基础信息
项目名称:istio/istio
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721286046762487809/1732029589273661440
此报告由Murphysec提供
漏洞列表
暂无
缺陷组件
暂无
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 45 | 低 |
| Apache-2.0 | 113 | 低 |
| MIT | 83 | 低 |
| BSD-2-Clause | 4 | 低 |
| 自定义许可证 | 7 | 低 |
| CDDL-1.1 | 2 | 低 |
| MPL-2.0 | 5 | 低 |
| ISC | 2 | 低 |
| CC-BY-SA-4.0 | 1 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/fsnotify/fsnotify | v1.7.0 | 直接依赖 | go |
| go.opentelemetry.io/proto/otlp | v1.0.0 | 直接依赖 | go |
| github.com/google/pprof | v0.0.0-20230926050212-f7f687d19a98 | 间接依赖 | go |
| github.com/josharian/intern | v1.0.0 | 间接依赖 | go |
| github.com/miekg/dns | v1.1.57 | 直接依赖 | go |
| github.com/AdaLogics/go-fuzz-headers | v0.0.0-20230811130428-ced1acdcaa24 | 直接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 间接依赖 | go |
| javax.interceptor:javax.interceptor-api | 1.2 | 间接依赖 | maven |
| github.com/Azure/go-ansiterm | v0.0.0-20210617225240-d185dfc1b5a1 | 间接依赖 | go |
| github.com/google/gofuzz | v1.2.0 | 直接依赖 | go |
| github.com/google/s2a-go | v0.1.7 | 间接依赖 | go |
| github.com/vishvananda/netns | v0.0.4 | 间接依赖 | go |
| github.com/google/gnostic-models | v0.6.8 | 间接依赖 | go |
| k8s.io/kube-openapi | v0.0.0-20231010175941-2dd684a91f00 | 间接依赖 | go |
| github.com/mitchellh/copystructure | v1.2.0 | 直接依赖 | go |
| go.opentelemetry.io/otel/sdk | v1.21.0 | 直接依赖 | go |
| simplejson | 3.19.1 | 间接依赖 | pip |
| github.com/magiconair/properties | v1.8.7 | 间接依赖 | go |
| github.com/Masterminds/semver/v3 | v3.2.1 | 直接依赖 | go |
| github.com/google/uuid | v1.4.0 | 直接依赖 | go |
| github.com/spf13/cobra | v1.8.0 | 直接依赖 | go |
| github.com/lestrrat-go/iter | v1.0.2 | 间接依赖 | go |
| golang.org/x/sync | v0.5.0 | 直接依赖 | go |
| github.com/gogo/protobuf | v1.3.2 | 直接依赖 | go |
| github.com/cncf/udpa/go | v0.0.0-20220112060539-c52dc94e7fbe | 间接依赖 | go |
| github.com/quic-go/quic-go | v0.40.0 | 直接依赖 | go |
| github.com/inconshreveable/mousetrap | v1.1.0 | 间接依赖 | go |
| github.com/xlab/treeprint | v1.2.0 | 间接依赖 | go |
| Flask-Bootstrap | 3.3.7.1 | 间接依赖 | pip |
| javax.el:javax.el-api | 3.0.0 | 间接依赖 | maven |
| github.com/sagikazarmark/locafero | v0.3.0 | 间接依赖 | go |
| cloud.google.com/go/compute/metadata | v0.2.3 | 直接依赖 | go |
| opentracing | 1.2.2 | 间接依赖 | pip |
| github.com/felixge/fgprof | v0.9.3 | 直接依赖 | go |
| javax.json:javax.json-api | 1.0 | 直接依赖 | maven |
| golang.org/x/oauth2 | v0.14.0 | 直接依赖 | go |
| github.com/spf13/pflag | v1.0.5 | 直接依赖 | go |
| github.com/go-task/slim-sprig | v0.0.0-20230315185526-52ccab3ef572 | 间接依赖 | go |
| github.com/emicklei/go-restful/v3 | v3.11.0 | 间接依赖 | go |
| github.com/cespare/xxhash/v2 | v2.2.0 | 直接依赖 | go |
| k8s.io/klog/v2 | v2.110.1 | 直接依赖 | go |
| github.com/xeipuuv/gojsonpointer | v0.0.0-20190905194746-02993c407bfb | 间接依赖 | go |
