github-actions[bot]
commented
2 months ago vet Summary Report
This report is generated by vet
Policy Checks
- :white_check_mark: Vulnerability
- :white_check_mark: Malware
- :white_check_mark: License
- :x: Popularity
- :x: Maintenance
- :x: Security Posture
- :white_check_mark: Threats
New Packages
- :warning: [
Go]google.golang.org/genproto/googleapis/api@0.0.0-20240903143218-8af14fe29dc1 - :warning: [
Go]github.com/mitchellh/go-homedir@1.1.0 - :white_check_mark: [
Go]github.com/google/go-cmp@0.6.0 - :white_check_mark: [
Go]github.com/pelletier/go-toml/v2@2.2.3 - :white_check_mark: [
Go]github.com/moby/sys/mountinfo@0.7.2 - :warning: [
Go]github.com/pierrec/lz4/v4@4.1.21 - :warning: [
Go]github.com/nwaples/rardecode@1.1.3 - :warning: [
Go]github.com/scylladb/go-set@1.0.3-0.20200225121959-cc7b2070d91e - :warning: [
Go]github.com/anchore/clio@0.0.0-20240806233806-4c50c054c508 - :warning: [
Go]google.golang.org/genproto/googleapis/rpc@0.0.0-20240903143218-8af14fe29dc1 - :warning: [
Go]github.com/magiconair/properties@1.8.7 - :warning: [
Go]github.com/containerd/errdefs@0.1.0 - :warning: [
Go]github.com/opencontainers/go-digest@1.0.0 - :warning: [
Go]github.com/becheran/wildmatch-go@1.0.0 - :white_check_mark: [
Go]golang.org/x/oauth2@0.23.0 - :white_check_mark: [
Go]github.com/mholt/archiver/v3@3.5.1 - :warning: [
Go]github.com/spf13/afero@1.11.0 - :warning: [
Go]github.com/facebookincubator/nvdtools@0.1.5 - :warning: [
Go]github.com/sagikazarmark/slog-shim@0.1.0 - :warning: [
Go]github.com/xo/terminfo@0.0.0-20220910002029-abceb7e1c41e - :white_check_mark: [
Go]github.com/spf13/viper@1.19.0 - :white_check_mark: [
Go]k8s.io/utils@0.0.0-20240902221715-702e33fdd3c3 - :white_check_mark: [
Go]github.com/google/osv-scanner@1.8.4 - :white_check_mark: [
Go]github.com/anchore/syft@1.11.1 - :warning: [
Go]github.com/klauspost/pgzip@1.2.6 - :warning: [
Go]github.com/pkg/profile@1.7.0 - :warning: [
Go]github.com/mitchellh/hashstructure/v2@2.0.2 - :white_check_mark: [
Go]github.com/google/pprof@0.0.0-20240903155634-a8630aee4ab9 - :white_check_mark: [
Go]github.com/hashicorp/hcl@1.0.0 - :white_check_mark: [
Go]github.com/bytedance/sonic@1.12.2 - :white_check_mark: [
Go]github.com/prometheus/client_golang@1.20.3 - :white_check_mark: [
Go]github.com/smacker/go-tree-sitter@0.0.0-20240827094217-dd81d9e9be82 - :white_check_mark: [
Go]github.com/dop251/goja@0.0.0-20240828124009-016eb7256539 - :white_check_mark: [
Go]golang.org/x/text@0.18.0 - :warning: [
Go]github.com/anchore/fangs@0.0.0-20240904151251-ac0148f53e5d - :white_check_mark: [
Go]golang.org/x/arch@0.10.0 - :warning: [
Go]github.com/wagoodman/go-partybus@0.0.0-20230516145632-8ccac152c651 - :warning: [
Go]github.com/wagoodman/go-progress@0.0.0-20230925121702-07e42b3cdba0 - :warning: [
Go]github.com/pborman/indent@1.2.1 - :white_check_mark: [
Go]github.com/go-restruct/restruct@1.2.0-alpha - :white_check_mark: [
Go]golang.org/x/exp@0.0.0-20240904232852-e7e105dedf7e - :warning: [
Go]github.com/dsnet/compress@0.0.2-0.20210315054119-f66993602bf5 - :warning: [
Go]github.com/subosito/gotenv@1.6.0 - :warning: [
Go]github.com/docker/docker-credential-helpers@0.8.2 - :white_check_mark: [
Go]github.com/docker/cli@27.2.0+incompatible - :white_check_mark: [
Go]github.com/adrg/xdg@0.5.0 - :white_check_mark: [
Go]github.com/sourcegraph/conc@0.3.0 - :white_check_mark: [
Go]github.com/Masterminds/semver/v3@3.3.0 - :warning: [
Go]github.com/anchore/go-macholibre@0.0.0-20240116161251-5df1434a0b50 - :warning: [
Go]github.com/iancoleman/strcase@0.3.0 - :warning: [
Go]github.com/sylabs/squashfs@1.0.0 - :white_check_mark: [
Go]github.com/felixge/fgprof@0.9.5 - :white_check_mark: [
Go]github.com/fsnotify/fsnotify@1.7.0 - :white_check_mark: [
Go]golang.org/x/term@0.24.0 - :warning: [
Go]github.com/docker/go-connections@0.5.0 - :white_check_mark: [
Go]github.com/spf13/cast@1.7.0 - :white_check_mark: [
Go]golang.org/x/crypto@0.27.0 - :white_check_mark: [
Go]github.com/hashicorp/go-multierror@1.1.1 - :white_check_mark: [
Go]golang.org/x/net@0.29.0 - :white_check_mark: [
Go]github.com/jinzhu/copier@0.4.0 - :white_check_mark: [
Go]github.com/prometheus/common@0.59.1 - :warning: [
Go]github.com/hashicorp/errwrap@1.1.0 - :warning: [
Go]github.com/anchore/go-logger@0.0.0-20240217160628-ee28a485904f - :warning: [
Go]github.com/therootcompany/xz@1.0.1 - :white_check_mark: [
Go]github.com/github/go-spdx/v2@2.3.1 - :white_check_mark: [
Go]github.com/containerd/containerd@1.7.21 - :warning: [
Go]github.com/sagikazarmark/locafero@0.6.0 - :warning: [
Go]github.com/acobaugh/osrelease@0.1.0 - :warning: [
Go]github.com/anchore/packageurl-go@0.1.1-0.20240507183024-848e011fc24f - :warning: [
Go]github.com/vifraa/gopom@1.0.0 - :white_check_mark: [
Go]golang.org/x/sys@0.25.0 - :warning: [
Go]github.com/saintfish/chardet@0.0.0-20230101081208-5e3ef4b5456d - :warning: [
