\": \"\",\n \"main\": \"index.js\",\n \"scripts\": {\n \"test\": \"echo"
},
{
"path": "cmd/osv-scanner/fix/testmain_test.go",
"chars": 646,
"preview": "package fix_test\n\nimport (\n\t\"log/slog\"\n\t\"testing\"\n\n\t\"github.com/google/osv-scanner/v2/cmd/osv-scanner/fix\"\n\t\"github.com/"
},
{
"path": "cmd/osv-scanner/internal/cmd/__snapshots__/helpers_test.snap",
"chars": 887,
"preview": "\n[Test_insertDefaultCommand - 1]\n\n---\n\n[Test_insertDefaultCommand - 2]\n\n---\n\n[Test_insertDefaultCommand - 3]\n\n---\n\n[Test"
},
{
"path": "cmd/osv-scanner/internal/cmd/helpers.go",
"chars": 4456,
"preview": "// Package cmd provides helper functions for the osv-scanner CLI commands.\npackage cmd\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"sl"
},
{
"path": "cmd/osv-scanner/internal/cmd/helpers_test.go",
"chars": 2085,
"preview": "package cmd\n\nimport (\n\t\"bytes\"\n\t\"log/slog\"\n\t\"reflect\"\n\t\"testing\"\n\n\t\"github.com/google/osv-scanner/v2/internal/cmdlogger\""
},
{
"path": "cmd/osv-scanner/internal/cmd/run.go",
"chars": 3590,
"preview": "package cmd\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"io\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"testing\"\n\n\tscalibr \"github.com/google/osv-sca"
},
{
"path": "cmd/osv-scanner/internal/cmd/testmain_test.go",
"chars": 167,
"preview": "package cmd\n\nimport (\n\t\"testing\"\n\n\t\"github.com/google/osv-scanner/v2/internal/testutility\"\n)\n\nfunc TestMain(m *testing.M"
},
{
"path": "cmd/osv-scanner/internal/helper/callanalysis_parser.go",
"chars": 934,
"preview": "package helper\n\nvar stableCallAnalysisStates = map[string]bool{\n\t\"go\": true,\n\t\"rust\": false,\n\t\"jar\": false,\n}\n\n// Cre"
},
{
"path": "cmd/osv-scanner/internal/helper/callanalysis_parser_test.go",
"chars": 1664,
"preview": "package helper\n\nimport (\n\t\"reflect\"\n\t\"testing\"\n)\n\nfunc TestCreateCallAnalysisStates(t *testing.T) {\n\tt.Parallel()\n\ttestC"
},
{
"path": "cmd/osv-scanner/internal/helper/flags.go",
"chars": 6325,
"preview": "package helper\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"slices\"\n\t\"strings\"\n\n\t\"github.com/google/osv-scanner/v2/internal/cmdlogger\"\n"
},
{
"path": "cmd/osv-scanner/internal/helper/getters.go",
"chars": 2049,
"preview": "package helper\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"strings\"\n\n\t\"github.com/google/osv-scanner/v2/internal/spdx\"\n\t\"github.com/g"
},
{
"path": "cmd/osv-scanner/internal/helper/misc.go",
"chars": 1990,
"preview": "// Package helper provides helper functions for the osv-scanner CLI.\npackage helper\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t"
},
{
"path": "cmd/osv-scanner/internal/testcmd/case.go",
"chars": 738,
"preview": "// Package testcmd provides utilities for testing osv-scanner CLI commands.\npackage testcmd\n\nimport (\n\t\"net/http\"\n\t\"stri"
},
{
"path": "cmd/osv-scanner/internal/testcmd/copy.go",
"chars": 1281,
"preview": "package testcmd\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"testing\"\n)\n\nfunc copyFile(from, to string) (string,"
},
{
"path": "cmd/osv-scanner/internal/testcmd/git.go",
"chars": 1277,
"preview": "package testcmd\n\nimport (\n\t\"io/fs\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/go-git/go-git/v5\"\n)\n\nfunc SetupGitFixtures() (fu"
},
{
"path": "cmd/osv-scanner/internal/testcmd/run.go",
"chars": 4825,
"preview": "package testcmd\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"sort\"\n\t\"strings\"\n\t\"t"
},
{
"path": "cmd/osv-scanner/internal/testcmd/vcr.go",
"chars": 6744,
"preview": "package testcmd\n\nimport (\n\t\"bytes\"\n\t\"cmp\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"reflect\"\n\t\"slices\"\n\t\"strings"
},
{
"path": "cmd/osv-scanner/main.go",
"chars": 497,
"preview": "package main\n\nimport (\n\t\"os\"\n\n\t\"github.com/google/osv-scanner/v2/cmd/osv-scanner/fix\"\n\t\"github.com/google/osv-scanner/v2"
},
{
"path": "cmd/osv-scanner/main_test.go",
"chars": 1436,
"preview": "// main cannot be accessed directly, so cannot use main_test\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/google/osv-"
},
{
"path": "cmd/osv-scanner/mcp/__snapshots__/integration_test.snap",
