diff --git a/tools/apitester/__snapshots__/cassette_TestCommand.snap b/tools/apitester/__snapshots__/cassette_TestCommand.snap index 7d239cd8d29..dc03238194d 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand.snap @@ -2,8 +2,26 @@ [Test/cassette_TestCommand/TestCommand/.gitignored_files - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -12,7 +30,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_cyclonedx_1.4_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -21,7 +48,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_cyclonedx_1.5_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -30,7 +66,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_gh-annotations_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -39,7 +84,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_sarif_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -48,7 +102,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_spdx_2.3_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -58,6 +121,13 @@ { "results": [ { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.21.7" + }, "vulns": [ { "id": "GO-2024-2598", @@ -230,6 +300,13 @@ { "results": [ { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.21.7" + }, "vulns": [ { "id": "GO-2024-2598", @@ -394,6 +471,13 @@ ] }, { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.21.7" + }, "vulns": [ { "id": "GO-2024-2598", @@ -566,6 +650,13 @@ { "results": [ { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.21.7" + }, "vulns": [ { "id": "GO-2024-2598", @@ -737,16 +828,104 @@ [Test/cassette_TestCommand/TestCommand/PURL_SBOM_case_sensitivity_(api) - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -754,10 +933,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -786,6 +999,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -801,10 +1021,44 @@ [Test/cassette_TestCommand/TestCommand/Scan_locks-many - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -812,15 +1066,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -828,11 +1161,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -852,10 +1228,46 @@ [Test/cassette_TestCommand/TestCommand/Scan_locks-many#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -864,8 +1276,26 @@ [Test/cassette_TestCommand/TestCommand/all_supported_lockfiles_in_the_directory_should_be_checked - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -874,8 +1304,18 @@ [Test/cassette_TestCommand/TestCommand/config_file_can_be_broad - 1] { "results": [ - {}, { + "query": { + "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973", + "package": {} + }, + "vulns": [] + }, + { + "query": { + "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d", + "package": {} + }, "vulns": [ { "id": "CVE-2023-39137", @@ -887,15 +1327,91 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6", + "package": {} + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -903,10 +1419,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -914,13 +1464,74 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -940,7 +1551,16 @@ [Test/cassette_TestCommand/TestCommand/config_file_is_invalid - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -949,10 +1569,44 @@ [Test/cassette_TestCommand/TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -960,15 +1614,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -976,11 +1709,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -1000,10 +1776,46 @@ [Test/cassette_TestCommand/TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -1012,8 +1824,24 @@ [Test/cassette_TestCommand/TestCommand/cyclonedx_1.4_output - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -1021,9 +1849,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -1032,8 +1887,24 @@ [Test/cassette_TestCommand/TestCommand/cyclonedx_1.5_output - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -1041,9 +1912,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -1053,6 +1951,13 @@ { "results": [ { + "query": { + "package": { + "name": "pcre3", + "ecosystem": "Ubuntu" + }, + "version": "2:8.39-12ubuntu0.1" + }, "vulns": [ { "id": "UBUNTU-CVE-2017-11164", @@ -1069,6 +1974,13 @@ { "results": [ { + "query": { + "package": { + "name": "pcre3", + "ecosystem": "Ubuntu" + }, + "version": "2:8.39-12ubuntu0.1" + }, "vulns": [ { "id": "UBUNTU-CVE-2017-11164", @@ -1084,19 +1996,134 @@ [Test/cassette_TestCommand/TestCommand/folder_of_supported_sbom_with_vulns - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "adduser", + "ecosystem": "Debian" + }, + "version": "3.115" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apt", + "ecosystem": "Debian" + }, + "version": "1.4.11" + }, "vulns": [ { "id": "DEBIAN-CVE-2011-3374", @@ -1128,9 +2155,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "base-files", + "ecosystem": "Debian" + }, + "version": "9.9+deb9u13" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "base-passwd", + "ecosystem": "Debian" + }, + "version": "3.5.43" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "bash", + "ecosystem": "Debian" + }, + "version": "4.4-5" + }, "vulns": [ { "id": "DEBIAN-CVE-2019-18276", @@ -1142,13 +2194,74 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "bsdutils", + "ecosystem": "Debian" + }, + "version": "1:2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "coreutils", + "ecosystem": "Debian" + }, + "version": "8.26-3" + }, "vulns": [ { "id": "DEBIAN-CVE-2016-2781", @@ -1168,9 +2281,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "dash", + "ecosystem": "Debian" + }, + "version": "0.5.8-2.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "debconf", + "ecosystem": "Debian" + }, + "version": "1.5.61" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "debian-archive-keyring", + "ecosystem": "Debian" + }, + "version": "2017.5+deb9u2" + }, "vulns": [ { "id": "DLA-3482-1", @@ -1178,10 +2316,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "debianutils", + "ecosystem": "Debian" + }, + "version": "4.8.1.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "diffutils", + "ecosystem": "Debian" + }, + "version": "1:3.5-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "dirmngr", + "ecosystem": "Debian" + }, + "version": "2.1.18-8~deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "dpkg", + "ecosystem": "Debian" + }, + "version": "1.18.25" + }, "vulns": [ { "id": "DEBIAN-CVE-2022-1664", @@ -1205,8 +2377,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "e2fslibs", + "ecosystem": "Debian" + }, + "version": "1.43.4-2+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "e2fsprogs", + "ecosystem": "Debian" + }, + "version": "1.43.4-2+deb9u2" + }, "vulns": [ { "id": "DEBIAN-CVE-2019-5094", @@ -1230,9 +2418,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "findutils", + "ecosystem": "Debian" + }, + "version": "4.6.0+git+20161106-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "gcc-6-base", + "ecosystem": "Debian" + }, + "version": "6.3.0-18+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "github.com/opencontainers/runc", + "ecosystem": "Go" + }, + "version": "v1.0.1" + }, "vulns": [ { "id": "GHSA-9493-h29p-rfm2", @@ -1316,149 +2529,915 @@ } ] }, - {}, - {}, - {}, { - "vulns": [ - { - "id": "GHSA-p782-xgp4-8hr8", - "modified": "" - }, - { - "id": "GO-2022-0493", - "modified": "" - } - ] + "query": { + "package": { + "name": "github.com/tianon/gosu", + "ecosystem": "Go" + }, + "version": "(devel)" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "gnupg", + "ecosystem": "Debian" + }, + "version": "2.1.18-8~deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "gnupg-agent", + "ecosystem": "Debian" + }, + "version": "2.1.18-8~deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "golang.org/x/sys", + "ecosystem": "Go" + }, + "version": "v0.0.0-20210817142637-7d9622a276b7" + }, + "vulns": [ + { + "id": "GHSA-p782-xgp4-8hr8", + "modified": "" + }, + { + "id": "GO-2022-0493", + "modified": "" + } + ] + }, + { + "query": { + "package": { + "name": "gpgv", + "ecosystem": "Debian" + }, + "version": "2.1.18-8~deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "grep", + "ecosystem": "Debian" + }, + "version": "2.27-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "gzip", + "ecosystem": "Debian" + }, + "version": "1.6-5+deb9u1" + }, + "vulns": [ + { + "id": "DEBIAN-CVE-2022-1271", + "modified": "" + }, + { + "id": "DSA-5122-1", + "modified": "" + } + ] + }, + { + "query": { + "package": { + "name": "hostname", + "ecosystem": "Debian" + }, + "version": "3.18+b1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "init-system-helpers", + "ecosystem": "Debian" + }, + "version": "1.48" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libacl1", + "ecosystem": "Debian" + }, + "version": "2.2.52-3+b1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libapt-pkg5.0", + "ecosystem": "Debian" + }, + "version": "1.4.11" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libassuan0", + "ecosystem": "Debian" + }, + "version": "2.4.3-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libattr1", + "ecosystem": "Debian" + }, + "version": "1:2.4.47-2+b2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libaudit-common", + "ecosystem": "Debian" + }, + "version": "1:2.6.7-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libaudit1", + "ecosystem": "Debian" + }, + "version": "1:2.6.7-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libblkid1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libbsd0", + "ecosystem": "Debian" + }, + "version": "0.8.3-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libbz2-1.0", + "ecosystem": "Debian" + }, + "version": "1.0.6-8.