diff --git a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden index 9f23585a01da..3afc57682556 100644 --- a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden @@ -111,7 +111,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.118" } - ] + ], + "supplier": { + "name": "Debian Adduser Developers " + } }, { "bom-ref": "pkg:deb/debian/apt@1.8.2?arch=amd64&distro=debian-10.2", @@ -156,7 +159,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.8.2" } - ] + ], + "supplier": { + "name": "APT Development Team " + } }, { "bom-ref": "pkg:deb/debian/base-files@10.3%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -196,7 +202,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "10.3+deb10u2" } - ] + ], + "supplier": { + "name": "Santiago Vila " + } }, { "bom-ref": "pkg:deb/debian/base-passwd@3.5.46?arch=amd64&distro=debian-10.2", @@ -241,7 +250,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.5.46" } - ] + ], + "supplier": { + "name": "Colin Watson " + } }, { "bom-ref": "pkg:deb/debian/bash@5.0-4?arch=amd64&distro=debian-10.2", @@ -285,7 +297,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "5.0" } - ] + ], + "supplier": { + "name": "Matthias Klose " + } }, { "bom-ref": "pkg:deb/debian/bsdutils@2.33.1-0.1?arch=amd64&distro=debian-10.2&epoch=1", @@ -399,7 +414,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.33.1" } - ] + ], + "supplier": { + "name": "LaMont Jones " + } }, { "bom-ref": "pkg:deb/debian/ca-certificates@20190110?arch=all&distro=debian-10.2", @@ -449,7 +467,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "20190110" } - ] + ], + "supplier": { + "name": "Michael Shuler " + } }, { "bom-ref": "pkg:deb/debian/coreutils@8.30-3?arch=amd64&distro=debian-10.2", @@ -493,7 +514,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "8.30" } - ] + ], + "supplier": { + "name": "Michael Stone " + } }, { "bom-ref": "pkg:deb/debian/dash@0.5.10.2-5?arch=amd64&distro=debian-10.2", @@ -537,7 +561,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "0.5.10.2" } - ] + ], + "supplier": { + "name": "Andrej Shadura " + } }, { "bom-ref": "pkg:deb/debian/debconf@1.5.71?arch=all&distro=debian-10.2", @@ -577,7 +604,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.5.71" } - ] + ], + "supplier": { + "name": "Debconf Developers " + } }, { "bom-ref": "pkg:deb/debian/debian-archive-keyring@2019.1?arch=all&distro=debian-10.2", @@ -617,7 +647,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2019.1" } - ] + ], + "supplier": { + "name": "Debian Release Team " + } }, { "bom-ref": "pkg:deb/debian/debianutils@4.8.6.1?arch=amd64&distro=debian-10.2", @@ -657,7 +690,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "4.8.6.1" } - ] + ], + "supplier": { + "name": "Clint Adams " + } }, { "bom-ref": "pkg:deb/debian/diffutils@3.7-3?arch=amd64&distro=debian-10.2&epoch=1", @@ -710,7 +746,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.7" } - ] + ], + "supplier": { + "name": "Santiago Vila " + } }, { "bom-ref": "pkg:deb/debian/dpkg@1.19.7?arch=amd64&distro=debian-10.2", @@ -770,7 +809,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.19.7" } - ] + ], + "supplier": { + "name": "Dpkg Developers " + } }, { "bom-ref": "pkg:deb/debian/e2fsprogs@1.44.5-1%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -819,7 +861,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.44.5" } - ] + ], + "supplier": { + "name": "Theodore Y. Ts'o " + } }, { "bom-ref": "pkg:deb/debian/fdisk@2.33.1-0.1?arch=amd64&distro=debian-10.2", @@ -933,7 +978,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.33.1" } - ] + ], + "supplier": { + "name": "LaMont Jones " + } }, { "bom-ref": "pkg:deb/debian/findutils@4.6.0%2Bgit%2B20190209-2?arch=amd64&distro=debian-10.2", @@ -982,7 +1030,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "4.6.0+git+20190209" } - ] + ], + "supplier": { + "name": "Andreas Metzler " + } }, { "bom-ref": "pkg:deb/debian/gcc-8-base@8.3.0-6?arch=amd64&distro=debian-10.2", @@ -1051,7 +1102,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "8.3.0" } - ] + ], + "supplier": { + "name": "Debian GCC Maintainers " + } }, { "bom-ref": "pkg:deb/debian/gpgv@2.2.12-1%2Bdeb10u1?arch=amd64&distro=debian-10.2", @@ -1150,7 +1204,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.2.12" } - ] + ], + "supplier": { + "name": "Debian GnuPG Maintainers " + } }, { "bom-ref": "pkg:deb/debian/grep@3.3-1?arch=amd64&distro=debian-10.2", @@ -1199,7 +1256,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.3" } - ] + ], + "supplier": { + "name": "Anibal Monsalve Salazar " + } }, { "bom-ref": "pkg:deb/debian/gzip@1.9-3?arch=amd64&distro=debian-10.2", @@ -1243,7 +1303,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.9" } - ] + ], + "supplier": { + "name": "Bdale Garbee " + } }, { "bom-ref": "pkg:deb/debian/hostname@3.21?arch=amd64&distro=debian-10.2", @@ -1283,7 +1346,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.21" } - ] + ], + "supplier": { + "name": "Michael Meskes " + } }, { "bom-ref": "pkg:deb/debian/init-system-helpers@1.56%2Bnmu1?arch=all&distro=debian-10.2", @@ -1333,7 +1399,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.56+nmu1" } - ] + ], + "supplier": { + "name": "Debian systemd Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libacl1@2.2.53-4?arch=amd64&distro=debian-10.2", @@ -1392,7 +1461,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.2.53" } - ] + ], + "supplier": { + "name": "Guillem Jover " + } }, { "bom-ref": "pkg:deb/debian/libapt-pkg5.0@1.8.2?arch=amd64&distro=debian-10.2", @@ -1437,7 +1509,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.8.2" } - ] + ], + "supplier": { + "name": "APT Development Team " + } }, { "bom-ref": "pkg:deb/debian/libattr1@2.4.48-4?arch=amd64&distro=debian-10.2&epoch=1", @@ -1500,7 +1575,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.4.48" } - ] + ], + "supplier": { + "name": "Guillem Jover " + } }, { "bom-ref": "pkg:deb/debian/libaudit-common@2.8.4-3?arch=all&distro=debian-10.2&epoch=1", @@ -1558,7 +1636,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.8.4" } - ] + ], + "supplier": { + "name": "Laurent Bigonville " + } }, { "bom-ref": "pkg:deb/debian/libaudit1@2.8.4-3?arch=amd64&distro=debian-10.2&epoch=1", @@ -1616,7 +1697,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.8.4" } - ] + ], + "supplier": { + "name": "Laurent Bigonville " + } }, { "bom-ref": "pkg:deb/debian/libblkid1@2.33.1-0.1?arch=amd64&distro=debian-10.2", @@ -1730,7 +1814,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.33.1" } - ] + ], + "supplier": { + "name": "LaMont Jones " + } }, { "bom-ref": "pkg:deb/debian/libbz2-1.0@1.0.6-9.2~deb10u1?arch=amd64&distro=debian-10.2", @@ -1779,7 +1866,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.0.6" } - ] + ], + "supplier": { + "name": "Anibal Monsalve Salazar " + } }, { "bom-ref": "pkg:deb/debian/libc-bin@2.28-10?arch=amd64&distro=debian-10.2", @@ -1828,7 +1918,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.28" } - ] + ], + "supplier": { + "name": "GNU Libc Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libc6@2.28-10?arch=amd64&distro=debian-10.2", @@ -1877,7 +1970,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.28" } - ] + ], + "supplier": { + "name": "GNU Libc Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libcap-ng0@0.7.9-2?arch=amd64&distro=debian-10.2", @@ -1931,7 +2027,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "0.7.9" } - ] + ], + "supplier": { + "name": "Pierre Chifflier " + } }, { "bom-ref": "pkg:deb/debian/libcom-err2@1.44.5-1%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -1968,7 +2067,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.44.5" } - ] + ], + "supplier": { + "name": "Theodore Y. Ts'o " + } }, { "bom-ref": "pkg:deb/debian/libdb5.3@5.3.28%2Bdfsg1-0.5?arch=amd64&distro=debian-10.2", @@ -2005,7 +2107,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "5.3.28+dfsg1" } - ] + ], + "supplier": { + "name": "Debian Berkeley DB Team " + } }, { "bom-ref": "pkg:deb/debian/libdebconfclient0@0.249?arch=amd64&distro=debian-10.2", @@ -2038,7 +2143,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "0.249" } - ] + ], + "supplier": { + "name": "Debian Install System Team " + } }, { "bom-ref": "pkg:deb/debian/libext2fs2@1.44.5-1%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -2087,7 +2195,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.44.5" } - ] + ], + "supplier": { + "name": "Theodore Y. Ts'o " + } }, { "bom-ref": "pkg:deb/debian/libfdisk1@2.33.1-0.1?arch=amd64&distro=debian-10.2", @@ -2201,7 +2312,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.33.1" } - ] + ], + "supplier": { + "name": "LaMont Jones " + } }, { "bom-ref": "pkg:deb/debian/libffi6@3.2.1-9?arch=amd64&distro=debian-10.2", @@ -2245,7 +2359,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.2.1" } - ] + ], + "supplier": { + "name": "Debian GCC Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libgcc1@8.3.0-6?arch=amd64&distro=debian-10.2&epoch=1", @@ -2282,7 +2399,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "8.3.0" } - ] + ], + "supplier": { + "name": "Debian GCC Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libgcrypt20@1.8.4-5?arch=amd64&distro=debian-10.2", @@ -2331,7 +2451,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.8.4" } - ] + ], + "supplier": { + "name": "Debian GnuTLS Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libgdbm-compat4@1.18.1-4?arch=amd64&distro=debian-10.2", @@ -2395,7 +2518,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.18.1" } - ] + ], + "supplier": { + "name": "Dmitry Bogatov " + } }, { "bom-ref": "pkg:deb/debian/libgdbm6@1.18.1-4?arch=amd64&distro=debian-10.2", @@ -2459,7 +2585,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.18.1" } - ] + ], + "supplier": { + "name": "Dmitry Bogatov " + } }, { "bom-ref": "pkg:deb/debian/libgmp10@6.1.2%2Bdfsg-4?arch=amd64&distro=debian-10.2&epoch=2", @@ -2522,7 +2651,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "6.1.2+dfsg" } - ] + ], + "supplier": { + "name": "Debian Science Team " + } }, { "bom-ref": "pkg:deb/debian/libgnutls30@3.6.7-4?arch=amd64&distro=debian-10.2", @@ -2616,7 +2748,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.6.7" } - ] + ], + "supplier": { + "name": "Debian GnuTLS Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libgpg-error0@1.35-1?arch=amd64&distro=debian-10.2", @@ -2685,7 +2820,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.35" } - ] + ], + "supplier": { + "name": "Debian GnuPG Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libhogweed4@3.4.1-1?arch=amd64&distro=debian-10.2", @@ -2722,7 +2860,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.4.1" } - ] + ], + "supplier": { + "name": "Magnus Holmgren " + } }, { "bom-ref": "pkg:deb/debian/libidn2-0@2.0.5-1?arch=amd64&distro=debian-10.2", @@ -2796,7 +2937,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.0.5" } - ] + ], + "supplier": { + "name": "Debian Libidn team " + } }, { "bom-ref": "pkg:deb/debian/libjemalloc2@5.1.0-3?arch=amd64&distro=debian-10.2", @@ -2865,7 +3009,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "5.1.0" } - ] + ], + "supplier": { + "name": "Faidon Liambotis " + } }, { "bom-ref": "pkg:deb/debian/liblz4-1@1.8.3-1?arch=amd64&distro=debian-10.2", @@ -2919,7 +3066,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.8.3" } - ] + ], + "supplier": { + "name": "Nobuhiro Iwamatsu " + } }, { "bom-ref": "pkg:deb/debian/liblzma5@5.2.4-1?arch=amd64&distro=debian-10.2", @@ -3033,7 +3183,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "5.2.4" } - ] + ], + "supplier": { + "name": "Jonathan Nieder " + } }, { "bom-ref": "pkg:deb/debian/libmount1@2.33.1-0.1?arch=amd64&distro=debian-10.2", @@ -3147,7 +3300,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.33.1" } - ] + ], + "supplier": { + "name": "LaMont Jones " + } }, { "bom-ref": "pkg:deb/debian/libncurses6@6.1%2B20181013-2%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -3184,7 +3340,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "6.1+20181013" } - ] + ], + "supplier": { + "name": "Craig