search

sonatype-nexus-community / nancy

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
Apache License 2.0
564 stars 74 forks source link

"intentionally-vulnerable-golang-project" Not showing vulnerabilities #107

Closed islippers closed 4 years ago

islippers commented 4 years ago

I started tested Nancy v0.1.15 on "intentionally-vulnerable-golang-project" to see what type of vulnerabilities I can expect. But this was the final output "Audited dependencies:31,Vulnerable:0" Also I might be doing something wrong.

I was expecting some vulnerabilities to be highlighted.

Output 

~/awesomeProject/intentionally-vulnerable-golang-project$ ./nancy -vvv go.sum                
 __  __
/\ \/\ \
\ \ `\\ \      __       ___      ___    __  __
 \ \ , ` \   /'__`\   /' _ `\   /'___\ /\ \/\ \
  \ \ \`\ \ /\ \L\.\_ /\ \/\ \ /\ \__/ \ \ \_\ \
   \ \_\ \_\\ \__/.\_\\ \_\ \_\\ \____\ \/`____ \
    \/_/\/_/ \/__/\/_/ \/_/\/_/ \/____/  `/___/> \
                                            /\___/
                                            \/__/
  _        _                           _    _
 /_)      /_` _  _  _ _/_     _  _    (/   /_` _ . _  _   _/  _
/_) /_/  ._/ /_// //_|/  /_/ /_//_'  (_X  /   / / /_'/ //_/ _\
    _/                   _/ /
Nancy version: 0.1.15
[1/31]pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7   No known vulnerabilities against package/version
[2/31]pkg:golang/github.com/BurntSushi/toml@0.3.1   No known vulnerabilities against package/version                                                                                                                                     
[3/31]pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93   No known vulnerabilities against package/version                                                                                                            
[4/31]pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8   No known vulnerabilities against package/version                                                                                                      
[5/31]pkg:golang/github.com/Masterminds/semver@1.4.2   No known vulnerabilities against package/version                                                                                                                                  
[6/31]pkg:golang/github.com/Masterminds/vcs@1.13.1   No known vulnerabilities against package/version                                                                                                                                    
[7/31]pkg:golang/github.com/armon/go-radix@1.0.0   No known vulnerabilities against package/version                                                                                                                                      
[8/31]pkg:golang/github.com/boltdb/bolt@1.3.1   No known vulnerabilities against package/version                                                                                                                                         
[9/31]pkg:golang/github.com/davecgh/go-spew@1.1.0   No known vulnerabilities against package/version                                                                                                                                     
[10/31]pkg:golang/github.com/davecgh/go-spew@1.1.1   No known vulnerabilities against package/version                                                                                                                                    
[11/31]pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155   No known vulnerabilities against package/version                                                                                                     
[12/31]pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102   No known vulnerabilities against package/version                                                                                                        
[13/31]pkg:golang/github.com/dustin/go-humanize@1.0.0   No known vulnerabilities against package/version                                                                                                                                 
[14/31]pkg:golang/github.com/golang/dep@0.5.4   No known vulnerabilities against package/version                                                                                                                                         
[15/31]pkg:golang/github.com/golang/protobuf@1.2.0   No known vulnerabilities against package/version                                                                                                                                    
[16/31]pkg:golang/github.com/jmank88/nuts@0.3.0   No known vulnerabilities against package/version                                                                                                                                       
[17/31]pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b   No known vulnerabilities against package/version                                                                                                     
[18/31]pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443   No known vulnerabilities against package/version                                                                                                    
[19/31]pkg:golang/github.com/package-url/packageurl-go@0.1.0   No known vulnerabilities against package/version                                                                                                                          
[20/31]pkg:golang/github.com/pelletier/go-toml@1.4.0   No known vulnerabilities against package/version                                                                                                                                  
[21/31]pkg:golang/github.com/pkg/errors@0.8.0   No known vulnerabilities against package/version                                                                                                                                         
[22/31]pkg:golang/github.com/pmezard/go-difflib@1.0.0   No known vulnerabilities against package/version                                                                                                                                 
[23/31]pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353   No known vulnerabilities against package/version                                                                                                       
[24/31]pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24   No known vulnerabilities against package/version                                                                                                     
[25/31]pkg:golang/github.com/spf13/afero@1.2.2   No known vulnerabilities against package/version                                                                                                                                        
[26/31]pkg:golang/github.com/stretchr/testify@1.3.0   No known vulnerabilities against package/version                                                                                                                                   
[27/31]pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3   No known vulnerabilities against package/version                                                                                                                  
[28/31]pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4   No known vulnerabilities against package/version                                                                                                                 
[29/31]pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb   No known vulnerabilities against package/version                                                                                                                  
[30/31]pkg:golang/golang.org/x/text@0.3.0   No known vulnerabilities against package/version                                                                                                                                             
[31/31]pkg:golang/github.com/coreos/etcd@3.3.18%20incompatible   No known vulnerabilities against package/version                                                                                                                        