"chars": 2811,
"preview": "\n[TestIntegration_MCP_SSE_Subprocess/GetVulnerabilityDetails - 1]\n{\n \"content\": [\n {\n \"type\": \"text\",\n \"te"
},
{
"path": "cmd/osv-scanner/mcp/command.go",
"chars": 7590,
"preview": "// Package mcp implements the `mcp` command for osv-scanner.\npackage mcp\n\nimport (\n\t\"context\"\n\t_ \"embed\"\n\t\"errors\"\n\t\"fmt"
},
{
"path": "cmd/osv-scanner/mcp/configuration-instructions.md",
"chars": 1365,
"preview": "---\nlayout: page\npermalink: /configuration/\nnav_order: 5\n---\n\n# Configuration\n\nTo configure scanning, place an osv-scann"
},
{
"path": "cmd/osv-scanner/mcp/integration_test.go",
"chars": 5448,
"preview": "package mcp_test\n\nimport (\n\t\"context\"\n\t\"net\"\n\t\"net/http\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"testing\"\n\t\"time\""
},
{
"path": "cmd/osv-scanner/mcp/scan-deps-prompt.md",
"chars": 1030,
"preview": "You are a highly skilled senior security analyst.\nYour primary task is to conduct a security audit of the vulnerabilitie"
},
{
"path": "cmd/osv-scanner/mcp/stats.go",
"chars": 736,
"preview": "package mcp\n\nimport (\n\t\"fmt\"\n\t\"path/filepath\"\n\n\t\"github.com/google/osv-scalibr/stats\"\n\t\"github.com/google/osv-scanner/v2"
},
{
"path": "cmd/osv-scanner/mcp/testdata/go-project/go.mod",
"chars": 79,
"preview": "module example.com/test\n\ngo 1.25.3\n\nrequire github.com/ipfs/go-bitfield v1.0.0\n"
},
{
"path": "cmd/osv-scanner/mcp/testdata/go-project/go.sum",
"chars": 173,
"preview": "github.com/ipfs/go-bitfield v1.0.0 h1:y/XHm2GEmD9wKngheWNNCNL0pzrWXZwCdQGv1ikXknQ=\ngithub.com/ipfs/go-bitfield v1.0.0/go"
},
{
"path": "cmd/osv-scanner/mcp/testdata/go-project/main.go",
"chars": 102,
"preview": "package main\n\nimport (\n\t\"github.com/ipfs/go-bitfield\"\n)\n\nfunc main() {\n\t_ = bitfield.NewBitfield(1)\n}\n"
},
{
"path": "cmd/osv-scanner/mcp/testdata/go-project/osv-scanner-test.toml",
"chars": 1,
"preview": "\n"
},
{
"path": "cmd/osv-scanner/mcp/testdata/go-project/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/mcp/testmain_test.go",
"chars": 616,
"preview": "package mcp_test\n\nimport (\n\t\"log/slog\"\n\t\"testing\"\n\n\t\"github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd\"\n\t\"gi"
},
{
"path": "cmd/osv-scanner/scan/__snapshots__/command_test.snap",
"chars": 2006,
"preview": "\n[TestCommand_SubCommands/scan_with_a_flag - 1]\nScanning dir ./testdata/locks-one-with-nested\nScanned <rootdir>/testdata"
},
{
"path": "cmd/osv-scanner/scan/command.go",
"chars": 868,
"preview": "// Package scan implements the `scan` command for osv-scanner.\npackage scan\n\nimport (\n\t\"io\"\n\t\"net/http\"\n\n\t\"github.com/go"
},
{
"path": "cmd/osv-scanner/scan/command_test.go",
"chars": 1039,
"preview": "package scan_test\n\nimport (\n\t\"testing\"\n\n\t\"github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/testcmd\"\n)\n\n// Tests"
},
{
"path": "cmd/osv-scanner/scan/image/__snapshots__/command_test.snap",
"chars": 186810,
"preview": "\n[TestCommand_Docker/Fake_alpine_image - 1]\nChecking if docker image (\"alpine:non-existent-tag\") exists locally...\n\n---\n"
},
{
"path": "cmd/osv-scanner/scan/image/command.go",
"chars": 3545,
"preview": "// Package image implements the `image` subcommand of the `scan` command.\npackage image\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t"
},
{
"path": "cmd/osv-scanner/scan/image/command_test.go",
"chars": 15384,
"preview": "package image_test\n\nimport (\n\t\"errors\"\n\t\"os\"\n\t\"runtime\"\n\t\"strings\"\n\t\"testing\"\n\n\t\"github.com/google/osv-scanner/v2/cmd/os"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/alpine-3.18-alpine-release",
"chars": 7,
"preview": "3.18.1\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/alpine-3.18-os-release",
"chars": 212,
"preview": "/ # cat /etc/os-release\nNAME=\"Alpine Linux\"\nID=alpine\nVERSION_ID=3.18.1\nPRETTY_NAME=\"Alpine Linux v3.18\"\nHOME_URL=\"https"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_Docker.yaml",
"chars": 4941,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml",
"chars": 16146,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml",
