Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Horusec Trivy Scan results on go.sum always return line 0 #881

Closed
ne0z opened this issue Dec 17, 2021 · 0 comments · Fixed by #882
Closed

Horusec Trivy Scan results on go.sum always return line 0 #881

ne0z opened this issue Dec 17, 2021 · 0 comments · Fixed by #882
Labels
kind/bug Something isn't working

Comments

@ne0z
Copy link
Contributor

ne0z commented Dec 17, 2021

What happened: When I scan the Golang project using the Horusec Trivy engine the startline is always 0

What you expected to happen:
Horusec should pinpoint where the code is vulnerable

How to reproduce it (as minimally and precisely as possible):

$ git clone https://github.com/sqreen/go-dvwa.git
$ cd go-dvwa
$ horusec generate
$ horusec start -p $(pwd)

Then you can check vulnerability on the go.sum file, the start line always returned into 0. Example results:

==================================================================================

Language: Generic
Severity: UNKNOWN
Line: 0
Column: 0
SecurityTool: Trivy
Confidence: MEDIUM
File: /home/danang/Project/Horusec/go-dvwa/go.sum
Code: github.com/gin-gonic/gin
Details: Installed Version: "1.3.0", Update to Version: "v1.6.0" for fix this issue.
Type: Vulnerability
ReferenceHash: 2f4c9af1201923f4fa563583a6f1a6f2e11668e31bd4dee8e72488c0eddadc99

==================================================================================

Language: Generic
Severity: UNKNOWN
Line: 0
Column: 0
SecurityTool: Trivy
Confidence: MEDIUM
File: /home/danang/Project/Horusec/go-dvwa/go.sum
Code: github.com/labstack/echo/v4
Details: Installed Version: "4.1.17", Update to Version: "v4.1.18-0.20201215153152-4422e3b66b9f" for fix this issue.
Type: Vulnerability
ReferenceHash: 69a71bbbace033974216ee16d062e3bf14275d5d64bd60d42ddcfcf7400f8a29

==================================================================================

Language: Generic
Severity: UNKNOWN
Line: 0
Column: 0
SecurityTool: Trivy
Confidence: MEDIUM
File: /home/danang/Project/Horusec/go-dvwa/go.sum
Code: github.com/satori/go.uuid
Details: Installed Version: "1.2.0", Update to Version: "v1.2.1-0.20181016170032-d91630c85102" for fix this issue.
Type: Vulnerability
ReferenceHash: 8f3348814167ed34ddb4dd573fc35af7527e9257addb70a990d7134f3c423bd0

Anything else we need to know?:

Environment:

  • Horusec version (use horusec version): v2.6.4
  • Operating System: Ubuntu 20.04.3 LTS (Focal Fossa)
  • Network plugin / Tool and version (if this is a network-related / tool bug): N/A
  • Others: N/A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

formatters/trivy:fix - find correct line of dependency ne0z/horusec
1 participant
@ne0z