vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
GPL-3.0 License
Stars
10.7K
Committers
134
Bot releases are visible (Hide)
Changelog
- 6e0a0a9 fix(build): Remove unused files to avoid disk full
vuls
- v0.25.4
Published by github-actions[bot] 5 months ago
Changelog
- 878c25b feat(detector, contrib/trivy-to-vuls): collect vendor severity and cvss (#1921)
- e4728e3 fix(gost/debian): show all severities that appeared (#1914)
- 61c3963 feat(scanner/redhat): each package has modularitylabel (#1381)
- f1c3848 chore(deps): bump github.com/aquasecurity/trivy from 0.50.1 to 0.51.1 (#1912)
- 0fa09e1 chore(deps): bump github.com/emersion/go-smtp from 0.21.1 to 0.21.2 (#1918)
vuls
- v0.25.3
Published by github-actions[bot] 5 months ago
This release includes recently released Ubuntu 24.04 support, some additional features, and several bug fixes.
We strongly recommend update to this version for Red Hat-like distribution users.
Watch out corresponding goval-dictionary and gost updates!
New feature
- Ubuntu 24.04 support comes in
- Depends on new gost, https://github.com/vulsio/gost/pull/249
- feat(ubuntu): add 24.04 noble by @MaineK00n in https://github.com/future-architect/vuls/pull/1878
- TLS insecure flag is added for SMTP notification
- TLS insecure option adding by @Koodt in https://github.com/future-architect/vuls/pull/1220
(Potential) Incompatibilities
- Use new gost for Ubuntu 24.04 support (https://github.com/future-architect/vuls/pull/1878)
- Use new goval-dictionary for detection on Red Hat-like distributions (https://github.com/future-architect/vuls/pull/1907)
Bug fixes
- For Red Hat-like distributions, there were false-positives and false negatives in detection results
- See https://github.com/future-architect/vuls/issues/1906 for details
- Now fixed by the PR: feat(detect/redhat): detect unpatched vulnerabilities with oval, stop using gost by @MaineK00n in https://github.com/future-architect/vuls/pull/1907
- style(log) config.toml template docs url by @future-ryunosuketanai in https://github.com/future-architect/vuls/pull/1894
- style: fix some typos in comments by @deferdeter in https://github.com/future-architect/vuls/pull/1897
- (fix) Exclude dev dependencies from npm's package-lock.json and Fix Java DB download endpoint by @shino in https://github.com/future-architect/vuls/pull/1893
- fix(detector/suse): support when advisory.cves has both NVD and SUSE evaluations by @MaineK00n in https://github.com/future-architect/vuls/pull/1899
- style(log) fix trivy docs link by @future-ryunosuketanai in https://github.com/future-architect/vuls/pull/1902
Misc Changes
- chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 by @dependabot in https://github.com/future-architect/vuls/pull/1903
- chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in https://github.com/future-architect/vuls/pull/1898
- chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 by @dependabot in https://github.com/future-architect/vuls/pull/1888
- chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 by @dependabot in https://github.com/future-architect/vuls/pull/1891
- chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in https://github.com/future-architect/vuls/pull/1890
- chore(deps): bump github.com/emersion/go-smtp from 0.21.0 to 0.21.1 by @dependabot in https://github.com/future-architect/vuls/pull/1896
- chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 by @dependabot in https://github.com/future-architect/vuls/pull/1885
- chore(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10 by @dependabot in https://github.com/future-architect/vuls/pull/1908
- chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in https://github.com/future-architect/vuls/pull/1909
- chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 by @dependabot in https://github.com/future-architect/vuls/pull/1910
New Contributors
- @Koodt made their first contribution in https://github.com/future-architect/vuls/pull/1220
- @deferdeter made their first contribution in https://github.com/future-architect/vuls/pull/1897
Full Changelog: https://github.com/future-architect/vuls/compare/v0.25.2...v0.25.3
vuls
- v0.25.2
Published by github-actions[bot] 7 months ago
Changelog
- e25ec99 chore(deps): bump github.com/aws/aws-sdk-go from 1.49.21 to 1.51.5 (#1881)
- 50580f6 feat(wpscan): support enterprise feature (#1875)
- 472df0e chore(deps): update dictionary modules (#1877)
- 7d5a47b chore(deps): bump github.com/docker/docker (#1880)
- 99cf9db feat(detector/library): update JAR-like files' Name/Version in library list (#1874)
- e1df74c fix(amazon): use major version for checking eol, security advisories (#1873)
- 426eb53 chore(deps): bump github.com/jackc/pgx/v5 from 5.5.1 to 5.5.4 (#1872)
- bda089b chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#1871)
- 02d1f6f chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#1868)
vuls
- v0.25.1
Published by github-actions[bot] 7 months ago
Caution
Version 0.25.0 is SKIPped. DON'T USE 0.25.0.