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-bin", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-l10n", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc6", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcap-ng0", + "ecosystem": "Debian" + }, + "version": "0.7.7-3+b1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcomerr2", + "ecosystem": "Debian" + }, + "version": "1.43.4-2+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libdb5.3", + "ecosystem": "Debian" + }, + "version": "5.3.28-12+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libdebconfclient0", + "ecosystem": "Debian" + }, + "version": "0.227" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libedit2", + "ecosystem": "Debian" + }, + "version": "3.1-20160903-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libfdisk1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libffi6", + "ecosystem": "Debian" + }, + "version": "3.2.1-6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgcc1", + "ecosystem": "Debian" + }, + "version": "1:6.3.0-18+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgcrypt20", + "ecosystem": "Debian" + }, + "version": "1.7.6-2+deb9u4" + }, + "vulns": [ + { + "id": "DEBIAN-CVE-2017-0379", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2017-7526", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2018-0495", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2018-6829", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2019-13627", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2021-33560", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2021-40528", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2024-2236", + "modified": "" + } + ] + }, + { + "query": { + "package": { + "name": "libgdbm3", + "ecosystem": "Debian" + }, + "version": "1.8.3-14" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgmp10", + "ecosystem": "Debian" + }, + "version": "2:6.1.2+dfsg-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgnutls30", + "ecosystem": "Debian" + }, + "version": "3.5.8-5+deb9u6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgpg-error0", + "ecosystem": "Debian" + }, + "version": "1.26-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgssapi-krb5-2", + "ecosystem": "Debian" + }, + "version": "1.15-1+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libhogweed4", + "ecosystem": "Debian" + }, + "version": "3.3-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libicu57", + "ecosystem": "Debian" + }, + "version": "57.1-6+deb9u5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libidn11", + "ecosystem": "Debian" + }, + "version": "1.33-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libjson-perl", + "ecosystem": "Debian" + }, + "version": "2.90-1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libk5crypto3", + "ecosystem": "Debian" + }, + "version": "1.15-1+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libkeyutils1", + "ecosystem": "Debian" + }, + "version": "1.5.9-9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libkrb5-3", + "ecosystem": "Debian" + }, + "version": "1.15-1+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libkrb5support0", + "ecosystem": "Debian" + }, + "version": "1.15-1+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libksba8", + "ecosystem": "Debian" + }, + "version": "1.3.5-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libldap-2.4-2", + "ecosystem": "Debian" + }, + "version": "2.4.44+dfsg-5+deb9u8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libldap-common", + "ecosystem": "Debian" + }, + "version": "2.4.44+dfsg-5+deb9u8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libllvm6.0", + "ecosystem": "Debian" + }, + "version": "1:6.0-1~bpo9+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "liblz4-1", + "ecosystem": "Debian" + }, + "version": "0.0~r131-2+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "liblzma5", + "ecosystem": "Debian" + }, + "version": "5.2.2-1.2+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libmount1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libncurses5", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libncursesw5", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libnettle6", + "ecosystem": "Debian" + }, + "version": "3.3-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libnpth0", + "ecosystem": "Debian" + }, + "version": "1.3-1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libnss-wrapper", + "ecosystem": "Debian" + }, + "version": "1.1.3-1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libp11-kit0", + "ecosystem": "Debian" + }, + "version": "0.23.3-2+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpam-modules", + "ecosystem": "Debian" + }, + "version": "1.1.8-3.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpam-modules-bin", + "ecosystem": "Debian" + }, + "version": "1.1.8-3.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpam-runtime", + "ecosystem": "Debian" + }, + "version": "1.1.8-3.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpam0g", + "ecosystem": "Debian" + }, + "version": "1.1.8-3.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpcre3", + "ecosystem": "Debian" + }, + "version": "2:8.39-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libperl5.24", + "ecosystem": "Debian" + }, + "version": "5.24.1-3+deb9u7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpq5", + "ecosystem": "Debian" + }, + "version": "14.2-1.pgdg90+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libreadline7", + "ecosystem": "Debian" + }, + "version": "7.0-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsasl2-2", + "ecosystem": "Debian" + }, + "version": "2.1.27~101-g0780600+dfsg-3+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsasl2-modules-db", + "ecosystem": "Debian" + }, + "version": "2.1.27~101-g0780600+dfsg-3+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libselinux1", + "ecosystem": "Debian" + }, + "version": "2.6-3+b3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsemanage-common", + "ecosystem": "Debian" + }, + "version": "2.6-2" + }, + "vulns": [] }, - {}, - {}, { - "vulns": [ - { - "id": "DEBIAN-CVE-2022-1271", - "modified": "" - }, - { - "id": "DSA-5122-1", - "modified": "" - } - ] + "query": { + "package": { + "name": "libsemanage1", + "ecosystem": "Debian" + }, + "version": "2.6-2" + }, + "vulns": [] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { - "vulns": [ - { - "id": "DEBIAN-CVE-2017-0379", - "modified": "" - }, - { - "id": "DEBIAN-CVE-2017-7526", - "modified": "" - }, - { - "id": "DEBIAN-CVE-2018-0495", - "modified": "" - }, - { - "id": "DEBIAN-CVE-2018-6829", - "modified": "" - }, - { - "id": "DEBIAN-CVE-2019-13627", - "modified": "" - }, - { - "id": "DEBIAN-CVE-2021-33560", - "modified": "" - }, - { - "id": "DEBIAN-CVE-2021-40528", - "modified": "" - }, - { - "id": "DEBIAN-CVE-2024-2236", - "modified": "" - } - ] + "query": { + "package": { + "name": "libsepol1", + "ecosystem": "Debian" + }, + "version": "2.6-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsmartcols1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsqlite3-0", + "ecosystem": "Debian" + }, + "version": "3.16.2-5+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libss2", + "ecosystem": "Debian" + }, + "version": "1.43.4-2+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl1.1", + "ecosystem": "Debian" + }, + "version": "1.1.0l-1~deb9u5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libstdc++6", + "ecosystem": "Debian" + }, + "version": "6.3.0-18+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsystemd0", + "ecosystem": "Debian" + }, + "version": "232-25+deb9u13" + }, + "vulns": [] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libtasn1-6", + "ecosystem": "Debian" + }, + "version": "4.10-1.1+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2017-10790", @@ -1498,11 +3477,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libtinfo5", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libudev1", + "ecosystem": "Debian" + }, + "version": "232-25+deb9u13" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libustr-1.0-1", + "ecosystem": "Debian" + }, + "version": "1.0.4-6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libuuid1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libxml2", + "ecosystem": "Debian" + }, + "version": "2.9.4+dfsg1-2.2+deb9u6" + }, "vulns": [ { "id": "DEBIAN-CVE-2016-3709", @@ -1774,15 +3796,99 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libxslt1.1", + "ecosystem": "Debian" + }, + "version": "1.1.29-2.1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libzstd1", + "ecosystem": "Debian" + }, + "version": "1.1.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "locales", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "login", + "ecosystem": "Debian" + }, + "version": "1:4.4-4.1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "lsb-base", + "ecosystem": "Debian" + }, + "version": "9.20161125" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "mawk", + "ecosystem": "Debian" + }, + "version": "1.3.3-17+b3" + }, + "vulns": [ + { + "id": "DEBIAN-CVE-2017-20229", + "modified": "" + } + ] + }, + { + "query": { + "package": { + "name": "mount", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "multiarch-support", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -1791,6 +3897,13 @@ ] }, { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -1798,13 +3911,74 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ncurses-base", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ncurses-bin", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "netbase", + "ecosystem": "Debian" + }, + "version": "5.