Small " + } }, { "bom-ref": "pkg:deb/debian/libncursesw6@6.1%2B20181013-2%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -3221,7 +3380,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "6.1+20181013" } - ] + ], + "supplier": { + "name": "Craig Small " + } }, { "bom-ref": "pkg:deb/debian/libnettle6@3.4.1-1?arch=amd64&distro=debian-10.2", @@ -3305,7 +3467,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.4.1" } - ] + ], + "supplier": { + "name": "Magnus Holmgren " + } }, { "bom-ref": "pkg:deb/debian/libp11-kit0@0.23.15-2?arch=amd64&distro=debian-10.2", @@ -3369,7 +3534,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "0.23.15" } - ] + ], + "supplier": { + "name": "Debian GnuTLS Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libpam-modules-bin@1.3.1-5?arch=amd64&distro=debian-10.2", @@ -3413,7 +3581,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.3.1" } - ] + ], + "supplier": { + "name": "Steve Langasek " + } }, { "bom-ref": "pkg:deb/debian/libpam-modules@1.3.1-5?arch=amd64&distro=debian-10.2", @@ -3457,7 +3628,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.3.1" } - ] + ], + "supplier": { + "name": "Steve Langasek " + } }, { "bom-ref": "pkg:deb/debian/libpam-runtime@1.3.1-5?arch=all&distro=debian-10.2", @@ -3501,7 +3675,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.3.1" } - ] + ], + "supplier": { + "name": "Steve Langasek " + } }, { "bom-ref": "pkg:deb/debian/libpam0g@1.3.1-5?arch=amd64&distro=debian-10.2", @@ -3545,7 +3722,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.3.1" } - ] + ], + "supplier": { + "name": "Steve Langasek " + } }, { "bom-ref": "pkg:deb/debian/libpcre3@8.39-12?arch=amd64&distro=debian-10.2&epoch=2", @@ -3586,7 +3766,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "8.39" } - ] + ], + "supplier": { + "name": "Matthew Vernon " + } }, { "bom-ref": "pkg:deb/debian/libreadline7@7.0-5?arch=amd64&distro=debian-10.2", @@ -3635,7 +3818,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "7.0" } - ] + ], + "supplier": { + "name": "Matthias Klose " + } }, { "bom-ref": "pkg:deb/debian/libruby2.5@2.5.5-3%2Bdeb10u1?arch=amd64&distro=debian-10.2", @@ -3779,7 +3965,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.5.5" } - ] + ], + "supplier": { + "name": "Debian Ruby Team " + } }, { "bom-ref": "pkg:deb/debian/libseccomp2@2.3.3-4?arch=amd64&distro=debian-10.2", @@ -3823,7 +4012,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.3.3" } - ] + ], + "supplier": { + "name": "Kees Cook " + } }, { "bom-ref": "pkg:deb/debian/libselinux1@2.8-1%2Bb1?arch=amd64&distro=debian-10.2", @@ -3872,7 +4064,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.8" } - ] + ], + "supplier": { + "name": "Debian SELinux maintainers " + } }, { "bom-ref": "pkg:deb/debian/libsemanage-common@2.8-2?arch=all&distro=debian-10.2", @@ -3921,7 +4116,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.8" } - ] + ], + "supplier": { + "name": "Debian SELinux maintainers " + } }, { "bom-ref": "pkg:deb/debian/libsemanage1@2.8-2?arch=amd64&distro=debian-10.2", @@ -3970,7 +4168,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.8" } - ] + ], + "supplier": { + "name": "Debian SELinux maintainers " + } }, { "bom-ref": "pkg:deb/debian/libsepol1@2.8-1?arch=amd64&distro=debian-10.2", @@ -4019,7 +4220,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.8" } - ] + ], + "supplier": { + "name": "Debian SELinux maintainers " + } }, { "bom-ref": "pkg:deb/debian/libsmartcols1@2.33.1-0.1?arch=amd64&distro=debian-10.2", @@ -4133,7 +4337,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.33.1" } - ] + ], + "supplier": { + "name": "LaMont Jones " + } }, { "bom-ref": "pkg:deb/debian/libss2@1.44.5-1%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -4170,7 +4377,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.44.5" } - ] + ], + "supplier": { + "name": "Theodore Y. Ts'o " + } }, { "bom-ref": "pkg:deb/debian/libssl1.1@1.1.1d-0%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -4207,7 +4417,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.1.1d" } - ] + ], + "supplier": { + "name": "Debian OpenSSL Team " + } }, { "bom-ref": "pkg:deb/debian/libstdc%2B%2B6@8.3.0-6?arch=amd64&distro=debian-10.2", @@ -4244,7 +4457,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "8.3.0" } - ] + ], + "supplier": { + "name": "Debian GCC Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libsystemd0@241-7~deb10u2?arch=amd64&distro=debian-10.2", @@ -4318,7 +4534,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "241" } - ] + ], + "supplier": { + "name": "Debian systemd Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libtasn1-6@4.13-3?arch=amd64&distro=debian-10.2", @@ -4377,7 +4596,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "4.13" } - ] + ], + "supplier": { + "name": "Debian GnuTLS Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libtinfo6@6.1%2B20181013-2%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -4414,7 +4636,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "6.1+20181013" } - ] + ], + "supplier": { + "name": "Craig Small " + } }, { "bom-ref": "pkg:deb/debian/libudev1@241-7~deb10u2?arch=amd64&distro=debian-10.2", @@ -4488,7 +4713,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "241" } - ] + ], + "supplier": { + "name": "Debian systemd Maintainers " + } }, { "bom-ref": "pkg:deb/debian/libunistring2@0.9.10-1?arch=amd64&distro=debian-10.2", @@ -4582,7 +4810,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "0.9.10" } - ] + ], + "supplier": { + "name": "J\u00f6rg Frings-F\u00fcrst " + } }, { "bom-ref": "pkg:deb/debian/libuuid1@2.33.1-0.1?arch=amd64&distro=debian-10.2", @@ -4696,7 +4927,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.33.1" } - ] + ], + "supplier": { + "name": "LaMont Jones " + } }, { "bom-ref": "pkg:deb/debian/libyaml-0-2@0.2.1-1?arch=amd64&distro=debian-10.2", @@ -4745,7 +4979,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "0.2.1" } - ] + ], + "supplier": { + "name": "Anders Kaseorg " + } }, { "bom-ref": "pkg:deb/debian/libzstd1@1.3.8%2Bdfsg-3?arch=amd64&distro=debian-10.2", @@ -4809,7 +5046,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.3.8+dfsg" } - ] + ], + "supplier": { + "name": "Debian Med Packaging Team " + } }, { "bom-ref": "pkg:deb/debian/login@4.5-1.1?arch=amd64&distro=debian-10.2&epoch=1", @@ -4857,7 +5097,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "4.5" } - ] + ], + "supplier": { + "name": "Shadow package maintainers " + } }, { "bom-ref": "pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-10.2", @@ -4901,7 +5144,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.3.3" } - ] + ], + "supplier": { + "name": "Steve Langasek " + } }, { "bom-ref": "pkg:deb/debian/mount@2.33.1-0.1?arch=amd64&distro=debian-10.2", @@ -5015,7 +5261,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.33.1" } - ] + ], + "supplier": { + "name": "LaMont Jones " + } }, { "bom-ref": "pkg:deb/debian/ncurses-base@6.1%2B20181013-2%2Bdeb10u2?arch=all&distro=debian-10.2", @@ -5052,7 +5301,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "6.1+20181013" } - ] + ], + "supplier": { + "name": "Craig Small " + } }, { "bom-ref": "pkg:deb/debian/ncurses-bin@6.1%2B20181013-2%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -5089,7 +5341,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "6.1+20181013" } - ] + ], + "supplier": { + "name": "Craig Small " + } }, { "bom-ref": "pkg:deb/debian/openssl@1.1.1d-0%2Bdeb10u2?arch=amd64&distro=debian-10.2", @@ -5126,7 +5381,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.1.1d" } - ] + ], + "supplier": { + "name": "Debian OpenSSL Team " + } }, { "bom-ref": "pkg:deb/debian/passwd@4.5-1.1?arch=amd64&distro=debian-10.2&epoch=1", @@ -5174,7 +5432,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "4.5" } - ] + ], + "supplier": { + "name": "Shadow package maintainers " + } }, { "bom-ref": "pkg:deb/debian/perl-base@5.28.1-6?arch=amd64&distro=debian-10.2", @@ -5211,7 +5472,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "5.28.1" } - ] + ], + "supplier": { + "name": "Niko Tyni " + } }, { "bom-ref": "pkg:deb/debian/rake@12.3.1-3?arch=all&distro=debian-10.2", @@ -5255,7 +5519,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "12.3.1" } - ] + ], + "supplier": { + "name": "Debian Ruby Extras Maintainers " + } }, { "bom-ref": "pkg:deb/debian/readline-common@7.0-5?arch=all&distro=debian-10.2", @@ -5304,7 +5571,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "7.0" } - ] + ], + "supplier": { + "name": "Matthias Klose " + } }, { "bom-ref": "pkg:deb/debian/ruby-did-you-mean@1.2.1-1?arch=all&distro=debian-10.2", @@ -5348,7 +5618,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.2.1" } - ] + ], + "supplier": { + "name": "Debian Ruby Extras Maintainers " + } }, { "bom-ref": "pkg:deb/debian/ruby-minitest@5.11.3-1?arch=all&distro=debian-10.2", @@ -5392,7 +5665,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "5.11.3" } - ] + ], + "supplier": { + "name": "Debian Ruby Extras Maintainers " + } }, { "bom-ref": "pkg:deb/debian/ruby-net-telnet@0.1.1-2?arch=all&distro=debian-10.2", @@ -5436,7 +5712,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "0.1.1" } - ] + ], + "supplier": { + "name": "Debian Ruby Extras Maintainers " + } }, { "bom-ref": "pkg:deb/debian/ruby-power-assert@1.1.1-1?arch=all&distro=debian-10.2", @@ -5485,7 +5764,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.1.1" } - ] + ], + "supplier": { + "name": "Debian Ruby Extras Maintainers " + } }, { "bom-ref": "pkg:deb/debian/ruby-test-unit@3.2.8-1?arch=all&distro=debian-10.2", @@ -5544,7 +5826,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "3.2.8" } - ] + ], + "supplier": { + "name": "Debian Ruby Extras Maintainers " + } }, { "bom-ref": "pkg:deb/debian/ruby-xmlrpc@0.3.0-2?arch=all&distro=debian-10.2", @@ -5588,7 +5873,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "0.3.0" } - ] + ], + "supplier": { + "name": "Debian Ruby Extras Maintainers " + } }, { "bom-ref": "pkg:deb/debian/ruby2.5@2.5.5-3%2Bdeb10u1?arch=amd64&distro=debian-10.2", @@ -5732,7 +6020,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.5.5" } - ] + ], + "supplier": { + "name": "Debian Ruby Team " + } }, { "bom-ref": "pkg:deb/debian/ruby@2.5.1?arch=amd64&distro=debian-10.2&epoch=1", @@ -5781,7 +6072,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.5.1" } - ] + ], + "supplier": { + "name": "Antonio Terceiro " + } }, { "bom-ref": "pkg:deb/debian/rubygems-integration@1.11?arch=all&distro=debian-10.2", @@ -5821,7 +6115,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.11" } - ] + ], + "supplier": { + "name": "Debian Ruby Extras Maintainers " + } }, { "bom-ref": "pkg:deb/debian/sed@4.7-1?arch=amd64&distro=debian-10.2", @@ -5865,7 +6162,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "4.7" } - ] + ], + "supplier": { + "name": "Clint Adams " + } }, { "bom-ref": "pkg:deb/debian/sysvinit-utils@2.93-8?arch=amd64&distro=debian-10.2", @@ -5914,7 +6214,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.93" } - ] + ], + "supplier": { + "name": "Debian sysvinit maintainers " + } }, { "bom-ref": "pkg:deb/debian/tar@1.30%2Bdfsg-6?arch=amd64&distro=debian-10.2", @@ -5963,7 +6266,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.30+dfsg" } - ] + ], + "supplier": { + "name": "Bdale Garbee " + } }, { "bom-ref": "pkg:deb/debian/tzdata@2019c-0%2Bdeb10u1?arch=all&distro=debian-10.2", @@ -6000,7 +6306,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2019c" } - ] + ], + "supplier": { + "name": "GNU Libc Maintainers " + } }, { "bom-ref": "pkg:deb/debian/util-linux@2.33.1-0.1?arch=amd64&distro=debian-10.2", @@ -6114,7 +6423,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "2.33.1" } - ] + ], + "supplier": { + "name": "LaMont Jones " + } }, { "bom-ref": "pkg:deb/debian/zlib1g@1.2.11.dfsg-1?arch=amd64&distro=debian-10.2&epoch=1", @@ -6162,7 +6474,10 @@ "name": "aquasecurity:trivy:SrcVersion", "value": "1.2.11.dfsg" } - ] + ], + "supplier": { + "name": "Mark Brown " + } }, { "bom-ref": "pkg:gem/activesupport@6.0.2.1", @@ -9325,4 +9640,4 @@ } ], "vulnerabilities": [] -} +} \ No newline at end of file diff --git a/pkg/detector/library/driver.go b/pkg/detector/library/driver.go index 6990d3c7e84d..152096c2caea 100644 --- a/pkg/detector/library/driver.go +++ b/pkg/detector/library/driver.go @@ -133,6 +133,7 @@ func (d *Driver) DetectVulnerabilities(pkgID, pkgName, pkgVer string) ([]types.D InstalledVersion: pkgVer, FixedVersion: createFixedVersions(adv), DataSource: adv.DataSource, + Custom: adv.Custom, } vulns = append(vulns, vuln) } diff --git a/pkg/detector/library/driver_test.go b/pkg/detector/library/driver_test.go index 10c3ad304f29..cf8af718f783 100644 --- a/pkg/detector/library/driver_test.go +++ b/pkg/detector/library/driver_test.go @@ -182,6 +182,32 @@ func TestDriver_Detect(t *testing.T) { }, }, }, + { + name: "Custom data for vulnerability", + fixtures: []string{ + "testdata/fixtures/go-custom-data.yaml", + "testdata/fixtures/data-source.yaml", + }, + libType: ftypes.GoBinary, + args: args{ + pkgName: "github.com/docker/docker", + pkgVer: "23.0.14", + }, + want: []types.DetectedVulnerability{ + { + VulnerabilityID: "GHSA-v23v-6jw2-98fq", + PkgName: "github.com/docker/docker", + InstalledVersion: "23.0.14", + FixedVersion: "23.0.15, 26.1.5, 27.1.1, 25.0.6", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.GHSA, + Name: "GitHub Security Advisory Go", + URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago", + }, + Custom: map[string]any{"Severity": 2.0}, + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/pkg/detector/library/testdata/fixtures/data-source.yaml b/pkg/detector/library/testdata/fixtures/data-source.yaml index eeb4a57e9637..087f960d2c58 100644 --- a/pkg/detector/library/testdata/fixtures/data-source.yaml +++ b/pkg/detector/library/testdata/fixtures/data-source.yaml @@ -25,3 +25,8 @@ ID: "ghsa" Name: "GitHub Security Advisory Pip" URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + - key: "go::GitHub Security Advisory Go" + value: + ID: "ghsa" + Name: "GitHub Security Advisory Go" + URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" diff --git a/pkg/detector/library/testdata/fixtures/go-custom-data.yaml b/pkg/detector/library/testdata/fixtures/go-custom-data.yaml new file mode 100644 index 000000000000..aea7b8c7cd01 --- /dev/null +++ b/pkg/detector/library/testdata/fixtures/go-custom-data.yaml @@ -0,0 +1,18 @@ +- bucket: "go::GitHub Security Advisory Go" + pairs: + - bucket: github.com/docker/docker + pairs: + - key: "GHSA-v23v-6jw2-98fq" + value: + PatchedVersions: + - "23.0.15" + - "26.1.5" + - "27.1.1" + - "25.0.6" + VulnerableVersions: + - ">=19.03.0, <23.0.15" + - ">=26.0.0, <26.1.5" + - ">=27.0.0, <27.1.1" + - ">=24.0.0, <25.0.6" + Custom: + Severity: 2 \ No newline at end of file diff --git a/pkg/rpc/convert.go b/pkg/rpc/convert.go index 89097730111b..32ce9fc71124 100644 --- a/pkg/rpc/convert.go +++ b/pkg/rpc/convert.go @@ -71,6 +71,7 @@ func ConvertToRPCPkgs(pkgs []ftypes.Package) []*common.Package { DependsOn: pkg.DependsOn, Digest: pkg.Digest.String(), Indirect: pkg.Indirect, + Maintainer: pkg.Maintainer, }) } return rpcPkgs @@ -226,6 +227,7 @@ func ConvertFromRPCPkgs(rpcPkgs []*common.Package) []ftypes.Package { DependsOn: pkg.DependsOn, Digest: digest.Digest(pkg.Digest), Indirect: pkg.Indirect, + Maintainer: pkg.Maintainer, }) } return pkgs diff --git a/pkg/rpc/convert_test.go b/pkg/rpc/convert_test.go index 6f90c3b5cc8e..9c60a13c7337 100644 --- a/pkg/rpc/convert_test.go +++ b/pkg/rpc/convert_test.go @@ -183,6 +183,78 @@ func TestConvertFromRpcPkgs(t *testing.T) { }, }, }, + { + args: args{ + rpcPkgs: []*common.Package{ + { + Name: "binary", + Version: "4.2+dfsg", + Release: "0.1+deb7u4", + Epoch: 0, + Arch: "amd64", + SrcName: "bash", + SrcVersion: "4.2+dfsg", + SrcRelease: "0.1+deb7u4", + SrcEpoch: 0, + Licenses: []string{"GPL-3.0"}, + Locations: []*common.Location{ + { + StartLine: 10, + EndLine: 20, + }, + { + StartLine: 