"chars": 1472,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_HtmlFile.yaml",
"chars": 22384,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml",
"chars": 451062,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml",
"chars": 194787,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/java-fixture/app/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/java-fixture/app/pom.xml",
"chars": 1657,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\" xmlns:xsi=\"http://www.w3.org/"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/java-fixture/app/src/main/java/com/mycompany/app/App.java",
"chars": 179,
"preview": "package com.mycompany.app;\n\n/**\n * Hello world!\n *\n */\npublic class App\n{\n public static void main( String[] args )\n "
},
{
"path": "cmd/osv-scanner/scan/image/testdata/lockfile-fixture/alpine-zlib-16.cdx.json",
"chars": 1047,
"preview": "{\n \"$schema\": \"http://cyclonedx.org/schema/bom-1.6.schema.json\",\n \"bomFormat\": \"CycloneDX\",\n \"specVersion\": \"1.6\",\n "
},
{
"path": "cmd/osv-scanner/scan/image/testdata/lockfile-fixture/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/package-tracing-fixture/go.mod",
"chars": 65,
"preview": "module ptf\n\ngo 1.22.4\n\nrequire github.com/BurntSushi/toml v1.4.0\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/package-tracing-fixture/go.sum",
"chars": 171,
"preview": "github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=\ngithub.com/BurntSushi/toml v1.4.0/go.m"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/package-tracing-fixture/main.go",
"chars": 107,
"preview": "package main\n\nimport (\n\t\"os\"\n\n\t\"github.com/BurntSushi/toml\"\n)\n\nfunc main() {\n\ttoml.NewEncoder(os.Stdout)\n}\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/package-tracing-fixture/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/python-fixture/main.py",
"chars": 78,
"preview": "def main():\n return 'Hello, World!'\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/python-fixture/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/python-fixture/requirements.txt",
"chars": 366,
"preview": "flask==0.12.2 # Vulnerable to CVE-2019-1010083\ndjango==1.11.29 # Vulnerable to CVE-2021-35042\nrequests==2.20.0 # Vuln"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-alpine-etcshadow.Dockerfile",
"chars": 243,
"preview": "FROM alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98\n\nRUN echo 'user-bcrypt:$2b$05$I"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-alpine-sbom.Dockerfile",
"chars": 165,
"preview": "FROM alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98\n\nCOPY lockfile-fixture/alpine-z"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-alpine.Dockerfile",
"chars": 287,
"preview": "FROM alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98\n\n# Switch the version to 3.18 t"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-go-binary.Dockerfile",
"chars": 417,
"preview": "FROM golang:1.22.4-alpine3.20@sha256:ace6cc3fe58d0c7b12303c57afe6d6724851152df55e08057b43990b927ad5e8 AS build\n\nCOPY pac"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-image-with-deprecated/Cargo.toml",
"chars": 147,
"preview": "[package]\nname = \"rust_novuln_deprecated\"\nversion = \"0.1.0\"\nedition = \"2021\"\n\n[dependencies]\nurl = \"2.5.3\" # This is a d"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-image-with-deprecated/src/main.rs",
"chars": 168,
"preview": "use url::Url;\n\nfn main() {\n let _ = Url::parse(\"https://google.com\"); // Just something to make sure the url crate is"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-image-with-deprecated.Dockerfile",
"chars": 457,
"preview": "FROM rust:1.91.1-alpine3.22@sha256:8efbfb788786eeb127adc581394349c5fb567712156e0f8c2e499acadbc23756 AS builder\n\nRUN carg"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-java-full.Dockerfile",
"chars": 754,
"preview": "# Use the official OpenJDK image as the base image\n# TODO: This has been deprecated and we might want to switch to anoth"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-node_modules-npm-empty.Dockerfile",
"chars": 338,
