1f596c9171a32e60908afd3b891f473e944e4750 chore(deps): bump the others group with 2 updates (#2314)
cc7b7b6d2b2dd4ea315b0f0d38c1e13f61c50b02 feat(scanner/windows): update release info (#2316)
d2387c77f27fd78b4791d12331e003f965fb1067 feat(detector/vuls2): save digest of the vuls2 db (#2311)
3bac107f1f874354ced1e6b92400b17a30892769 chore(deps): add cooldown periods (#2315)
v0.34.0 — 2025-09-06 other
v0.34.0
What's Changed
feat(detector/exploitdb): add verified field for exploitdb by @MaineK00n in https://github.com/future-architect/vuls/pull/2298
chore(deps): bump the others group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/future-architect/vuls/pull/2297
feat(detector): support vulncheck with go-cve-dictionary by @MaineK00n in https://github.com/future-architect/vuls/pull/2300
chore(deps): bump github.com/aquasecurity/trivy from 0.65.0 to 0.66.0 in the trivy group by @dependabot[bot] in https://github.com/future-architect/vuls/pull/2304
chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the others group across 1 directory by @dependabot[bot] in https://github.com/future-architect/vuls/pull/2307
fix(scanner/lockfile): fix binary lockfile scan on windows by @MaineK00n in https://github.com/future-architect/vuls/pull/2306
feat(scanner/lockfile): exchange contents encoded in base64 by @MaineK00n in https://github.com/future-architect/vuls/pull/2309
Full Changelog: https://github.com/future-architect/vuls/compare/v0.33.4...v0.34.0
v0.33.4 — 2025-08-27 other
v0.33.4
What's Changed
fix(scanner/lockfile): remove /tmp/trivy-* directory by @MaineK00n in https://github.com/future-architect/vuls/pull/2299
Full Changelog: https://github.com/future-architect/vuls/compare/v0.33.3...v0.33.4
v0.33.3 — 2025-08-21 security
v0.33.3
Changelog
30a8e70f58bba07a9fd82ef38c18a6f1a3791f51 chore(ci): use per-job permissions (#2291)
1f029216fbbe90bb1ee7c6b6ee6220732cae6d45 chore(deps): bump go.etcd.io/bbolt in the others group (#2293)
0f3cf3747bc03a59f87aa9481902fc9465eb01a0 feat(os): add EOL for some OSes (#2287)
bc10750a751656d1f5f1edb12bc5db49dcd81749 chore(deps): Force go-getter v1.7.9 to fix CVE-2025-8959 (#2292)
21311447f87f5bf8e45bd309053e07bc729b8afc chore(deps): bump the others group across 1 directory with 7 updates (#2288)
c6be1eb7ed5373a919339404ed1aa4fe5e78fce5 chore(deps): bump the all group across 1 directory with 2 updates (#2261)
d5f097509b8d8c94a3f774fed763b0c0ea8ee94a fix(contrib/trivy): add some oses and cve content types (#2259)
5e90ccf7283552c4b9ea6c9e7ce9e9dfdc1e7ec5 fix(ci): add contrib to dependabot's docker settings (#2260)
v0.33.2 — 2025-07-02 other
v0.33.2
What's Changed
fix(oval): add pseudo server type in NewOVALClient by @MaineK00n in https://github.com/future-architect/vuls/pull/2254
chore(deps): bump the others group with 3 updates by @dependabot in https://github.com/future-architect/vuls/pull/2252
chore(deps): bump the vuls group across 1 directory with 7 updates by @dependabot in https://github.com/future-architect/vuls/pull/2258
chore(deps): bump the trivy group with 2 updates by @dependabot in https://github.com/future-architect/vuls/pull/2257
Full Changelog: https://github.com/future-architect/vuls/compare/v0.33.1...v0.33.2
v0.33.1 — 2025-06-25 other
v0.33.1
What's Changed
feat!(contrib/trivy): delete image tag from server name when scanning by trivy by @sadayuki-matsuno in https://github.com/future-architect/vuls/pull/2250
Full Changelog: https://github.com/future-architect/vuls/compare/v0.33.0...v0.33.1
v0.33.0 — 2025-06-24 security
v0.33.0
What's Changed
fix(cmd/discover): fix ping options for windows by @MaineK00n in https://github.com/future-architect/vuls/pull/2211
fix(scanner): scan lockfiles by @MaineK00n in https://github.com/future-architect/vuls/pull/2206
feat(ubuntu): add 25.04 plucky by @MaineK00n in https://github.com/future-architect/vuls/pull/2210
feat(detector/vuls2): should download db when the schema versions are different by @MaineK00n in https://github.com/future-architect/vuls/pull/2212
fix(detector/vuls2): get metadata after opening db by @MaineK00n in https://github.com/future-architect/vuls/pull/2214
chore(deps): bump github.com/MaineK00n/vuls2 by @MaineK00n in https://github.com/future-architect/vuls/pull/2215