Highlights
-
Trivy dependency is updated, 0.35.0 to 0.49.1
- Dart's pubspec.lock, Elixir's mix.lock, Swift's Podfile.lock and Package.resolved are newly
detected by lockfile scan, these can be auto detected (findLock = true) - Rust's binary can also be scanned as lockfile, but not auto detected
- Related PRs
- Update trivy from 0.35.0 to 0.49.1 by @shino in https://github.com/future-architect/vuls/pull/1806
- fix(detector): library.Scan move to detector by @MaineK00n in https://github.com/future-architect/vuls/pull/1864
- Avoid to use sync.Once inside trivy javadb Updater by @shino in https://github.com/future-architect/vuls/pull/1859
- Dart's pubspec.lock, Elixir's mix.lock, Swift's Podfile.lock and Package.resolved are newly
-
Add PURL (Package URL) in scan results
- feat(PackageURL):add package URL for library scan result by @TsubasaKanemitsu in https://github.com/future-architect/vuls/pull/1862
(Potential) Incompatibilities
-
In previous versions, vuls did not output results when all scans had failed, now outputs results
even when all scans failed- Related PRs
- fix(scanner): output all results even if all fail by @MaineK00n in https://github.com/future-architect/vuls/pull/1866
- refactor(config): move syslogconf to config/syslog package by @MaineK00n in https://github.com/future-architect/vuls/pull/1865
- Related PRs
-
Due to Trivy dependency update (in Highlights), some of scan logic previously
executed invuls scanphase are moved tovuls reportphase- If new vuls binary is used in
vuls scanand older ones invuls report, there can be
missing vulnerabilities, don't do that - This only affects JAR-like lockfile scan
- If new vuls binary is used in
Misc changes
- fix(ci): use go version of go.mod by @MaineK00n in https://github.com/future-architect/vuls/pull/1858
- chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by @dependabot in https://github.com/future-architect/vuls/pull/1849
- chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 by @dependabot in https://github.com/future-architect/vuls/pull/1854
- chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.2 by @dependabot in https://github.com/future-architect/vuls/pull/1856
- chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 by @dependabot in https://github.com/future-architect/vuls/pull/1861
New Contributors
- @TsubasaKanemitsu made their first contribution in https://github.com/future-architect/vuls/pull/1862
Full Changelog: https://github.com/future-architect/vuls/compare/v0.24.9...v0.25.1
vuls
- v0.25.1-beta2
Published by github-actions[bot] 7 months ago
Changelog
- 5af3226 fix(build): Change timeout to 60 minutes
vuls
- v0.25.0
Published by shino 8 months ago
DONT USE THIS VERSION, SKIPPED
vuls
- v0.25.1-beta1
Published by github-actions[bot] 8 months ago
Changelog
- 18b4cbb Add 2 hour timeout
vuls
- v0.24.9
Published by github-actions[bot] 8 months ago
Changelog
- b9ebcf3 fix(scanner/windows): support when default shell is powershell (#1844)
- 7e91f5e fix(contrib/trivy): fix convert for src package (#1842)
- 76267a5 delete: cab validation (#1843)
- ea84385 fix(scanner/macos): remove unnecessary error check (#1836)
- d6589c2 chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1837)
- 6e07103 chore(deps): bump github.com/emersion/go-smtp from 0.20.1 to 0.20.2 (#1838)
- b7e5bb2 chore(deps): bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 (#1831)
- 91ed768 chore(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 (#1833)
- 098f308 chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1829)
