Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 44 additions & 44 deletions cmd/osv-scanner/fix/__snapshots__/command_test.snap
Original file line number Diff line number Diff line change
Expand Up @@ -5263,7 +5263,7 @@ Guided remediation (the fix command) can be risky when run on untrusted projects
Found 16 vulnerabilities matching the filter
Can fix 8/16 matching vulnerabilities by changing 5 dependencies
UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.14
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.15
UPGRADED-PACKAGE: ajv,6.12.6,6.15.0
UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1
UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9
Expand Down Expand Up @@ -5379,12 +5379,12 @@ UNFIXABLE-VULNS: 8
}
},
"node_modules/brace-expansion": {
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"version": "1.1.15",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
"integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
"dependencies": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"node_modules/caseless": {
Expand Down Expand Up @@ -6299,12 +6299,12 @@ UNFIXABLE-VULNS: 8
}
},
"brace-expansion": {
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"version": "1.1.15",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
"integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
"requires": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"caseless": {
Expand Down Expand Up @@ -7205,7 +7205,7 @@ UNFIXABLE-VULNS: 8
{
"name": "brace-expansion",
"versionFrom": "1.1.11",
"versionTo": "1.1.14",
"versionTo": "1.1.15",
"transitive": true
}
],
Expand Down Expand Up @@ -7405,12 +7405,12 @@ Guided remediation (the fix command) can be risky when run on untrusted projects
}
},
"node_modules/brace-expansion": {
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"version": "1.1.15",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
"integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
"dependencies": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"node_modules/caseless": {
Expand Down Expand Up @@ -8325,12 +8325,12 @@ Guided remediation (the fix command) can be risky when run on untrusted projects
}
},
"brace-expansion": {
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"version": "1.1.15",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
"integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
"requires": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"caseless": {
Expand Down Expand Up @@ -9631,7 +9631,7 @@ Guided remediation (the fix command) can be risky when run on untrusted projects
Found 16 vulnerabilities matching the filter
Can fix 8/16 matching vulnerabilities by changing 5 dependencies
UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.14
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.15
UPGRADED-PACKAGE: ajv,6.12.6,6.15.0
UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1
UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9
Expand Down Expand Up @@ -9747,12 +9747,12 @@ UNFIXABLE-VULNS: 8
}
},
"node_modules/brace-expansion": {
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"version": "1.1.15",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
"integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
"dependencies": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"node_modules/caseless": {
Expand Down Expand Up @@ -10667,12 +10667,12 @@ UNFIXABLE-VULNS: 8
}
},
"brace-expansion": {
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"version": "1.1.15",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
"integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
"requires": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"caseless": {
Expand Down Expand Up @@ -11450,7 +11450,7 @@ Guided remediation (the fix command) can be risky when run on untrusted projects
Found 16 vulnerabilities matching the filter
Can fix 8/16 matching vulnerabilities by changing 5 dependencies
UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.14
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.15
UPGRADED-PACKAGE: ajv,6.12.6,6.15.0
UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1
UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9
Expand Down Expand Up @@ -11566,12 +11566,12 @@ UNFIXABLE-VULNS: 8
}
},
"node_modules/brace-expansion": {
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"version": "1.1.15",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
"integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
"dependencies": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"node_modules/caseless": {
Expand Down Expand Up @@ -12486,12 +12486,12 @@ UNFIXABLE-VULNS: 8
}
},
"brace-expansion": {
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"version": "1.1.15",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
"integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
"requires": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"caseless": {
Expand Down
28 changes: 18 additions & 10 deletions cmd/osv-scanner/scan/image/__snapshots__/command_test.snap
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"


Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "library/ubuntu" image):
Total 25 packages affected by 69 known vulnerabilities (6 Critical, 19 High, 37 Medium, 5 Low, 2 Unknown) from 1 ecosystem.
Total 25 packages affected by 73 known vulnerabilities (6 Critical, 19 High, 37 Medium, 5 Low, 6 Unknown) from 1 ecosystem.
29 vulnerabilities can be fixed.