chore(ci): update dependabot.yml to group dependencies by @shino in https://github.com/future-architect/vuls/pull/2216
chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot in https://github.com/future-architect/vuls/pull/2194
chore(deps): bump github.com/open-policy-agent/opa from 1.2.0 to 1.4.0 in the go_modules group across 1 directory by @dependabot in https://github.com/future-architect/vuls/pull/2200
chore(deps): bump github.com/aquasecurity/trivy from 0.61.0 to 0.62.1 in the trivy group by @dependabot in https://github.com/future-architect/vuls/pull/2221
chore(deps): update tablewriter to v1.0.7 by @shino in https://github.com/future-architect/vuls/pull/2228
refactor(scanner/redhatbase): strictly parse updatable package line by @MaineK00n in https://github.com/future-architect/vuls/pull/2218
chore(deps): bump the others group across 1 directory with 6 updates by @dependabot in https://github.com/future-architect/vuls/pull/2229
chore(deps): bump the trivy group with 2 updates by @dependabot in https://github.com/future-architect/vuls/pull/2224
feat(os): add rhel-10 eol by @MaineK00n in https://github.com/future-architect/vuls/pull/2230
chore(ci): add group all for docker by @MaineK00n in https://github.com/future-architect/vuls/pull/2232
fix(integration): correct the wrong submodule hash by @shino in https://github.com/future-architect/vuls/pull/2233
chore(deps): bump the others group with 3 updates by @dependabot in https://github.com/future-architect/vuls/pull/2234
fix(scanner/windows): print debug log in detect by @MaineK00n in https://github.com/future-architect/vuls/pull/2237
fix(scanner/windows): allow only cab file scan for offline scan by @MaineK00n in https://github.com/future-architect/vuls/pull/2236
feat(detector/vuls2): add ignore vulnerability pattern by @MaineK00n in https://github.com/future-architect/vuls/pull/2239
feat(reporter): add row separator for --format-list by @MaineK00n in https://github.com/future-architect/vuls/pull/2241
chore(deps): bump the all group across 1 directory with 8 updates by @dependabot in https://github.com/future-architect/vuls/pull/2227
chore(deps): bump the all group with 2 updates by @dependabot in https://github.com/future-architect/vuls/pull/2235
feat(server): open db before starting server by @MaineK00n in https://github.com/future-architect/vuls/pull/2244
feat(detector/cve): support paloalto and cisco by @MaineK00n in https://github.com/future-architect/vuls/pull/2240
chore(deps): bump the others group across 1 directory with 8 updates by @dependabot in https://github.com/future-architect/vuls/pull/2243
fix(detector/vuls2): filter VulnerabilityData by Root ID by @MaineK00n in https://github.com/future-architect/vuls/pull/2247
feat!(detector): detect oracle and alpine with vuls2 by @MaineK00n in https://github.com/future-architect/vuls/pull/2157
chore(deps): bump the others group with 5 updates by @dependabot in https://github.com/future-architect/vuls/pull/2245
fix(subcmds/saas): remove timestamped directory in results-dir by @FutureHirai in https://github.com/future-architect/vuls/pull/2248
chore(deps): update dictionaries by @shino in https://github.com/future-architect/vuls/pull/2249
New Contributors
@FutureHirai made their first contribution in https://github.com/future-architect/vuls/pull/2248
Full Changelog: https://github.com/future-architect/vuls/compare/v0.32.0...v0.33.0
v0.32.0 — 2025-05-16 other
v0.32.0
What's Changed
fix(detector/vuls2): fix cvss v3.1 vector check by @MaineK00n in https://github.com/future-architect/vuls/pull/2204
chore(deps): bump github.com/MaineK00n/vuls2 by @MaineK00n in https://github.com/future-architect/vuls/pull/2197
Create scorecard.yml by @kotakanbe in https://github.com/future-architect/vuls/pull/2203
fix(detector/vuls2): fix postConvert by @MaineK00n in https://github.com/future-architect/vuls/pull/2205
Full Changelog: https://github.com/future-architect/vuls/compare/v0.31.1...v0.32.0
v0.31.1 — 2025-05-08 feature
v0.31.1
What's Changed
fix(ci/goreleaser): set id-token to none for all jobs by @MaineK00n in https://github.com/future-architect/vuls/pull/2202
Full Changelog: https://github.com/future-architect/vuls/compare/v0.31.0...v0.31.1