Audited dependencies:31,Vulnerable:0

*******************************************************************

Output of log cat ~/.ossindex/nancy.combined.log 
{"level":"info","msg":"Starting Nancy","time":"2020-04-02T20:04:32+02:00"}
{"level":"info","msg":"Nancy parsing config for OSS Index","time":"2020-04-02T20:04:32+02:00"}
{"level":"info","msg":"Attempting to print header","time":"2020-04-02T20:04:32+02:00"}
{"level":"info","msg":"Printing Nancy version","time":"2020-04-02T20:04:32+02:00","version":"0.1.15"}
{"level":"info","msg":"Finished printing header","time":"2020-04-02T20:04:32+02:00"}
{"level":"info","msg":"Parsing config for file based scan","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/BurntSushi/toml@0.3.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/semver@1.4.2","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/vcs@1.13.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/armon/go-radix@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/boltdb/bolt@1.3.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/coreos/etcd@3.3.18+incompatible","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/davecgh/go-spew@1.1.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/davecgh/go-spew@1.1.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/dustin/go-humanize@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/golang/dep@0.5.4","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/golang/protobuf@1.2.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/jmank88/nuts@0.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/package-url/packageurl-go@0.1.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/pelletier/go-toml@1.4.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/pkg/errors@0.8.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/pmezard/go-difflib@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/spf13/afero@1.2.2","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/stretchr/testify@1.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/golang.org/x/text@0.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:04:32+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:04:32+02:00"}
{"level":"debug","msg":"Attempting to open Badger DB","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:04:32+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:04:32+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:04:32+02:00"}
{"badger_opts":{"Dir":"/home/user/.ossindex/golang","ValueDir":"/home/user/.ossindex/golang","SyncWrites":true,"TableLoadingMode":1,"ValueLogLoadingMode":2,"NumVersionsToKeep":1,"MaxTableSize":67108864,"LevelSizeMultiplier":10,"MaxLevels":7,"ValueThreshold":32,"NumMemtables":5,"NumLevelZeroTables":5,"NumLevelZeroTablesStall":10,"LevelOneSize":268435456,"ValueLogFileSize":1073741823,"ValueLogMaxEntries":1000000,"NumCompactors":3,"DoNotCompact":false,"ReadOnly":false,"Truncate":false},"level":"debug","msg":"Set Badger Options","time":"2020-04-02T20:04:32+02:00"}
{"json_string":"{\"coordinates\":[\"pkg:golang/github.com/coreos/etcd@3.3.18+incompatible\"]}","level":"debug","msg":"Setting up new POST request to OSS Index","time":"2020-04-02T20:04:32+02:00"}
{"level":"debug","msg":"Obtaining User Agent","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Obtaining parsed User Agent string","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Attempting to obtain user agent and version","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Obtained user agent and version","time":"2020-04-02T20:04:32+02:00","user_agent_base":"nancy-client/0.1.15"}
{"level":"trace","msg":"Obtained parsed User Agent string","time":"2020-04-02T20:04:32+02:00","user_agent_parsed":"nancy-client/0.1.15 (non ci usage; linux amd64; )"}
{"level":"info","msg":"Nancy finished parsing config for OSS Index","time":"2020-04-02T20:04:33+02:00"}