| github.com/vbatts/tar-split | v0.11.3 | 间接依赖 | go |
| github.com/mattn/go-runewidth | v0.0.14 | 间接依赖 | go |
| cloud.google.com/go/longrunning | v0.5.4 | 间接依赖 | go |
| github.com/grpc-ecosystem/go-grpc-middleware | v1.4.0 | 直接依赖 | go |
| github.com/mattn/go-isatty | v0.0.20 | 直接依赖 | go |
| github.com/go-logr/logr | v1.3.0 | 直接依赖 | go |
| github.com/google/go-containerregistry | v0.16.1 | 直接依赖 | go |
| github.com/stretchr/testify | v1.8.4 | 间接依赖 | go |
| github.com/sourcegraph/conc | v0.3.0 | 间接依赖 | go |
| opentracing-instrumentation | 2.4.3 | 间接依赖 | pip |
| cloud.google.com/go/monitoring | v1.16.3 | 直接依赖 | go |
| requests-mock | 1.5.2 | 间接依赖 | pip |
| github.com/containerd/typeurl/v2 | v2.1.1 | 间接依赖 | go |
| github.com/prometheus/prometheus | v0.48.0 | 直接依赖 | go |
| github.com/json-iterator/go | v1.1.12 | 间接依赖 | go |
| github.com/beorn7/perks | v1.0.1 | 间接依赖 | go |
| future | 0.18.3 | 间接依赖 | pip |
| github.com/mailru/easyjson | v0.7.7 | 间接依赖 | go |
| urllib3 | 2.0.7 | 间接依赖 | pip |
| requirements.txt | 间接依赖 | pip | |
| github.com/sirupsen/logrus | v1.9.3 | 间接依赖 | go |
| github.com/pelletier/go-toml/v2 | v2.1.0 | 间接依赖 | go |
| sigs.k8s.io/json | v0.0.0-20221116044647-bc3834ca7abd | 间接依赖 | go |
| sigs.k8s.io/yaml | v1.4.0 | 直接依赖 | go |
| github.com/russross/blackfriday/v2 | v2.1.0 | 间接依赖 | go |
| github.com/liggitt/tabwriter | v0.0.0-20181228230101-89fcab3d43de | 间接依赖 | go |
| google.golang.org/genproto | v0.0.0-20231120223509-83a465c0220f | 直接依赖 | go |
| github.com/rogpeppe/go-internal | v1.10.0 | 间接依赖 | go |
| k8s.io/client-go | v0.28.4 | 直接依赖 | go |
| github.com/spf13/cast | v1.5.1 | 间接依赖 | go |
| github.com/grafana/regexp | v0.0.0-20221122212121-6b5c0a4cb7fd | 间接依赖 | go |
| github.com/googleapis/gax-go/v2 | v2.12.0 | 间接依赖 | go |
| helm.sh/helm/v3 | v3.13.2 | 直接依赖 | go |
| cloud.google.com/go/trace | v1.10.4 | 直接依赖 | go |
| github.com/go-errors/errors | v1.4.2 | 间接依赖 | go |
| go.uber.org/zap | v1.26.0 | 直接依赖 | go |
| javax.enterprise.concurrent:javax.enterprise.concurrent-api | 1.0 | 直接依赖 | maven |
| json2html | 1.3.0 | 间接依赖 | pip |
| github.com/vishvananda/netlink | v1.2.1-beta.2 | 直接依赖 | go |
| github.com/blang/semver/v4 | v4.0.0 | 间接依赖 | go |
| github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | 间接依赖 | go |
| go.opentelemetry.io/otel/sdk/metric | v1.21.0 | 直接依赖 | go |
| github.com/fatih/color | v1.16.0 | 直接依赖 | go |
| javax.annotation:javax.annotation-api | 1.2 | 直接依赖 | maven |
| github.com/cilium/ebpf | v0.12.3 | 直接依赖 | go |
| github.com/yl2chen/cidranger | v1.0.2 | 直接依赖 | go |
| github.com/spaolacci/murmur3 | v1.1.0 | 直接依赖 | go |
| github.com/fatih/camelcase | v1.0.0 | 间接依赖 | go |
| github.com/cpuguy83/go-md2man/v2 | v2.0.3 | 间接依赖 | go |
| github.com/prometheus/client_golang | v1.17.0 | 直接依赖 | go |