Expand All @@ -470,7 +470,7 @@ Ubuntu:22.04
| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 6 | libssl3 | # 4 Layer | library/ubuntu |
| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 2 | libpam-modules... (4) | # 4 Layer | library/ubuntu |
| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | library/ubuntu |
| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | library/ubuntu |
| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 7 | perl-base | # 4 Layer | library/ubuntu |
| sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | library/ubuntu |
| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | library/ubuntu |
| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 9 | libsystemd0... (2) | # 4 Layer | library/ubuntu |
Expand All @@ -496,7 +496,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"


Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "library/ubuntu" image):
Total 25 packages affected by 69 known vulnerabilities (6 Critical, 19 High, 37 Medium, 5 Low, 2 Unknown) from 1 ecosystem.
Total 25 packages affected by 73 known vulnerabilities (6 Critical, 19 High, 37 Medium, 5 Low, 6 Unknown) from 1 ecosystem.
29 vulnerabilities can be fixed.


Expand All @@ -522,7 +522,7 @@ Ubuntu:22.04
| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 6 | libssl3 | # 4 Layer | library/ubuntu |
| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 2 | libpam-modules... (4) | # 4 Layer | library/ubuntu |
| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | library/ubuntu |
| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | library/ubuntu |
| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 7 | perl-base | # 4 Layer | library/ubuntu |
| sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | library/ubuntu |
| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | library/ubuntu |
| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 9 | libsystemd0... (2) | # 4 Layer | library/ubuntu |
Expand Down Expand Up @@ -567,7 +567,7 @@ Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar"


Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "library/ubuntu" image):
Total 25 packages affected by 69 known vulnerabilities (6 Critical, 19 High, 37 Medium, 5 Low, 2 Unknown) from 1 ecosystem.
Total 25 packages affected by 73 known vulnerabilities (6 Critical, 19 High, 37 Medium, 5 Low, 6 Unknown) from 1 ecosystem.
29 vulnerabilities can be fixed.


Expand All @@ -593,7 +593,7 @@ Ubuntu:22.04
| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 6 | libssl3 | # 4 Layer | library/ubuntu |
| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 2 | libpam-modules... (4) | # 4 Layer | library/ubuntu |
| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | library/ubuntu |
| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | library/ubuntu |
| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 7 | perl-base | # 4 Layer | library/ubuntu |
| sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | library/ubuntu |
| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | library/ubuntu |
| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 9 | libsystemd0... (2) | # 4 Layer | library/ubuntu |
Expand Down Expand Up @@ -4386,14 +4386,18 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
"groups": 4,
"groups": 8,
"vulnerabilities": [
"USN-7434-1",
"USN-7678-1",
"UBUNTU-CVE-2023-31486",
"UBUNTU-CVE-2023-47039",
"UBUNTU-CVE-2024-56406",
"UBUNTU-CVE-2025-40909"
"UBUNTU-CVE-2025-40909",
"UBUNTU-CVE-2026-42496",
"UBUNTU-CVE-2026-42497",
"UBUNTU-CVE-2026-8376",
"UBUNTU-CVE-2026-9538"
]
},
{
Expand Down Expand Up @@ -5475,14 +5479,18 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
"groups": 4,
"groups": 8,
"vulnerabilities": [
"USN-7434-1",
"USN-7678-1",
"UBUNTU-CVE-2023-31486",
"UBUNTU-CVE-2023-47039",
"UBUNTU-CVE-2024-56406",
"UBUNTU-CVE-2025-40909"
"UBUNTU-CVE-2025-40909",
"UBUNTU-CVE-2026-42496",
"UBUNTU-CVE-2026-42497",
"UBUNTU-CVE-2026-8376",
"UBUNTU-CVE-2026-9538"
]
},
{
Expand Down
Loading
Loading