cc @bhamail / @DarthHater

islippers commented 4 years ago

Log output after -clean-cache

cat ~/.ossindex/nancy.combined.log 
{"level":"info","msg":"Starting Nancy","time":"2020-04-02T20:04:32+02:00"}
{"level":"info","msg":"Nancy parsing config for OSS Index","time":"2020-04-02T20:04:32+02:00"}
{"level":"info","msg":"Attempting to print header","time":"2020-04-02T20:04:32+02:00"}
{"level":"info","msg":"Printing Nancy version","time":"2020-04-02T20:04:32+02:00","version":"0.1.15"}
{"level":"info","msg":"Finished printing header","time":"2020-04-02T20:04:32+02:00"}
{"level":"info","msg":"Parsing config for file based scan","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/BurntSushi/toml@0.3.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/semver@1.4.2","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/vcs@1.13.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/armon/go-radix@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/boltdb/bolt@1.3.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/coreos/etcd@3.3.18+incompatible","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/davecgh/go-spew@1.1.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/davecgh/go-spew@1.1.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/dustin/go-humanize@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/golang/dep@0.5.4","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/golang/protobuf@1.2.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/jmank88/nuts@0.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/package-url/packageurl-go@0.1.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/pelletier/go-toml@1.4.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/pkg/errors@0.8.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/pmezard/go-difflib@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/spf13/afero@1.2.2","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/github.com/stretchr/testify@1.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"dep":"pkg:golang/golang.org/x/text@0.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:04:32+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:04:32+02:00"}
{"level":"debug","msg":"Attempting to open Badger DB","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:04:32+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:04:32+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:04:32+02:00"}
{"badger_opts":{"Dir":"/home/user/.ossindex/golang","ValueDir":"/home/user/.ossindex/golang","SyncWrites":true,"TableLoadingMode":1,"ValueLogLoadingMode":2,"NumVersionsToKeep":1,"MaxTableSize":67108864,"LevelSizeMultiplier":10,"MaxLevels":7,"ValueThreshold":32,"NumMemtables":5,"NumLevelZeroTables":5,"NumLevelZeroTablesStall":10,"LevelOneSize":268435456,"ValueLogFileSize":1073741823,"ValueLogMaxEntries":1000000,"NumCompactors":3,"DoNotCompact":false,"ReadOnly":false,"Truncate":false},"level":"debug","msg":"Set Badger Options","time":"2020-04-02T20:04:32+02:00"}
{"json_string":"{\"coordinates\":[\"pkg:golang/github.com/coreos/etcd@3.3.18+incompatible\"]}","level":"debug","msg":"Setting up new POST request to OSS Index","time":"2020-04-02T20:04:32+02:00"}
{"level":"debug","msg":"Obtaining User Agent","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Obtaining parsed User Agent string","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Attempting to obtain user agent and version","time":"2020-04-02T20:04:32+02:00"}
{"level":"trace","msg":"Obtained user agent and version","time":"2020-04-02T20:04:32+02:00","user_agent_base":"nancy-client/0.1.15"}
{"level":"trace","msg":"Obtained parsed User Agent string","time":"2020-04-02T20:04:32+02:00","user_agent_parsed":"nancy-client/0.1.15 (non ci usage; linux amd64; )"}
{"level":"info","msg":"Nancy finished parsing config for OSS Index","time":"2020-04-02T20:04:33+02:00"}
{"level":"info","msg":"Starting Nancy","time":"2020-04-02T20:48:02+02:00"}
{"level":"info","msg":"Nancy parsing config for OSS Index","time":"2020-04-02T20:48:02+02:00"}
{"level":"info","msg":"Attempting to clean cache","time":"2020-04-02T20:48:02+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:48:02+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:48:02+02:00"}
{"level":"info","msg":"Cache cleaned","time":"2020-04-02T20:48:02+02:00"}
{"level":"info","msg":"Nancy finished parsing config for OSS Index","time":"2020-04-02T20:48:02+02:00"}
{"level":"info","msg":"Starting Nancy","time":"2020-04-02T20:48:11+02:00"}
{"level":"info","msg":"Nancy parsing config for OSS Index","time":"2020-04-02T20:48:11+02:00"}
{"level":"info","msg":"Attempting to clean cache","time":"2020-04-02T20:48:11+02:00"}
{"level":"info","msg":"Cache cleaned","time":"2020-04-02T20:48:11+02:00"}
{"level":"info","msg":"Nancy finished parsing config for OSS Index","time":"2020-04-02T20:48:11+02:00"}
{"level":"info","msg":"Starting Nancy","time":"2020-04-02T20:48:19+02:00"}
{"level":"info","msg":"Nancy parsing config for OSS Index","time":"2020-04-02T20:48:19+02:00"}
{"level":"info","msg":"Attempting to print header","time":"2020-04-02T20:48:19+02:00"}
{"level":"info","msg":"Printing Nancy version","time":"2020-04-02T20:48:19+02:00","version":"0.1.15"}
