From e872ec006c0745a5a142728af0096c6d6bb9ddf3 Mon Sep 17 00:00:00 2001 From: Rutam Prita Mishra Date: Thu, 31 Oct 2024 11:33:22 +0530 Subject: [PATCH] fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733) Co-authored-by: DmitriyLewen --- docs/docs/supply-chain/vex/file.md | 8 +- .../testdata/fixtures/vex/file/openvex.json | 2 +- integration/testdata/gomod-skip.json.golden | 24 +- integration/testdata/gomod-vex.json.golden | 24 +- integration/testdata/gomod.json.golden | 30 +- pkg/dependency/id_test.go | 2 +- pkg/dependency/parser/golang/binary/parse.go | 3 + .../parser/golang/binary/parse_test.go | 10 +- pkg/dependency/parser/golang/mod/parse.go | 25 +- .../parser/golang/mod/parse_testcase.go | 48 +- pkg/dependency/parser/golang/sum/parse.go | 2 +- .../parser/golang/sum/parse_testcase.go | 704 +++++++++--------- .../language/golang/binary/binary_test.go | 2 +- pkg/fanal/analyzer/language/golang/mod/mod.go | 2 +- .../analyzer/language/golang/mod/mod_test.go | 12 +- pkg/purl/purl_test.go | 20 +- pkg/result/filter_test.go | 14 +- pkg/result/testdata/openvex.json | 2 +- pkg/sbom/io/encode_test.go | 32 +- pkg/vex/testdata/csaf-relationships.json | 4 +- pkg/vex/testdata/csaf.json | 2 +- pkg/vex/testdata/openvex-nested.json | 4 +- pkg/vex/vex_test.go | 40 +- 23 files changed, 510 insertions(+), 506 deletions(-) diff --git a/docs/docs/supply-chain/vex/file.md b/docs/docs/supply-chain/vex/file.md index 7c847ec49e14..242ec4c5a040 100644 --- a/docs/docs/supply-chain/vex/file.md +++ b/docs/docs/supply-chain/vex/file.md @@ -64,7 +64,7 @@ $ cat < trivy.vex.cdx }, "affects": [ { - "ref": "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:golang/github.com/aws/aws-sdk-go@1.44.234" + "ref": "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:golang/github.com/aws/aws-sdk-go@v1.44.234" } ] } @@ -115,7 +115,7 @@ Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0) ┌───────────────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├───────────────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/aws/aws-sdk-go │ CVE-2020-8912 │ LOW │ 1.44.234 │ │ aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto │ +│ github.com/aws/aws-sdk-go │ CVE-2020-8912 │ LOW │ v1.44.234 │ │ aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto │ │ │ │ │ │ │ SDK for golang... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-8912 │ └───────────────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ @@ -497,9 +497,9 @@ Now, suppose a VEX statement is issued for `Module B` as follows: "vulnerability": {"name": "CVE-XXXX-YYYY"}, "products": [ { - "@id": "pkg:golang/module-b@1.0.0", + "@id": "pkg:golang/module-b@v1.0.0", "subcomponents": [ - { "@id": "pkg:golang/module-c@2.0.0" } + { "@id": "pkg:golang/module-c@v2.0.0" } ] } ], diff --git a/integration/testdata/fixtures/vex/file/openvex.json b/integration/testdata/fixtures/vex/file/openvex.json index 38773ba57694..9782e1716387 100644 --- a/integration/testdata/fixtures/vex/file/openvex.json +++ b/integration/testdata/fixtures/vex/file/openvex.json @@ -11,7 +11,7 @@ { "@id": "pkg:golang/github.com/testdata/testdata", "subcomponents": [ - { "@id": "pkg:golang/github.com/open-policy-agent/opa@0.35.0" } + { "@id": "pkg:golang/github.com/open-policy-agent/opa@v0.35.0" } ] } ], diff --git a/integration/testdata/gomod-skip.json.golden b/integration/testdata/gomod-skip.json.golden index 69ab998ec9dd..877fd627b89a 100644 --- a/integration/testdata/gomod-skip.json.golden +++ b/integration/testdata/gomod-skip.json.golden @@ -26,10 +26,10 @@ "PkgID": "github.com/docker/distribution@v2.7.1+incompatible", "PkgName": "github.com/docker/distribution", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible", - "UID": "de19cd663ca047a8" + "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible", + "UID": "9d949a7b01249e68" }, - "InstalledVersion": "2.7.1+incompatible", + "InstalledVersion": "v2.7.1+incompatible", "FixedVersion": "v2.8.0", "Status": "fixed", "Layer": {}, @@ -53,10 +53,10 @@ "PkgID": "github.com/open-policy-agent/opa@v0.35.0", "PkgName": "github.com/open-policy-agent/opa", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/open-policy-agent/opa@0.35.0", - "UID": "6b685002e082ffc5" + "PURL": "pkg:golang/github.com/open-policy-agent/opa@v0.35.0", + "UID": "e89e2b0d8977e2a" }, - "InstalledVersion": "0.35.0", + "InstalledVersion": "v0.35.0", "FixedVersion": "0.37.0", "Status": "fixed", "Layer": {}, @@ -100,10 +100,10 @@ "PkgID": "golang.org/x/text@v0.3.6", "PkgName": "golang.org/x/text", "PkgIdentifier": { - "PURL": "pkg:golang/golang.org/x/text@0.3.6", - "UID": "825dc613c0f39d45" + "PURL": "pkg:golang/golang.org/x/text@v0.3.6", + "UID": "3050088ce9eb2ce4" }, - "InstalledVersion": "0.3.6", + "InstalledVersion": "v0.3.6", "FixedVersion": "0.3.7", "Status": "fixed", "Layer": {}, @@ -133,10 +133,10 @@ "PkgID": "github.com/docker/distribution@v2.7.1+incompatible", "PkgName": "github.com/docker/distribution", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible", - "UID": "94376dc37054a7e8" + "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible", + "UID": "2f7f0fa81860b8f1" }, - "InstalledVersion": "2.7.1+incompatible", + "InstalledVersion": "v2.7.1+incompatible", "FixedVersion": "v2.8.0", "Status": "fixed", "Layer": {}, diff --git a/integration/testdata/gomod-vex.json.golden b/integration/testdata/gomod-vex.json.golden index a2269bd1d0b7..34d96dc0ce95 100644 --- a/integration/testdata/gomod-vex.json.golden +++ b/integration/testdata/gomod-vex.json.golden @@ -26,10 +26,10 @@ "PkgID": "github.com/docker/distribution@v2.7.1+incompatible", "PkgName": "github.com/docker/distribution", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible", - "UID": "de19cd663ca047a8" + "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible", + "UID": "9d949a7b01249e68" }, - "InstalledVersion": "2.7.1+incompatible", + "InstalledVersion": "v2.7.1+incompatible", "FixedVersion": "v2.8.0", "Status": "fixed", "Layer": {}, @@ -53,10 +53,10 @@ "PkgID": "golang.org/x/text@v0.3.6", "PkgName": "golang.org/x/text", "PkgIdentifier": { - "PURL": "pkg:golang/golang.org/x/text@0.3.6", - "UID": "825dc613c0f39d45" + "PURL": "pkg:golang/golang.org/x/text@v0.3.6", + "UID": "3050088ce9eb2ce4" }, - "InstalledVersion": "0.3.6", + "InstalledVersion": "v0.3.6", "FixedVersion": "0.3.7", "Status": "fixed", "Layer": {}, @@ -86,10 +86,10 @@ "PkgID": "github.com/docker/distribution@v2.7.1+incompatible", "PkgName": "github.com/docker/distribution", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible", - "UID": "94376dc37054a7e8" + "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible", + "UID": "2f7f0fa81860b8f1" }, - "InstalledVersion": "2.7.1+incompatible", + "InstalledVersion": "v2.7.1+incompatible", "FixedVersion": "v2.8.0", "Status": "fixed", "Layer": {}, @@ -120,10 +120,10 @@ "PkgID": "github.com/docker/distribution@v2.7.1+incompatible", "PkgName": "github.com/docker/distribution", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible", - "UID": "94306cdcf85fb50a" + "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible", + "UID": "3ad40723ed2fce22" }, - "InstalledVersion": "2.7.1+incompatible", + "InstalledVersion": "v2.7.1+incompatible", "FixedVersion": "v2.8.0", "Status": "fixed", "Layer": {}, diff --git a/integration/testdata/gomod.json.golden b/integration/testdata/gomod.json.golden index 627088188285..551b787cadd6 100644 --- a/integration/testdata/gomod.json.golden +++ b/integration/testdata/gomod.json.golden @@ -26,10 +26,10 @@ "PkgID": "github.com/docker/distribution@v2.7.1+incompatible", "PkgName": "github.com/docker/distribution", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible", - "UID": "de19cd663ca047a8" + "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible", + "UID": "9d949a7b01249e68" }, - "InstalledVersion": "2.7.1+incompatible", + "InstalledVersion": "v2.7.1+incompatible", "FixedVersion": "v2.8.0", "Status": "fixed", "Layer": {}, @@ -53,10 +53,10 @@ "PkgID": "github.com/open-policy-agent/opa@v0.35.0", "PkgName": "github.com/open-policy-agent/opa", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/open-policy-agent/opa@0.35.0", - "UID": "6b685002e082ffc5" + "PURL": "pkg:golang/github.com/open-policy-agent/opa@v0.35.0", + "UID": "e89e2b0d8977e2a" }, - "InstalledVersion": "0.35.0", + "InstalledVersion": "v0.35.0", "FixedVersion": "0.37.0", "Status": "fixed", "Layer": {}, @@ -100,10 +100,10 @@ "PkgID": "golang.org/x/text@v0.3.6", "PkgName": "golang.org/x/text", "PkgIdentifier": { - "PURL": "pkg:golang/golang.org/x/text@0.3.6", - "UID": "825dc613c0f39d45" + "PURL": "pkg:golang/golang.org/x/text@v0.3.6", + "UID": "3050088ce9eb2ce4" }, - "InstalledVersion": "0.3.6", + "InstalledVersion": "v0.3.6", "FixedVersion": "0.3.7", "Status": "fixed", "Layer": {}, @@ -133,10 +133,10 @@ "PkgID": "github.com/docker/distribution@v2.7.1+incompatible", "PkgName": "github.com/docker/distribution", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible", - "UID": "94376dc37054a7e8" + "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible", + "UID": "2f7f0fa81860b8f1" }, - "InstalledVersion": "2.7.1+incompatible", + "InstalledVersion": "v2.7.1+incompatible", "FixedVersion": "v2.8.0", "Status": "fixed", "Layer": {}, @@ -167,10 +167,10 @@ "PkgID": "github.com/docker/distribution@v2.7.1+incompatible", "PkgName": "github.com/docker/distribution", "PkgIdentifier": { - "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible", - "UID": "94306cdcf85fb50a" + "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible", + "UID": "3ad40723ed2fce22" }, - "InstalledVersion": "2.7.1+incompatible", + "InstalledVersion": "v2.7.1+incompatible", "FixedVersion": "v2.8.0", "Status": "fixed", "Layer": {}, diff --git a/pkg/dependency/id_test.go b/pkg/dependency/id_test.go index 18359f771e7b..2b8c0e4a71b1 100644 --- a/pkg/dependency/id_test.go +++ b/pkg/dependency/id_test.go @@ -34,7 +34,7 @@ func TestID(t *testing.T) { args: args{ ltype: types.GoModule, name: "test", - version: "1.0.0", + version: "v1.0.0", }, want: "test@v1.0.0", }, diff --git a/pkg/dependency/parser/golang/binary/parse.go b/pkg/dependency/parser/golang/binary/parse.go index 6959e0ede5fa..2a7a2a128de7 100644 --- a/pkg/dependency/parser/golang/binary/parse.go +++ b/pkg/dependency/parser/golang/binary/parse.go @@ -3,6 +3,7 @@ package binary import ( "cmp" "debug/buildinfo" + "fmt" "runtime/debug" "slices" "sort" @@ -56,6 +57,8 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc // Ex: "go1.22.3 X:boringcrypto" stdlibVersion := strings.TrimPrefix(info.GoVersion, "go") stdlibVersion, _, _ = strings.Cut(stdlibVersion, " ") + // Add the `v` prefix to be consistent with module and dependency versions. + stdlibVersion = fmt.Sprintf("v%s", stdlibVersion) ldflags := p.ldFlags(info.Settings) pkgs := make(ftypes.Packages, 