v0.31.0 — 2025-05-08 feature
v0.31.0
What's Changed
chore(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.27 by @dependabot in https://github.com/future-architect/vuls/pull/2151
fix(scanner/redhatbase): fix cmd in scanUpdatablePackages by @MaineK00n in https://github.com/future-architect/vuls/pull/2156
chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot in https://github.com/future-architect/vuls/pull/2152
chore(actions): Adjust GitHub Actions permissions (write for release, read-only for others) by @kotakanbe in https://github.com/future-architect/vuls/pull/2154
chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @MaineK00n in https://github.com/future-architect/vuls/pull/2160
fix(actions): Add security-events write permission to CodeQL results upload by @kotakanbe in https://github.com/future-architect/vuls/pull/2162
chore(deps): bump github.com/aquasecurity/trivy from 0.60.0 to 0.61.0 by @dependabot in https://github.com/future-architect/vuls/pull/2163
fix(report): Refactor SBOM generation: split functions, improve PURL logic, set OS as root by @kl-sinclair in https://github.com/future-architect/vuls/pull/2171
chore(deps): bump golangci/golangci-lint-action from 6 to 7 by @dependabot in https://github.com/future-architect/vuls/pull/2166
chore(deps): Pin GitHub Actions and Docker image, configure Dependabot by @kotakanbe in https://github.com/future-architect/vuls/pull/2159
fix(report): skip empty properties in OS package SBOM components by @kl-sinclair in https://github.com/future-architect/vuls/pull/2181
fix(report): omit empty CWE and rating fields in CycloneDX SBOM by @kl-sinclair in https://github.com/future-architect/vuls/pull/2182
feat(detector/vuls2): open with Read Only Mode by @MaineK00n in https://github.com/future-architect/vuls/pull/2180
fix(cmd/saas): add timeout option by @wadda0714 in https://github.com/future-architect/vuls/pull/2183
chore(deps): bump golang.org/x/text from 0.23.0 to 0.24.0 by @dependabot in https://github.com/future-architect/vuls/pull/2167
chore(deps): bump the aws group with 4 updates by @dependabot in https://github.com/future-architect/vuls/pull/2170
chore(deps): bump docker/setup-buildx-action from afeb29a6e0d7d6258844ecabe6eba67d13443680 to 941183f0a080fa6be59a9e3d3f4108c19a528204 by @dependabot in https://github.com/future-architect/vuls/pull/2174
chore(deps): bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 by @dependabot in https://github.com/future-architect/vuls/pull/2177
chore(deps): bump docker/build-push-action from 84ad562665bb303b549fec655d1b64f9945f3f91 to 88844b95d8cbbb41035fa9c94e5967a33b92db78 by @dependabot in https://github.com/future-architect/vuls/pull/2175
chore(deps): bump github/codeql-action from e0ea141027937784e3c10ed1679e503fcc2245bc to 45775bd8235c68ba998cffa5171334d58593da47 by @dependabot in https://github.com/future-architect/vuls/pull/2176
chore(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 by @dependabot in https://github.com/future-architect/vuls/pull/2169
chore(deps): bump the go_modules group across 1 directory with 2 updates by @dependabot in https://github.com/future-architect/vuls/pull/2179
feat!(detector): timeout can be set, default is no timeout by @MaineK00n in https://github.com/future-architect/vuls/pull/2185
feat(detector/vuls2): fill cvss v4.0 by @MaineK00n in https://github.com/future-architect/vuls/pull/2186
chore(deps): bump github.com/kotakanbe/go-pingscanner by @MaineK00n in https://github.com/future-architect/vuls/pull/2201
feat(ci): support signed release by @kotakanbe in https://github.com/future-architect/vuls/pull/2184
Full Changelog: https://github.com/future-architect/vuls/compare/v0.30.0...v0.31.0
v0.30.0 — 2025-03-18 other
v0.30.0
What's Changed
fix(models/cvecontents): a little more accurate sort by @shino in https://github.com/future-architect/vuls/pull/2122
chore(ci): review of build flags, increase of runner storage by @MaineK00n in https://github.com/future-architect/vuls/pull/2123
feat(scanner/python/uv): add python uv/poetry-v2 support along with updating trivy to 0.59.1 by @dependabot in https://github.com/future-architect/vuls/pull/2118