{"level":"info","msg":"Finished printing header","time":"2020-04-02T20:48:19+02:00"}
{"level":"info","msg":"Parsing config for file based scan","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/BurntSushi/toml@0.3.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/semver@1.4.2","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/vcs@1.13.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/armon/go-radix@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/boltdb/bolt@1.3.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/coreos/etcd@3.3.18+incompatible","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/davecgh/go-spew@1.1.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/davecgh/go-spew@1.1.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/dustin/go-humanize@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/golang/dep@0.5.4","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/golang/protobuf@1.2.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/jmank88/nuts@0.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/package-url/packageurl-go@0.1.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/pelletier/go-toml@1.4.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/pkg/errors@0.8.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/pmezard/go-difflib@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/spf13/afero@1.2.2","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/github.com/stretchr/testify@1.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"dep":"pkg:golang/golang.org/x/text@0.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-02T20:48:19+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:48:19+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:48:19+02:00"}
{"level":"debug","msg":"Attempting to open Badger DB","time":"2020-04-02T20:48:19+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:48:19+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:48:19+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-02T20:48:19+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-02T20:48:19+02:00"}
{"badger_opts":{"Dir":"/home/user/.ossindex/golang","ValueDir":"/home/user/.ossindex/golang","SyncWrites":true,"TableLoadingMode":1,"ValueLogLoadingMode":2,"NumVersionsToKeep":1,"MaxTableSize":67108864,"LevelSizeMultiplier":10,"MaxLevels":7,"ValueThreshold":32,"NumMemtables":5,"NumLevelZeroTables":5,"NumLevelZeroTablesStall":10,"LevelOneSize":268435456,"ValueLogFileSize":1073741823,"ValueLogMaxEntries":1000000,"NumCompactors":3,"DoNotCompact":false,"ReadOnly":false,"Truncate":false},"level":"debug","msg":"Set Badger Options","time":"2020-04-02T20:48:19+02:00"}
{"json_string":"{\"coordinates\":[\"pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7\",\"pkg:golang/github.com/BurntSushi/toml@0.3.1\",\"pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93\",\"pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8\",\"pkg:golang/github.com/Masterminds/semver@1.4.2\",\"pkg:golang/github.com/Masterminds/vcs@1.13.1\",\"pkg:golang/github.com/armon/go-radix@1.0.0\",\"pkg:golang/github.com/boltdb/bolt@1.3.1\",\"pkg:golang/github.com/coreos/etcd@3.3.18+incompatible\",\"pkg:golang/github.com/davecgh/go-spew@1.1.0\",\"pkg:golang/github.com/davecgh/go-spew@1.1.1\",\"pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155\",\"pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102\",\"pkg:golang/github.com/dustin/go-humanize@1.0.0\",\"pkg:golang/github.com/golang/dep@0.5.4\",\"pkg:golang/github.com/golang/protobuf@1.2.0\",\"pkg:golang/github.com/jmank88/nuts@0.3.0\",\"pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b\",\"pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443\",\"pkg:golang/github.com/package-url/packageurl-go@0.1.0\",\"pkg:golang/github.com/pelletier/go-toml@1.4.0\",\"pkg:golang/github.com/pkg/errors@0.8.0\",\"pkg:golang/github.com/pmezard/go-difflib@1.0.0\",\"pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353\",\"pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24\",\"pkg:golang/github.com/spf13/afero@1.2.2\",\"pkg:golang/github.com/stretchr/testify@1.3.0\",\"pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3\",\"pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4\",\"pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb\",\"pkg:golang/golang.org/x/text@0.3.0\"]}","level":"debug","msg":"Setting up new POST request to OSS Index","time":"2020-04-02T20:48:19+02:00"}
{"level":"debug","msg":"Obtaining User Agent","time":"2020-04-02T20:48:19+02:00"}
{"level":"trace","msg":"Obtaining parsed User Agent string","time":"2020-04-02T20:48:19+02:00"}
{"level":"trace","msg":"Attempting to obtain user agent and version","time":"2020-04-02T20:48:19+02:00"}
{"level":"trace","msg":"Obtained user agent and version","time":"2020-04-02T20:48:19+02:00","user_agent_base":"nancy-client/0.1.15"}
{"level":"trace","msg":"Obtained parsed User Agent string","time":"2020-04-02T20:48:19+02:00","user_agent_parsed":"nancy-client/0.1.15 (non ci usage; linux amd64; )"}
{"level":"info","msg":"Nancy finished parsing config for OSS Index","time":"2020-04-02T20:48:21+02:00"}
zendern commented 4 years ago