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "openssl", + "ecosystem": "Debian" + }, + "version": "1.1.0l-1~deb9u5" + }, "vulns": [ { "id": "DEBIAN-CVE-2018-0732", @@ -2204,8 +4378,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "passwd", + "ecosystem": "Debian" + }, + "version": "1:4.4-4.1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pcre3", + "ecosystem": "Ubuntu" + }, + "version": "2:8.39-12ubuntu0.1" + }, "vulns": [ { "id": "UBUNTU-CVE-2017-11164", @@ -2214,6 +4404,13 @@ ] }, { + "query": { + "package": { + "name": "perl", + "ecosystem": "Debian" + }, + "version": "5.24.1-3+deb9u7" + }, "vulns": [ { "id": "DEBIAN-CVE-2011-4116", @@ -2313,12 +4510,64 @@ } ] }, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "perl-base", + "ecosystem": "Debian" + }, + "version": "5.24.1-3+deb9u7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "perl-modules-5.24", + "ecosystem": "Debian" + }, + "version": "5.24.1-3+deb9u7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pgdg-keyring", + "ecosystem": "Debian" + }, + "version": "2018.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pinentry-curses", + "ecosystem": "Debian" + }, + "version": "1.0.0-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql", + "ecosystem": "OSS-Fuzz" + }, + "version": "11.15" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql-11", + "ecosystem": "Debian" + }, + "version": "11.15-1.pgdg90+1" + }, "vulns": [ { "id": "DLA-3072-1", @@ -2354,15 +4603,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "postgresql-client-11", + "ecosystem": "Debian" + }, + "version": "11.15-1.pgdg90+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql-client-common", + "ecosystem": "Debian" + }, + "version": "238.pgdg90+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql-common", + "ecosystem": "Debian" + }, + "version": "238.pgdg90+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "readline-common", + "ecosystem": "Debian" + }, + "version": "7.0-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sed", + "ecosystem": "Debian" + }, + "version": "4.4-1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sensible-utils", + "ecosystem": "Debian" + }, + "version": "0.0.9+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2017-17512", @@ -2370,11 +4698,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "ssl-cert", + "ecosystem": "Debian" + }, + "version": "1.0.39" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sysvinit-utils", + "ecosystem": "Debian" + }, + "version": "2.88dsf-59.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "tar", + "ecosystem": "Debian" + }, + "version": "1.29b-1.1+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2005-2541", @@ -2407,6 +4778,13 @@ ] }, { + "query": { + "package": { + "name": "tzdata", + "ecosystem": "Debian" + }, + "version": "2021a-0+deb9u3" + }, "vulns": [ { "id": "DLA-3051-1", @@ -2455,6 +4833,13 @@ ] }, { + "query": { + "package": { + "name": "ucf", + "ecosystem": "Debian" + }, + "version": "3.0036" + }, "vulns": [ { "id": "DLA-4016-1", @@ -2463,6 +4848,13 @@ ] }, { + "query": { + "package": { + "name": "util-linux", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2016-2779", @@ -2515,6 +4907,13 @@ ] }, { + "query": { + "package": { + "name": "xz-utils", + "ecosystem": "Debian" + }, + "version": "5.2.2-1.2+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2022-1271", @@ -2539,6 +4938,13 @@ ] }, { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2559,6 +4965,13 @@ ] }, { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2579,6 +4992,13 @@ ] }, { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2599,6 +5019,13 @@ ] }, { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.12-r1" + }, "vulns": [ { "id": "ALPINE-CVE-2022-37434", @@ -2614,8 +5041,26 @@ } ] }, - {}, - {} + { + "query": { + "package": { + "name": "zlib1g", + "ecosystem": "Debian" + }, + "version": "1:1.2.8.dfsg-5+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zstd", + "ecosystem": "Debian" + }, + "version": "1.1.2-1+deb9u1" + }, + "vulns": [] + } ] } @@ -2625,6 +5070,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -2641,6 +5093,13 @@ { "results": [ { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.24.4" + }, "vulns": [ { "id": "GO-2025-3849", @@ -2729,6 +5188,13 @@ ] }, { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.24.4" + }, "vulns": [ { "id": "GO-2025-3828", @@ -2753,6 +5219,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -2768,14 +5241,86 @@ [Test/cassette_TestCommand/TestCommand/ignoring_.gitignore - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2784,7 +5329,16 @@ [Test/cassette_TestCommand/TestCommand/json_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2793,8 +5347,26 @@ [Test/cassette_TestCommand/TestCommand/nested_directories_are_checked_when_`--recursive`_is_passed - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2803,7 +5375,16 @@ [Test/cassette_TestCommand/TestCommand/no_lockfiles_with_recursion_and_with_allow_flag_are_fine - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2812,7 +5393,16 @@ [Test/cassette_TestCommand/TestCommand/no_lockfiles_with_recursion_but_without_allow_flag_are_fine - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2821,7 +5411,16 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_lockfile - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2831,6 +5430,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -2846,7 +5452,16 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_lockfile_with_offline_explicitly_false - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2855,16 +5470,104 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_duplicate_PURLs - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -2872,10 +5575,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2903,16 +5640,104 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_duplicate_PURLs_using_-L_flag - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -2920,10 +5745,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2951,14 +5810,86 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_invalid_PURLs - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + } ] } @@ -2967,14 +5898,86 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_invalid_PURLs_using_-L_flag - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + } ] } @@ -2983,16 +5986,104 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_vulns - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -3000,10 +6091,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -3031,16 +6156,104 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_vulns_using_-L_flag - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -3048,10 +6261,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -3079,7 +6326,16 @@ [Test/cassette_TestCommand/TestCommand/only_the_files_in_the_given_directories_are_checked_by_default_(no_recursion) - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -3089,6 +6345,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -3105,6 +6368,13 @@ { "results": [ { + "query": { + "package": { + "name": "black", + "ecosystem": "PyPI" + }, + "version": "25.1.0" + }, "vulns": [ { "id": "GHSA-3936-cmfr-pm3m", @@ -3112,15 +6382,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -3157,6 +6506,13 @@ ] }, { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -3193,6 +6549,13 @@ ] }, { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "2.2.24" + }, "vulns": [ { "id": "GHSA-2gwj-7jmv-h26r", @@ -3285,6 +6648,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3301,6 +6671,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3317,6 +6694,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3333,6 +6717,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3349,6 +6740,13 @@ ] }, { + "query": { + "package": { + "name": "flask-cors", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-43qf-4rqw-9q2g", @@ -3385,6 +6783,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -3397,6 +6802,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -3408,20 +6820,144 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "mypy-extensions", + "ecosystem": "PyPI" + }, + "version": "1.1.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "packaging", + "ecosystem": "PyPI" + }, + "version": "25.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pandas", + "ecosystem": "PyPI" + }, + "version": "0.23.4" + }, "vulns": [ { "id": "PYSEC-2020-73", @@ -3429,12 +6965,64 @@ } ] }, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "pathspec", + "ecosystem": "PyPI" + }, + "version": "0.12.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "platformdirs", + "ecosystem": "PyPI" + }, + "version": "4.4.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -3459,6 +7047,13 @@ ] }, { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -3483,6 +7078,13 @@ ] }, { + "query": { + "package": { + "name": "sqlparse", + "ecosystem": "PyPI" + }, + "version": "0.5.3" + }, "vulns": [ { "id": "GHSA-27jp-wm6q-gp25", @@ -3490,9 +7092,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "tomli", + "ecosystem": "PyPI" + }, + "version": "2.2.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "typing-extensions", + "ecosystem": "PyPI" + }, + "version": "4.15.