Go]github.com/google/licensecheck@0.3.1 - :warning: [
Go]github.com/ulikunitz/xz@0.5.12 - :white_check_mark: [
Go]golang.org/x/mod@0.21.0 - :white_check_mark: [
Go]github.com/bmatcuk/doublestar/v4@4.6.1 - :white_check_mark: [
Go]google.golang.org/grpc@1.66.0 - :warning: [
Go]github.com/xi2/xz@0.0.0-20171230120015-48954b6210f8 - :white_check_mark: [
Go]github.com/gookit/color@1.5.4 - :white_check_mark: [
Go]github.com/anchore/stereoscope@0.0.3 - :white_check_mark: [
Go]github.com/google/go-containerregistry@0.20.2 - :white_check_mark: [
Go]github.com/cloudflare/circl@1.4.0Packages Violating Policy
[Go]
google.golang.org/genproto/googleapis/api@0.0.0-20240903143218-8af14fe29dc1:link: - :arrow_right: Found in manifest
go.mod - :warning: Component release pipeline appear to use dangerous workflows
[Go]
github.com/mitchellh/go-homedir@1.1.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/pierrec/lz4/v4@4.1.21:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/nwaples/rardecode@1.1.3:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/scylladb/go-set@1.0.3-0.20200225121959-cc7b2070d91e:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/anchore/clio@0.0.0-20240806233806-4c50c054c508:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
google.golang.org/genproto/googleapis/rpc@0.0.0-20240903143218-8af14fe29dc1:link: - :arrow_right: Found in manifest
go.mod - :warning: Component release pipeline appear to use dangerous workflows
[Go]
github.com/magiconair/properties@1.8.7:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/containerd/errdefs@0.1.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/opencontainers/go-digest@1.0.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/becheran/wildmatch-go@1.0.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/spf13/afero@1.11.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/facebookincubator/nvdtools@0.1.5:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/sagikazarmark/slog-shim@0.1.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/xo/terminfo@0.0.0-20220910002029-abceb7e1c41e:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/klauspost/pgzip@1.2.6:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/pkg/profile@1.7.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/mitchellh/hashstructure/v2@2.0.2:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/anchore/fangs@0.0.0-20240904151251-ac0148f53e5d:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/wagoodman/go-partybus@0.0.0-20230516145632-8ccac152c651:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/wagoodman/go-progress@0.0.0-20230925121702-07e42b3cdba0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/pborman/indent@1.2.1:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/dsnet/compress@0.0.2-0.20210315054119-f66993602bf5:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/subosito/gotenv@1.6.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/docker/docker-credential-helpers@0.8.2:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/anchore/go-macholibre@0.0.0-20240116161251-5df1434a0b50:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/iancoleman/strcase@0.3.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/sylabs/squashfs@1.0.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/docker/go-connections@0.5.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/hashicorp/errwrap@1.1.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/anchore/go-logger@0.0.0-20240217160628-ee28a485904f:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/therootcompany/xz@1.0.1:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/sagikazarmark/locafero@0.6.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/acobaugh/osrelease@0.1.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/anchore/packageurl-go@0.1.1-0.20240507183024-848e011fc24f:link: - :arrow_right: Found in manifest
go.mod - :warning: Component popularity is low by Github stars count
- :zap: Use an alternative package that is popular
[Go]
github.com/vifraa/gopom@1.0.0:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/saintfish/chardet@0.0.0-20230101081208-5e3ef4b5456d:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/google/licensecheck@0.3.1:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/ulikunitz/xz@0.5.12:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
[Go]
github.com/xi2/xz@0.0.0-20171230120015-48954b6210f8:link: - :arrow_right: Found in manifest
go.mod - :warning: Component appears to be unmaintained
cloudflare-workers-and-pages[bot]
This PR actually introduces two non-breaking changes.
--manifestand-Mscan flag to evolve beyond just scanning lockfiles-Malso support embedded type so that we can specify different paths with different manifest / lockfile type. ExampleHere we are explicitly stating that the path should be treated as
jar(supported parser)Fix #238