@DarthHater FWIW it looks like even in circleCI the intentionally venerable project is so not breaking the way it should. The build is passing when it should be failing b/c nancy finds issue.

https://app.circleci.com/jobs/github/sonatype-nexus-community/intentionally-vulnerable-golang-project/22

I'm looking a little more now but I'm wondering if something changed in the project and we just missed the fact that the build was Green when in this case it shouldn't be :)

Fun there too...thats a different version of nancy since its currently just hardcoded to a version. 

curl -s -L "https://github.com/sonatype-nexus-community/nancy/releases/download/v0.0.39/nancy-linux.amd64-v0.0.39" -o "/tmp/tools/nancy"
islippers commented 4 years ago

v0.1.16 log output.

I removed the old log file, then I ran nancy with -clean-cache Note I ran it with -vvv option. 

cat ~/.ossindex/nancy.combined.log
{"level":"info","msg":"Starting Nancy","time":"2020-04-06T06:42:31+02:00"}
{"level":"info","msg":"Nancy parsing config for OSS Index","time":"2020-04-06T06:42:31+02:00"}
{"level":"info","msg":"Attempting to clean cache","time":"2020-04-06T06:42:31+02:00"}
{"level":"info","msg":"Cache cleaned","time":"2020-04-06T06:42:31+02:00"}
{"level":"info","msg":"Nancy finished parsing config for OSS Index","time":"2020-04-06T06:42:31+02:00"}
{"level":"info","msg":"Starting Nancy","time":"2020-04-06T06:42:41+02:00"}
{"level":"info","msg":"Nancy parsing config for OSS Index","time":"2020-04-06T06:42:41+02:00"}
{"level":"info","msg":"Attempting to print header","time":"2020-04-06T06:42:41+02:00"}
{"level":"info","msg":"Printing Nancy version","time":"2020-04-06T06:42:41+02:00","version":"0.1.16"}
{"level":"info","msg":"Finished printing header","time":"2020-04-06T06:42:41+02:00"}
{"level":"info","msg":"Parsing config for file based scan","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/BurntSushi/toml@0.3.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/semver@1.4.2","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/Masterminds/vcs@1.13.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/armon/go-radix@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/boltdb/bolt@1.3.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/coreos/etcd@3.3.18+incompatible","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/davecgh/go-spew@1.1.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/davecgh/go-spew@1.1.1","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/dustin/go-humanize@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/golang/dep@0.5.4","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/golang/protobuf@1.2.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/jmank88/nuts@0.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/package-url/packageurl-go@0.1.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/pelletier/go-toml@1.4.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/pkg/errors@0.8.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/pmezard/go-difflib@1.0.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/spf13/afero@1.2.2","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/github.com/stretchr/testify@1.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"dep":"pkg:golang/golang.org/x/text@0.3.0","level":"debug","msg":"Unique dependency, adding it","time":"2020-04-06T06:42:41+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-06T06:42:41+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-06T06:42:41+02:00"}
{"level":"debug","msg":"Attempting to open Badger DB","time":"2020-04-06T06:42:41+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-06T06:42:41+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-06T06:42:41+02:00"}
{"level":"trace","msg":"Attempting to get database directory","time":"2020-04-06T06:42:41+02:00"}
{"home_dir":"/home/user","level":"trace","msg":"Obtained user directory","time":"2020-04-06T06:42:41+02:00"}
{"badger_opts":{"Dir":"/home/user/.ossindex/golang","ValueDir":"/home/user/.ossindex/golang","SyncWrites":true,"TableLoadingMode":1,"ValueLogLoadingMode":2,"NumVersionsToKeep":1,"MaxTableSize":67108864,"LevelSizeMultiplier":10,"MaxLevels":7,"ValueThreshold":32,"NumMemtables":5,"NumLevelZeroTables":5,"NumLevelZeroTablesStall":10,"LevelOneSize":268435456,"ValueLogFileSize":1073741823,"ValueLogMaxEntries":1000000,"NumCompactors":3,"DoNotCompact":false,"ReadOnly":false,"Truncate":false},"level":"debug","msg":"Set Badger Options","time":"2020-04-06T06:42:41+02:00"}