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -3545,6 +7172,13 @@ ] }, { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -3597,6 +7231,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -3613,6 +7254,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -3629,6 +7277,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -3653,6 +7308,13 @@ { "results": [ { + "query": { + "package": { + "name": "black", + "ecosystem": "PyPI" + }, + "version": "25.1.0" + }, "vulns": [ { "id": "GHSA-3936-cmfr-pm3m", @@ -3660,15 +7322,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -3705,6 +7446,13 @@ ] }, { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -3741,6 +7489,13 @@ ] }, { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "2.2.24" + }, "vulns": [ { "id": "GHSA-2gwj-7jmv-h26r", @@ -3833,6 +7588,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3849,6 +7611,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3865,6 +7634,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3881,6 +7657,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3897,6 +7680,13 @@ ] }, { + "query": { + "package": { + "name": "flask-cors", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-43qf-4rqw-9q2g", @@ -3933,6 +7723,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -3945,6 +7742,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -3956,20 +7760,144 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "mypy-extensions", + "ecosystem": "PyPI" + }, + "version": "1.1.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "packaging", + "ecosystem": "PyPI" + }, + "version": "25.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pandas", + "ecosystem": "PyPI" + }, + "version": "0.23.4" + }, "vulns": [ { "id": "PYSEC-2020-73", @@ -3977,12 +7905,64 @@ } ] }, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "pathspec", + "ecosystem": "PyPI" + }, + "version": "0.12.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "platformdirs", + "ecosystem": "PyPI" + }, + "version": "4.5.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -4007,6 +7987,13 @@ ] }, { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -4031,6 +8018,13 @@ ] }, { + "query": { + "package": { + "name": "sqlparse", + "ecosystem": "PyPI" + }, + "version": "0.5.3" + }, "vulns": [ { "id": "GHSA-27jp-wm6q-gp25", @@ -4038,9 +8032,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "tomli", + "ecosystem": "PyPI" + }, + "version": "2.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "typing-extensions", + "ecosystem": "PyPI" + }, + "version": "4.15.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -4093,6 +8112,13 @@ ] }, { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -4145,6 +8171,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -4161,6 +8194,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -4177,6 +8217,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -4200,8 +8247,24 @@ [Test/cassette_TestCommand/TestCommand/spdx_2.3_output - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -4209,9 +8272,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -4220,7 +8310,16 @@ [Test/cassette_TestCommand/TestCommand/verbosity_level_=_error - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -4229,7 +8328,16 @@ [Test/cassette_TestCommand/TestCommand/verbosity_level_=_info - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommandNonGit.snap b/tools/apitester/__snapshots__/cassette_TestCommandNonGit.snap index b9a796d03fa..f193232e42a 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommandNonGit.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommandNonGit.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommandNonGit/TestCommandNonGit/one_specific_supported_lockfile - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_CallAnalysis.snap b/tools/apitester/__snapshots__/cassette_TestCommand_CallAnalysis.snap index 71dcf91312c..3d93526e5a1 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_CallAnalysis.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_CallAnalysis.snap @@ -3,6 +3,13 @@ { "results": [ { + "query": { + "package": { + "name": "github.com/gogo/protobuf", + "ecosystem": "Go" + }, + "version": "1.3.1" + }, "vulns": [ { "id": "GHSA-c3h9-896r-86jm", @@ -15,6 +22,13 @@ ] }, { + "query": { + "package": { + "name": "github.com/ipfs/go-bitfield", + "ecosystem": "Go" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-2h6c-j3gf-xp9r", @@ -27,6 +41,13 @@ ] }, { + "query": { + "package": { + "name": "golang.org/x/image", + "ecosystem": "Go" + }, + "version": "0.4.0" + }, "vulns": [ { "id": "GHSA-9phm-fm57-rhg8", @@ -75,6 +96,13 @@ { "results": [ { + "query": { + "package": { + "name": "github.com/gogo/protobuf", + "ecosystem": "Go" + }, + "version": "1.3.1" + }, "vulns": [ { "id": "GHSA-c3h9-896r-86jm", @@ -95,6 +123,13 @@ { "results": [ { + "query": { + "package": { + "name": "github.com/gogo/protobuf", + "ecosystem": "Go" + }, + "version": "1.3.1" + }, "vulns": [ { "id": "GHSA-c3h9-896r-86jm", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors.snap b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors.snap index 6e0b1fe025d..5b251968781 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors.snap @@ -3,6 +3,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -10,7 +17,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -20,6 +36,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -27,7 +50,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -37,6 +69,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -52,18 +91,124 @@ [Test/cassette_TestCommand_ExplicitExtractors/TestCommand_ExplicitExtractors/scanning_directory_with_one_specific_extractor_disabled - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -71,11 +216,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -96,6 +284,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -112,6 +307,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithDefaults.snap b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithDefaults.snap index fc04e207e37..f5562d02c5b 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithDefaults.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithDefaults.snap @@ -2,10 +2,46 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_individually - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -14,10 +50,44 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_individually#01 - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -25,15 +95,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -41,11 +190,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -65,10 +257,44 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_specified_together - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -76,15 +302,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -92,11 +397,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -116,10 +464,46 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_specified_together#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -128,10 +512,44 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_an_extractor_that_does_not_exist - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -139,15 +557,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -155,11 +652,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -179,10 +719,46 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_an_extractor_that_does_not_exist#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -191,9 +767,36 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_one_specific_extractor_disabled - 1] { "results": [ - {}, - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -202,18 +805,124 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_one_specific_extractor_disabled#01 - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -221,11 +930,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -245,10 +997,44 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_one_specific_extractor_enabled_and_the_defaults - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -256,15 +1042,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -272,11 +1137,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -296,10 +1204,46 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_one_specific_extractor_enabled_and_the_defaults#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -308,7 +1252,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_different_extractor_enabled - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -318,6 +1271,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -333,7 +1293,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_specific_extractor_enabled#01 - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithoutDefaults.snap b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithoutDefaults.snap index 01985806a83..f17d83477da 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithoutDefaults.