safedep/vet
1
0
Fork 0
mirror of https://github.com/safedep/vet.git synced 2025-12-11 01:01:10 -06:00
Code Issues Packages Projects Releases 68 Wiki Activity
566 Commits 44 Branches 80 Tags
Commit Graph

24 Commits

Author SHA1 Message Date
Omkar Phansopkar
923fc4744c
Implemented CycloneDX reporter with metadata, packages & vulnerabilities (#434) 
* Implemented CycloneDX reporter with metadata, packages & vulnerabilities

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Refactor to using PtrTo instead of dereferencing

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Minor lint fixes

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Implemented CycloneDX features - Licenses, Vulnerability & annotations

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Support malware in cyclonedx bom

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Script for SPDX licenses, prevent duplicate vulnerabilities

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Fix comment typo

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Test cases for reader application names

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Replaced StringPtr with PtrTo

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Tests for cyclonedx reporter and cvss score calculation

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

---------

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-04-08 19:54:50 +05:30
Omkar Phansopkar
86382bbc70
Refactor tool meta data config & using separate vulncache 
Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
 2025-04-01 19:52:08 +05:30
Abhisek Datta
49b2e0f3df
feat: Add Support for GitHub Action or Repository Scanning (#405) 
* feat: Add support for github actions scanning

* fix: enrich malware test cases

* fix: fail fast for malware inspect if auth not available

* fix: bug with package version
 2025-03-21 04:23:47 +05:30
Omkar Phansopkar
08b5f612ac
Implemented code scan command for building sqlite storage with code analysis data (#326) 
* Implemented code scan command for building sqlite storage with code analysis data

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Added E2E test for code scan command

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* refactor: Migrate pkg/command to internal/command since we use pkg as a independent concern

---------

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
Co-authored-by: abhisek <abhisek.datta@gmail.com>
 2025-02-03 11:23:51 +05:30
abhisek
0701766574
feat: Deprecate legacy code analysis command 2025-01-29 12:42:14 +05:30
Abhisek Datta
7daa0728ab
feat: Integrate with SafeDep Malware Analysis Service (#299) 
* feat: Add support for malware analysis service integration

* feat: Update malware analysis command to poll for report

* fix: Spinner handling in malware analysis command

* fix: Malware analysis output table

* fix: Confidence string handling
 2024-12-19 14:50:57 +05:30
abhisek
a613190e64
feat: Add cloud ping command 2024-10-09 15:58:47 +05:30
abhisek
476cd4d29d
refactor: gRPC connection setup into auth package 2024-10-02 21:57:57 +05:30
abhisek
e6f6288701
feat: Code analysis framework infra 
feat: Building code graph

Refactor to support import processing

Handle relative import name fixup

Add docs for code analysis framework

Update docs to include additional examples

feat: Function call graph

Update code graph to link function decl and calls

Include call node in function calls

feat: Flatten vulnerabilities in CSV reporter

refactor: Maintain separation of concerns for code analysis framework

refactor: Separate storage entities in its own package

feat: Add callback support in code graph builder

docs: Fix code analysis framework docs
Signed-off-by: abhisek <abhisek.datta@gmail.com>
 2024-07-11 15:09:11 +05:30
abhisek
47c605ee06
feat: Add support for SARIF reporting #22 2024-06-21 09:40:41 +05:30
abhisek
6f3c5ad28e
refactor: Simplify load_exceptions function 2024-01-17 18:06:21 +05:30
abhisek
7394334ba8
chore: Make command help msg more explicit 2023-11-12 12:49:48 +05:30
abhisek
42546ce740
chore: Set display path for manifest when its not a local file 2023-11-04 11:19:53 +05:30
abhisek
91244843ed
fix: Add support for using malware indicators from OSV data 2023-11-02 12:18:05 +05:30
abhisek
7d191523a6
chore: Migrate to support handle 2023-10-17 19:06:28 +05:30
jc
ea77a440f6 Added suppor to connect apps. Currently, just github is supported 2023-08-21 14:07:09 +05:30
abhisek
4882e46815
Add exceptions loader in main 2023-02-21 19:42:44 +05:30
abhisek
2e9b5fb8e0
Add filter suite analyzer module 2023-02-18 11:19:59 +05:30
abhisek
032d0770c7
Show filter fail reason as error msg 2023-02-17 14:53:24 +05:30
abhisek
e895f8a0ec
#16: Refactor to use UI utils for printing msg 2023-02-16 16:18:26 +05:30
Abhisek Datta
654bd5cd6f
Add Support for Security Gating using Filters (#9) 
* Add support for ignorable directories

* Update DRY snapshot

* Support log redirection to file

* Add support to redirect log to stdout

* Add summary reporter

* Refactor scan method

* Refactor to introduce Finish method in analyzer

* Refactor to conslidated reporting for CEL filter

* Show unique CEL filter results

* Add support for filter fail option

* Fix README
 2023-02-06 18:32:01 +05:30
Abhisek Datta
a18c204b5d
Sync Develop to Main (#4) 
* Update Insight service API and client

* Add cli banner

* Show API errors from insight API

* Use standard error model

* Add reporting interface

* Update markdown template

* Add trials registration client

* Add trials registration support

* Add supported ecosystem filter to parsers

* Update OSV scanner

* Use table renderer for CEL filter output

* Rename filter opt to filter

* Add an opinionated console summary reporter

* Update README

* Update README

* Update README

* Add filter spec

* Update spec driven CEL filtering

* Add query workflow with docs

* Add secrets scan workflow
 2023-02-03 12:30:48 +05:30
abhisek
ce10afab06
Add auth persistence 
Add parser and models

Add parser in scanner

Add enrichment

Use pointer for package ref

Add work queue for concurrent enrichment

Update enrich

Misc refactoring

Update README

Refactored lockfile parsers

Add analyzers

Update json dumper

Refactor scan
 2023-01-02 16:13:41 +05:30
abhisek
561408de8b
Add initial structure and commands 2022-12-30 10:36:56 +05:30