{"level":"info","msg":"Prepping request to OSS Index","request":{"coordinates":["pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7","pkg:golang/github.com/BurntSushi/toml@0.3.1","pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93","pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8","pkg:golang/github.com/Masterminds/semver@1.4.2","pkg:golang/github.com/Masterminds/vcs@1.13.1","pkg:golang/github.com/armon/go-radix@1.0.0","pkg:golang/github.com/boltdb/bolt@1.3.1","pkg:golang/github.com/coreos/etcd@3.3.18+incompatible","pkg:golang/github.com/davecgh/go-spew@1.1.0","pkg:golang/github.com/davecgh/go-spew@1.1.1","pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155","pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102","pkg:golang/github.com/dustin/go-humanize@1.0.0","pkg:golang/github.com/golang/dep@0.5.4","pkg:golang/github.com/golang/protobuf@1.2.0","pkg:golang/github.com/jmank88/nuts@0.3.0","pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b","pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443","pkg:golang/github.com/package-url/packageurl-go@0.1.0","pkg:golang/github.com/pelletier/go-toml@1.4.0","pkg:golang/github.com/pkg/errors@0.8.0","pkg:golang/github.com/pmezard/go-difflib@1.0.0","pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353","pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24","pkg:golang/github.com/spf13/afero@1.2.2","pkg:golang/github.com/stretchr/testify@1.3.0","pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3","pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4","pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb","pkg:golang/golang.org/x/text@0.3.0"]},"time":"2020-04-06T06:42:41+02:00"}
{"json_string":"{\"coordinates\":[\"pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7\",\"pkg:golang/github.com/BurntSushi/toml@0.3.1\",\"pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93\",\"pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8\",\"pkg:golang/github.com/Masterminds/semver@1.4.2\",\"pkg:golang/github.com/Masterminds/vcs@1.13.1\",\"pkg:golang/github.com/armon/go-radix@1.0.0\",\"pkg:golang/github.com/boltdb/bolt@1.3.1\",\"pkg:golang/github.com/coreos/etcd@3.3.18+incompatible\",\"pkg:golang/github.com/davecgh/go-spew@1.1.0\",\"pkg:golang/github.com/davecgh/go-spew@1.1.1\",\"pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155\",\"pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102\",\"pkg:golang/github.com/dustin/go-humanize@1.0.0\",\"pkg:golang/github.com/golang/dep@0.5.4\",\"pkg:golang/github.com/golang/protobuf@1.2.0\",\"pkg:golang/github.com/jmank88/nuts@0.3.0\",\"pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b\",\"pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443\",\"pkg:golang/github.com/package-url/packageurl-go@0.1.0\",\"pkg:golang/github.com/pelletier/go-toml@1.4.0\",\"pkg:golang/github.com/pkg/errors@0.8.0\",\"pkg:golang/github.com/pmezard/go-difflib@1.0.0\",\"pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353\",\"pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24\",\"pkg:golang/github.com/spf13/afero@1.2.2\",\"pkg:golang/github.com/stretchr/testify@1.3.0\",\"pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3\",\"pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4\",\"pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb\",\"pkg:golang/golang.org/x/text@0.3.0\"]}","level":"debug","msg":"Setting up new POST request to OSS Index","time":"2020-04-06T06:42:41+02:00"}
{"level":"debug","msg":"Obtaining User Agent","time":"2020-04-06T06:42:41+02:00"}
{"level":"trace","msg":"Obtaining parsed User Agent string","time":"2020-04-06T06:42:41+02:00"}
{"level":"trace","msg":"Attempting to obtain user agent and version","time":"2020-04-06T06:42:41+02:00"}
{"level":"trace","msg":"Obtained user agent and version","time":"2020-04-06T06:42:41+02:00","user_agent_base":"nancy-client/0.1.16"}
{"level":"trace","msg":"Obtained parsed User Agent string","time":"2020-04-06T06:42:41+02:00","user_agent_parsed":"nancy-client/0.1.16 (non ci usage; linux amd64; )"}
{"level":"info","msg":"Obtained a response from OSS Index","status_code":200,"time":"2020-04-06T06:42:42+02:00"}
{"coordinates":[{"Coordinates":"pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/BurntSushi/toml@0.3.1","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/BurntSushi/toml@0.3.1","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/Masterminds/semver@1.4.2","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/Masterminds/semver@1.4.2","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/Masterminds/vcs@1.13.1","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/Masterminds/vcs@1.13.1","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/armon/go-radix@1.0.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/armon/go-radix@1.0.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/boltdb/bolt@1.3.1","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/boltdb/bolt@1.3.1","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/coreos/etcd@3.3.18%20incompatible","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/coreos/etcd@3.3.18%20incompatible","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/davecgh/go-spew@1.1.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/davecgh/go-spew@1.1.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/davecgh/go-spew@1.1.1","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/davecgh/go-spew@1.1.1","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/dustin/go-humanize@1.0.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/dustin/go-humanize@1.0.