"preview": "FROM node:20-alpine@sha256:c0a3badbd8a0a760de903e00cedbca94588e609299820557e72cba2a53dbaa2c\n\nARG MANAGER_VERSION=\"10.2.4"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-node_modules-npm-full.Dockerfile",
"chars": 436,
"preview": "FROM node:20-alpine@sha256:c0a3badbd8a0a760de903e00cedbca94588e609299820557e72cba2a53dbaa2c\n\nARG MANAGER_VERSION=\"10.2.4"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-node_modules-pnpm-empty.Dockerfile",
"chars": 338,
"preview": "FROM node:20-alpine@sha256:c0a3badbd8a0a760de903e00cedbca94588e609299820557e72cba2a53dbaa2c\n\nARG MANAGER_VERSION=\"8.15.4"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-node_modules-pnpm-full.Dockerfile",
"chars": 442,
"preview": "FROM node:20-alpine@sha256:c0a3badbd8a0a760de903e00cedbca94588e609299820557e72cba2a53dbaa2c\n\nARG MANAGER_VERSION=\"8.15.4"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-node_modules-yarn-empty.Dockerfile",
"chars": 350,
"preview": "FROM node:20-alpine@sha256:c0a3badbd8a0a760de903e00cedbca94588e609299820557e72cba2a53dbaa2c\n\nARG MANAGER_VERSION=\"1.22.2"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-node_modules-yarn-full.Dockerfile",
"chars": 457,
"preview": "FROM node:20-alpine@sha256:c0a3badbd8a0a760de903e00cedbca94588e609299820557e72cba2a53dbaa2c\n\nARG MANAGER_VERSION=\"1.22.2"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-package-tracing.Dockerfile",
"chars": 1874,
"preview": "FROM golang:1.22.4-alpine3.20@sha256:ace6cc3fe58d0c7b12303c57afe6d6724851152df55e08057b43990b927ad5e8 AS build\n\nCOPY pac"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-python-empty.Dockerfile",
"chars": 381,
"preview": "# Use the official Debian image as the base\nFROM python:3.9-slim-buster@sha256:320a7a4250aba4249f458872adecf92eea88dc6ab"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-python-full.Dockerfile",
"chars": 557,
"preview": "# Use the official Debian image as the base\nFROM python:3.9-slim-buster@sha256:320a7a4250aba4249f458872adecf92eea88dc6ab"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-ubuntu-20-04.Dockerfile",
"chars": 90,
"preview": "FROM ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-ubuntu-with-packages.Dockerfile",
"chars": 348,
"preview": "FROM ubuntu:22.04@sha256:ed1544e454989078f5dec1bfdabd8c5cc9c48e0705d07b678ab6ae3fb61952d2\n\n# Install fzf from a existing"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/test-ubuntu.Dockerfile",
"chars": 90,
"preview": "FROM ubuntu:22.04@sha256:ed1544e454989078f5dec1bfdabd8c5cc9c48e0705d07b678ab6ae3fb61952d2\n"
},
{
"path": "cmd/osv-scanner/scan/image/testdata/ubuntu20-04-unimportant-config.toml",
"chars": 1874,
"preview": "[[PackageOverrides]]\nname = \"coreutils\"\nreason = \"Just want to test only unimportant vulns\"\nignore = true\n\n[[PackageOver"
},
{
"path": "cmd/osv-scanner/scan/image/testmain_test.go",
"chars": 657,
"preview": "package image_test\n\nimport (\n\t\"log/slog\"\n\t\"testing\"\n\n\t\"github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/cmd\"\n\t\""
},
{
"path": "cmd/osv-scanner/scan/source/__snapshots__/command_test.snap",
"chars": 532969,
"preview": "\n[TestCommand/.gitignored_files - 1]\nScanning dir ./testdata/locks-gitignore\nScanned <rootdir>/testdata/locks-gitignore/"
},
{
"path": "cmd/osv-scanner/scan/source/command.go",
"chars": 5478,
"preview": "// Package source implements the `source` subcommand of the `scan` command.\npackage source\n\nimport (\n\t\"context\"\n\t\"errors"
},
{
"path": "cmd/osv-scanner/scan/source/command_test.go",
"chars": 52716,
"preview": "package source_test\n\nimport (\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"testing\"\n\n\t\"github.com/google/osv-scanner/"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/.goignore",
"chars": 25,
"preview": "call-analysis-go-project\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/artifact/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/bin/ssh",
"chars": 346,
"preview": "#!/usr/bin/env bash\n\n# this is a fake ssh used in some tests, which outputs the value of the\n# $OSV_SCANNER_TEST_SSH_VER"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/call-analysis-go-project/go.mod",
"chars": 178,
