Skip to content

Commit 2675aa0

Browse files
cyberchen1995cyberchen1995
authored
Merge branch 'XmirrorSecurity:master' into master
2 parents 15553aa + c6fac86 commit 2675aa0

File tree

2 files changed

+61
-59
lines changed

2 files changed

+61
-59
lines changed

.github/README.md

Lines changed: 41 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ Click **STAR** to leave encouragement.
5757
OpenSCA is now capable of parsing configuration files in the listed programming languages and correspondent package managers. The team is now dedicated to introducing more languages and enriching the parsing of relevant configuration files gradually.
5858

5959
| LANGUAGE | PACKAGE MANAGER | FILE |
60-
| ------------ | --------------- |---------------------------------------------------------------------------------------------------------------------------------------------------|
60+
| ------------ | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
6161
| `Java` | `Maven` | `pom.xml` |
6262
| `Java` | `Gradle` | `.gradle` `.gradle.kts` |
6363
| `JavaScript` | `Npm` | `package-lock.json` `package.json` `yarn.lock` |
@@ -124,14 +124,14 @@ The default option is to generate the program of the current system architecture
124124

125125
### Parameters
126126

127-
| PARAMETER | TYPE | Descripation | SAMPLE |
128-
| ---------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
129-
| `config` | `string` | Set the path of the configuration file | `-config config.json` |
130-
| `path` | `string` | Set the path of the target file or directory | `-path ./foo` |
131-
| `out` | `string` | Save the result to the specified file whose format is defined by the suffix | `-out out.json, out.html` |
132-
| `log` | `string` | Specify the path of log file | `-log my_log.txt` |
133-
| `token` | `string` | Cloud service verification from our offical website | `-token xxx` |
134-
| `proj` | `string` | SaaS project `token` to sync report with [OpenSCA SaaS](https://opensca.xmirror.cn/console) | `-proj xxx` |
127+
| PARAMETER | TYPE | Descripation | SAMPLE |
128+
| --------- | -------- | ------------------------------------------------------------------------------------------- | ------------------------- |
129+
| `config` | `string` | Set the path of the configuration file | `-config config.json` |
130+
| `path` | `string` | Set the path of the target file or directory | `-path ./foo` |
131+
| `out` | `string` | Save the result to the specified file whose format is defined by the suffix | `-out out.json, out.html` |
132+
| `log` | `string` | Specify the path of log file | `-log my_log.txt` |
133+
| `token` | `string` | Cloud service verification from our offical website | `-token xxx` |
134+
| `proj` | `string` | SaaS project `token` to sync report with [OpenSCA SaaS](https://opensca.xmirror.cn/console) | `-proj xxx` |
135135

136136
From v3.0.0, apart from these parameters available for CMD/CRT, there are also others for different requirements which have to be set in the configuration file.
137137

@@ -157,18 +157,19 @@ Using previous versions to connect the cloud databse will still need the setting
157157
158158
Files supported by the `out` parameter are listed below:
159159
160-
| TYPE | FORMAT | SPECIFIED SUFFIX | VERSION |
161-
| ------ | ------ | -------------------------------- | ------------------ |
162-
| REPORT | `json` | `.json` | `*` |
163-
| | `xml` | `.xml` | `*` |
164-
| | `html` | `.html` | `v1.0.6` and above |
165-
| | `sqlite` | `.sqlite` | `v1.0.13` and above|
166-
| | `csv` | `.csv` | `v1.0.13` and above|
167-
| | `sarif`| `.sarif` | |
168-
| SBOM | `spdx` | `.spdx` `.spdx.json` `.spdx.xml` | `v1.0.8` and above |
169-
| | `cdx` | `.cdx.json` `.cdx.xml` | `v1.0.11`and above |
170-
| | `swid` | `.swid.json` `.swid.xml` | `v1.0.11`and above |
171-
| | `dsdx` | `.dsdx` `.dsdx.json` `.dsdx.xml` | `v3.0.0`and above |
160+
| TYPE | FORMAT | SPECIFIED SUFFIX | VERSION |
161+
| ------ | -------- | -------------------------------- | ------------------- |
162+
| REPORT | `json` | `.json` | `*` |
163+
| | `xml` | `.xml` | `*` |
164+
| | `html` | `.html` | `v1.0.6` and above |
165+
| | `sqlite` | `.sqlite` | `v1.0.13` and above |
166+
| | `csv` | `.csv` | `v1.0.13` and above |
167+
| | `sarif` | `.sarif` | |
168+
| SBOM | `spdx` | `.spdx` `.spdx.json` `.spdx.xml` | `v1.0.8` and above |
169+
| | `cdx` | `.cdx.json` `.cdx.xml` | `v1.0.11`and above |
170+
| | `swid` | `.swid.json` `.swid.xml` | `v1.0.11`and above |
171+
| | `dsdx` | `.dsdx` `.dsdx.json` `.dsdx.xml` | `v3.0.0`and above |
172+
| | `bomsw` | `.bomsw.json` | `v3.0.8`and above |
172173
173174
### Sample
174175
@@ -231,25 +232,25 @@ For more information, visit [Docker Hub Page](https://hub.docker.com/r/opensca/o
231232
232233
#### Explanations of Vulnerability Database Fields
233234
234-
| FIELD | Descripation | REQUIRED OR NOT |
235-
| ------------------- | ----------------------------------------------------------------- | --------------- |
236-
| `vendor` | the manufacturer of the component | N |
237-
| `product` | the name of the component | Y |
238-
| `version` | the versions of the component affected by the vulnerability | Y |
239-
| `language` | the programming language of the component | Y |
240-
| `name` | the name of the vulnerability | N |
241-
| `id` | custom identifier | Y |
242-
| `cve_id` | cve identifier | N |
243-
| `cnnvd_id` | cnnvd identifier | N |
244-
| `cnvd_id` | cnvd identifier | N |
245-
| `cwe_id` | cwe identifier | N |
246-
| `description` | the descripation of the vulnerability | N |
247-
| `description_en` | the descripation of the vulnerability in English | N |
248-
| `suggestion` | the suggestion for fixing the vulnerability | N |
249-
| `attack_type` | the type of attack | N |
250-
| `release_date` | the release date of the vulnerability | N |
251-
| `security_level_id` | the security level of the vulnerability (diminishing from 1 to 4) | N |
252-
| `exploit_level_id` | the exploit level of the vulnerability (0-N/A 1-Available) | N |
235+
| FIELD | Descripation | REQUIRED OR NOT |
236+
| ------------------- | -------------------------------------------------------------------------------------------- | --------------- |
237+
| `vendor` | the manufacturer of the component | N |
238+
| `product` | the name of the component | Y |
239+
| `version` | the versions of the component affected by the vulnerability | Y |
240+
| `language` | the programming language of the component | Y |
241+
| `name` | the name of the vulnerability | N |
242+
| `id` | custom identifier | Y |
243+
| `cve_id` | cve identifier | N |
244+
| `cnnvd_id` | cnnvd identifier | N |
245+
| `cnvd_id` | cnvd identifier | N |
246+
| `cwe_id` | cwe identifier | N |
247+
| `description` | the descripation of the vulnerability | N |
248+
| `description_en` | the descripation of the vulnerability in English | N |
249+
| `suggestion` | the suggestion for fixing the vulnerability | N |
250+
| `attack_type` | the type of attack | N |
251+
| `release_date` | the release date of the vulnerability | N |
252+
| `security_level_id` | the security level of the vulnerability (diminishing from 1 to 4) | N |
253+
| `exploit_level_id` | the exploit level of the vulnerability (-2:unknown,-1:difficult,0:difficult,1:easy,2:normal) | N |
253254
254255
*There are several pre-set values to the "language" field, including java, javascript, golang, rust, php, ruby and python. Other languages are not limited to the pre-set value.
255256