- 0e04d21 chore(deps): bump github.com/emersion/go-smtp from 0.20.0 to 0.20.1 (#1826)
- f1005e5 chore(deps): bump github.com/emersion/go-smtp from 0.19.0 to 0.20.0 (#1824)
- 1acc4d8 chore(deps): bump github.com/c-robinson/iplib from 1.0.7 to 1.0.8 (#1819)
- eee6441 chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1818)
vuls
- v0.24.8
Published by MaineK00n 10 months ago
What's Changed
- fix(scanner/redhat): do not make cache when offline of redhat fast by @MaineK00n in https://github.com/future-architect/vuls/pull/1814
- chore(deps): bump dictionaries by @MaineK00n in https://github.com/future-architect/vuls/pull/1815
Full Changelog: https://github.com/future-architect/vuls/compare/v0.24.7...v0.24.8
vuls
- v0.24.7
Published by MaineK00n 10 months ago
What's Changed
- feat(os): add FreeBSD 14 EOL by @MaineK00n in https://github.com/future-architect/vuls/pull/1797
- chore(deps): bump github.com/gosnmp/gosnmp from 1.36.1 to 1.37.0 by @dependabot in https://github.com/future-architect/vuls/pull/1798
- chore(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 by @dependabot in https://github.com/future-architect/vuls/pull/1799
- chore(deps): bump go-cve-dictionary to 0.10.0 by @MaineK00n in https://github.com/future-architect/vuls/pull/1803
- feat(models/nvd): group by source by @MaineK00n in https://github.com/future-architect/vuls/pull/1805
- fix(scanner/redhat): make cache before detect dnf modules by @wadda0714 in https://github.com/future-architect/vuls/pull/1812
Full Changelog: https://github.com/future-architect/vuls/compare/v0.24.6...v0.24.7
vuls
- v0.24.6
Published by github-actions[bot] 11 months ago
Changelog
- ef29afb feat(scanner/windows): remove unnecessary cab (#1793)
vuls
- v0.24.5
Published by github-actions[bot] 11 months ago
Changelog
- cbece1d add: Setenv HTTPS_PROXY for aws sdk (#1794)
- 4ffa067 chore(deps): bump github.com/emersion/go-smtp from 0.18.1 to 0.19.0 (#1790)
- 53317ee chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (#1789)
- fc74356 chore(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 (#1791)
- bced16f fix(scanner): parsing apt cache policy for nvidia-container-toolkit (#1786)
- f3f8e26 chore(deps): bump github.com/emersion/go-smtp from 0.16.0 to 0.18.1 (#1771)
- cd8f6e1 feat(os): add fedora 39 (#1788)
- 323f0ae feat(windows): add Windows 11 23H2 (#1751)
- 5d1c365 chore(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 (#1782)
- d8fa000 chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#1785)
- 9f1e090 chore(deps): bump github.com/docker/docker (#1777)
- 8d5765f chore(deps): bump go.etcd.io/bbolt from 1.3.7 to 1.3.8 (#1780)
- 3a5c332 chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#1781)
- cef4ce4 chore(config):Modification of AmazonLinux 1 maintenance deadline (#1776)
- 264a82e chore(deps): bump github.com/vulsio/gost to v0.4.6-0.20231027050036-c963bd83e7e5 (#1775)
- fed731b chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#1774)
- 5e2ac5a chore(deps): bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (#1773)
vuls
- v0.24.4
Published by MaineK00n almost 1 year ago
What's Changed
- chore(deps): update dictionary by @MaineK00n in https://github.com/future-architect/vuls/pull/1708
- chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.7.2 by @dependabot in https://github.com/future-architect/vuls/pull/1733
- chore(deps): bump github.com/package-url/packageurl-go from 0.1.1-0.20220203205134-d70459300c8a to 0.1.2 by @dependabot in https://github.com/future-architect/vuls/pull/1754
- feat(ubuntu): add ubuntu 23.10(mantic) by @MaineK00n in https://github.com/future-architect/vuls/pull/1750
