├── .gitignore ├── .goreleaser.yml ├── .travis.yml ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── analyzer ├── analyzer.go └── analyzer_test.go ├── docker ├── docker.go ├── docker_test.go └── test_data │ ├── invalid-config │ └── config.json │ ├── invalid-layers │ └── invalid-layer.tar │ ├── invalid-manifest │ └── manifest.json │ └── valid.tar ├── go.mod ├── go.sum ├── main.go ├── main_test.go ├── nodepackage └── nodepackage.go ├── packagelockrunner ├── packagelockrunner.go └── packagelockrunner_test.go ├── pathrunner ├── pathrunner.go └── pathrunner_test.go ├── test_data ├── hello-world-no-package-lock │ └── package.json ├── hello-world │ ├── Dockerfile │ ├── node_modules │ │ └── .yarn-integrity │ ├── package-lock.json │ ├── package.json │ └── yarn.lock ├── insecure-project │ ├── Dockerfile │ ├── node_modules │ │ ├── .yarn-integrity │ │ ├── async │ │ │ ├── LICENSE │ │ │ ├── README.md │ │ │ ├── component.json │ │ │ ├── lib │ │ │ │ └── async.js │ │ │ └── package.json │ │ ├── bassmaster │ │ │ ├── .npmignore │ │ │ ├── .travis.yml │ │ │ ├── AUTHORS │ │ │ ├── LICENSE │ │ │ ├── Makefile │ │ │ ├── README.md │ │ │ ├── examples │ │ │ │ └── batch.js │ │ │ ├── images │ │ │ │ └── bassmaster.png │ │ │ ├── index.js │ │ │ ├── lib │ │ │ │ ├── batch.js │ │ │ │ └── index.js │ │ │ ├── package.json │ │ │ └── test │ │ │ │ ├── batch.js │ │ │ │ └── plugin.js │ │ └── hoek │ │ │ ├── .npmignore │ │ │ ├── .travis.yml │ │ │ ├── AUTHORS │ │ │ ├── LICENSE │ │ │ ├── Makefile │ │ │ ├── README.md │ │ │ ├── images │ │ │ └── hoek.png │ │ │ ├── index.js │ │ │ ├── lib │ │ │ ├── escape.js │ │ │ └── index.js │ │ │ ├── package.json │ │ │ └── test │ │ │ ├── escaper.js │ │ │ ├── index.js │ │ │ └── modules │ │ │ ├── test1.js │ │ │ ├── test2.js │ │ │ └── test3.js │ ├── package-lock.json │ ├── package.json │ └── yarn.lock ├── not-installed-insecure-complex-project │ └── yarn.lock └── not-installed-secure-complex-project │ ├── package-lock.json │ └── yarn.lock ├── versionformatter ├── versionformatter.go ├── versionformatter.peg └── versionformatter_test.go ├── vulnfetcher ├── nodeswg │ ├── nodeswg.go │ ├── nodeswg_test.go │ └── test_data │ │ └── test-data.zip ├── ossvulnfetcher │ ├── osindexfetcher.go │ └── osindexfetcher_test.go ├── vulnfetcher.go └── vulnfetcher_test.go ├── yarnlockparser ├── yarnlockparser.go ├── yarnlockparser.peg └── yarnlockparser_test.go └── yarnlockrunner ├── yarnlockrunner.go └── yarnlockrunner_test.go /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/.gitignore -------------------------------------------------------------------------------- /.goreleaser.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/.goreleaser.yml -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/.travis.yml -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/README.md -------------------------------------------------------------------------------- /analyzer/analyzer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/analyzer/analyzer.go -------------------------------------------------------------------------------- /analyzer/analyzer_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/analyzer/analyzer_test.go -------------------------------------------------------------------------------- /docker/docker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/docker/docker.go -------------------------------------------------------------------------------- /docker/docker_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/docker/docker_test.go -------------------------------------------------------------------------------- /docker/test_data/invalid-config/config.json: -------------------------------------------------------------------------------- 1 | [{ 2 | "bad": "manifest" 3 | }] 4 | -------------------------------------------------------------------------------- /docker/test_data/invalid-layers/invalid-layer.tar: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docker/test_data/invalid-manifest/manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "bad": "manifest" 3 | } 4 | -------------------------------------------------------------------------------- /docker/test_data/valid.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/docker/test_data/valid.tar -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/go.sum -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/main.go -------------------------------------------------------------------------------- /main_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/main_test.go -------------------------------------------------------------------------------- /nodepackage/nodepackage.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/nodepackage/nodepackage.go -------------------------------------------------------------------------------- /packagelockrunner/packagelockrunner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/packagelockrunner/packagelockrunner.go -------------------------------------------------------------------------------- /packagelockrunner/packagelockrunner_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/packagelockrunner/packagelockrunner_test.go -------------------------------------------------------------------------------- /pathrunner/pathrunner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/pathrunner/pathrunner.go -------------------------------------------------------------------------------- /pathrunner/pathrunner_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/pathrunner/pathrunner_test.go -------------------------------------------------------------------------------- /test_data/hello-world-no-package-lock/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/hello-world-no-package-lock/package.json -------------------------------------------------------------------------------- /test_data/hello-world/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/hello-world/Dockerfile -------------------------------------------------------------------------------- /test_data/hello-world/node_modules/.yarn-integrity: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/hello-world/node_modules/.yarn-integrity -------------------------------------------------------------------------------- /test_data/hello-world/package-lock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/hello-world/package-lock.json -------------------------------------------------------------------------------- /test_data/hello-world/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/hello-world/package.json -------------------------------------------------------------------------------- /test_data/hello-world/yarn.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/hello-world/yarn.lock -------------------------------------------------------------------------------- /test_data/insecure-project/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/Dockerfile -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/.yarn-integrity: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/.yarn-integrity -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/async/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/async/LICENSE -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/async/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/async/README.md -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/async/component.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/async/component.json -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/async/lib/async.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/async/lib/async.