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithoutDefaults.snap @@ -3,6 +3,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -10,7 +17,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -19,8 +35,26 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_individually#01 - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -30,6 +64,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -37,7 +78,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -46,8 +96,26 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_specified_together#01 - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -57,6 +125,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -72,7 +147,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_an_extractor_that_does_not_exist#01 - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + } ] } @@ -81,18 +165,124 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_one_specific_extractor_disabled - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -100,11 +290,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -124,9 +357,36 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_one_specific_extractor_disabled#01 - 1] { "results": [ - {}, - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -136,6 +396,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -151,7 +418,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_one_specific_extractor_enabled_and_no_defaults#01 - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + } ] } @@ -161,6 +437,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -176,7 +459,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_file_with_one_specific_extractor_enabled#01 - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_GithubActions.snap b/tools/apitester/__snapshots__/cassette_TestCommand_GithubActions.snap index 7fd2a6eed15..e465495f3aa 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_GithubActions.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_GithubActions.snap @@ -2,8 +2,18 @@ [Test/cassette_TestCommand_GithubActions/TestCommand_GithubActions/scanning_osv-scanner_custom_format - 1] { "results": [ - {}, { + "query": { + "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973", + "package": {} + }, + "vulns": [] + }, + { + "query": { + "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d", + "package": {} + }, "vulns": [ { "id": "CVE-2023-39137", @@ -15,7 +25,13 @@ } ] }, - {} + { + "query": { + "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6", + "package": {} + }, + "vulns": [] + } ] } @@ -24,8 +40,18 @@ [Test/cassette_TestCommand_GithubActions/TestCommand_GithubActions/scanning_osv-scanner_custom_format_output_json - 1] { "results": [ - {}, { + "query": { + "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973", + "package": {} + }, + "vulns": [] + }, + { + "query": { + "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d", + "package": {} + }, "vulns": [ { "id": "CVE-2023-39137", @@ -37,7 +63,13 @@ } ] }, - {} + { + "query": { + "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6", + "package": {} + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_HtmlFile.snap b/tools/apitester/__snapshots__/cassette_TestCommand_HtmlFile.snap index 1345c968ffd..82849f1c519 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_HtmlFile.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_HtmlFile.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_HtmlFile/TestCommand_HtmlFile - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_JavareachArchive.snap b/tools/apitester/__snapshots__/cassette_TestCommand_JavareachArchive.snap index 14a3130fa68..d0c7ced1a7f 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_JavareachArchive.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_JavareachArchive.snap @@ -2,9 +2,34 @@ [Test/cassette_TestCommand_JavareachArchive/TestCommand_JavareachArchive/jars_can_be_scanned_with_call_analysis - 1] { "results": [ - {}, - {}, { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-core", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-kms", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-s3", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, "vulns": [ { "id": "GHSA-c28r-hw5m-5gv3", @@ -12,10 +37,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.amazonaws:jmespath-java", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.example:hello-tester", + "ecosystem": "Maven" + }, + "version": "1.0-SNAPSHOT" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-annotations", + "ecosystem": "Maven" + }, + "version": "2.6.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-core", + "ecosystem": "Maven" + }, + "version": "2.14.0" + }, "vulns": [ { "id": "GHSA-72hv-8253-57qq", @@ -28,6 +87,13 @@ ] }, { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-databind", + "ecosystem": "Maven" + }, + "version": "2.6.7.1" + }, "vulns": [ { "id": "GHSA-288c-cq4h-88gq", @@ -223,11 +289,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor", + "ecosystem": "Maven" + }, + "version": "2.6.7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "commons-codec:commons-codec", + "ecosystem": "Maven" + }, + "version": "1.10" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "commons-logging:commons-logging", + "ecosystem": "Maven" + }, + "version": "1.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "joda-time:joda-time", + "ecosystem": "Maven" + }, + "version": "2.8.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.commons:commons-lang3", + "ecosystem": "Maven" + }, + "version": "3.12.0" + }, "vulns": [ { "id": "GHSA-j288-q9x7-2f5v", @@ -236,6 +345,13 @@ ] }, { + "query": { + "package": { + "name": "org.apache.httpcomponents:httpclient", + "ecosystem": "Maven" + }, + "version": "4.5.5" + }, "vulns": [ { "id": "GHSA-7r82-7xv7-xcpj", @@ -243,9 +359,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "org.apache.httpcomponents:httpcore", + "ecosystem": "Maven" + }, + "version": "4.4.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-continuation", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-http", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, "vulns": [ { "id": "GHSA-cj7v-27pg-wf7q", @@ -265,8 +406,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-io", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-servlets", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, "vulns": [ { "id": "GHSA-3gh6-v5v9-6v9j", @@ -282,8 +439,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-util", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "software.amazon.ion:ion-java", + "ecosystem": "Maven" + }, + "version": "1.0.2" + }, "vulns": [ { "id": "GHSA-264p-99wq-f4j6", @@ -299,9 +472,34 @@ [Test/cassette_TestCommand_JavareachArchive/TestCommand_JavareachArchive/jars_can_be_scanned_without_call_analysis - 1] { "results": [ - {}, - {}, { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-core", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-kms", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-s3", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, "vulns": [ { "id": "GHSA-c28r-hw5m-5gv3", @@ -309,10 +507,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.amazonaws:jmespath-java", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.example:hello-tester", + "ecosystem": "Maven" + }, + "version": "1.0-SNAPSHOT" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-annotations", + "ecosystem": "Maven" + }, + "version": "2.6.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-core", + "ecosystem": "Maven" + }, + "version": "2.14.0" + }, "vulns": [ { "id": "GHSA-72hv-8253-57qq", @@ -325,6 +557,13 @@ ] }, { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-databind", + "ecosystem": "Maven" + }, + "version": "2.6.7.1" + }, "vulns": [ { "id": "GHSA-288c-cq4h-88gq", @@ -520,11 +759,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor", + "ecosystem": "Maven" + }, + "version": "2.6.7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "commons-codec:commons-codec", + "ecosystem": "Maven" + }, + "version": "1.10" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "commons-logging:commons-logging", + "ecosystem": "Maven" + }, + "version": "1.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "joda-time:joda-time", + "ecosystem": "Maven" + }, + "version": "2.8.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.commons:commons-lang3", + "ecosystem": "Maven" + }, + "version": "3.12.0" + }, "vulns": [ { "id": "GHSA-j288-q9x7-2f5v", @@ -533,6 +815,13 @@ ] }, { + "query": { + "package": { + "name": "org.apache.httpcomponents:httpclient", + "ecosystem": "Maven" + }, + "version": "4.5.5" + }, "vulns": [ { "id": "GHSA-7r82-7xv7-xcpj", @@ -540,9 +829,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "org.apache.httpcomponents:httpcore", + "ecosystem": "Maven" + }, + "version": "4.4.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-continuation", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-http", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, "vulns": [ { "id": "GHSA-cj7v-27pg-wf7q", @@ -562,8 +876,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-io", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-servlets", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, "vulns": [ { "id": "GHSA-3gh6-v5v9-6v9j", @@ -579,8 +909,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-util", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "software.amazon.ion:ion-java", + "ecosystem": "Maven" + }, + "version": "1.0.2" + }, "vulns": [ { "id": "GHSA-264p-99wq-f4j6", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_Licenses.snap b/tools/apitester/__snapshots__/cassette_TestCommand_Licenses.snap index 638a909f050..a15e123eadc 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_Licenses.