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/golang/dep@0.5.4","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/golang/dep@0.5.4","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/golang/protobuf@1.2.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/golang/protobuf@1.2.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/jmank88/nuts@0.3.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/jmank88/nuts@0.3.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/package-url/packageurl-go@0.1.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/package-url/packageurl-go@0.1.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/pelletier/go-toml@1.4.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/pelletier/go-toml@1.4.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/pkg/errors@0.8.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/pkg/errors@0.8.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/pmezard/go-difflib@1.0.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/pmezard/go-difflib@1.0.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/spf13/afero@1.2.2","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/spf13/afero@1.2.2","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/github.com/stretchr/testify@1.3.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/github.com/stretchr/testify@1.3.0","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3","Reference":"https://ossindex.sonatype.org/component/pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4","Reference":"https://ossindex.sonatype.org/component/pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb","Reference":"https://ossindex.sonatype.org/component/pkg:golang/golang.org/x/sys@0.0.0-20181228144115-9a3f9b0469bb","Vulnerabilities":[],"InvalidSemVer":false},{"Coordinates":"pkg:golang/golang.org/x/text@0.3.0","Reference":"https://ossindex.sonatype.org/component/pkg:golang/golang.org/x/text@0.3.0","Vulnerabilities":[],"InvalidSemVer":false}],"level":"info","msg":"Coordinates unmarshalled from OSS Index","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9BbmRyZWFzQnJpZXNlL2JibG9vbUAwLjAuMC0yMDE4MDkxMzE0MDY1Ni0zNDM3MDZhMzk1YjciLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL0FuZHJlYXNCcmllc2UvYmJsb29tQDAuMC4wLTIwMTgwOTEzMTQwNjU2LTM0MzcwNmEzOTViNyIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9CdXJudFN1c2hpL3RvbWxAMC4zLjEiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL0J1cm50U3VzaGkvdG9tbEAwLjMuMSIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9GbGFxdWUvZmlsZXRAMC4wLjAtMjAxOTAyMDkyMjQ4MjMtZmM0ZDMzY2ZjZjkzIiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9GbGFxdWUvZmlsZXRAMC4wLjAtMjAxOTAyMDkyMjQ4MjMtZmM0ZDMzY2ZjZjkzIiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9NYXN0ZXJtaW5kcy9zZW12ZXJAMC4wLjAtMjAxODA0MDMxMzAyMjUtM2M5MmYzM2RhN2E4IiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9NYXN0ZXJtaW5kcy9zZW12ZXJAMC4wLjAtMjAxODA0MDMxMzAyMjUtM2M5MmYzM2RhN2E4IiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9NYXN0ZXJtaW5kcy9zZW12ZXJAMS40LjIiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL01hc3Rlcm1pbmRzL3NlbXZlckAxLjQuMiIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9NYXN0ZXJtaW5kcy92Y3NAMS4xMy4xIiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9NYXN0ZXJtaW5kcy92Y3NAMS4xMy4xIiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9hcm1vbi9nby1yYWRpeEAxLjAuMCIsIlJlZmVyZW5jZSI6Imh0dHBzOi8vb3NzaW5kZXguc29uYXR5cGUub3JnL2NvbXBvbmVudC9wa2c6Z29sYW5nL2dpdGh1Yi5jb20vYXJtb24vZ28tcmFkaXhAMS4wLjAiLCJWdWxuZXJhYmlsaXRpZXMiOltdLCJJbnZhbGlkU2VtVmVyIjpmYWxzZX0=","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9ib2x0ZGIvYm9sdEAxLjMuMSIsIlJlZmVyZW5jZSI6Imh0dHBzOi8vb3NzaW5kZXguc29uYXR5cGUub3JnL2NvbXBvbmVudC9wa2c6Z29sYW5nL2dpdGh1Yi5jb20vYm9sdGRiL2JvbHRAMS4zLjEiLCJWdWxuZXJhYmlsaXRpZXMiOltdLCJJbnZhbGlkU2VtVmVyIjpmYWxzZX0=","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9jb3Jlb3MvZXRjZEAzLjMuMTglMjBpbmNvbXBhdGlibGUiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL2NvcmVvcy9ldGNkQDMuMy4xOCUyMGluY29tcGF0aWJsZSIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9kYXZlY2doL2dvLXNwZXdAMS4xLjAiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL2RhdmVjZ2gvZ28tc3Bld0AxLjEuMCIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9kYXZlY2doL2dvLXNwZXdAMS4xLjEiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL2RhdmVjZ2gvZ28tc3Bld0AxLjEuMSIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9kZ3JhcGgtaW8vYmFkZ2VyQDEuNS41LTAuMjAxODEwMDQxODE1MDUtNDM5ZmQ0NjRiMTU1IiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9kZ3JhcGgtaW8vYmFkZ2VyQDEuNS41LTAuMjAxODEwMDQxODE1MDUtNDM5ZmQ0NjRiMTU1IiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9kZ3J5c2tpL2dvLWZhcm1AMC4wLjAtMjAxODAxMDkwNzAyNDEtMmRlMzM4MzVkMTAyIiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9kZ3J5c2tpL2dvLWZhcm1AMC4wLjAtMjAxODAxMDkwNzAyNDEtMmRlMzM4MzVkMTAyIiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9kdXN0aW4vZ28taHVtYW5pemVAMS4wLjAiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL2R1c3Rpbi9nby1odW1hbml6ZUAxLjAuMCIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9nb2xhbmcvZGVwQDAuNS40IiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9nb2xhbmcvZGVwQDAuNS40IiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9nb2xhbmcvcHJvdG9idWZAMS4yLjAiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL2dvbGFuZy9wcm90b2J1ZkAxLjIuMCIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9qbWFuazg4L251dHNAMC4zLjAiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL2ptYW5rODgvbnV0c0AwLjMuMCIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9sb2dydXNvcmdydS9hdXJvcmFAMC4wLjAtMjAxOTA4MDMwNDU2MjUtOTRlZGFjYzEwZjliIiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9sb2dydXNvcmdydS9hdXJvcmFAMC4wLjAtMjAxOTA4MDMwNDU2MjUtOTRlZGFjYzEwZjliIiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9uaWdodGx5b25lL2xvY2tmaWxlQDAuMC4wLTIwMTgwNjE4MTgwNjIzLTBhZDg3ZWVmMTQ0MyIsIlJlZmVyZW5jZSI6Imh0dHBzOi8vb3NzaW5kZXguc29uYXR5cGUub3JnL2NvbXBvbmVudC9wa2c6Z29sYW5nL2dpdGh1Yi5jb20vbmlnaHRseW9uZS9sb2NrZmlsZUAwLjAuMC0yMDE4MDYxODE4MDYyMy0wYWQ4N2VlZjE0NDMiLCJWdWxuZXJhYmlsaXRpZXMiOltdLCJJbnZhbGlkU2VtVmVyIjpmYWxzZX0=","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9wYWNrYWdlLXVybC9wYWNrYWdldXJsLWdvQDAuMS4wIiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9wYWNrYWdlLXVybC9wYWNrYWdldXJsLWdvQDAuMS4wIiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9wZWxsZXRpZXIvZ28tdG9tbEAxLjQuMCIsIlJlZmVyZW5jZSI6Imh0dHBzOi8vb3NzaW5kZXguc29uYXR5cGUub3JnL2NvbXBvbmVudC9wa2c6Z29sYW5nL2dpdGh1Yi5jb20vcGVsbGV0aWVyL2dvLXRvbWxAMS40LjAiLCJWdWxuZXJhYmlsaXRpZXMiOltdLCJJbnZhbGlkU2VtVmVyIjpmYWxzZX0=","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9wa2cvZXJyb3JzQDAuOC4wIiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9wa2cvZXJyb3JzQDAuOC4wIiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9wbWV6YXJkL2dvLWRpZmZsaWJAMS4wLjAiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9naXRodWIuY29tL3BtZXphcmQvZ28tZGlmZmxpYkAxLjAuMCIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9zZGJveWVyL2NvbnN0ZXh0QDAuMC4wLTIwMTcwMzIxMTYzNDI0LTgzNmExNDQ1NzM1MyIsIlJlZmVyZW5jZSI6Imh0dHBzOi8vb3NzaW5kZXguc29uYXR5cGUub3JnL2NvbXBvbmVudC9wa2c6Z29sYW5nL2dpdGh1Yi5jb20vc2Rib3llci9jb25zdGV4dEAwLjAuMC0yMDE3MDMyMTE2MzQyNC04MzZhMTQ0NTczNTMiLCJWdWxuZXJhYmlsaXRpZXMiOltdLCJJbnZhbGlkU2VtVmVyIjpmYWxzZX0=","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9zaG9wc3ByaW5nL2RlY2ltYWxAMC4wLjAtMjAxODA3MDkyMDMxMTctY2Q2OTBkMGM5ZTI0IiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9zaG9wc3ByaW5nL2RlY2ltYWxAMC4wLjAtMjAxODA3MDkyMDMxMTctY2Q2OTBkMGM5ZTI0IiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9zcGYxMy9hZmVyb0AxLjIuMiIsIlJlZmVyZW5jZSI6Imh0dHBzOi8vb3NzaW5kZXguc29uYXR5cGUub3JnL2NvbXBvbmVudC9wa2c6Z29sYW5nL2dpdGh1Yi5jb20vc3BmMTMvYWZlcm9AMS4yLjIiLCJWdWxuZXJhYmlsaXRpZXMiOltdLCJJbnZhbGlkU2VtVmVyIjpmYWxzZX0=","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ2l0aHViLmNvbS9zdHJldGNoci90ZXN0aWZ5QDEuMy4wIiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ2l0aHViLmNvbS9zdHJldGNoci90ZXN0aWZ5QDEuMy4wIiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ29sYW5nLm9yZy94L25ldEAwLjAuMC0yMDE4MTIyMDIwMzMwNS05MjdmOTc3NjRjYzMiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9nb2xhbmcub3JnL3gvbmV0QDAuMC4wLTIwMTgxMjIwMjAzMzA1LTkyN2Y5Nzc2NGNjMyIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ29sYW5nLm9yZy94L3N5bmNAMC4wLjAtMjAxODEyMjExOTMyMTYtMzdlN2YwODFjNGQ0IiwiUmVmZXJlbmNlIjoiaHR0cHM6Ly9vc3NpbmRleC5zb25hdHlwZS5vcmcvY29tcG9uZW50L3BrZzpnb2xhbmcvZ29sYW5nLm9yZy94L3N5bmNAMC4wLjAtMjAxODEyMjExOTMyMTYtMzdlN2YwODFjNGQ0IiwiVnVsbmVyYWJpbGl0aWVzIjpbXSwiSW52YWxpZFNlbVZlciI6ZmFsc2V9","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ29sYW5nLm9yZy94L3N5c0AwLjAuMC0yMDE4MTIyODE0NDExNS05YTNmOWIwNDY5YmIiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9nb2xhbmcub3JnL3gvc3lzQDAuMC4wLTIwMTgxMjI4MTQ0MTE1LTlhM2Y5YjA0NjliYiIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"json":"eyJDb29yZGluYXRlcyI6InBrZzpnb2xhbmcvZ29sYW5nLm9yZy94L3RleHRAMC4zLjAiLCJSZWZlcmVuY2UiOiJodHRwczovL29zc2luZGV4LnNvbmF0eXBlLm9yZy9jb21wb25lbnQvcGtnOmdvbGFuZy9nb2xhbmcub3JnL3gvdGV4dEAwLjMuMCIsIlZ1bG5lcmFiaWxpdGllcyI6W10sIkludmFsaWRTZW1WZXIiOmZhbHNlfQ==","level":"info","msg":"Marshall coordinate into json for insertion into DB","time":"2020-04-06T06:42:42+02:00"}
{"level":"info","msg":"Nancy finished parsing config for OSS Index","time":"2020-04-06T06:42:42+02:00"}
DarthHater commented 4 years ago

@zendern you are a wizard, pretty sure that's exactly it. Nancy has changed over time a tiny bit, and running this on that older project is odd, because the intentionally vulnerable project was never "real", we were just parsing files rather than using dep or go mod to get more authoritative dependency lists.

Pretty sure once this is merged: https://github.com/sonatype-nexus-community/intentionally-vulnerable-golang-project/pull/2 it will fix this issue.

zendern commented 4 years ago

@islippers when you have a minute the above PR has been merged. Can you please update your intentionally-vulnerable-golang-project and let us know that you now see vulnerabilities???

PS. I did create #110 to address us making sure this doesn't happen again and get it part of our pipeline somewhere.

DarthHater commented 4 years ago

I'm closing this on account of the work @zendern did!