chore(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 by @dependabot in https://github.com/future-architect/vuls/pull/2125
chore(deps): bump golang.org/x/text from 0.21.0 to 0.22.0 by @dependabot in https://github.com/future-architect/vuls/pull/2126
chore(deps): bump go.etcd.io/bbolt from 1.3.11 to 1.4.0 by @dependabot in https://github.com/future-architect/vuls/pull/2128
chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot in https://github.com/future-architect/vuls/pull/2129
chore(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.27.0 by @dependabot in https://github.com/future-architect/vuls/pull/2133
chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @dependabot in https://github.com/future-architect/vuls/pull/2136
chore(deps): bump github.com/gosnmp/gosnmp from 1.38.0 to 1.39.0 by @dependabot in https://github.com/future-architect/vuls/pull/2137
chore(deps): bump github.com/aquasecurity/trivy from 0.59.1 to 0.60.0 by @dependabot in https://github.com/future-architect/vuls/pull/2140
chore(deps): bump golang.org/x/text from 0.22.0 to 0.23.0 by @dependabot in https://github.com/future-architect/vuls/pull/2141
chore(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 by @dependabot in https://github.com/future-architect/vuls/pull/2143
chore(deps): bump golang.org/x/net from 0.34.0 to 0.36.0 by @dependabot in https://github.com/future-architect/vuls/pull/2146
chore(deps): bump the aws group across 1 directory with 4 updates by @dependabot in https://github.com/future-architect/vuls/pull/2149
feat!(deps): bump vuls dictionary libs by @MaineK00n in https://github.com/future-architect/vuls/pull/2150
Full Changelog: https://github.com/future-architect/vuls/compare/v0.29.0...v0.30.0
v0.29.0 — 2025-02-05 feature
v0.29.0
Changelog
4e3ee6a63d348f157a9b583bfe59b79f05c9a384 feat(contrib/trivy-to-vuls): add version in LibraryFixedIns (#2121)
fd2f94694826d4d57751c3ce8bb0ba7be98fba20 add libraryPkg version (#2120)
1638c4b7cadc85833fe03b91c8458c9c5d3df693 chore(deps): bump the aws group across 1 directory with 5 updates (#2119)
80b17a398b257b2f80781426f22cdf384a8d6690 chore(deps): bump github.com/samber/lo from 1.47.0 to 1.49.1 (#2117)
f9d176e2c21913ae9d4802bd2d3a3bbdb571a764 fix(cmd/discover): add vuls2 section to the generated config.toml (#2113)
c6779e414325e69d63508d766ad7ff6f6d06a55e chore(deps): bump the aws group with 5 updates (#2104)
8443175b4ee328edef3fd6a08ac0d20dab0d8686 chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (#2109)
ee34c849e43f11b3a54ccbd4a67e3f836f3c203b chore(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#2103)
e89fc33b5aeaa1152421ebf389e2e7c435f36d8f feat(detector): use vuls2 for RedHat, CentOS, Alma and Rocky (#2106)
40e36ccfc594110c833a8bd7921118ec0ab62f33 fix(reporter/http): read response body (#2108)
0ec945d0510cdebf92cdd8999f94610772689f14 fix(scanner/redhatbase): support for empty release in rpm -qa (#2101)
d3bf2a6f26e8e549c0732c26fdcc82725d3c6633 chore(deps): bump the aws group across 1 directory with 5 updates (#2102)
98351be8baf4ac0c975604f07f0613b6ff1d0974 chore(deps): bump github.com/aquasecurity/trivy from 0.57.1 to 0.58.1 (#2100)
v0.28.1 — 2024-12-18 other
v0.28.1
What's Changed
feat(config/os): update eol by @MaineK00n in https://github.com/future-architect/vuls/pull/2085
fix(detector/gost/ubuntu): detection logic when esm etc. are mixed by @MaineK00n in https://github.com/future-architect/vuls/pull/2090
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2 by @dependabot in https://github.com/future-architect/vuls/pull/2089
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.70.0 to 1.71.0 in the aws group by @dependabot in https://github.com/future-architect/vuls/pull/2078
chore(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0 by @dependabot in https://github.com/future-architect/vuls/pull/2080
chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0 by @dependabot in https://github.com/future-architect/vuls/pull/2088
chore(deps): bump golang.org/x/text from 0.20.0 to 0.21.0 by @dependabot in https://github.com/future-architect/vuls/pull/2081
fix(scanner/redhatbase): don't return error when parse failure of source file by @shino in https://github.com/future-architect/vuls/pull/2092