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_Licenses.snap @@ -2,10 +2,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Licenses_in_summary_mode_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -14,10 +50,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Licenses_with_expressions - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -26,10 +98,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Licenses_with_invalid_expression_in_config - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -38,10 +146,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_license_violations_and_show-all-packages_in_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -50,7 +194,16 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_but_license_violations_with_allowlist - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -59,10 +212,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_with_license_summary - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -71,10 +260,44 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_with_license_summary#01 - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -82,15 +305,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -98,11 +400,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -122,10 +467,44 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_with_license_summary_in_markdown - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -133,15 +512,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -149,11 +607,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -173,10 +674,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_with_license_summary_in_markdown#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -185,10 +722,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Show_all_Packages_with_license_summary_in_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -197,14 +770,84 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Some_packages_with_ignored_licenses - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -212,10 +855,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", @@ -223,13 +900,74 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -249,8 +987,24 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Some_packages_with_ignored_licenses#01 - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -258,9 +1012,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + } ] } @@ -269,10 +1050,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Some_packages_with_license_violations_and_show-all-packages_in_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -281,10 +1098,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Some_packages_with_license_violations_in_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -294,6 +1147,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -310,6 +1170,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -326,6 +1193,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_LockfileWithExplicitParseAs.snap b/tools/apitester/__snapshots__/cassette_TestCommand_LockfileWithExplicitParseAs.snap index a932c0f8e5d..05b0b961347 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_LockfileWithExplicitParseAs.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_LockfileWithExplicitParseAs.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_LockfileWithExplicitParseAs/TestCommand_LockfileWithExplicitParseAs/absolute_paths_are_automatically_escaped_on_windows - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -11,7 +20,16 @@ [Test/cassette_TestCommand_LockfileWithExplicitParseAs/TestCommand_LockfileWithExplicitParseAs/absolute_paths_work_with_explicit_escaping - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -20,7 +38,16 @@ [Test/cassette_TestCommand_LockfileWithExplicitParseAs/TestCommand_LockfileWithExplicitParseAs/empty_is_default - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -30,6 +57,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -38,6 +72,13 @@ ] }, { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -45,8 +86,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -54,9 +111,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -66,6 +150,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -74,6 +165,13 @@ ] }, { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -81,8 +179,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -90,9 +204,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -107,6 +248,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -114,8 +262,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -123,9 +287,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap b/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap index 69e9d2e386f..c10c9a313a9 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap @@ -2,12 +2,64 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/cabal.project.freeze - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "AC-Angle", + "ecosystem": "Hackage" + }, + "version": "1.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ALUT", + "ecosystem": "Hackage" + }, + "version": "2.4.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ANum", + "ecosystem": "Hackage" + }, + "version": "0.2.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "Agda", + "ecosystem": "Hackage" + }, + "version": "2.6.4.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "Allure", + "ecosystem": "Hackage" + }, + "version": "0.11.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "biscuit-haskell", + "ecosystem": "Hackage" + }, + "version": "0.3.0.0" + }, "vulns": [ { "id": "HSEC-2024-0009", @@ -23,9 +75,34 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/depsjson - 1] { "results": [ - {}, - {}, { + "query": { + "package": { + "name": "AWSSDK.Core", + "ecosystem": "NuGet" + }, + "version": "3.7.10.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "Microsoft.Extensions.DependencyInjection", + "ecosystem": "NuGet" + }, + "version": "6.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "System.Linq.Dynamic.Core", + "ecosystem": "NuGet" + }, + "version": "1.3.7" + }, "vulns": [ { "id": "GHSA-4cv2-4hjh-77rx", @@ -33,7 +110,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "TestLibrary", + "ecosystem": "NuGet" + }, + "version": "1.0.0" + }, + "vulns": [] + } ] } @@ -42,19 +128,134 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/gems.locked - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "async", + "ecosystem": "RubyGems" + }, + "version": "2.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "async-dns", + "ecosystem": "RubyGems" + }, + "version": "1.4.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "async-http", + "ecosystem": "RubyGems" + }, + "version": "0.87.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "async-pool", + "ecosystem": "RubyGems" + }, + "version": "0.10.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "console", + "ecosystem": "RubyGems" + }, + "version": "1.29.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "fiber-annotation", + "ecosystem": "RubyGems" + }, + "version": "0.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "fiber-local", + "ecosystem": "RubyGems" + }, + "version": "1.1.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "fiber-storage", + "ecosystem": "RubyGems" + }, + "version": "1.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "geoip", + "ecosystem": "RubyGems" + }, + "version": "1.6.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "io-endpoint", + "ecosystem": "RubyGems" + }, + "version": "0.15.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "io-event", + "ecosystem": "RubyGems" + }, + "version": "1.9.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "io-stream", + "ecosystem": "RubyGems" + }, + "version": "0.6.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "json", + "ecosystem": "RubyGems" + }, + "version": "2.10.1" + }, "vulns": [ { "id": "GHSA-9m3q-rhmv-5q44", @@ -62,8 +263,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "metrics", + "ecosystem": "RubyGems" + }, + "version": "0.12.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "nokogiri", + "ecosystem": "RubyGems" + }, + "version": "1.18.2" + }, "vulns": [ { "id": "GHSA-353f-x4gh-cqq8", @@ -87,16 +304,106 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "process-daemon", + "ecosystem": "RubyGems" + }, + "version": "1.0.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protocol-hpack", + "ecosystem": "RubyGems" + }, + "version": "1.5.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protocol-http", + "ecosystem": "RubyGems" + }, + "version": "0.49.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protocol-http1", + "ecosystem": "RubyGems" + }, + "version": "0.30.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protocol-http2", + "ecosystem": "RubyGems" + }, + "version": "0.22.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "racc", + "ecosystem": "RubyGems" + }, + "version": "1.8.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "rainbow", + "ecosystem": "RubyGems" + }, + "version": "2.2.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "rake", + "ecosystem": "RubyGems" + }, + "version": "13.2.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "rubydns", + "ecosystem": "RubyGems" + }, + "version": "2.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "traces", + "ecosystem": "RubyGems" + }, + "version": "0.15.2" + }, + "vulns": [] + } ] } @@ -105,8 +412,26 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/packages.config - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "Microsoft.CodeDom.Providers.DotNetCompilerPlatform", + "ecosystem": "NuGet" + }, + "version": "1.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "Microsoft.Net.Compilers", + "ecosystem": "NuGet" + }, + "version": "1.0.0" + }, + "vulns": [] + } ] } @@ -115,7 +440,16 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/packages.lock.json - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "Newtonsoft.Json", + "ecosystem": "NuGet" + }, + "version": "13.0.3" + }, + "vulns": [] + } ] } @@ -124,10 +458,46 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/stack.yaml.lock - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "fuzzyset", + "ecosystem": "Hackage" + }, + "version": "0.2.