- fix(scanner): change lsof cmd that should succeed without password by @MaineK00n in https://github.com/future-architect/vuls/pull/1769
- feat(scanner): revert lsof command for futurevuls users by @MaineK00n in https://github.com/future-architect/vuls/pull/1770
Full Changelog: https://github.com/future-architect/vuls/compare/v0.24.3...v0.24.4
vuls
- v0.24.3
Published by github-actions[bot] about 1 year ago
Changelog
- 57264e1 fix(scan): fix nil poiter in needs-restarting (#1767)
- 48ff519 chore(deps): bump github.com/gosnmp/gosnmp from 1.35.0 to 1.36.1 (#1763)
vuls
- v0.24.2
Published by github-actions[bot] about 1 year ago
Changelog
- 738f275 fix(contrib/fvuls): Add flag to specify snmp community for future-vuls discover (#1762)
- 1c79cc5 chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#1761)
- 73da852 chore: remove rand.Seed() (#1756)
- 3de5461 chore(deps): bump golang.org/x/sync from 0.2.0 to 0.4.0 (#1757)
- d2ca56a chore(os): update EOL (#1749)
- 27df19f chore: remove refs to deprecated io/ioutil (#1748)
- c1854a3 refactor: remove redundant
lencheck (#1743) - b43c1b9 chore(deps): bump github.com/c-robinson/iplib from 1.0.6 to 1.0.7 (#1745)
vuls
- v0.24.1
Published by github-actions[bot] about 1 year ago
Changelog
- 9d8e510 add: json tag (#1746)
vuls
- v0.24.0
Published by github-actions[bot] about 1 year ago
Changelog
- 1832b4e feat(macos): support macOS (#1712)
- 78b52d6 feat(detector/cve): new support for fortinet data feed (#1736)
- 048e204 fix(contrib/future-vuls) output detail of loading toml error (#1741)
vuls
- v0.23.4
Published by github-actions[bot] about 1 year ago
Changelog
- 70fd968 fix(server): add filter cves (#1707)
- 0144135 feat(contrib/snmp2cpe): add other fortinet products (#1636)
- 4a28722 fix(scanner): fix socket file name length of SSH ControlPath (#1714)
- dea9ed7 fix: errorlog future-vuls trivy-to-vuls (#1739)
- f6509a5 feat(config): Auto-upgrade Windows config.toml from v1 to v2 (#1726)
- 80b48fc feat(contrib/fvuls) Add commands to obtained CPE information of network devices by executing snmp2cpe and upload to Fvuls server (#1721)
- 3f2dbe3 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.300 to 1.45.6 (#1730)
- 5ffd620 chore(deps): bump golang.org/x/oauth2 from 0.8.0 to 0.12.0 (#1731)
- a23abf4 chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#1687)
- 6e14a2d chore(deps): bump github.com/aws/aws-sdk-go from 1.44.263 to 1.44.300 (#1706)
- e12fa0b chore(deps): bump google.golang.org/grpc from 1.52.0 to 1.53.0 (#1699)
- fa5b875 chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 (#1692)
- f9276a7 feat(windows) export DetectKBsFromKernelVersion (#1703)
vuls
- v0.23.3
Published by github-actions[bot] over 1 year ago
Changelog
- 457a3a9 feat(scanner/windows): update release info (#1696)
- 4253550 chore(scanner): do not show logs when lsof: no Internet files located (#1688)
- 97cf033 feat(os): add Fedora 38 EOL date (#1689)
- 5a69804 feat(ubuntu): Support Ubuntu 14.04 and 16.04 ESM (#1682)
- 6271ec5 fix(detector/github): Enhance the dependency graph API call on the big repository (#1681)
- 83681ad chore(deps): bump github.com/aws/aws-sdk-go from 1.44.259 to 1.44.263 (#1677)
- 7798338 chore(deps): bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#1678)
- 5c79720 fix(detector/github): Dependency graph API touches fewer data per page than before (#1654)
- b2c5b79 feat(os): support debian 12 (#1676)
- b0cc908 chore(deps): bump github.com/docker/distribution (#1675)
Package Rankings
Top 1.85% on Proxy.golang.org
Badges
Extracted from project README