README.md

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -169,6 +169,7 @@ v3.0.2开始,OpenSCA-cli可以通过proj参数向OpenSCA SaaS同步检出结
169169
| | `cdx` | `.cdx.json` `.cdx.xml` |
170170
| | `swid` | `.swid.json` `.swid.xml` |
171171
| | `dsdx` | `.dsdx` `.dsdx.json` `.dsdx.xml` |
172+
| | `bomsw` | `.bomsw.json` |
172173

173174
### 使用样例
174175

@@ -229,25 +230,25 @@ docker run -ti --rm -v ${PWD}:/src opensca/opensca-cli -token ${put_your_token_h
229230

230231
### 漏洞库字段说明
231232

232-
| 字段 | 描述 | 是否必填 |
233-
| :------------------ | :--------------------------------------- | :------- |
234-
| `vendor` | 组件厂商 ||
235-
| `product` | 组件名 ||
236-
| `version` | 漏洞影响版本(必须为范围,不能填单个版本) ||
237-
| `language` | 组件语言 ||
238-
| `name` | 漏洞名 ||
239-
| `id` | 自定义编号 ||
240-
| `cve_id` | cve 编号 ||
241-
| `cnnvd_id` | cnnvd 编号 ||
242-
| `cnvd_id` | cnvd 编号 ||
243-
| `cwe_id` | cwe 编号 ||
244-
| `description` | 漏洞描述 ||
245-
| `description_en` | 漏洞英文描述 ||
246-
| `suggestion` | 漏洞修复建议 ||
247-
| `attack_type` | 攻击方式 ||
248-
| `release_date` | 漏洞发布日期 ||
249-
| `security_level_id` | 漏洞风险评级(1~4 风险程度递减) ||
250-
| `exploit_level_id` | 漏洞利用评级(0:不可利用,1:可利用) ||
233+
| 字段 | 描述 | 是否必填 |
234+
| :------------------ | :------------------------------------------------------------ | :------- |
235+
| `vendor` | 组件厂商 ||
236+
| `product` | 组件名 ||
237+
| `version` | 漏洞影响版本 (必须为范围,不能填单个版本) ||
238+
| `language` | 组件语言 ||
239+
| `name` | 漏洞名 ||
240+
| `id` | 自定义编号 ||
241+
| `cve_id` | cve 编号 ||
242+
| `cnnvd_id` | cnnvd 编号 ||
243+
| `cnvd_id` | cnvd 编号 ||
244+
| `cwe_id` | cwe 编号 ||
245+
| `description` | 漏洞描述 ||
246+
| `description_en` | 漏洞英文描述 ||
247+
| `suggestion` | 漏洞修复建议 ||
248+
| `attack_type` | 攻击方式 ||
249+
| `release_date` | 漏洞发布日期 ||
250+
| `security_level_id` | 漏洞风险评级(1~4 风险程度递减) ||
251+
| `exploit_level_id` | 漏洞利用难度评级(-2:未知,-1:困难,0:困难,1:简单,2:普通) ||
251252

252253
本地漏洞库中`language`字段设定值包含`java、javascript、golang、rust、php、ruby、python`
253254

0 commit comments

Comments
 (0)