"preview": "module github.com/ossf-tests/osv-e2e\n\ngo 1.19\n\nrequire github.com/gogo/protobuf v1.3.1\n\nrequire github.com/ipfs/go-bitfi"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/call-analysis-go-project/go.sum",
"chars": 3222,
"preview": "github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=\ngithub.com/gogo/protobuf v1.3.1/go.mod h"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/call-analysis-go-project/main.go",
"chars": 358,
"preview": "package main\n\nimport (\n\t\"log\"\n\t\"net/http\"\n\n\t\"github.com/gogo/protobuf/plugin/unmarshal\"\n\t\"github.com/gogo/protobuf/versi"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/call-analysis-go-project/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/call-analysis-go-project-all-uncalled/go.mod",
"chars": 87,
"preview": "module github.com/ossf-tests/osv-e2e\n\ngo 1.19\n\nrequire github.com/gogo/protobuf v1.3.1\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/call-analysis-go-project-all-uncalled/go.sum",
"chars": 3222,
"preview": "github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=\ngithub.com/gogo/protobuf v1.3.1/go.mod h"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/call-analysis-go-project-all-uncalled/main.go",
"chars": 299,
"preview": "package main\n\nimport (\n\t\"log\"\n\t\"net/http\"\n\n\t\"github.com/gogo/protobuf/plugin/unmarshal\"\n\t\"github.com/gogo/protobuf/versi"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/call-analysis-go-project-all-uncalled/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml",
"chars": 202506,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommandNonGit.yaml",
"chars": 972,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml",
"chars": 5803,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml",
"chars": 10484,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml",
"chars": 162985,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml",
"chars": 9763,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml",
"chars": 6822,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml",
"chars": 9455,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_HtmlFile.yaml",
"chars": 943,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_HtmlFile_Deprecated.yaml",
"chars": 954,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml",
"chars": 44031,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml",
"chars": 20181,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LocalDatabases.yaml",
"chars": 32,
"preview": "---\nversion: 2\ninteractions: []\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LocalDatabases_AlwaysOffline.yaml",
"chars": 32,
"preview": "---\nversion: 2\ninteractions: []\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml",
"chars": 11431,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml",
"chars": 15718,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml",
"chars": 60386,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_WithDetector_OffLinux.yaml",
"chars": 2909,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_WithDetector_OnLinux.yaml",
"chars": 2906,
"preview": "---\nversion: 2\ninteractions:\n - request:\n proto: HTTP/1.1\n proto_major: 1\n proto_minor: 1\n content_"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/config-invalid/osv-scanner-test.toml",
"chars": 2,
"preview": "!\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/exp-plugins-pkgdeprecate/deprecated-vuln/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/go-project/go-version-config.toml",
"chars": 28,
"preview": "GoVersionOverride = \"1.21.7\""
},
{
"path": "cmd/osv-scanner/scan/source/testdata/go-project/go.mod",
"chars": 46,
"preview": "module github.com/ossf-tests/osv-e2e\n\ngo 1.19\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/go-project/nested/go-version-config.toml",
"chars": 28,
"preview": "GoVersionOverride = \"1.21.7\""
},
{
"path": "cmd/osv-scanner/scan/source/testdata/go-project/nested/go.mod",
"chars": 46,
"preview": "module github.com/ossf-tests/osv-e2e\n\ngo 1.19\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/go-project/nested/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/go-project/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-git/osv-scanner.json",