0, len(info.Deps)+2) diff --git a/pkg/dependency/parser/golang/binary/parse_test.go b/pkg/dependency/parser/golang/binary/parse_test.go index 2fbb6acff7b2..aade2a32cf24 100644 --- a/pkg/dependency/parser/golang/binary/parse_test.go +++ b/pkg/dependency/parser/golang/binary/parse_test.go @@ -20,7 +20,7 @@ func TestParse(t *testing.T) { }, { Name: "stdlib", - Version: "1.15.2", + Version: "v1.15.2", Relationship: ftypes.RelationshipDirect, }, { @@ -69,7 +69,7 @@ func TestParse(t *testing.T) { }, { Name: "stdlib", - Version: "1.16.4", + Version: "v1.16.4", Relationship: ftypes.RelationshipDirect, }, { @@ -93,7 +93,7 @@ func TestParse(t *testing.T) { }, { Name: "stdlib", - Version: "1.20.6", + Version: "v1.20.6", Relationship: ftypes.RelationshipDirect, }, }, @@ -109,7 +109,7 @@ func TestParse(t *testing.T) { }, { Name: "stdlib", - Version: "1.22.1", + Version: "v1.22.1", Relationship: ftypes.RelationshipDirect, }, }, @@ -120,7 +120,7 @@ func TestParse(t *testing.T) { want: []ftypes.Package{ { Name: "stdlib", - Version: "1.22.1", + Version: "v1.22.1", Relationship: ftypes.RelationshipDirect, }, }, diff --git a/pkg/dependency/parser/golang/mod/parse.go b/pkg/dependency/parser/golang/mod/parse.go index bbf42926a766..ddcd2ccc880e 100644 --- a/pkg/dependency/parser/golang/mod/parse.go +++ b/pkg/dependency/parser/golang/mod/parse.go @@ -1,6 +1,7 @@ package mod import ( + "fmt" "io" "regexp" "strconv" @@ -90,9 +91,11 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc if p.useMinVersion { if toolchainVer := toolchainVersion(modFileParsed.Toolchain, modFileParsed.Go); toolchainVer != "" { pkgs["stdlib"] = ftypes.Package{ - ID: packageID("stdlib", toolchainVer), - Name: "stdlib", - Version: toolchainVer, + ID: packageID("stdlib", toolchainVer), + Name: "stdlib", + // Our versioning library doesn't support canonical (goX.Y.Z) format, + // So we need to add `v` prefix for consistency (with module and dependency versions). + Version: fmt.Sprintf("v%s", toolchainVer), Relationship: ftypes.RelationshipDirect, // Considered a direct dependency as the main module depends on the standard packages. } } @@ -100,11 +103,10 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc // Main module if m := modFileParsed.Module; m != nil { - ver := strings.TrimPrefix(m.Mod.Version, "v") pkgs[m.Mod.Path] = ftypes.Package{ - ID: packageID(m.Mod.Path, ver), + ID: packageID(m.Mod.Path, m.Mod.Version), Name: m.Mod.Path, - Version: ver, + Version: m.Mod.Version, ExternalReferences: p.GetExternalRefs(m.Mod.Path), Relationship: ftypes.RelationshipRoot, } @@ -116,11 +118,10 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc if skipIndirect && require.Indirect { continue } - ver := strings.TrimPrefix(require.Mod.Version, "v") pkgs[require.Mod.Path] = ftypes.Package{ - ID: packageID(require.Mod.Path, ver), + ID: packageID(require.Mod.Path, require.Mod.Version), Name: require.Mod.Path, - Version: ver, + Version: require.Mod.Version, Relationship: lo.Ternary(require.Indirect, ftypes.RelationshipIndirect, ftypes.RelationshipDirect), ExternalReferences: p.GetExternalRefs(require.Mod.Path), } @@ -136,7 +137,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc } // If the replace directive has a version on the left side, make sure it matches the version that was imported. - if rep.Old.Version != "" && old.Version != rep.Old.Version[1:] { + if rep.Old.Version != "" && old.Version != rep.Old.Version { continue } @@ -153,9 +154,9 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc // Add replaced package to package register. pkgs[rep.New.Path] = ftypes.Package{ - ID: packageID(rep.New.Path, rep.New.Version[1:]), + ID: packageID(rep.New.Path, rep.New.Version), Name: rep.New.Path, - Version: rep.New.Version[1:], + Version: rep.New.Version, Relationship: old.Relationship, ExternalReferences: p.GetExternalRefs(rep.New.Path), } diff --git a/pkg/dependency/parser/golang/mod/parse_testcase.go b/pkg/dependency/parser/golang/mod/parse_testcase.go index 4671ef3e6854..b8ed49008926 100644 --- a/pkg/dependency/parser/golang/mod/parse_testcase.go +++ b/pkg/dependency/parser/golang/mod/parse_testcase.go @@ -23,13 +23,13 @@ var ( { ID: "stdlib@v1.22.5", Name: "stdlib", - Version: "1.22.5", + Version: "v1.22.5", Relationship: ftypes.RelationshipDirect, }, { ID: "github.com/aquasecurity/go-version@v0.0.0-20240603093900-cf8a8d29271d", Name: "github.com/aquasecurity/go-version", - Version: "0.0.0-20240603093900-cf8a8d29271d", + Version: "v0.0.0-20240603093900-cf8a8d29271d", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -41,7 +41,7 @@ var ( { ID: "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", Name: "github.com/davecgh/go-spew", - Version: "1.1.2-0.20180830191138-d8f796af33cc", + Version: "v1.1.2-0.20180830191138-d8f796af33cc", Relationship: ftypes.RelationshipIndirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -53,7 +53,7 @@ var ( { ID: "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", Name: "github.com/pmezard/go-difflib", - Version: "1.0.1-0.20181226105442-5d4384ee4fb2", + Version: "v1.0.1-0.20181226105442-5d4384ee4fb2", Relationship: ftypes.RelationshipIndirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -65,7 +65,7 @@ var ( { ID: "github.com/stretchr/testify@v1.9.0", Name: "github.com/stretchr/testify", - Version: "1.9.0", + Version: "v1.9.0", Relationship: ftypes.RelationshipIndirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -77,7 +77,7 @@ var ( { ID: "golang.org/x/xerrors@v0.0.0-20231012003039-104605ab7028", Name: "golang.org/x/xerrors", - Version: "0.0.0-20231012003039-104605ab7028", + Version: "v0.0.0-20231012003039-104605ab7028", Relationship: ftypes.RelationshipIndirect, }, } @@ -102,7 +102,7 @@ var ( { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20220406074731-71021a481237", + Version: "v0.0.0-20220406074731-71021a481237", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -114,7 +114,7 @@ var ( { ID: "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1", Name: "golang.org/x/xerrors", - Version: "0.0.0-20200804184101-5ec99f83aff1", + Version: "v0.0.0-20200804184101-5ec99f83aff1", Relationship: ftypes.RelationshipIndirect, }, } @@ -135,7 +135,7 @@ var ( { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211110174639-8257534ffed3", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20211110174639-8257534ffed3", + Version: "v0.0.0-20211110174639-8257534ffed3", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -147,7 +147,7 @@ var ( { ID: "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1", Name: "golang.org/x/xerrors", - Version: "0.0.0-20200804184101-5ec99f83aff1", + Version: "v0.0.0-20200804184101-5ec99f83aff1", Relationship: ftypes.RelationshipIndirect, }, } @@ -168,7 +168,7 @@ var ( { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20220406074731-71021a481237", + Version: "v0.0.0-20220406074731-71021a481237", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -180,7 +180,7 @@ var ( { ID: "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1", Name: "golang.org/x/xerrors", - Version: "0.0.0-20200804184101-5ec99f83aff1", + Version: "v0.0.0-20200804184101-5ec99f83aff1", Relationship: ftypes.RelationshipIndirect, }, } @@ -201,7 +201,7 @@ var ( { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20211224170007-df43bca6b6ff", + Version: "v0.0.0-20211224170007-df43bca6b6ff", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -213,13 +213,13 @@ var ( { ID: "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1", Name: "golang.org/x/xerrors", - Version: "0.0.0-20200804184101-5ec99f83aff1", + Version: "v0.0.0-20200804184101-5ec99f83aff1", Relationship: ftypes.RelationshipIndirect, }, { ID: "gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b", Name: "gopkg.in/yaml.v3", - Version: "3.0.0-20210107192922-496545a6307b", + Version: "v3.0.0-20210107192922-496545a6307b", Relationship: ftypes.RelationshipIndirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -246,7 +246,7 @@ var ( { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20211224170007-df43bca6b6ff", + Version: "v0.0.0-20211224170007-df43bca6b6ff", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -258,7 +258,7 @@ var ( { ID: "gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b", Name: "gopkg.in/yaml.v3", - Version: "3.0.0-20210107192922-496545a6307b", + Version: "v3.0.0-20210107192922-496545a6307b", Relationship: ftypes.RelationshipIndirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -285,7 +285,7 @@ var ( { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20211224170007-df43bca6b6ff", + Version: "v0.0.0-20211224170007-df43bca6b6ff", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -297,7 +297,7 @@ var ( { ID: "gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b", Name: "gopkg.in/yaml.v3", - Version: "3.0.0-20210107192922-496545a6307b", + Version: "v3.0.0-20210107192922-496545a6307b", Relationship: ftypes.RelationshipIndirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -324,7 +324,7 @@ var ( { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20211224170007-df43bca6b6ff", + Version: "v0.0.0-20211224170007-df43bca6b6ff", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -336,13 +336,13 @@ var ( { ID: "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1", Name: "golang.org/x/xerrors", - Version: "0.0.0-20200804184101-5ec99f83aff1", + Version: "v0.0.0-20200804184101-5ec99f83aff1", Relationship: ftypes.RelationshipIndirect, }, { ID: "gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b", Name: "gopkg.in/yaml.v3", - Version: "3.0.0-20210107192922-496545a6307b", + Version: "v3.0.0-20210107192922-496545a6307b", Relationship: ftypes.RelationshipIndirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -369,7 +369,7 @@ var ( { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20211224170007-df43bca6b6ff", + Version: "v0.0.0-20211224170007-df43bca6b6ff", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { @@ -396,7 +396,7 @@ var ( { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20211224170007-df43bca6b6ff", + Version: "v0.0.0-20211224170007-df43bca6b6ff", Relationship: ftypes.RelationshipDirect, ExternalReferences: []ftypes.ExternalRef{ { diff --git a/pkg/dependency/parser/golang/sum/parse.go b/pkg/dependency/parser/golang/sum/parse.go index 4ec742b1bae2..8362a808c036 100644 --- a/pkg/dependency/parser/golang/sum/parse.go +++ b/pkg/dependency/parser/golang/sum/parse.go @@ -32,7 +32,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc // go.sum records and sorts all non-major versions // with the latest version as last entry - uniquePkgs[s[0]] = strings.TrimSuffix(strings.TrimPrefix(s[1], "v"), "/go.mod") + uniquePkgs[s[0]] = strings.TrimSuffix(s[1], "/go.mod") } if err := scanner.Err(); err != nil { return nil, nil, xerrors.Errorf("scan error: %w", err) diff --git a/pkg/dependency/parser/golang/sum/parse_testcase.go b/pkg/dependency/parser/golang/sum/parse_testcase.go index fc607de86e2a..532a241b1ccc 100644 --- a/pkg/dependency/parser/golang/sum/parse_testcase.go +++ b/pkg/dependency/parser/golang/sum/parse_testcase.go @@ -11,13 +11,13 @@ var ( // go get golang.org/x/xerrors // go list -m all | awk 'NR>1 {sub(/^v/, "", $2); printf("{\""$1"\", \""$2"\", },\n")}' GoModNormal = []ftypes.Package{ - {Name: "golang.org/x/xerrors", Version: "0.0.0-20200804184101-5ec99f83aff1"}, + {Name: "golang.org/x/xerrors", Version: "v0.0.0-20200804184101-5ec99f83aff1"}, } // https://github.com/uudashr/gopkgs/blob/616744904701ef01d868da4b66aad0e6856c361d/v2/go.sum GoModEmptyLine = []ftypes.Package{ - {Name: "github.com/karrick/godirwalk", Version: "1.12.0"}, - {Name: "github.com/pkg/errors", Version: "0.8.1"}, + {Name: "github.com/karrick/godirwalk", Version: "v1.12.0"}, + {Name: "github.com/pkg/errors", Version: "v0.8.1"}, } // docker run --name gomod --rm -it golang:1.15 bash @@ -31,19 +31,19 @@ var ( // go get github.com/BurntSushi/toml // go list -m all | awk 'NR>1 {sub(/^v/, "", $2); printf("{\""$1"\", \""$2"\", },\n")}' GoModMany = []ftypes.Package{ - {Name: "github.com/BurntSushi/toml", Version: "0.3.1"}, - {Name: "github.com/cpuguy83/go-md2man/v2", Version: "2.0.0-20190314233015-f79a8a8ca69d"}, - {Name: "github.com/davecgh/go-spew", Version: "1.1.0"}, - {Name: "github.com/pmezard/go-difflib", Version: "1.0.0"}, - {Name: "github.com/russross/blackfriday/v2", Version: "2.0.1"}, - {Name: "github.com/shurcooL/sanitized_anchor_name", Version: "1.0.0"}, - {Name: "github.com/stretchr/objx", Version: "0.1.0"}, - {Name: "github.com/stretchr/testify", Version: "1.7.0"}, - {Name: "github.com/urfave/cli", Version: "1.22.5"}, - {Name: "golang.org/x/xerrors", Version: "0.0.0-20200804184101-5ec99f83aff1"}, - {Name: "gopkg.in/check.v1", Version: "0.0.0-20161208181325-20d25e280405"}, - {Name: "gopkg.in/yaml.v2", Version: "2.2.2"}, - {Name: "gopkg.in/yaml.v3", Version: "3.0.0-20200313102051-9f266ea9e77c"}, + {Name: "github.com/BurntSushi/toml", Version: "v0.3.1"}, + {Name: "github.com/cpuguy83/go-md2man/v2", Version: "v2.0.0-20190314233015-f79a8a8ca69d"}, + {Name: "github.com/davecgh/go-spew", Version: "v1.1.0"}, + {Name: "github.com/pmezard/go-difflib", Version: "v1.0.0"}, + {Name: "github.com/russross/blackfriday/v2", Version: "v2.0.1"}, + {Name: "github.com/shurcooL/sanitized_anchor_name", Version: "v1.0.0"}, + {Name: "github.com/stretchr/objx", Version: "v0.1.0"}, + {Name: "github.com/stretchr/testify", Version: "v1.7.0"}, + {Name: "github.com/urfave/cli", Version: "v1.22.5"}, + {Name: "golang.org/x/xerrors", Version: "v0.0.0-20200804184101-5ec99f83aff1"}, + {Name: "gopkg.in/check.v1", Version: "v0.0.0-20161208181325-20d25e280405"}, + {Name: "gopkg.in/yaml.v2", Version: "v2.2.2"}, + {Name: "gopkg.in/yaml.v3", Version: "v3.0.0-20200313102051-9f266ea9e77c"}, } // docker run --name gomod --rm -it golang:1.15 bash @@ -54,341 +54,341 @@ var ( // go get github.com/aquasecurity/trivy // go list -m all | awk 'NR>1 {sub(/^v/, "", $2); printf("{\""$1"\", \""$2"\", },\n")}' GoModTrivy = []ftypes.Package{ - {Name: "cloud.google.com/go", Version: "0.65.0"}, - {Name: "cloud.google.com/go/bigquery", Version: "1.8.0"}, - {Name: "cloud.google.com/go/datastore", Version: "1.1.0"}, - {Name: "cloud.google.com/go/pubsub", Version: "1.3.1"}, - {Name: "cloud.google.com/go/storage", Version: "1.10.0"}, - {Name: "dmitri.shuralyov.com/gpu/mtl", Version: "0.0.0-20190408044501-666a987793e9"}, - {Name: "github.com/Azure/azure-sdk-for-go", Version: "38.0.0+incompatible"}, - {Name: "github.com/Azure/go-ansiterm", Version: "0.0.0-20170929234023-d6e3b3328b78"}, - {Name: "github.com/Azure/go-autorest/autorest", Version: "0.9.3"}, - {Name: "github.com/Azure/go-autorest/autorest/adal", Version: "0.8.1"}, - {Name: "github.com/Azure/go-autorest/autorest/date", Version: "0.2.0"}, - {Name: "github.com/Azure/go-autorest/autorest/mocks", Version: "0.3.0"}, - {Name: "github.com/Azure/go-autorest/autorest/to", Version: "0.3.0"}, - {Name: "github.com/Azure/go-autorest/autorest/validation", Version: "0.1.0"}, - {Name: "github.com/Azure/go-autorest/logger", Version: "0.1.0"}, - {Name: "github.com/Azure/go-autorest/tracing", Version: "0.5.0"}, - {Name: "github.com/BurntSushi/toml", Version: "0.3.1"}, - {Name: "github.com/BurntSushi/xgb", Version: "0.0.0-20160522181843-27f122750802"}, - {Name: "github.com/GoogleCloudPlatform/docker-credential-gcr", Version: "1.5.0"}, - {Name: "github.com/GoogleCloudPlatform/k8s-cloud-provider", Version: "0.0.0-20190822182118-27a4ced34534"}, - {Name: "github.com/Microsoft/go-winio", Version: "0.4.15-0.20190919025122-fc70bd9a86b5"}, - {Name: "github.com/Microsoft/hcsshim", Version: "0.8.6"}, - {Name: "github.com/NYTimes/gziphandler", Version: "0.0.0-20170623195520-56545f4a5d46"}, - {Name: "github.com/OneOfOne/xxhash", Version: "1.2.7"}, - {Name: "github.com/PuerkitoBio/purell", Version: "1.1.1"}, - {Name: "github.com/PuerkitoBio/urlesc", Version: "0.0.0-20170810143723-de5bf2ad4578"}, - {Name: "github.com/VividCortex/ewma", Version: "1.1.1"}, - {Name: "github.com/alcortesm/tgz", Version: "0.0.0-20161220082320-9c5fe88206d7"}, - {Name: "github.com/alecthomas/template", Version: "0.0.0-20160405071501-a0175ee3bccc"}, - {Name: "github.com/alecthomas/units", Version: "0.0.0-20151022065526-2efee857e7cf"}, - {Name: "github.com/alicebob/gopher-json", Version: "0.0.0-20200520072559-a9ecdc9d1d3a"}, - {Name: "github.com/alicebob/miniredis/v2", Version: "2.14.1"}, - {Name: "github.com/anmitsu/go-shlex", Version: "0.0.0-20161002113705-648efa622239"}, - {Name: "github.com/aquasecurity/bolt-fixtures", Version: "0.0.0-20200903104109-d34e7f983986"}, - {Name: "github.com/aquasecurity/fanal", Version: "0.0.0-20210119051230-28c249da7cfd"}, - {Name: "github.com/aquasecurity/go-dep-parser", Version: "0.0.0-20201028043324-889d4a92b8e0"}, - {Name: "github.com/aquasecurity/go-gem-version", Version: "0.0.0-20201115065557-8eed6fe000ce"}, - {Name: "github.com/aquasecurity/go-npm-version", Version: "0.0.0-20201110091526-0b796d180798"}, - {Name: "github.com/aquasecurity/go-pep440-version", Version: "0.0.0-20210121094942-22b2f8951d46"}, - {Name: "github.com/aquasecurity/go-version", Version: "0.0.0-20210121072130-637058cfe492"}, - {Name: "github.com/aquasecurity/testdocker", Version: "0.0.0-20210106133225-0b17fe083674"}, - {Name: "github.com/aquasecurity/trivy", Version: "0.16.0"}, - {Name: "github.com/aquasecurity/trivy-db", Version: "0.0.0-20210105160501-c5bf4e153277"}, - {Name: "github.com/aquasecurity/vuln-list-update", Version: "0.0.0-20191016075347-3d158c2bf9a2"}, - {Name: "github.com/araddon/dateparse", Version: "0.0.0-20190426192744-0d74ffceef83"}, - {Name: "github.com/armon/consul-api", Version: "0.0.0-20180202201655-eb2c6b5be1b6"}, - {Name: "github.com/armon/go-socks5", Version: "0.0.0-20160902184237-e75332964ef5"}, - {Name: "github.com/aws/aws-sdk-go", Version: "1.27.1"}, - {Name: "github.com/beorn7/perks", Version: "1.0.0"}, - {Name: "github.com/bgentry/speakeasy", Version: "0.1.0"}, - {Name: "github.com/blang/semver", Version: "3.5.0+incompatible"}, - {Name: "github.com/briandowns/spinner", Version: "1.12.0"}, - {Name: "github.com/caarlos0/env/v6", Version: "6.0.0"}, - {Name: "github.com/cenkalti/backoff", Version: "2.2.1+incompatible"}, - {Name: "github.com/census-instrumentation/opencensus-proto", Version: "0.2.1"}, - {Name: "github.com/cespare/xxhash/v2", Version: "2.1.1"}, - {Name: "github.com/cheggaaa/pb/v3", Version: "3.0.3"}, - {Name: "github.com/chzyer/logex", Version: "1.1.10"}, - {Name: "github.com/chzyer/readline", Version: "0.0.0-20180603132655-2972be24d48e"}, - {Name: "github.com/chzyer/test", Version: "0.0.0-20180213035817-a1ea475d72b1"}, - {Name: "github.com/client9/misspell", Version: "0.3.4"}, - {Name: "github.com/cncf/udpa/go", Version: "0.0.0-20191209042840-269d4d468f6f"}, - {Name: "github.com/cockroachdb/datadriven", Version: "0.0.0-20190809214429-80d97fb3cbaa"}, - {Name: "github.com/containerd/containerd", Version: "1.3.3"}, - {Name: "github.com/containerd/continuity", Version: "0.0.0-20190426062206-aaeac12a7ffc"}, - {Name: "github.com/coreos/etcd", Version: "3.3.10+incompatible"}, - {Name: "github.com/coreos/go-etcd", Version: "2.0.0+incompatible"}, - {Name: "github.com/coreos/go-oidc", Version: "2.1.0+incompatible"}, - {Name: "github.com/coreos/go-semver", Version: "0.3.0"}, - {Name: "github.com/coreos/go-systemd", Version: "0.0.0-20190321100706-95778dfbb74e"}, - {Name: "github.com/coreos/pkg", Version: "0.0.0-20180108230652-97fdf19511ea"}, - {Name: "github.com/cpuguy83/go-md2man", Version: "1.0.10"}, - {Name: "github.com/cpuguy83/go-md2man/v2", Version: "2.0.0"}, - {Name: "github.com/creack/pty", Version: "1.1.9"}, - {Name: "github.com/davecgh/go-spew", Version: "1.1.1"}, - {Name: "github.com/deckarep/golang-set", Version: "1.7.1"}, - {Name: "github.com/dgrijalva/jwt-go", Version: "3.2.0+incompatible"}, - {Name: "github.com/dgryski/go-rendezvous", Version: "0.0.0-20200823014737-9f7001d12a5f"}, - {Name: "github.com/dnaeon/go-vcr", Version: "1.0.1"}, - {Name: "github.com/docker/cli", Version: "0.0.0-20191017083524-a8ff7f821017"}, - {Name: "github.com/docker/distribution", Version: "2.7.1+incompatible"}, - {Name: "github.com/docker/docker", Version: "1.4.2-0.20190924003213-a8608b5b67c7"}, - {Name: "github.com/docker/docker-credential-helpers", Version: "0.6.3"}, - {Name: "github.com/docker/go-connections", Version: "0.4.0"}, - {Name: "github.com/docker/go-units", Version: "0.4.0"}, - {Name: "github.com/docker/spdystream", Version: "0.0.0-20160310174837-449fdfce4d96"}, - {Name: "github.com/dustin/go-humanize", Version: "1.0.0"}, - {Name: "github.com/elazarl/goproxy", Version: "0.0.0-20200809112317-0581fc3aee2d"}, - {Name: "github.com/elazarl/goproxy/ext", Version: "0.0.0-20200809112317-0581fc3aee2d"}, - {Name: "github.com/emicklei/go-restful", Version: "2.9.5+incompatible"}, - {Name: "github.com/emirpasic/gods", Version: "1.12.0"}, - {Name: "github.com/envoyproxy/go-control-plane", Version: "0.9.4"}, - {Name: "github.com/envoyproxy/protoc-gen-validate", Version: "0.1.0"}, - {Name: "github.com/evanphx/json-patch", Version: "4.2.0+incompatible"}, - {Name: "github.com/fatih/color", Version: "1.10.0"}, - {Name: "github.com/flynn/go-shlex", Version: "0.0.0-20150515145356-3f9db97f8568"}, - {Name: "github.com/fsnotify/fsnotify", Version: "1.4.9"}, - {Name: "github.com/ghodss/yaml", Version: "1.0.0"}, - {Name: "github.com/gin-contrib/sse", Version: "0.1.0"}, - {Name: "github.com/gin-gonic/gin", Version: "1.5.0"}, - {Name: "github.com/gliderlabs/ssh", Version: "0.2.2"}, - {Name: "github.com/go-git/gcfg", Version: "1.5.0"}, - {Name: "github.com/go-git/go-billy/v5", Version: "5.0.0"}, - {Name: "github.com/go-git/go-git-fixtures/v4", Version: "4.0.1"}, - {Name: "github.com/go-git/go-git/v5", Version: "5.0.0"}, - {Name: "github.com/go-gl/glfw", Version: "0.0.0-20190409004039-e6da0acd62b1"}, - {Name: "github.com/go-gl/glfw/v3.3/glfw", Version: "0.0.0-20200222043503-6f7a984d4dc4"}, - {Name: "github.com/go-kit/kit", Version: "0.8.0"}, - {Name: "github.com/go-logfmt/logfmt", Version: "0.3.0"}, - {Name: "github.com/go-logr/logr", Version: "0.1.0"}, - {Name: "github.com/go-openapi/jsonpointer", Version: "0.19.3"}, - {Name: "github.com/go-openapi/jsonreference", Version: "0.19.3"}, - {Name: "github.com/go-openapi/spec", Version: "0.19.3"}, - {Name: "github.com/go-openapi/swag", Version: "0.19.5"}, - {Name: "github.com/go-playground/locales", Version: "0.13.0"}, - {Name: "github.com/go-playground/universal-translator", Version: "0.17.0"}, - {Name: "github.com/go-redis/redis", Version: "6.15.7+incompatible"}, - {Name: "github.com/go-redis/redis/v8", Version: "8.4.0"}, - {Name: "github.com/go-restruct/restruct", Version: "0.0.0-20191227155143-5734170a48a1"}, - {Name: "github.com/go-sql-driver/mysql", Version: "1.5.0"}, - {Name: "github.com/go-stack/stack", Version: "1.8.0"}, - {Name: "github.com/gobwas/glob", Version: "0.2.3"}, - {Name: "github.com/goccy/go-yaml", Version: "1.8.2"}, - {Name: "github.com/gogo/protobuf", Version: "1.3.1"}, - {Name: "github.com/golang/glog", Version: "0.0.0-20160126235308-23def4e6c14b"}, - {Name: "github.com/golang/groupcache", Version: "0.0.0-20200121045136-8c9f03a8e57e"}, - {Name: "github.com/golang/mock", Version: "1.4.4"}, - {Name: "github.com/golang/protobuf", Version: "1.4.2"}, - {Name: "github.com/google/btree", Version: "1.0.0"}, - {Name: "github.com/google/go-cmp", Version: "0.5.3"}, - {Name: "github.com/google/go-containerregistry", Version: "0.0.0-20200331213917-3d03ed9b1ca2"}, - {Name: "github.com/google/go-github/v28", Version: "28.1.1"}, - {Name: "github.com/google/go-querystring", Version: "1.0.0"}, - {Name: "github.com/google/gofuzz", Version: "1.0.0"}, - {Name: "github.com/google/martian", Version: "2.1.0+incompatible"}, - {Name: "github.com/google/martian/v3", Version: "3.0.0"}, - {Name: "github.com/google/pprof", Version: "0.0.0-20200708004538-1a94d8640e99"}, - {Name: "github.com/google/renameio", Version: "0.1.0"}, - {Name: "github.com/google/subcommands", Version: "1.0.1"}, - {Name: "github.com/google/uuid", Version: "1.1.1"}, - {Name: "github.com/google/wire", Version: "0.3.0"}, - {Name: "github.com/googleapis/gax-go/v2", Version: "2.0.5"}, - {Name: "github.com/googleapis/gnostic", Version: "0.2.2"}, - {Name: "github.com/gophercloud/gophercloud", Version: "0.1.0"}, - {Name: "github.com/gopherjs/gopherjs", Version: "0.0.0-20200217142428-fce0ec30dd00"}, - {Name: "github.com/gorilla/context", Version: "1.1.1"}, - {Name: "github.com/gorilla/mux", Version: "1.7.4"}, - {Name: "github.com/gorilla/websocket", Version: "1.4.0"}, - {Name: "github.com/gregjones/httpcache", Version: "0.0.0-20180305231024-9cad4c3443a7"}, - {Name: "github.com/grpc-ecosystem/go-grpc-middleware", Version: "1.0.1-0.20190118093823-f849b5445de4"}, - {Name: "github.com/grpc-ecosystem/go-grpc-prometheus", Version: "1.2.0"}, - {Name: "github.com/grpc-ecosystem/grpc-gateway", Version: "1.9.5"}, - {Name: "github.com/hashicorp/errwrap", Version: "1.0.0"}, - {Name: "github.com/hashicorp/go-multierror", Version: "1.1.0"}, - {Name: "github.com/hashicorp/go-version", Version: "1.2.1"}, - {Name: "github.com/hashicorp/golang-lru", Version: "0.5.3"}, - {Name: "github.com/hashicorp/hcl", Version: "1.0.0"}, - {Name: "github.com/hpcloud/tail", Version: "1.0.0"}, - {Name: "github.com/ianlancetaylor/demangle", Version: "0.0.0-20181102032728-5e5cf60278f6"}, - {Name: "github.com/imdario/mergo", Version: "0.3.5"}, - {Name: "github.com/inconshreveable/mousetrap", Version: "1.0.0"}, - {Name: "github.com/jbenet/go-context", Version: "0.0.0-20150711004518-d14ea06fba99"}, - {Name: "github.com/jessevdk/go-flags", Version: "1.4.0"}, - {Name: "github.com/jmespath/go-jmespath", Version: "0.0.0-20180206201540-c2b33e8439af"}, - {Name: "github.com/joefitzgerald/rainbow-reporter", Version: "0.1.0"}, - {Name: "github.com/jonboulle/clockwork", Version: "0.1.0"}, - {Name: "github.com/json-iterator/go", Version: "1.1.8"}, - {Name: "github.com/jstemmer/go-junit-report", Version: "0.9.1"}, - {Name: "github.com/jtolds/gls", Version: "4.20.0+incompatible"}, - {Name: "github.com/julienschmidt/httprouter", Version: "1.2.0"}, - {Name: "github.com/kevinburke/ssh_config", Version: "0.0.0-20190725054713-01f96b0aa0cd"}, - {Name: "github.com/kisielk/errcheck", Version: "1.2.0"}, - {Name: "github.com/kisielk/gotool", Version: "1.0.0"}, - {Name: "github.com/knqyf263/go-apk-version", Version: "0.0.0-20200609155635-041fdbb8563f"}, - {Name: "github.com/knqyf263/go-deb-version", Version: "0.0.0-20190517075300-09fca494f03d"}, - {Name: "github.com/knqyf263/go-rpm-version", Version: "0.0.0-20170716094938-74609b86c936"}, - {Name: "github.com/knqyf263/go-rpmdb", Version: "0.0.0-20201215100354-a9e3110d8ee1"}, - {Name: "github.com/knqyf263/nested", Version: "0.0.1"}, - {Name: "github.com/konsorten/go-windows-terminal-sequences", Version: "1.0.2"}, - {Name: "github.com/kr/logfmt", Version: "0.0.0-20140226030751-b84e30acd515"}, - {Name: "github.com/kr/pretty", Version: "0.1.0"}, - {Name: "github.com/kr/pty", Version: "1.1.5"}, - {Name: "github.com/kr/text", Version: "0.2.0"}, - {Name: "github.com/kylelemons/godebug", Version: "1.1.0"}, - {Name: "github.com/leodido/go-urn", Version: "1.2.0"}, - {Name: "github.com/magiconair/properties", Version: "1.8.0"}, - {Name: "github.com/mailru/easyjson", Version: "0.7.0"}, - {Name: "github.com/mattn/go-colorable", Version: "0.1.8"}, - {Name: "github.com/mattn/go-isatty", Version: "0.0.12"}, - {Name: "github.com/mattn/go-jsonpointer", Version: "0.0.0-20180225143300-37667080efed"}, - {Name: "github.com/mattn/go-runewidth", Version: "0.0.9"}, - {Name: "github.com/matttproud/golang_protobuf_extensions", Version: "1.0.1"}, - {Name: "github.com/maxbrunsfeld/counterfeiter/v6", Version: "6.2.2"}, - {Name: "github.com/mitchellh/go-homedir", Version: "1.1.0"}, - {Name: "github.com/mitchellh/mapstructure", Version: "1.1.2"}, - {Name: "github.com/modern-go/concurrent", Version: "0.0.0-20180306012644-bacd9c7ef1dd"}, - {Name: "github.com/modern-go/reflect2", Version: "1.0.1"}, - {Name: "github.com/morikuni/aec", Version: "1.0.0"}, - {Name: "github.com/munnerz/goautoneg", Version: "0.0.0-20191010083416-a7dc8b61c822"}, - {Name: "github.com/mwitkow/go-conntrack", Version: "0.0.0-20161129095857-cc309e4a2223"}, - {Name: "github.com/mxk/go-flowrate", Version: "0.0.0-20140419014527-cca7078d478f"}, - {Name: "github.com/niemeyer/pretty", Version: "0.0.0-20200227124842-a10e7caefd8e"}, - {Name: "github.com/nxadm/tail", Version: "1.4.4"}, - {Name: "github.com/olekukonko/tablewriter", Version: "0.0.2-0.20190607075207-195002e6e56a"}, - {Name: "github.com/onsi/ginkgo", Version: "1.14.2"}, - {Name: "github.com/onsi/gomega", Version: "1.10.3"}, - {Name: "github.com/open-policy-agent/opa", Version: "0.21.1"}, - {Name: "github.com/opencontainers/go-digest", Version: "1.0.0-rc1"}, - {Name: "github.com/opencontainers/image-spec", Version: "1.0.2-0.20190823105129-775207bd45b6"}, - {Name: "github.com/opencontainers/runc", Version: "0.1.1"}, - {Name: "github.com/parnurzeal/gorequest", Version: "0.2.16"}, - {Name: "github.com/pelletier/go-toml", Version: "1.2.0"}, - {Name: "github.com/peterbourgon/diskv", Version: "2.0.1+incompatible"}, - {Name: "github.com/peterh/liner", Version: "0.0.0-20170211195444-bf27d3ba8e1d"}, - {Name: "github.com/pkg/errors", Version: "0.9.1"}, - {Name: "github.com/pmezard/go-difflib", Version: "1.0.0"}, - {Name: "github.com/pquerna/cachecontrol", Version: "0.0.0-20171018203845-0dec1b30a021"}, - {Name: "github.com/prometheus/client_golang", Version: "1.0.0"}, - {Name: "github.com/prometheus/client_model", Version: "0.0.0-20190812154241-14fe0d1b01d4"}, - {Name: "github.com/prometheus/common", Version: "0.4.1"}, - {Name: "github.com/prometheus/procfs", Version: "0.0.2"}, - {Name: "github.com/rcrowley/go-metrics", Version: "0.0.0-20181016184325-3113b8401b8a"}, - {Name: "github.com/remyoudompheng/bigfft", Version: "0.0.0-20170806203942-52369c62f446"}, - {Name: "github.com/rogpeppe/fastuuid", Version: "0.0.0-20150106093220-6724a57986af"}, - {Name: "github.com/rogpeppe/go-charset", Version: "0.0.0-20180617210344-2471d30d28b4"}, - {Name: "github.com/rogpeppe/go-internal", Version: "1.3.0"}, - {Name: "github.com/rubiojr/go-vhd", Version: "0.0.0-20160810183302-0bfd3b39853c"}, - {Name: "github.com/russross/blackfriday", Version: "1.5.2"}, - {Name: "github.com/russross/blackfriday/v2", Version: "2.0.1"}, - {Name: "github.com/saracen/walker", Version: "0.0.0-20191201085201-324a081bae7e"}, - {Name: "github.com/satori/go.uuid", Version: "1.2.0"}, - {Name: "github.com/sclevine/spec", Version: "1.2.0"}, - {Name: "github.com/sergi/go-diff", Version: "1.1.0"}, - {Name: "github.com/shurcooL/sanitized_anchor_name", Version: "1.0.0"}, - {Name: "github.com/simplereach/timeutils", Version: "1.2.0"}, - {Name: "github.com/sirupsen/logrus", Version: "1.5.0"}, - {Name: "github.com/smartystreets/assertions", Version: "1.2.0"}, - {Name: "github.com/smartystreets/goconvey", Version: "1.6.4"}, - {Name: "github.com/soheilhy/cmux", Version: "0.1.4"}, - {Name: "github.com/sosedoff/gitkit", Version: "0.2.0"}, - {Name: "github.com/spf13/afero", Version: "1.2.2"}, - {Name: "github.com/spf13/cast", Version: "1.3.0"}, - {Name: "github.com/spf13/cobra", Version: "0.0.5"}, - {Name: "github.com/spf13/jwalterweatherman", Version: "1.0.0"}, - {Name: "github.com/spf13/pflag", Version: "1.0.5"}, - {Name: "github.com/spf13/viper", Version: "1.3.2"}, - {Name: "github.com/stretchr/objx", Version: "0.3.0"}, - {Name: "github.com/stretchr/testify", Version: "1.6.1"}, - {Name: "github.com/testcontainers/testcontainers-go", Version: "0.3.1"}, - {Name: "github.com/tmc/grpc-websocket-proxy", Version: "0.0.0-20170815181823-89b8d40f7ca8"}, - {Name: "github.com/twitchtv/twirp", Version: "5.10.1+incompatible"}, - {Name: "github.com/ugorji/go", Version: "1.1.7"}, - {Name: "github.com/ugorji/go/codec", Version: "1.1.7"}, - {Name: "github.com/urfave/cli", Version: "1.22.5"}, - {Name: "github.com/urfave/cli/v2", Version: "2.3.0"}, - {Name: "github.com/vdemeester/k8s-pkg-credentialprovider", Version: "1.17.4"}, - {Name: "github.com/vmware/govmomi", Version: "0.20.3"}, - {Name: "github.com/xanzy/ssh-agent", Version: "0.2.1"}, - {Name: "github.com/xiang90/probing", Version: "0.0.0-20190116061207-43a291ad63a2"}, - {Name: "github.com/xordataexchange/crypt", Version: "0.0.3-0.20170626215501-b2862e3d0a77"}, - {Name: "github.com/yashtewari/glob-intersection", Version: "0.0.0-20180916065949-5c77d914dd0b"}, - {Name: "github.com/yuin/goldmark", Version: "1.1.32"}, - {Name: "github.com/yuin/gopher-lua", Version: "0.0.0-20191220021717-ab39c6098bdb"}, - {Name: "go.etcd.io/bbolt", Version: "1.3.5"}, - {Name: "go.etcd.io/etcd", Version: "0.0.0-20191023171146-3cf2f69b5738"}, - {Name: "go.opencensus.io", Version: "0.22.4"}, - {Name: "go.opentelemetry.io/otel", Version: "0.14.0"}, - {Name: "go.uber.org/atomic", Version: "1.5.1"}, - {Name: "go.uber.org/multierr", Version: "1.4.0"}, - {Name: "go.uber.org/tools", Version: "0.0.0-20190618225709-2cfd321de3ee"}, - {Name: "go.uber.org/zap", Version: "1.13.0"}, - {Name: "golang.org/x/crypto", Version: "0.0.0-20201002170205-7f63de1d35b0"}, - {Name: "golang.org/x/exp", Version: "0.0.0-20200224162631-6cc2880d07d6"}, - {Name: "golang.org/x/image", Version: "0.0.0-20190802002840-cff245a6509b"}, - {Name: "golang.org/x/lint", Version: "0.0.0-20200302205851-738671d3881b"}, - {Name: "golang.org/x/mobile", Version: "0.0.0-20190719004257-d2bd2a29d028"}, - {Name: "golang.org/x/mod", Version: "0.3.0"}, - {Name: "golang.org/x/net", Version: "0.0.0-20201006153459-a7d1128ccaa0"}, - {Name: "golang.org/x/oauth2", Version: "0.0.0-20201208152858-08078c50e5b5"}, - {Name: "golang.org/x/sync", Version: "0.0.0-20200625203802-6e8e738ad208"}, - {Name: "golang.org/x/sys", Version: "0.0.0-20201006155630-ac719f4daadf"}, - {Name: "golang.org/x/text", Version: "0.3.3"}, - {Name: "golang.org/x/time", Version: "0.0.0-20191024005414-555d28b269f0"}, - {Name: "golang.org/x/tools", Version: "0.0.0-20200825202427-b303f430e36d"}, - {Name: "golang.org/x/xerrors", Version: "0.0.0-20200804184101-5ec99f83aff1"}, - {Name: "gonum.org/v1/gonum", Version: "0.0.0-20190331200053-3d26580ed485"}, - {Name: "gonum.org/v1/netlib", Version: "0.0.0-20190331212654-76723241ea4e"}, - {Name: "google.golang.org/api", Version: "0.30.0"}, - {Name: "google.golang.org/appengine", Version: "1.6.6"}, - {Name: "google.golang.org/genproto", Version: "0.0.0-20200825200019-8632dd797987"}, - {Name: "google.golang.org/grpc", Version: "1.31.0"}, - {Name: "google.golang.org/protobuf", Version: "1.25.0"}, - {Name: "gopkg.in/alecthomas/kingpin.v2", Version: "2.2.6"}, - {Name: "gopkg.in/check.v1", Version: "1.0.0-20200902074654-038fdea0a05b"}, - {Name: "gopkg.in/cheggaaa/pb.v1", Version: "1.0.28"}, - {Name: "gopkg.in/errgo.v2", Version: "2.1.0"}, - {Name: "gopkg.in/fsnotify.v1", Version: "1.4.7"}, - {Name: "gopkg.in/gcfg.v1", Version: "1.2.0"}, - {Name: "gopkg.in/go-playground/assert.v1", Version: "1.2.1"}, - {Name: "gopkg.in/go-playground/validator.v9", Version: "9.31.0"}, - {Name: "gopkg.in/inf.v0", Version: "0.9.1"}, - {Name: "gopkg.in/mgo.v2", Version: "2.0.0-20180705113604-9856a29383ce"}, - {Name: "gopkg.in/natefinch/lumberjack.v2", Version: "2.0.0"}, - {Name: "gopkg.in/resty.v1", Version: "1.12.0"}, - {Name: "gopkg.in/square/go-jose.v2", Version: "2.2.2"}, - {Name: "gopkg.in/tomb.v1", Version: "1.0.0-20141024135613-dd632973f1e7"}, - {Name: "gopkg.in/warnings.v0", Version: "0.1.2"}, - {Name: "gopkg.in/yaml.v2", Version: "2.4.0"}, - {Name: "gopkg.in/yaml.v3", Version: "3.0.0-20200615113413-eeeca48fe776"}, - {Name: "gotest.tools", Version: "2.2.0+incompatible"}, - {Name: "honnef.co/go/tools", Version: "0.0.1-2020.1.4"}, - {Name: "k8s.io/api", Version: "0.17.4"}, - {Name: "k8s.io/apimachinery", Version: "0.17.4"}, - {Name: "k8s.io/apiserver", Version: "0.17.4"}, - {Name: "k8s.io/client-go", Version: "0.17.4"}, - {Name: "k8s.io/cloud-provider", Version: "0.17.4"}, - {Name: "k8s.io/code-generator", Version: "0.17.2"}, - {Name: "k8s.io/component-base", Version: "0.17.4"}, - {Name: "k8s.io/csi-translation-lib", Version: "0.17.4"}, - {Name: "k8s.io/gengo", Version: "0.0.0-20190822140433-26a664648505"}, - {Name: "k8s.io/klog", Version: "1.0.0"}, - {Name: "k8s.io/klog/v2", Version: "2.0.0"}, - {Name: "k8s.io/kube-openapi", Version: "0.0.0-20191107075043-30be4d16710a"}, - {Name: "k8s.io/legacy-cloud-providers", Version: "0.17.4"}, - {Name: "k8s.io/utils", Version: "0.0.0-20201110183641-67b214c5f920"}, - {Name: "modernc.org/cc", Version: "1.0.0"}, - {Name: "modernc.org/golex", Version: "1.0.0"}, - {Name: "modernc.org/mathutil", Version: "1.0.0"}, - {Name: "modernc.org/strutil", Version: "1.0.0"}, - {Name: "modernc.org/xc", Version: "1.0.0"}, - {Name: "moul.io/http2curl", Version: "1.0.0"}, - {Name: "rsc.io/binaryregexp", Version: "0.2.0"}, - {Name: "rsc.io/quote/v3", Version: "3.1.0"}, - {Name: "rsc.io/sampler", Version: "1.3.0"}, - {Name: "sigs.k8s.io/structured-merge-diff", Version: "1.0.1-0.20191108220359-b1b620dd3f06"}, - {Name: "sigs.k8s.io/yaml", Version: "1.1.0"}, + {Name: "cloud.google.com/go", Version: "v0.65.0"}, + {Name: "cloud.google.com/go/bigquery", Version: "v1.8.0"}, + {Name: "cloud.google.com/go/datastore", Version: "v1.1.0"}, + {Name: "cloud.google.com/go/pubsub", Version: "v1.3.1"}, + {Name: "cloud.google.com/go/storage", Version: "v1.10.0"}, + {Name: "dmitri.shuralyov.com/gpu/mtl", Version: "v0.0.0-20190408044501-666a987793e9"}, + {Name: "github.com/Azure/azure-sdk-for-go", Version: "v38.0.0+incompatible"}, + {Name: "github.com/Azure/go-ansiterm", Version: "v0.0.0-20170929234023-d6e3b3328b78"}, + {Name: "github.com/Azure/go-autorest/autorest", Version: "v0.9.3"}, + {Name: "github.com/Azure/go-autorest/autorest/adal", Version: "v0.8.1"}, + {Name: "github.com/Azure/go-autorest/autorest/date", Version: "v0.2.0"}, + {Name: "github.com/Azure/go-autorest/autorest/mocks", Version: "v0.3.0"}, + {Name: "github.com/Azure/go-autorest/autorest/to", Version: "v0.3.0"}, + {Name: "github.com/Azure/go-autorest/autorest/validation", Version: "v0.1.0"}, + {Name: "github.com/Azure/go-autorest/logger", Version: "v0.1.0"}, + {Name: "github.com/Azure/go-autorest/tracing", Version: "v0.5.0"}, + {Name: "github.com/BurntSushi/toml", Version: "v0.3.1"}, + {Name: "github.com/BurntSushi/xgb", Version: "v0.0.0-20160522181843-27f122750802"}, + {Name: "github.com/GoogleCloudPlatform/docker-credential-gcr", Version: "v1.5.0"}, + {Name: "github.com/GoogleCloudPlatform/k8s-cloud-provider", Version: "v0.0.0-20190822182118-27a4ced34534"}, + {Name: "github.com/Microsoft/go-winio", Version: "v0.4.15-0.20190919025122-fc70bd9a86b5"}, + {Name: "github.com/Microsoft/hcsshim", Version: "v0.8.6"}, + {Name: "github.com/NYTimes/gziphandler", Version: "v0.0.0-20170623195520-56545f4a5d46"}, + {Name: "github.com/OneOfOne/xxhash", Version: "v1.2.7"}, + {Name: "github.com/PuerkitoBio/purell", Version: "v1.1.1"}, + {Name: "github.com/PuerkitoBio/urlesc", Version: "v0.0.0-20170810143723-de5bf2ad4578"}, + {Name: "github.com/VividCortex/ewma", Version: "v1.1.1"}, + {Name: "github.com/alcortesm/tgz", Version: "v0.0.0-20161220082320-9c5fe88206d7"}, + {Name: "github.com/alecthomas/template", Version: "v0.0.0-20160405071501-a0175ee3bccc"}, + {Name: "github.com/alecthomas/units", Version: "v0.0.0-20151022065526-2efee857e7cf"}, + {Name: "github.com/alicebob/gopher-json", Version: "v0.0.0-20200520072559-a9ecdc9d1d3a"}, + {Name: "github.com/alicebob/miniredis/v2", Version: "v2.14.1"}, + {Name: "github.com/anmitsu/go-shlex", Version: "v0.0.0-20161002113705-648efa622239"}, + {Name: "github.com/aquasecurity/bolt-fixtures", Version: "v0.0.0-20200903104109-d34e7f983986"}, + {Name: "github.com/aquasecurity/fanal", Version: "v0.0.0-20210119051230-28c249da7cfd"}, + {Name: "github.com/aquasecurity/go-dep-parser", Version: "v0.0.0-20201028043324-889d4a92b8e0"}, + {Name: "github.com/aquasecurity/go-gem-version", Version: "v0.0.0-20201115065557-8eed6fe000ce"}, + {Name: "github.com/aquasecurity/go-npm-version", Version: "v0.0.0-20201110091526-0b796d180798"}, + {Name: "github.com/aquasecurity/go-pep440-version", Version: "v0.0.0-20210121094942-22b2f8951d46"}, + {Name: "github.com/aquasecurity/go-version", Version: "v0.0.0-20210121072130-637058cfe492"}, + {Name: "github.com/aquasecurity/testdocker", Version: "v0.0.0-20210106133225-0b17fe083674"}, + {Name: "github.com/aquasecurity/trivy", Version: "v0.16.0"}, + {Name: "github.com/aquasecurity/trivy-db", Version: "v0.0.0-20210105160501-c5bf4e153277"}, + {Name: "github.com/aquasecurity/vuln-list-update", Version: "v0.0.0-20191016075347-3d158c2bf9a2"}, + {Name: "github.com/araddon/dateparse", Version: "v0.0.0-20190426192744-0d74ffceef83"}, + {Name: "github.com/armon/consul-api", Version: "v0.0.0-20180202201655-eb2c6b5be1b6"}, + {Name: "github.com/armon/go-socks5", Version: "v0.0.0-20160902184237-e75332964ef5"}, + {Name: "github.com/aws/aws-sdk-go", Version: "v1.27.1"}, + {Name: "github.com/beorn7/perks", Version: "v1.0.0"}, + {Name: "github.com/bgentry/speakeasy", Version: "v0.1.0"}, + {Name: "github.com/blang/semver", Version: "v3.5.0+incompatible"}, + {Name: "github.com/briandowns/spinner", Version: "v1.12.0"}, + {Name: "github.com/caarlos0/env/v6", Version: "v6.0.0"}, + {Name: "github.com/cenkalti/backoff", Version: "v2.2.1+incompatible"}, + {Name: "github.com/census-instrumentation/opencensus-proto", Version: "v0.2.1"}, + {Name: "github.com/cespare/xxhash/v2", Version: "v2.1.1"}, + {Name: "github.com/cheggaaa/pb/v3", Version: "v3.0.3"}, + {Name: "github.com/chzyer/logex", Version: "v1.1.10"}, + {Name: "github.com/chzyer/readline", Version: "v0.0.0-20180603132655-2972be24d48e"}, + {Name: "github.com/chzyer/test", Version: "v0.0.0-20180213035817-a1ea475d72b1"}, + {Name: "github.com/client9/misspell", Version: "v0.3.4"}, + {Name: "github.com/cncf/udpa/go", Version: "v0.0.0-20191209042840-269d4d468f6f"}, + {Name: "github.com/cockroachdb/datadriven", Version: "v0.0.0-20190809214429-80d97fb3cbaa"}, + {Name: "github.com/containerd/containerd", Version: "v1.3.3"}, + {Name: "github.com/containerd/continuity", Version: "v0.0.0-20190426062206-aaeac12a7ffc"}, + {Name: "github.com/coreos/etcd", Version: "v3.3.10+incompatible"}, + {Name: "github.com/coreos/go-etcd", Version: "v2.0.0+incompatible"}, + {Name: "github.com/coreos/go-oidc", Version: "v2.1.0+incompatible"}, + {Name: "github.com/coreos/go-semver", Version: "v0.3.0"}, + {Name: "github.com/coreos/go-systemd", Version: "v0.0.0-20190321100706-95778dfbb74e"}, + {Name: "github.com/coreos/pkg", Version: "v0.0.0-20180108230652-97fdf19511ea"}, + {Name: "github.com/cpuguy83/go-md2man", Version: "v1.0.10"}, + {Name: "github.com/cpuguy83/go-md2man/v2", Version: "v2.0.0"}, + {Name: "github.com/creack/pty", Version: "v1.1.9"}, + {Name: "github.com/davecgh/go-spew", Version: "v1.1.1"}, + {Name: "github.com/deckarep/golang-set", Version: "v1.7.1"}, + {Name: "github.com/dgrijalva/jwt-go", Version: "v3.2.0+incompatible"}, + {Name: "github.com/dgryski/go-rendezvous", Version: "v0.0.0-20200823014737-9f7001d12a5f"}, + {Name: "github.com/dnaeon/go-vcr", Version: "v1.0.1"}, + {Name: "github.com/docker/cli", Version: "v0.0.0-20191017083524-a8ff7f821017"}, + {Name: "github.com/docker/distribution", Version: "v2.7.1+incompatible"}, + {Name: "github.com/docker/docker", Version: "v1.4.2-0.20190924003213-a8608b5b67c7"}, + {Name: "github.com/docker/docker-credential-helpers", Version: "v0.6.3"}, + {Name: "github.com/docker/go-connections", Version: "v0.4.0"}, + {Name: "github.com/docker/go-units", Version: "v0.4.0"}, + {Name: "github.com/docker/spdystream", Version: "v0.0.0-20160310174837-449fdfce4d96"}, + {Name: "github.com/dustin/go-humanize", Version: "v1.0.0"}, + {Name: "github.com/elazarl/goproxy", Version: "v0.0.0-20200809112317-0581fc3aee2d"}, + {Name: "github.com/elazarl/goproxy/ext", Version: "v0.0.0-20200809112317-0581fc3aee2d"}, + {Name: "github.com/emicklei/go-restful", Version: "v2.9.5+incompatible"}, + {Name: "github.com/emirpasic/gods", Version: "v1.12.0"}, + {Name: "github.com/envoyproxy/go-control-plane", Version: "v0.9.4"}, + {Name: "github.com/envoyproxy/protoc-gen-validate", Version: "v0.1.0"}, + {Name: "github.com/evanphx/json-patch", Version: "v4.2.0+incompatible"}, + {Name: "github.com/fatih/color", Version: "v1.10.0"}, + {Name: "github.com/flynn/go-shlex", Version: "v0.0.0-20150515145356-3f9db97f8568"}, + {Name: "github.com/fsnotify/fsnotify", Version: "v1.4.9"}, + {Name: "github.com/ghodss/yaml", Version: "v1.0.0"}, + {Name: "github.com/gin-contrib/sse", Version: "v0.1.0"}, + {Name: "github.com/gin-gonic/gin", Version: "v1.5.0"}, + {Name: "github.com/gliderlabs/ssh", Version: "v0.2.2"}, + {Name: "github.com/go-git/gcfg", Version: "v1.5.0"}, + {Name: "github.com/go-git/go-billy/v5", Version: "v5.0.0"}, + {Name: "github.com/go-git/go-git-fixtures/v4", Version: "v4.0.1"}, + {Name: "github.com/go-git/go-git/v5", Version: "v5.0.0"}, + {Name: "github.com/go-gl/glfw", Version: "v0.0.0-20190409004039-e6da0acd62b1"}, + {Name: "github.com/go-gl/glfw/v3.3/glfw", Version: "v0.0.0-20200222043503-6f7a984d4dc4"}, + {Name: "github.com/go-kit/kit", Version: "v0.8.0"}, + {Name: "github.com/go-logfmt/logfmt", Version: "v0.3.0"}, + {Name: "github.com/go-logr/logr", Version: "v0.1.0"}, + {Name: "github.com/go-openapi/jsonpointer", Version: "v0.19.3"}, + {Name: "github.com/go-openapi/jsonreference", Version: "v0.19.3"}, + {Name: "github.com/go-openapi/spec", Version: "v0.19.3"}, + {Name: "github.com/go-openapi/swag", Version: "v0.19.5"}, + {Name: "github.com/go-playground/locales", Version: "v0.13.0"}, + {Name: "github.com/go-playground/universal-translator", Version: "v0.17.0"}, + {Name: "github.com/go-redis/redis", Version: "v6.15.7+incompatible"}, + {Name: "github.com/go-redis/redis/v8", Version: "v8.4.0"}, + {Name: "github.com/go-restruct/restruct", Version: "v0.0.0-20191227155143-5734170a48a1"}, + {Name: "github.com/go-sql-driver/mysql", Version: "v1.5.0"}, + {Name: "github.com/go-stack/stack", Version: "v1.8.0"}, + {Name: "github.com/gobwas/glob", Version: "v0.2.3"}, + {Name: "github.com/goccy/go-yaml", Version: "v1.8.2"}, + {Name: "github.com/gogo/protobuf", Version: "v1.3.1"}, + {Name: "github.com/golang/glog", Version: "v0.0.0-20160126235308-23def4e6c14b"}, + {Name: "github.com/golang/groupcache", Version: "v0.0.0-20200121045136-8c9f03a8e57e"}, + {Name: "github.com/golang/mock", Version: "v1.4.4"}, + {Name: "github.com/golang/protobuf", Version: "v1.4.2"}, + {Name: "github.com/google/btree", Version: "v1.0.0"}, + {Name: "github.com/google/go-cmp", Version: "v0.5.3"}, + {Name: "github.com/google/go-containerregistry", Version: "v0.0.0-20200331213917-3d03ed9b1ca2"}, + {Name: "github.com/google/go-github/v28", Version: "v28.1.1"}, + {Name: "github.com/google/go-querystring", Version: "v1.0.0"}, + {Name: "github.com/google/gofuzz", Version: "v1.0.0"}, + {Name: "github.com/google/martian", Version: "v2.1.0+incompatible"}, + {Name: "github.com/google/martian/v3", Version: "v3.0.0"}, + {Name: "github.com/google/pprof", Version: "v0.0.0-20200708004538-1a94d8640e99"}, + {Name: "github.com/google/renameio", Version: "v0.1.0"}, + {Name: "github.com/google/subcommands", Version: "v1.0.1"}, + {Name: "github.com/google/uuid", Version: "v1.1.1"}, + {Name: "github.com/google/wire", Version: "v0.3.0"}, + {Name: "github.com/googleapis/gax-go/v2", Version: "v2.0.5"}, + {Name: "github.com/googleapis/gnostic", Version: "v0.2.2"}, + {Name: "github.com/gophercloud/gophercloud", Version: "v0.1.0"}, + {Name: "github.com/gopherjs/gopherjs", Version: "v0.0.0-20200217142428-fce0ec30dd00"}, + {Name: "github.com/gorilla/context", Version: "v1.1.1"}, + {Name: "github.com/gorilla/mux", Version: "v1.7.4"}, + {Name: "github.com/gorilla/websocket", Version: "v1.4.0"}, + {Name: "github.com/gregjones/httpcache", Version: "v0.0.0-20180305231024-9cad4c3443a7"}, + {Name: "github.com/grpc-ecosystem/go-grpc-middleware", Version: "v1.0.1-0.20190118093823-f849b5445de4"}, + {Name: "github.com/grpc-ecosystem/go-grpc-prometheus", Version: "v1.2.0"}, + {Name: "github.com/grpc-ecosystem/grpc-gateway", Version: "v1.9.5"}, + {Name: "github.com/hashicorp/errwrap", Version: "v1.0.0"}, + {Name: "github.com/hashicorp/go-multierror", Version: "v1.1.0"}, + {Name: "github.com/hashicorp/go-version", Version: "v1.2.1"}, + {Name: "github.com/hashicorp/golang-lru", Version: "v0.5.3"}, + {Name: "github.com/hashicorp/hcl", Version: "v1.0.0"}, + {Name: "github.com/hpcloud/tail", Version: "v1.0.0"}, + {Name: "github.com/ianlancetaylor/demangle", Version: "v0.0.0-20181102032728-5e5cf60278f6"}, + {Name: "github.com/imdario/mergo", Version: "v0.3.5"}, + {Name: "github.com/inconshreveable/mousetrap", Version: "v1.0.0"}, + {Name: "github.com/jbenet/go-context", Version: "v0.0.0-20150711004518-d14ea06fba99"}, + {Name: "github.com/jessevdk/go-flags", Version: "v1.4.0"}, + {Name: "github.com/jmespath/go-jmespath", Version: "v0.0.0-20180206201540-c2b33e8439af"}, + {Name: "github.com/joefitzgerald/rainbow-reporter", Version: "v0.1.0"}, + {Name: "github.com/jonboulle/clockwork", Version: "v0.1.0"}, + {Name: "github.com/json-iterator/go", Version: "v1.1.8"}, + {Name: "github.com/jstemmer/go-junit-report", Version: "v0.9.1"}, + {Name: "github.com/jtolds/gls", Version: "v4.20.0+incompatible"}, + {Name: "github.com/julienschmidt/httprouter", Version: "v1.2.0"}, + {Name: "github.com/kevinburke/ssh_config", Version: "v0.0.0-20190725054713-01f96b0aa0cd"}, + {Name: "github.com/kisielk/errcheck", Version: "v1.2.0"}, + {Name: "github.com/kisielk/gotool", Version: "v1.0.0"}, + {Name: "github.com/knqyf263/go-apk-version", Version: "v0.0.0-20200609155635-041fdbb8563f"}, + {Name: "github.com/knqyf263/go-deb-version", Version: "v0.0.0-20190517075300-09fca494f03d"}, + {Name: "github.com/knqyf263/go-rpm-version", Version: "v0.0.0-20170716094938-74609b86c936"}, + {Name: "github.com/knqyf263/go-rpmdb", Version: "v0.0.0-20201215100354-a9e3110d8ee1"}, + {Name: "github.com/knqyf263/nested", Version: "v0.0.1"}, + {Name: "github.com/konsorten/go-windows-terminal-sequences", Version: "v1.0.2"}, + {Name: "github.com/kr/logfmt", Version: "v0.0.0-20140226030751-b84e30acd515"}, + {Name: "github.com/kr/pretty", Version: "v0.1.0"}, + {Name: "github.com/kr/pty", Version: "v1.1.5"}, + {Name: "github.com/kr/text", Version: "v0.2.0"}, + {Name: "github.com/kylelemons/godebug", Version: "v1.1.0"}, + {Name: "github.com/leodido/go-urn", Version: "v1.2.0"}, + {Name: "github.com/magiconair/properties", Version: "v1.8.0"}, + {Name: "github.com/mailru/easyjson", Version: "v0.7.0"}, + {Name: "github.com/mattn/go-colorable", Version: "v0.1.8"}, + {Name: "github.com/mattn/go-isatty", Version: "v0.0.12"}, + {Name: "github.com/mattn/go-jsonpointer", Version: "v0.0.0-20180225143300-37667080efed"}, + {Name: "github.com/mattn/go-runewidth", Version: "v0.0.9"}, + {Name: "github.com/matttproud/golang_protobuf_extensions", Version: "v1.0.1"}, + {Name: "github.com/maxbrunsfeld/counterfeiter/v6", Version: "v6.2.2"}, + {Name: "github.com/mitchellh/go-homedir", Version: "v1.1.0"}, + {Name: "github.com/mitchellh/mapstructure", Version: "v1.1.2"}, + {Name: "github.com/modern-go/concurrent", Version: "v0.0.0-20180306012644-bacd9c7ef1dd"}, + {Name: "github.com/modern-go/reflect2", Version: "v1.0.1"}, + {Name: "github.com/morikuni/aec", Version: "v1.0.0"}, + {Name: "github.com/munnerz/goautoneg", Version: "v0.0.0-20191010083416-a7dc8b61c822"}, + {Name: "github.com/mwitkow/go-conntrack", Version: "v0.0.0-20161129095857-cc309e4a2223"}, + {Name: "github.com/mxk/go-flowrate", Version: "v0.0.0-20140419014527-cca7078d478f"}, + {Name: "github.com/niemeyer/pretty", Version: "v0.0.0-20200227124842-a10e7caefd8e"}, + {Name: "github.com/nxadm/tail", Version: "v1.4.4"}, + {Name: "github.com/olekukonko/tablewriter", Version: "v0.0.2-0.20190607075207-195002e6e56a"}, + {Name: "github.com/onsi/ginkgo", Version: "v1.14.2"}, + {Name: "github.com/onsi/gomega", Version: "v1.10.3"}, + {Name: "github.com/open-policy-agent/opa", Version: "v0.21.1"}, + {Name: "github.com/opencontainers/go-digest", Version: "v1.0.0-rc1"}, + {Name: "github.com/opencontainers/image-spec", Version: "v1.0.2-0.20190823105129-775207bd45b6"}, + {Name: "github.com/opencontainers/runc", Version: "v0.1.1"}, + {Name: "github.com/parnurzeal/gorequest", Version: "v0.2.16"}, + {Name: "github.com/pelletier/go-toml", Version: "v1.2.0"}, + {Name: "github.com/peterbourgon/diskv", Version: "v2.0.1+incompatible"}, + {Name: "github.com/peterh/liner", Version: "v0.0.0-20170211195444-bf27d3ba8e1d"}, + {Name: "github.com/pkg/errors", Version: "v0.9.1"}, + {Name: "github.com/pmezard/go-difflib", Version: "v1.0.0"}, + {Name: "github.com/pquerna/cachecontrol", Version: "v0.0.0-20171018203845-0dec1b30a021"}, + {Name: "github.com/prometheus/client_golang", Version: "v1.0.0"}, + {Name: "github.com/prometheus/client_model", Version: "v0.0.0-20190812154241-14fe0d1b01d4"}, + {Name: "github.com/prometheus/common", Version: "v0.4.1"}, + {Name: "github.com/prometheus/procfs", Version: "v0.0.2"}, + {Name: "github.com/rcrowley/go-metrics", Version: "v0.0.0-20181016184325-3113b8401b8a"}, + {Name: "github.com/remyoudompheng/bigfft", Version: "v0.0.0-20170806203942-52369c62f446"}, + {Name: "github.com/rogpeppe/fastuuid", Version: "v0.0.0-20150106093220-6724a57986af"}, + {Name: "github.com/rogpeppe/go-charset", Version: "v0.0.0-20180617210344-2471d30d28b4"}, + {Name: "github.com/rogpeppe/go-internal", Version: "v1.3.0"}, + {Name: "github.com/rubiojr/go-vhd", Version: "v0.0.0-20160810183302-0bfd3b39853c"}, + {Name: "github.com/russross/blackfriday", Version: "v1.5.2"}, + {Name: "github.com/russross/blackfriday/v2", Version: "v2.0.1"}, + {Name: "github.com/saracen/walker", Version: "v0.0.0-20191201085201-324a081bae7e"}, + {Name: "github.com/satori/go.uuid", Version: "v1.2.0"}, + {Name: "github.com/sclevine/spec", Version: "v1.2.0"}, + {Name: "github.com/sergi/go-diff", Version: "v1.1.0"}, + {Name: "github.com/shurcooL/sanitized_anchor_name", Version: "v1.0.0"}, + {Name: "github.com/simplereach/timeutils", Version: "v1.2.0"}, + {Name: "github.com/sirupsen/logrus", Version: "v1.5.0"}, + {Name: "github.com/smartystreets/assertions", Version: "v1.2.0"}, + {Name: "github.com/smartystreets/goconvey", Version: "v1.6.4"}, + {Name: "github.com/soheilhy/cmux", Version: "v0.1.4"}, + {Name: "github.com/sosedoff/gitkit", Version: "v0.2.0"}, + {Name: "github.com/spf13/afero", Version: "v1.2.2"}, + {Name: "github.com/spf13/cast", Version: "v1.3.0"}, + {Name: "github.com/spf13/cobra", Version: "v0.0.5"}, + {Name: "github.com/spf13/jwalterweatherman", Version: "v1.0.0"}, + {Name: "github.com/spf13/pflag", Version: "v1.0.5"}, + {Name: "github.com/spf13/viper", Version: "v1.3.2"}, + {Name: "github.com/stretchr/objx", Version: "v0.3.0"}, + {Name: "github.com/stretchr/testify", Version: "v1.6.1"}, + {Name: "github.com/testcontainers/testcontainers-go", Version: "v0.3.1"}, + {Name: "github.com/tmc/grpc-websocket-proxy", Version: "v0.0.0-20170815181823-89b8d40f7ca8"}, + {Name: "github.com/twitchtv/twirp", Version: "v5.10.1+incompatible"}, + {Name: "github.com/ugorji/go", Version: "v1.1.7"}, + {Name: "github.com/ugorji/go/codec", Version: "v1.1.7"}, + {Name: "github.com/urfave/cli", Version: "v1.22.5"}, + {Name: "github.com/urfave/cli/v2", Version: "v2.3.0"}, + {Name: "github.com/vdemeester/k8s-pkg-credentialprovider", Version: "v1.17.4"}, + {Name: "github.com/vmware/govmomi", Version: "v0.20.3"}, + {Name: "github.com/xanzy/ssh-agent", Version: "v0.2.1"}, + {Name: "github.com/xiang90/probing", Version: "v0.0.0-20190116061207-43a291ad63a2"}, + {Name: "github.com/xordataexchange/crypt", Version: "v0.0.3-0.20170626215501-b2862e3d0a77"}, + {Name: "github.com/yashtewari/glob-intersection", Version: "v0.0.0-20180916065949-5c77d914dd0b"}, + {Name: "github.com/yuin/goldmark", Version: "v1.1.32"}, + {Name: "github.com/yuin/gopher-lua", Version: "v0.0.0-20191220021717-ab39c6098bdb"}, + {Name: "go.etcd.io/bbolt", Version: "v1.3.5"}, + {Name: "go.etcd.io/etcd", Version: "v0.0.0-20191023171146-3cf2f69b5738"}, + {Name: "go.opencensus.io", Version: "v0.22.4"}, + {Name: "go.opentelemetry.io/otel", Version: "v0.14.0"}, + {Name: "go.uber.org/atomic", Version: "v1.5.1"}, + {Name: "go.uber.org/multierr", Version: "v1.4.0"}, + {Name: "go.uber.org/tools", Version: "v0.0.0-20190618225709-2cfd321de3ee"}, + {Name: "go.uber.org/zap", Version: "v1.13.0"}, + {Name: "golang.org/x/crypto", Version: "v0.0.0-20201002170205-7f63de1d35b0"}, + {Name: "golang.org/x/exp", Version: "v0.0.0-20200224162631-6cc2880d07d6"}, + {Name: "golang.org/x/image", Version: "v0.0.0-20190802002840-cff245a6509b"}, + {Name: "golang.org/x/lint", Version: "v0.0.0-20200302205851-738671d3881b"}, + {Name: "golang.org/x/mobile", Version: "v0.0.0-20190719004257-d2bd2a29d028"}, + {Name: "golang.org/x/mod", Version: "v0.3.0"}, + {Name: "golang.org/x/net", Version: "v0.0.0-20201006153459-a7d1128ccaa0"}, + {Name: "golang.org/x/oauth2", Version: "v0.0.0-20201208152858-08078c50e5b5"}, + {Name: "golang.org/x/sync", Version: "v0.0.0-20200625203802-6e8e738ad208"}, + {Name: "golang.org/x/sys", Version: "v0.0.0-20201006155630-ac719f4daadf"}, + {Name: "golang.org/x/text", Version: "v0.3.3"}, + {Name: "golang.org/x/time", Version: "v0.0.0-20191024005414-555d28b269f0"}, + {Name: "golang.org/x/tools", Version: "v0.0.0-20200825202427-b303f430e36d"}, + {Name: "golang.org/x/xerrors", Version: "v0.0.0-20200804184101-5ec99f83aff1"}, + {Name: "gonum.org/v1/gonum", Version: "v0.0.0-20190331200053-3d26580ed485"}, + {Name: "gonum.org/v1/netlib", Version: "v0.0.0-20190331212654-76723241ea4e"}, + {Name: "google.golang.org/api", Version: "v0.30.0"}, + {Name: "google.golang.org/appengine", Version: "v1.6.6"}, + {Name: "google.golang.org/genproto", Version: "v0.0.0-20200825200019-8632dd797987"}, + {Name: "google.golang.org/grpc", Version: "v1.31.0"}, + {Name: "google.golang.org/protobuf", Version: "v1.25.0"}, + {Name: "gopkg.in/alecthomas/kingpin.v2", Version: "v2.2.6"}, + {Name: "gopkg.in/check.v1", Version: "v1.0.0-20200902074654-038fdea0a05b"}, + {Name: "gopkg.in/cheggaaa/pb.v1", Version: "v1.0.28"}, + {Name: "gopkg.in/errgo.v2", Version: "v2.1.0"}, + {Name: "gopkg.in/fsnotify.v1", Version: "v1.4.7"}, + {Name: "gopkg.in/gcfg.v1", Version: "v1.2.0"}, + {Name: "gopkg.in/go-playground/assert.v1", Version: "v1.2.1"}, + {Name: "gopkg.in/go-playground/validator.v9", Version: "v9.31.0"}, + {Name: "gopkg.in/inf.v0", Version: "v0.9.1"}, + {Name: "gopkg.in/mgo.v2", Version: "v2.0.0-20180705113604-9856a29383ce"}, + {Name: "gopkg.in/natefinch/lumberjack.v2", Version: "v2.0.0"}, + {Name: "gopkg.in/resty.v1", Version: "v1.12.0"}, + {Name: "gopkg.in/square/go-jose.v2", Version: "v2.2.2"}, + {Name: "gopkg.in/tomb.v1", Version: "v1.0.0-20141024135613-dd632973f1e7"}, + {Name: "gopkg.in/warnings.v0", Version: "v0.1.2"}, + {Name: "gopkg.in/yaml.v2", Version: "v2.4.0"}, + {Name: "gopkg.in/yaml.v3", Version: "v3.0.0-20200615113413-eeeca48fe776"}, + {Name: "gotest.tools", Version: "v2.2.0+incompatible"}, + {Name: "honnef.co/go/tools", Version: "v0.0.1-2020.1.4"}, + {Name: "k8s.io/api", Version: "v0.17.4"}, + {Name: "k8s.io/apimachinery", Version: "v0.17.4"}, + {Name: "k8s.io/apiserver", Version: "v0.17.4"}, + {Name: "k8s.io/client-go", Version: "v0.17.4"}, + {Name: "k8s.io/cloud-provider", Version: "v0.17.4"}, + {Name: "k8s.io/code-generator", Version: "v0.17.2"}, + {Name: "k8s.io/component-base", Version: "v0.17.4"}, + {Name: "k8s.io/csi-translation-lib", Version: "v0.17.4"}, + {Name: "k8s.io/gengo", Version: "v0.0.0-20190822140433-26a664648505"}, + {Name: "k8s.io/klog", Version: "v1.0.0"}, + {Name: "k8s.io/klog/v2", Version: "v2.0.0"}, + {Name: "k8s.io/kube-openapi", Version: "v0.0.0-20191107075043-30be4d16710a"}, + {Name: "k8s.io/legacy-cloud-providers", Version: "v0.17.4"}, + {Name: "k8s.io/utils", Version: "v0.0.0-20201110183641-67b214c5f920"}, + {Name: "modernc.org/cc", Version: "v1.0.0"}, + {Name: "modernc.org/golex", Version: "v1.0.0"}, + {Name: "modernc.org/mathutil", Version: "v1.0.0"}, + {Name: "modernc.org/strutil", Version: "v1.0.0"}, + {Name: "modernc.org/xc", Version: "v1.0.0"}, + {Name: "moul.io/http2curl", Version: "v1.0.0"}, + {Name: "rsc.io/binaryregexp", Version: "v0.2.0"}, + {Name: "rsc.io/quote/v3", Version: "v3.1.0"}, + {Name: "rsc.io/sampler", Version: "v1.3.0"}, + {Name: "sigs.k8s.io/structured-merge-diff", Version: "v1.0.1-0.20191108220359-b1b620dd3f06"}, + {Name: "sigs.k8s.io/yaml", Version: "v1.1.0"}, } ) diff --git a/pkg/fanal/analyzer/language/golang/binary/binary_test.go b/pkg/fanal/analyzer/language/golang/binary/binary_test.go index 70256113cfd3..041d43e1b45b 100644 --- a/pkg/fanal/analyzer/language/golang/binary/binary_test.go +++ b/pkg/fanal/analyzer/language/golang/binary/binary_test.go @@ -36,7 +36,7 @@ func Test_gobinaryLibraryAnalyzer_Analyze(t *testing.T) { }, { Name: "stdlib", - Version: "1.15.2", + Version: "v1.15.2", Relationship: types.RelationshipDirect, }, { diff --git a/pkg/fanal/analyzer/language/golang/mod/mod.go b/pkg/fanal/analyzer/language/golang/mod/mod.go index 398511fdc63c..52d7b32f3bee 100644 --- a/pkg/fanal/analyzer/language/golang/mod/mod.go +++ b/pkg/fanal/analyzer/language/golang/mod/mod.go @@ -148,7 +148,7 @@ func (a *gomodAnalyzer) fillAdditionalData(apps []types.Application) error { } // e.g. $GOPATH/pkg/mod/github.com/aquasecurity/go-dep-parser@v1.0.0 - modDir := filepath.Join(modPath, fmt.Sprintf("%s@v%s", normalizeModName(lib.Name), lib.Version)) + modDir := filepath.Join(modPath, fmt.Sprintf("%s@%s", normalizeModName(lib.Name), lib.Version)) // Collect licenses if licenseNames, err := findLicense(modDir, a.licenseClassifierConfidenceLevel); err != nil { diff --git a/pkg/fanal/analyzer/language/golang/mod/mod_test.go b/pkg/fanal/analyzer/language/golang/mod/mod_test.go index 5cf006430aca..3963bcebbad9 100644 --- a/pkg/fanal/analyzer/language/golang/mod/mod_test.go +++ b/pkg/fanal/analyzer/language/golang/mod/mod_test.go @@ -46,7 +46,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20220406074731-71021a481237", + Version: "v0.0.0-20220406074731-71021a481237", Relationship: types.RelationshipDirect, Licenses: []string{"MIT"}, ExternalReferences: []types.ExternalRef{ @@ -62,7 +62,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { { ID: "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1", Name: "golang.org/x/xerrors", - Version: "0.0.0-20200804184101-5ec99f83aff1", + Version: "v0.0.0-20200804184101-5ec99f83aff1", Relationship: types.RelationshipIndirect, Indirect: true, }, @@ -96,7 +96,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { { ID: "github.com/sad/sad@v0.0.1", Name: "github.com/sad/sad", - Version: "0.0.1", + Version: "v0.0.1", Relationship: types.RelationshipDirect, ExternalReferences: []types.ExternalRef{ { @@ -136,7 +136,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20230219131432-590b1dfb6edd", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20230219131432-590b1dfb6edd", + Version: "v0.0.0-20230219131432-590b1dfb6edd", Relationship: types.RelationshipDirect, DependsOn: []string{ "github.com/BurntSushi/toml@v0.3.1", @@ -151,7 +151,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { { ID: "github.com/BurntSushi/toml@v0.3.1", Name: "github.com/BurntSushi/toml", - Version: "0.3.1", + Version: "v0.3.1", Relationship: types.RelationshipIndirect, Indirect: true, Licenses: []string{ @@ -188,7 +188,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20230219131432-590b1dfb6edd", Name: "github.com/aquasecurity/go-dep-parser", - Version: "0.0.0-20230219131432-590b1dfb6edd", + Version: "v0.0.0-20230219131432-590b1dfb6edd", Relationship: types.RelationshipDirect, DependsOn: []string{}, ExternalReferences: []types.ExternalRef{ diff --git a/pkg/purl/purl_test.go b/pkg/purl/purl_test.go index 25e9e7829d7b..d5ba15300393 100644 --- a/pkg/purl/purl_test.go +++ b/pkg/purl/purl_test.go @@ -809,38 +809,38 @@ func TestPackageURL_Match(t *testing.T) { }{ { name: "same purl", - constraint: "pkg:golang/github.com/aquasecurity/trivy@0.49.0", - target: "pkg:golang/github.com/aquasecurity/trivy@0.49.0", + constraint: "pkg:golang/github.com/aquasecurity/trivy@v0.49.0", + target: "pkg:golang/github.com/aquasecurity/trivy@v0.49.0", want: true, }, { name: "different type", - constraint: "pkg:golang/github.com/aquasecurity/trivy@0.49.0", + constraint: "pkg:golang/github.com/aquasecurity/trivy@v0.49.0", target: "pkg:maven/github.com/aquasecurity/trivy@0.49.0", want: false, }, { name: "different namespace", - constraint: "pkg:golang/github.com/aquasecurity/trivy@0.49.0", - target: "pkg:golang/github.com/aquasecurity2/trivy@0.49.0", + constraint: "pkg:golang/github.com/aquasecurity/trivy@v0.49.0", + target: "pkg:golang/github.com/aquasecurity2/trivy@v.49.0", want: false, }, { name: "different name", - constraint: "pkg:golang/github.com/aquasecurity/trivy@0.49.0", - target: "pkg:golang/github.com/aquasecurity/tracee@0.49.0", + constraint: "pkg:golang/github.com/aquasecurity/trivy@v0.49.0", + target: "pkg:golang/github.com/aquasecurity/tracee@v0.49.0", want: false, }, { name: "different version", - constraint: "pkg:golang/github.com/aquasecurity/trivy@0.49.0", - target: "pkg:golang/github.com/aquasecurity/trivy@0.49.1", + constraint: "pkg:golang/github.com/aquasecurity/trivy@v0.49.0", + target: "pkg:golang/github.com/aquasecurity/trivy@v0.49.1", want: false, }, { name: "version wildcard", constraint: "pkg:golang/github.com/aquasecurity/trivy", - target: "pkg:golang/github.com/aquasecurity/trivy@0.50.0", + target: "pkg:golang/github.com/aquasecurity/trivy@v0.50.0", want: true, }, { diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go index 289ec2ee0c63..08b523dd2dde 100644 --- a/pkg/result/filter_test.go +++ b/pkg/result/filter_test.go @@ -21,16 +21,16 @@ import ( func TestFilter(t *testing.T) { var ( pkg1 = ftypes.Package{ - ID: "foo@1.2.3", + ID: "foo@v1.2.3", Name: "foo", - Version: "1.2.3", + Version: "v1.2.3", Identifier: ftypes.PkgIdentifier{ UID: "01", PURL: &packageurl.PackageURL{ Type: packageurl.TypeGolang, Namespace: "github.com/aquasecurity", Name: "foo", - Version: "1.2.3", + Version: "v1.2.3", }, }, } @@ -90,14 +90,14 @@ func TestFilter(t *testing.T) { vuln6 = types.DetectedVulnerability{ VulnerabilityID: "CVE-2019-0006", PkgName: "foo", - InstalledVersion: "1.2.3", + InstalledVersion: "v1.2.3", FixedVersion: "1.2.4", PkgIdentifier: ftypes.PkgIdentifier{ PURL: &packageurl.PackageURL{ Type: packageurl.TypeGolang, Namespace: "github.com/aquasecurity", Name: "foo", - Version: "1.2.3", + Version: "v1.2.3", }, }, Vulnerability: dbTypes.Vulnerability{ @@ -107,14 +107,14 @@ func TestFilter(t *testing.T) { vuln7 = types.DetectedVulnerability{ VulnerabilityID: "CVE-2019-0007", PkgName: "bar", - InstalledVersion: "2.3.4", + InstalledVersion: "v2.3.4", FixedVersion: "2.3.5", PkgIdentifier: ftypes.PkgIdentifier{ PURL: &packageurl.PackageURL{ Type: packageurl.TypeGolang, Namespace: "github.com/aquasecurity", Name: "bar", - Version: "2.3.4", + Version: "v2.3.4", }, }, Vulnerability: dbTypes.Vulnerability{ diff --git a/pkg/result/testdata/openvex.json b/pkg/result/testdata/openvex.json index dcdd344700c7..385f22e47deb 100644 --- a/pkg/result/testdata/openvex.json +++ b/pkg/result/testdata/openvex.json @@ -8,7 +8,7 @@ { "vulnerability": {"name": "CVE-2019-0001"}, "products": [ - {"@id": "pkg:golang/github.com/aquasecurity/foo@1.2.3"} + {"@id": "pkg:golang/github.com/aquasecurity/foo@v1.2.3"} ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path" diff --git a/pkg/sbom/io/encode_test.go b/pkg/sbom/io/encode_test.go index 52fbed415933..5a5b821590b8 100644 --- a/pkg/sbom/io/encode_test.go +++ b/pkg/sbom/io/encode_test.go @@ -461,7 +461,7 @@ func TestEncoder_Encode(t *testing.T) { Type: packageurl.TypeGolang, Namespace: "github.com/org", Name: "direct", - Version: "1.0.0", + Version: "v1.0.0", }, }, Relationship: ftypes.RelationshipDirect, @@ -472,28 +472,28 @@ func TestEncoder_Encode(t *testing.T) { { ID: "github.com/org/indirect@v2.0.0", Name: "github.com/org/indirect", - Version: "2.0.0", + Version: "v2.0.0", Identifier: ftypes.PkgIdentifier{ UID: "955AB4E7E24AC085", PURL: &packageurl.PackageURL{ Type: packageurl.TypeGolang, Namespace: "github.com/org", Name: "indirect", - Version: "2.0.0", + Version: "v2.0.0", }, }, Relationship: ftypes.RelationshipIndirect, }, { - ID: "stdlib@1.22.1", + ID: "stdlib@v1.22.1", Name: "stdlib", - Version: "1.22.1", + Version: "v1.22.1", Identifier: ftypes.PkgIdentifier{ UID: "49728B9674E318A6", PURL: &packageurl.PackageURL{ Type: packageurl.TypeGolang, Name: "stdlib", - Version: "1.22.1", + Version: "v1.22.1", }, }, Relationship: ftypes.RelationshipDirect, @@ -561,7 +561,7 @@ func TestEncoder_Encode(t *testing.T) { uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000004"): { Type: core.TypeLibrary, Name: "github.com/org/direct", - Version: "1.0.0", + Version: "v1.0.0", SrcFile: "test", Properties: []core.Property{ { @@ -579,15 +579,15 @@ func TestEncoder_Encode(t *testing.T) { Type: packageurl.TypeGolang, Namespace: "github.com/org", Name: "direct", - Version: "1.0.0", + Version: "v1.0.0", }, - BOMRef: "pkg:golang/github.com/org/direct@1.0.0", + BOMRef: "pkg:golang/github.com/org/direct@v1.0.0", }, }, uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000005"): { Type: core.TypeLibrary, Name: "github.com/org/indirect", - Version: "2.0.0", + Version: "v2.0.0", SrcFile: "test", Properties: []core.Property{ { @@ -605,20 +605,20 @@ func TestEncoder_Encode(t *testing.T) { Type: packageurl.TypeGolang, Namespace: "github.com/org", Name: "indirect", - Version: "2.0.0", + Version: "v2.0.0", }, - BOMRef: "pkg:golang/github.com/org/indirect@2.0.0", + BOMRef: "pkg:golang/github.com/org/indirect@v2.0.0", }, }, uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000006"): { Type: core.TypeLibrary, Name: "stdlib", - Version: "1.22.1", + Version: "v1.22.1", SrcFile: "test", Properties: []core.Property{ { Name: core.PropertyPkgID, - Value: "stdlib@1.22.1", + Value: "stdlib@v1.22.1", }, { Name: core.PropertyPkgType, @@ -630,9 +630,9 @@ func TestEncoder_Encode(t *testing.T) { PURL: &packageurl.PackageURL{ Type: packageurl.TypeGolang, Name: "stdlib", - Version: "1.22.1", + Version: "v1.22.1", }, - BOMRef: "pkg:golang/stdlib@1.22.1", + BOMRef: "pkg:golang/stdlib@v1.22.1", }, }, }, diff --git a/pkg/vex/testdata/csaf-relationships.json b/pkg/vex/testdata/csaf-relationships.json index 2e823d17a2c6..18c311228206 100644 --- a/pkg/vex/testdata/csaf-relationships.json +++ b/pkg/vex/testdata/csaf-relationships.json @@ -42,7 +42,7 @@ "name": "go-direct1 v2.0.0", "product_id": "go-direct1-v2.0.0", "product_identification_helper": { - "purl": "pkg:golang/github.com/aquasecurity/go-direct1@2.0.0" + "purl": "pkg:golang/github.com/aquasecurity/go-direct1@v2.0.0" } } } @@ -65,7 +65,7 @@ "name": "go-transitive v4.0.0", "product_id": "go-transitive-v4.0.0", "product_identification_helper": { - "purl": "pkg:golang/github.com/aquasecurity/go-transitive@4.0.0" + "purl": "pkg:golang/github.com/aquasecurity/go-transitive@v4.0.0" } } } diff --git a/pkg/vex/testdata/csaf.json b/pkg/vex/testdata/csaf.json index 70afefe70205..182856f96a51 100644 --- a/pkg/vex/testdata/csaf.json +++ b/pkg/vex/testdata/csaf.json @@ -50,7 +50,7 @@ "name": "go-transitive v4.0.0", "product_id": "go-transitive-v4.0.0", "product_identification_helper": { - "purl": "pkg:golang/github.com/aquasecurity/go-transitive@4.0.0" + "purl": "pkg:golang/github.com/aquasecurity/go-transitive@v4.0.0" } } } diff --git a/pkg/vex/testdata/openvex-nested.json b/pkg/vex/testdata/openvex-nested.json index da7dd68615a5..637603d9e48c 100644 --- a/pkg/vex/testdata/openvex-nested.json +++ b/pkg/vex/testdata/openvex-nested.json @@ -11,10 +11,10 @@ }, "products": [ { - "@id": "pkg:golang/github.com/aquasecurity/go-direct1@2.0.0", + "@id": "pkg:golang/github.com/aquasecurity/go-direct1@v2.0.0", "subcomponents": [ { - "@id": "pkg:golang/github.com/aquasecurity/go-transitive@4.0.0" + "@id": "pkg:golang/github.com/aquasecurity/go-transitive@v4.0.0" } ] } diff --git a/pkg/vex/vex_test.go b/pkg/vex/vex_test.go index 4a9686972a5e..bc7a5c069402 100644 --- a/pkg/vex/vex_test.go +++ b/pkg/vex/vex_test.go @@ -58,9 +58,9 @@ var ( }, } goModulePackage = ftypes.Package{ - ID: "github.com/aquasecurity/go-module@1.0.0", + ID: "github.com/aquasecurity/go-module@v1.0.0", Name: "github.com/aquasecurity/go-module", - Version: "1.0.0", + Version: "v1.0.0", Relationship: ftypes.RelationshipRoot, Identifier: ftypes.PkgIdentifier{ UID: "03", @@ -68,14 +68,14 @@ var ( Type: packageurl.TypeGolang, Namespace: "github.com/aquasecurity", Name: "go-module", - Version: "1.0.0", + Version: "v1.0.0", }, }, } goDirectPackage1 = ftypes.Package{ - ID: "github.com/aquasecurity/go-direct1@2.0.0", + ID: "github.com/aquasecurity/go-direct1@v2.0.0", Name: "github.com/aquasecurity/go-direct1", - Version: "2.0.0", + Version: "v2.0.0", Relationship: ftypes.RelationshipDirect, Identifier: ftypes.PkgIdentifier{ UID: "04", @@ -83,14 +83,14 @@ var ( Type: packageurl.TypeGolang, Namespace: "github.com/aquasecurity", Name: "go-direct1", - Version: "2.0.0", + Version: "v2.0.0", }, }, } goDirectPackage2 = ftypes.Package{ - ID: "github.com/aquasecurity/go-direct2@3.0.0", + ID: "github.com/aquasecurity/go-direct2@v3.0.0", Name: "github.com/aquasecurity/go-direct2", - Version: "3.0.0", + Version: "v3.0.0", Relationship: ftypes.RelationshipDirect, Identifier: ftypes.PkgIdentifier{ UID: "05", @@ -98,14 +98,14 @@ var ( Type: packageurl.TypeGolang, Namespace: "github.com/aquasecurity", Name: "go-direct2", - Version: "3.0.0", + Version: "v3.0.0", }, }, } goTransitivePackage = ftypes.Package{ - ID: "github.com/aquasecurity/go-transitive@4.0.0", + ID: "github.com/aquasecurity/go-transitive@v4.0.0", Name: "github.com/aquasecurity/go-transitive", - Version: "4.0.0", + Version: "v4.0.0", Relationship: ftypes.RelationshipIndirect, Identifier: ftypes.PkgIdentifier{ UID: "06", @@ -113,7 +113,7 @@ var ( Type: packageurl.TypeGolang, Namespace: "github.com/aquasecurity", Name: "go-transitive", - Version: "4.0.0", + Version: "v4.0.0", }, }, } @@ -646,9 +646,9 @@ func goSinglePathResult(result types.Result) types.Result { result.Type = ftypes.GoModule result.Class = types.ClassLangPkg - // - pkg:golang/github.com/aquasecurity/go-module@1.0.0 - // - pkg:golang/github.com/aquasecurity/go-direct1@2.0.0 - // - pkg:golang/github.com/aquasecurity/go-transitive@4.0.0 + // - pkg:golang/github.com/aquasecurity/go-module@v1.0.0 + // - pkg:golang/github.com/aquasecurity/go-direct1@v2.0.0 + // - pkg:golang/github.com/aquasecurity/go-transitive@v4.0.0 goModule := clonePackage(goModulePackage) goDirect1 := clonePackage(goDirectPackage1) goTransitive := clonePackage(goTransitivePackage) @@ -667,11 +667,11 @@ func goMultiPathResult(result types.Result) types.Result { result.Type = ftypes.GoModule result.Class = types.ClassLangPkg - // - pkg:golang/github.com/aquasecurity/go-module@2.0.0 - // - pkg:golang/github.com/aquasecurity/go-direct1@3.0.0 - // - pkg:golang/github.com/aquasecurity/go-transitive@5.0.0 - // - pkg:golang/github.com/aquasecurity/go-direct2@4.0.0 - // - pkg:golang/github.com/aquasecurity/go-transitive@5.0.0 + // - pkg:golang/github.com/aquasecurity/go-module@v2.0.0 + // - pkg:golang/github.com/aquasecurity/go-direct1@v3.0.0 + // - pkg:golang/github.com/aquasecurity/go-transitive@v5.0.0 + // - pkg:golang/github.com/aquasecurity/go-direct2@v4.0.0 + // - pkg:golang/github.com/aquasecurity/go-transitive@v5.0.0 goModule := clonePackage(goModulePackage) goDirect1 := clonePackage(goDirectPackage1) goDirect2 := clonePackage(goDirectPackage2)