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "hasql-pool", + "ecosystem": "Hackage" + }, + "version": "1.0.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jose-jwt", + "ecosystem": "Hackage" + }, + "version": "0.10.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql-libpq", + "ecosystem": "Hackage" + }, + "version": "0.10.1.0" + }, + "vulns": [] + } ] } @@ -136,8 +506,24 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/uv.lock - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "emoji", + "ecosystem": "PyPI" + }, + "version": "2.14.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protobuf", + "ecosystem": "PyPI" + }, + "version": "4.25.5" + }, "vulns": [ { "id": "GHSA-7gcm-g887-7qv7", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap b/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap index ce816a27e42..b4f1708b0e3 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/does_not_scan_transitive_dependencies_for_pom.xml_with_no-resolve - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -12,6 +21,13 @@ { "results": [ { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -48,6 +64,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -64,6 +87,13 @@ ] }, { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -96,6 +126,13 @@ { "results": [ { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -112,6 +149,13 @@ ] }, { + "query": { + "package": { + "name": "flask-cors", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-43qf-4rqw-9q2g", @@ -148,6 +192,13 @@ ] }, { + "query": { + "package": { + "name": "pandas", + "ecosystem": "PyPI" + }, + "version": "0.23.4" + }, "vulns": [ { "id": "PYSEC-2020-73", @@ -163,24 +214,184 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/resolves_transitive_dependencies_with_native_data_source - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.android.support:animated-vector-drawable", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:appcompat-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:mediarouter-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:palette-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-annotations", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-v4", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-vector-drawable", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-ads", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-ads-lite", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-analytics", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-analytics-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-appinvite", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-auth", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-auth-base", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-awareness", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-base", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-basement", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, "vulns": [ { "id": "GHSA-cm6r-892j-jv2g", @@ -188,46 +399,404 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.google.android.gms:play-services-cast", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-cast-framework", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-clearcut", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-drive", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-fitness", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-games", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-gass", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-gcm", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-identity", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-iid", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-instantapps", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-location", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-maps", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-nearby", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-panorama", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-places", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-plus", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-safetynet", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager-api", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager-v4-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tasks", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-vision", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-wallet", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-wearable", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-analytics", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-analytics-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-appindexing", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-auth", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-common", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-config", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-crash", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-database", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-database-connection", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-iid", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-messaging", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-storage", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-storage-common", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-api", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-core", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, "vulns": [ { "id": "GHSA-7rjr-3q55-vv33", @@ -251,7 +820,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -261,6 +839,13 @@ { "results": [ { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -297,6 +882,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -312,8 +904,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -345,24 +953,184 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/scans_dependencies_from_multiple_registries - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.android.support:animated-vector-drawable", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:appcompat-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:mediarouter-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:palette-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-annotations", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-v4", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-vector-drawable", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-ads", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-ads-lite", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-analytics", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-analytics-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-appinvite", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-auth", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-auth-base", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-awareness", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-base", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-basement", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, "vulns": [ { "id": "GHSA-cm6r-892j-jv2g", @@ -370,46 +1138,404 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.google.android.gms:play-services-cast", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-cast-framework", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-clearcut", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-drive", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-fitness", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-games", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-gass", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-gcm", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-identity", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-iid", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-instantapps", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-location", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-maps", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-nearby", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-panorama", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-places", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-plus", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-safetynet", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager-api", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager-v4-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tasks", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-vision", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-wallet", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-wearable", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-analytics", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-analytics-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-appindexing", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-auth", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-common", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-config", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-crash", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-database", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-database-connection", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-iid", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-messaging", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-storage", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-storage-common", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-api", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-core", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, "vulns": [ { "id": "GHSA-7rjr-3q55-vv33", @@ -433,7 +1559,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -443,6 +1578,13 @@ { "results": [ { + "query": { + "package": { + "name": "junit:junit", + "ecosystem": "Maven" + }, + "version": "4.12" + }, "vulns": [ { "id": "GHSA-269g-pwp5-87pp", @@ -450,7 +1592,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.hamcrest:hamcrest-core", + "ecosystem": "Maven" + }, + "version": "1.3" + }, + "vulns": [] + } ] } @@ -459,8 +1610,24 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/scans_transitive_dependencies_by_specifying_pom.xml - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-api", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-core", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, "vulns": [ { "id": "GHSA-7rjr-3q55-vv33", @@ -484,7 +1651,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -493,8 +1669,24 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/scans_transitive_dependencies_for_pom.xml_by_default - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-api", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-core", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, "vulns": [ { "id": "GHSA-7rjr-3q55-vv33", @@ -518,7 +1710,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -527,10 +1728,44 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/uses_native_data_source_for_requirements.txt - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -567,6 +1802,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -583,6 +1825,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -594,11 +1843,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -623,6 +1915,13 @@ ] }, { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -675,6 +1974,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OffLinux.snap b/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OffLinux.snap index 1045a195aab..765065a2e0b 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OffLinux.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OffLinux.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_WithDetector_OffLinux/TestCommand_WithDetector_OffLinux/ssh_version_errors - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -11,7 +20,16 @@ [Test/cassette_TestCommand_WithDetector_OffLinux/TestCommand_WithDetector_OffLinux/ssh_version_is_after_last_vuln_version - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -20,7 +38,16 @@ [Test/cassette_TestCommand_WithDetector_OffLinux/TestCommand_WithDetector_OffLinux/ssh_version_is_before_first_vuln_version - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OnLinux.snap b/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OnLinux.snap index 24522cb11d2..474dcc14444 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OnLinux.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OnLinux.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_WithDetector_OnLinux/TestCommand_WithDetector_OnLinux/ssh_version_errors - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -11,7 +20,16 @@ [Test/cassette_TestCommand_WithDetector_OnLinux/TestCommand_WithDetector_OnLinux/ssh_version_is_after_last_vuln_version - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -20,7 +38,16 @@ [Test/cassette_TestCommand_WithDetector_OnLinux/TestCommand_WithDetector_OnLinux/ssh_version_is_before_first_vuln_version - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_batch_query.snap b/tools/apitester/__snapshots__/cassette_batch_query.snap old mode 100644 new mode 100755 index 059b9c07312..c8d68d73f2c --- a/tools/apitester/__snapshots__/cassette_batch_query.snap +++ b/tools/apitester/__snapshots__/cassette_batch_query.snap @@ -3,6 +3,9 @@ { "results": [ { + "query": { + "commit": "17b30e96476be70b8773b2b807bab857fd3ceb39" + }, "vulns": [ { "id": "CVE-2021-22569", diff --git a/tools/apitester/__snapshots__/cassette_single_query.snap b/tools/apitester/__snapshots__/cassette_single_query.snap index 7d4c9e9d441..efae4e2cb66 100755 --- a/tools/apitester/__snapshots__/cassette_single_query.snap +++ b/tools/apitester/__snapshots__/cassette_single_query.snap @@ -1,6 +1,9 @@ [Test/cassette_single_query/TestQueryEndpoint/CommitQuery - 1] { + "query": { + "commit": "6879efc2c1596d11a6a6ad296f80063b558d5e0f" + }, "vulns": [ { "id": "CVE-2021-45931", @@ -265,7 +268,8 @@ "MGASA-2026-0015", "SUSE-SU-2026:0287-1", "SUSE-SU-2026:20762-1", - "openSUSE-SU-2026:10065-1" + "openSUSE-SU-2026:10065-1", + "openSUSE-SU-2026:20409-1" ], "database_specific": "", "references": [ @@ -390,6 +394,13 @@ [Test/cassette_single_query/TestQueryEndpoint/GitQueryByTag - 1] { + "query": { + "package": { + "name": "https://github.com/curl/curl.git", + "ecosystem": "GIT" + }, + "version": "8.5.0" + }, "vulns": [ { "id": "CURL-CVE-2024-0853", @@ -2915,7 +2926,8 @@ "SUSE-SU-2026:20668-1", "SUSE-SU-2026:20722-1", "SUSE-SU-2026:20760-1", - "openSUSE-SU-2026:10371-1" + "openSUSE-SU-2026:10371-1", + "openSUSE-SU-2026:20404-1" ], "references": [ { @@ -2971,7 +2983,8 @@ "SUSE-SU-2026:20668-1", "SUSE-SU-2026:20722-1", "SUSE-SU-2026:20760-1", - "openSUSE-SU-2026:10371-1" + "openSUSE-SU-2026:10371-1", + "openSUSE-SU-2026:20404-1" ], "references": [ { @@ -3035,7 +3048,8 @@ "SUSE-SU-2026:20668-1", "SUSE-SU-2026:20722-1", "SUSE-SU-2026:20760-1", - "openSUSE-SU-2026:10371-1" + "openSUSE-SU-2026:10371-1", + "openSUSE-SU-2026:20404-1" ], "references": [ { @@ -3092,13 +3106,26 @@ [Test/cassette_single_query/TestQueryEndpoint/Invalid1 - 1] { "code": 3, - "message": "version specified in params and PURL query" + "message": "version specified in params and PURL query", + "query": { + "package": { + "purl": "pkg:pypi/jinja2@3.1.4" + }, + "version": "3.1.4" + } } --- [Test/cassette_single_query/TestQueryEndpoint/PackageAndVersionQuery - 1] { + "query": { + "package": { + "name": "nokogiri", + "ecosystem": "RubyGems" + }, + "version": "1.18.2" + }, "vulns": [ { "id": "GHSA-353f-x4gh-cqq8", @@ -3395,6 +3422,13 @@ [Test/cassette_single_query/TestQueryEndpoint/Valid1 - 1] { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.4" + }, "vulns": [ { "id": "GHSA-cpwx-vrp4-4pq7", @@ -3612,6 +3646,11 @@ [Test/cassette_single_query/TestQueryEndpoint/Valid2 - 1] { + "query": { + "package": { + "purl": "pkg:pypi/jinja2@3.1.4" + } + }, "vulns": [ { "id": "GHSA-cpwx-vrp4-4pq7", @@ -3829,6 +3868,12 @@ [Test/cassette_single_query/TestQueryEndpoint/Valid3 - 1] { + "query": { + "package": { + "purl": "pkg:pypi/jinja2" + }, + "version": "3.1.4" + }, "vulns": [ { "id": "GHSA-cpwx-vrp4-4pq7", diff --git a/tools/apitester/main_test.go b/tools/apitester/main_test.go index 3aa82bfeaa8..ca919e5bd23 100644 --- a/tools/apitester/main_test.go +++ b/tools/apitester/main_test.go @@ -13,6 +13,7 @@ import ( "github.com/google/apitester/internal/vcr" "github.com/tidwall/gjson" "github.com/tidwall/pretty" + "github.com/tidwall/sjson" ) var ( @@ -79,7 +80,7 @@ func jsonReplaceRules(t *testing.T, resp *http.Response) []jsonreplace.Rule { } } -func normalizeJSONBody(t *testing.T, resp *http.Response) string { +func normalizeJSONBody(t *testing.T, reqBody []byte, resp *http.Response) string { t.Helper() body, err := io.ReadAll(resp.Body) @@ -90,6 +91,44 @@ func normalizeJSONBody(t *testing.T, resp *http.Response) string { body = jsonreplace.DoBytes(t, body, jsonReplaceRules(t, resp)) + switch resp.Request.URL.Path { + case "/v1/query": + if len(reqBody) > 0 { + res, err := sjson.SetRawBytes(body, "query", reqBody) + if err == nil { + body = res + } + } + if !gjson.GetBytes(body, "vulns").Exists() && !gjson.GetBytes(body, "code").Exists() { + res, err := sjson.SetRawBytes(body, "vulns", []byte("[]")) + if err == nil { + body = res + } + } else if vulns := gjson.GetBytes(body, "vulns"); vulns.Exists() { + body, _ = sjson.DeleteBytes(body, "vulns") + body, _ = sjson.SetRawBytes(body, "vulns", []byte(vulns.Raw)) + } + case "/v1/querybatch": + queries := gjson.GetBytes(reqBody, "queries") + if queries.IsArray() { + for i, query := range queries.Array() { + res, err := sjson.SetRawBytes(body, fmt.Sprintf("results.%d.query", i), []byte(query.Raw)) + if err == nil { + body = res + } + if !gjson.GetBytes(body, fmt.Sprintf("results.%d.vulns", i)).Exists() && !gjson.GetBytes(body, "code").Exists() { + res, err := sjson.SetRawBytes(body, fmt.Sprintf("results.%d.vulns", i), []byte("[]")) + if err == nil { + body = res + } + } else if vulns := gjson.GetBytes(body, fmt.Sprintf("results.%d.vulns", i)); vulns.Exists() { + body, _ = sjson.DeleteBytes(body, fmt.Sprintf("results.%d.vulns", i)) + body, _ = sjson.SetRawBytes(body, fmt.Sprintf("results.%d.vulns", i), []byte(vulns.Raw)) + } + } + } + } + return string(pretty.Pretty(body)) } @@ -105,8 +144,9 @@ func Test(t *testing.T) { t.Run(vcr.DetermineInteractionName(interaction), func(t *testing.T) { t.Parallel() + reqBody := []byte(interaction.Request.Body) resp := vcr.Play(t, interaction) - body := normalizeJSONBody(t, resp) + body := normalizeJSONBody(t, reqBody, resp) resp.Body.Close()