"chars": 3748,
"preview": "{\n \"results\": [\n {\n \"packages\": [\n {\n \"//1\": \"version and commit are the same, so rust-openssl "
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-gitignore/subdir/test.gitignore",
"chars": 12,
"preview": "Gemfile.lock"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-gitignore/test.gitignore",
"chars": 28,
"preview": "ignored\n/yarn.lock\ncomposer*"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-insecure/my-package-lock.json",
"chars": 122,
"preview": "{\n \"requires\": true,\n \"lockfileVersion\": 1,\n \"dependencies\": {\n \"ansi-html\": {\n \"version\": \"0.0.1\"\n }\n }\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-insecure/osv-scanner-custom-git-tag.json",
"chars": 259,
"preview": "{\n \"results\": [\n {\n \"source\": {},\n \"packages\": [\n {\n \"package\": {\n \"name\": \"git"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-insecure/osv-scanner-custom.json",
"chars": 443,
"preview": "{\n \"results\": [\n {\n \"source\": {},\n \"packages\": [\n {\n \"package\": {\n \"name\": \"std"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-insecure/osv-scanner-flutter-deps.json",
"chars": 901,
"preview": "{\n \"results\": [\n {\n \"packageSource\": {\n \"path\": \"/path/to/engine/DEPS\",\n \"type\": \"lockfile\"\n "
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-insecure/osv-scanner-with-unscannables.json",
"chars": 442,
"preview": "{\n \"results\": [\n {\n \"source\": {},\n \"packages\": [\n {\n \"package\": {\n \"name\": \"std"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-insecure/osv-scanner.json",
"chars": 443,
"preview": "{\n \"results\": [\n {\n \"source\": {},\n \"packages\": [\n {\n \"package\": {\n \"name\": \"std"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-insecure/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-licenses/package.json",
"chars": 130,
"preview": "{\n \"dependencies\": {\n \"babel\": \"^6.23.0\",\n \"human-signals\": \"^5.0.0\",\n \"ms\": \"^2.1.3\",\n \"type-fest\": \"^4.26"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-many/installed",
"chars": 702,
"preview": "C:Q1Ef3iwt+cMdGngEgaFr2URIJhKzQ=\nP:apk-tools\nV:2.12.10-r1\nA:x86_64\nS:120973\nI:307200\nT:Alpine Package Keeper - package m"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-many/not-a-lockfile.toml",
"chars": 43,
"preview": "_=\"whatever this is, it's not a lockfile!\"\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-many/osv-scanner-test.toml",
"chars": 0,
"preview": ""
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-many/replace-local.mod",
"chars": 95,
"preview": "require (\n golang.org/x/net v1.2.3\n)\n\nreplace (\n golang.org/x/net v1.2.3 => ./fork/net\n)\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-many/status",
"chars": 1113,
"preview": "Package: adduser\nStatus: install ok installed\nPriority: important\nSection: admin\nInstalled-Size: 849\nMaintainer: redacte"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-many-with-insecure/alpine.cdx.xml",
"chars": 35430,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<bom xmlns=\"http://cyclonedx.org/schema/bom/1.4\" serialNumber=\"urn:uuid:4243b783-"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-many-with-insecure/installed",
"chars": 702,
"preview": "C:Q1Ef3iwt+cMdGngEgaFr2URIJhKzQ=\nP:apk-tools\nV:2.12.10-r1\nA:x86_64\nS:120973\nI:307200\nT:Alpine Package Keeper - package m"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-many-with-insecure/not-a-lockfile.toml",
"chars": 43,
"preview": "_=\"whatever this is, it's not a lockfile!\"\n"
},
{
"path": "cmd/osv-scanner/scan/source/testdata/locks-many-with-insecure/osv-scanner.toml",
"chars": 35,
"preview": "[[PackageOverrides]]\nignore = true\n"
}
]
// ... and 637 more files (download for full content)
About this extraction
This page contains the full source code of the google/osv-scanner GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 837 files (13.1 MB), approximately 3.5M tokens, and a symbol index with 2379 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.