22, + EndLine: 32, + }, + }, + Layer: &common.Layer{ + Digest: "sha256:8d42b73fc1ddc2e9e66c954966f144665825e69f4ed10c66342ae7c26b38d4e4", + DiffId: "sha256:745d171eb8c3d69f788da3a1b053056231ad140b80be71d6869229846a1f3a77", + }, + Digest: "SHA1:901a7b55410321c4d35543506cff2a8613ef5aa2", + Indirect: false, + Identifier: &common.PkgIdentifier{ + Uid: "63f8bef824b960e3", + }, + Maintainer: "alice@example.com", + }, + }, + }, + want: []ftypes.Package{ + { + Name: "binary", + Version: "4.2+dfsg", + Release: "0.1+deb7u4", + Epoch: 0, + Arch: "amd64", + SrcName: "bash", + SrcVersion: "4.2+dfsg", + SrcRelease: "0.1+deb7u4", + SrcEpoch: 0, + Licenses: []string{"GPL-3.0"}, + Locations: []ftypes.Location{ + { + StartLine: 10, + EndLine: 20, + }, + { + StartLine: 22, + EndLine: 32, + }, + }, + Layer: ftypes.Layer{ + Digest: "sha256:8d42b73fc1ddc2e9e66c954966f144665825e69f4ed10c66342ae7c26b38d4e4", + DiffID: "sha256:745d171eb8c3d69f788da3a1b053056231ad140b80be71d6869229846a1f3a77", + }, + Digest: "SHA1:901a7b55410321c4d35543506cff2a8613ef5aa2", + Indirect: false, + Identifier: ftypes.PkgIdentifier{ + UID: "63f8bef824b960e3", + }, + Maintainer: "alice@example.com", + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/rpc/common/service.pb.go b/rpc/common/service.pb.go index c8290cc52818..1a769c877f36 100644 --- a/rpc/common/service.pb.go +++ b/rpc/common/service.pb.go @@ -465,6 +465,7 @@ type Package struct { Digest string `protobuf:"bytes,16,opt,name=digest,proto3" json:"digest,omitempty"` Dev bool `protobuf:"varint,17,opt,name=dev,proto3" json:"dev,omitempty"` Indirect bool `protobuf:"varint,18,opt,name=indirect,proto3" json:"indirect,omitempty"` + Maintainer string `protobuf:"bytes,21,opt,name=maintainer,proto3" json:"maintainer,omitempty"` } func (x *Package) Reset() { @@ -632,6 +633,13 @@ func (x *Package) GetIndirect() bool { return false } +func (x *Package) GetMaintainer() string { + if x != nil { + return x.Maintainer + } + return "" +} + type PkgIdentifier struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2428,7 +2436,7 @@ var file_rpc_common_service_proto_rawDesc = []byte{ 0x66, 0x69, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, - 0x65, 0x52, 0x08, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x22, 0xc1, 0x04, 0x0a, 0x07, + 0x65, 0x52, 0x08, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x22, 0xe1, 0x04, 0x0a, 0x07, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, @@ -2464,7 +2472,9 @@ var file_rpc_common_service_proto_rawDesc = []byte{ 0x65, 0x73, 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x6e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, - 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x6e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x22, + 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x6e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, + 0x1e, 0x0a, 0x0a, 0x6d, 0x61, 0x69, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x15, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x61, 0x69, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x22, 0x4e, 0x0a, 0x0d, 0x50, 0x6b, 0x67, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x75, 0x72, 0x6c, 0x12, 0x17, 0x0a, 0x07, 0x62, 0x6f, 0x6d, 0x5f, 0x72, 0x65, 0x66, 0x18, diff --git a/rpc/common/service.proto b/rpc/common/service.proto index e989738c285b..fb58da99c0f0 100644 --- a/rpc/common/service.proto +++ b/rpc/common/service.proto @@ -54,6 +54,7 @@ message Package { string digest = 16; bool dev = 17; bool indirect = 18; + string maintainer = 21; } message PkgIdentifier { @@ -68,11 +69,11 @@ message Location { } message Misconfiguration { - string file_type = 1; - string file_path = 2; - repeated MisconfResult successes = 3; - repeated MisconfResult warnings = 4; - repeated MisconfResult failures = 5; + string file_type = 1; + string file_path = 2; + repeated MisconfResult successes = 3; + repeated MisconfResult warnings = 4; + repeated MisconfResult failures = 5; reserved 6; // deprecated 'exceptions' }