fix(scanner/suse): skip table header in zypper -q lu by @MaineK00n in https://github.com/future-architect/vuls/pull/2093
Full Changelog: https://github.com/future-architect/vuls/compare/v0.28.0...v0.28.1
v0.28.0 — 2024-12-08 bugfix
v0.28.0
What's Changed
feat(contrib/snmp2cpe): add --port/-P option by @MaineK00n in https://github.com/future-architect/vuls/pull/2046
feat(scanner/windows): support Windows 11 24H2 by @MaineK00n in https://github.com/future-architect/vuls/pull/2051
fix(gost/windows): ignore other products that do not have KBs by @MaineK00n in https://github.com/future-architect/vuls/pull/2054
chore(deps): bump github.com/aquasecurity/trivy from 0.56.1 to 0.56.2 by @dependabot in https://github.com/future-architect/vuls/pull/2049
chore(deps): bump the aws group across 1 directory with 5 updates by @dependabot in https://github.com/future-architect/vuls/pull/2052
feat(ubuntu): add 24.10 oracular by @MaineK00n in https://github.com/future-architect/vuls/pull/2055
chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 by @dependabot in https://github.com/future-architect/vuls/pull/2058
chore(deps): bump github.com/aquasecurity/trivy from 0.56.2 to 0.57.0 by @dependabot in https://github.com/future-architect/vuls/pull/2057
chore(deps): bump the aws group across 1 directory with 5 updates by @dependabot in https://github.com/future-architect/vuls/pull/2060
feat(scanner/windows): add Windows Server 2025 and 2022, 23H2 by @MaineK00n in https://github.com/future-architect/vuls/pull/2059
feat(oval/oracle): ignore fips patched version for non fips package versions by @wagde-orca in https://github.com/future-architect/vuls/pull/2047
chore(deps): bump golang.org/x/text from 0.19.0 to 0.20.0 by @dependabot in https://github.com/future-architect/vuls/pull/2061
chore(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 by @dependabot in https://github.com/future-architect/vuls/pull/2063
fix(scanner/debian): fill kernel version from kernel package by @MaineK00n in https://github.com/future-architect/vuls/pull/2064
feat(scanner): skip SSH configuration validation when ssh-key(scan|gen) failed by @MaineK00n in https://github.com/future-architect/vuls/pull/2065
chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/storage/azblob from 1.4.1 to 1.5.0 by @dependabot in https://github.com/future-architect/vuls/pull/2068
chore(deps): bump the aws group across 1 directory with 5 updates by @dependabot in https://github.com/future-architect/vuls/pull/2069
chore(deps): bump github.com/aquasecurity/trivy from 0.57.0 to 0.57.1 by @dependabot in https://github.com/future-architect/vuls/pull/2067
refactor: remove old buildtag by @MaineK00n in https://github.com/future-architect/vuls/pull/2072
feat!(scanner/rpm): change queryformat (add sourcerpm) by @MaineK00n in https://github.com/future-architect/vuls/pull/2074
chore(deps): bump the aws group with 5 updates by @dependabot in https://github.com/future-architect/vuls/pull/2073
Full Changelog: https://github.com/future-architect/vuls/compare/v0.27.0...v0.28.0
v0.27.0 — 2024-10-09 bugfix
v0.27.0
Changelog
087b620175a81c4e6ac23ffa7399f2c85bb14dd7 chore(deps): bump github.com/aquasecurity/trivy from 0.55.2 to 0.56.1 (#2044)
7c749ea806023d1aeb3d28edbd1264351c754ebb chore(deps): bump the aws group with 5 updates (#2043)
939299bef91b78345a9677c3664ed1c3b9314fe1 chore(deps): bump golang.org/x/text from 0.18.0 to 0.19.0 (#2045)
3dd738d41b35b166a57059954fb140ec00df35a7 feat(detector/microsoft): set WindowsRoughMatch if KB or Version to be fixed is unknown (#2041)
80e417b0e826cccd977f2ae57bf90c00ccb4fc87 refactor: use std slices, maps package (#2042)
d5982a25c3f569f028b88295158bfbfe742f191f chore(deps): bump dictionary versions to latest ones (#2040)
0e21ce2c6c97cf8d2281fe55be122480dd880fe1 fix(detector/cpe): do not overwrite distro advisories (#2039)
efa290085ec01466d220225efac76deb3617e0bc chore(deps): bump the aws group with 4 updates (#2038)
e6c0da61324a0c04026ffd1c031436ee2be9503a fix!(alpine): use source package for detection (#2037)
98cbe6ed837ce5983ddcb138f5c1577b9b7cf2bf build: update go to 1.23 (#2032)
29448878a730b094c2e1804e04b3f0e70330d048 chore(deps): bump github.com/aquasecurity/trivy from 0.55.1 to 0.55.2 (#2030)