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/async/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/async/package.json -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/.npmignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/.npmignore -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/.travis.yml -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/AUTHORS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/AUTHORS -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/LICENSE -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/Makefile -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/README.md -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/examples/batch.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/examples/batch.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/images/bassmaster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/images/bassmaster.png -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/index.js: -------------------------------------------------------------------------------- 1 | module.exports = require('./lib'); -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/lib/batch.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/lib/batch.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/lib/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/lib/index.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/package.json -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/test/batch.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/test/batch.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/bassmaster/test/plugin.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/bassmaster/test/plugin.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/.npmignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/.npmignore -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/.travis.yml -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/AUTHORS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/AUTHORS -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/LICENSE -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/Makefile -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/README.md -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/images/hoek.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/images/hoek.png -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/index.js: -------------------------------------------------------------------------------- 1 | module.exports = require('./lib'); -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/lib/escape.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/lib/escape.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/lib/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/lib/index.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/package.json -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/test/escaper.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/test/escaper.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/test/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/node_modules/hoek/test/index.js -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/test/modules/test1.js: -------------------------------------------------------------------------------- 1 | exports.x = 1; 2 | -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/test/modules/test2.js: -------------------------------------------------------------------------------- 1 | exports.y = 2; 2 | -------------------------------------------------------------------------------- /test_data/insecure-project/node_modules/hoek/test/modules/test3.js: -------------------------------------------------------------------------------- 1 | exports.z = 3; 2 | -------------------------------------------------------------------------------- /test_data/insecure-project/package-lock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/package-lock.json -------------------------------------------------------------------------------- /test_data/insecure-project/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/package.json -------------------------------------------------------------------------------- /test_data/insecure-project/yarn.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/insecure-project/yarn.lock -------------------------------------------------------------------------------- /test_data/not-installed-insecure-complex-project/yarn.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/not-installed-insecure-complex-project/yarn.lock -------------------------------------------------------------------------------- /test_data/not-installed-secure-complex-project/package-lock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/not-installed-secure-complex-project/package-lock.json -------------------------------------------------------------------------------- /test_data/not-installed-secure-complex-project/yarn.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/test_data/not-installed-secure-complex-project/yarn.lock -------------------------------------------------------------------------------- /versionformatter/versionformatter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/versionformatter/versionformatter.go -------------------------------------------------------------------------------- /versionformatter/versionformatter.peg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/versionformatter/versionformatter.peg -------------------------------------------------------------------------------- /versionformatter/versionformatter_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/versionformatter/versionformatter_test.go -------------------------------------------------------------------------------- /vulnfetcher/nodeswg/nodeswg.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/vulnfetcher/nodeswg/nodeswg.go -------------------------------------------------------------------------------- /vulnfetcher/nodeswg/nodeswg_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/vulnfetcher/nodeswg/nodeswg_test.go -------------------------------------------------------------------------------- /vulnfetcher/nodeswg/test_data/test-data.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/vulnfetcher/nodeswg/test_data/test-data.zip -------------------------------------------------------------------------------- /vulnfetcher/ossvulnfetcher/osindexfetcher.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/vulnfetcher/ossvulnfetcher/osindexfetcher.go -------------------------------------------------------------------------------- /vulnfetcher/ossvulnfetcher/osindexfetcher_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/vulnfetcher/ossvulnfetcher/osindexfetcher_test.go -------------------------------------------------------------------------------- /vulnfetcher/vulnfetcher.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/vulnfetcher/vulnfetcher.go -------------------------------------------------------------------------------- /vulnfetcher/vulnfetcher_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/vulnfetcher/vulnfetcher_test.go -------------------------------------------------------------------------------- /yarnlockparser/yarnlockparser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/yarnlockparser/yarnlockparser.go -------------------------------------------------------------------------------- /yarnlockparser/yarnlockparser.peg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/yarnlockparser/yarnlockparser.peg -------------------------------------------------------------------------------- /yarnlockparser/yarnlockparser_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/yarnlockparser/yarnlockparser_test.go -------------------------------------------------------------------------------- /yarnlockrunner/yarnlockrunner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/yarnlockrunner/yarnlockrunner.go -------------------------------------------------------------------------------- /yarnlockrunner/yarnlockrunner_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nearform/gammaray/HEAD/yarnlockrunner/yarnlockrunner_test.go --------------------------------------------------------------------------------