| gopkg.in/square/go-jose.v2 | v2.6.0 | 直接依赖 | go |
| github.com/moby/term | v0.5.0 | 间接依赖 | go |
| github.com/peterbourgon/diskv | v2.0.1+incompatible | 间接依赖 | go |
| github.com/xeipuuv/gojsonschema | v1.2.0 | 间接依赖 | go |
| google.golang.org/api | v0.151.0 | 直接依赖 | go |
| github.com/google/go-cmp | v0.6.0 | 直接依赖 | go |
| github.com/modern-go/reflect2 | v1.0.2 | 间接依赖 | go |
| github.com/pmezard/go-difflib | v1.0.1-0.20181226105442-5d4384ee4fb2 | 直接依赖 | go |
| github.com/kr/text | v0.2.0 | 间接依赖 | go |
| github.com/gorilla/websocket | v1.5.1 | 直接依赖 | go |
| github.com/mitchellh/reflectwalk | v1.0.2 | 间接依赖 | go |
| github.com/mattn/go-colorable | v0.1.13 | 间接依赖 | go |
| github.com/kr/pretty | v0.3.1 | 直接依赖 | go |
| go.uber.org/multierr | v1.11.0 | 间接依赖 | go |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace | v1.21.0 | 直接依赖 | go |
| github.com/pires/go-proxyproto | v0.7.0 | 直接依赖 | go |
| gopkg.in/inf.v0 | v0.9.1 | 间接依赖 | go |
| github.com/onsi/gomega | v1.30.0 | 直接依赖 | go |
| github.com/klauspost/compress | v1.17.1 | 间接依赖 | go |
| github.com/go-jose/go-jose/v3 | v3.0.1 | 间接依赖 | go |
| github.com/hashicorp/hcl | v1.0.0 | 间接依赖 | go |
| github.com/decred/dcrd/dcrec/secp256k1/v4 | v4.2.0 | 间接依赖 | go |
| google.golang.org/protobuf | v1.31.0 | 直接依赖 | go |
| github.com/shopspring/decimal | v1.3.1 | 间接依赖 | go |
| github.com/gregjones/httpcache | v0.0.0-20190611155906-901d90724c79 | 间接依赖 | go |
| sigs.k8s.io/gateway-api | v1.0.1-0.20231102234152-004e14bfe016 | 直接依赖 | go |
| github.com/lestrrat-go/httpcc | v1.0.1 | 间接依赖 | go |
| github.com/huandu/xstrings | v1.4.0 | 间接依赖 | go |
| sigs.k8s.io/structured-merge-diff/v4 | v4.3.0 | 间接依赖 | go |
| github.com/evanphx/json-patch/v5 | v5.7.0 | 直接依赖 | go |
| io.swagger:swagger-annotations | 1.5.0 | 直接依赖 | maven |
| google.golang.org/appengine | v1.6.8 | 间接依赖 | go |
| github.com/docker/docker | v24.0.7+incompatible | 间接依赖 | go |
| github.com/MakeNowJust/heredoc | v1.0.0 | 间接依赖 | go |
| golang.org/x/tools | v0.15.0 | 间接依赖 | go |
| sigs.k8s.io/mcs-api | v0.1.0 | 直接依赖 | go |
| github.com/mdlayher/socket | v0.4.0 | 间接依赖 | go |
| gopkg.in/ini.v1 | v1.67.0 | 间接依赖 | go |
| Flask | 2.2.5 | 间接依赖 | pip |
| github.com/envoyproxy/go-control-plane | v0.11.2-0.20231201010245-4d7ddbeb202d | 直接依赖 | go |
| github.com/grpc-ecosystem/grpc-gateway/v2 | v2.16.2 | 间接依赖 | go |
| github.com/alecholmes/xfccparser | v0.1.0 | 直接依赖 | go |
| github.com/rivo/uniseg | v0.4.3 | 间接依赖 | go |
| k8s.io/utils | v0.0.0-20231121161247-cf03d44ff3cf | 直接依赖 | go |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.21.0 | 直接依赖 | go |
| github.com/VividCortex/ewma | v1.2.0 | 间接依赖 | go |
| cloud.google.com/go/iam | v1.1.5 | 间接依赖 | go |
| github.com/kylelemons/godebug | v1.1.0 | 直接依赖 | go |
| javax.inject:javax.inject | 1 | 直接依赖 | maven |
| github.com/quic-go/qpack | v0.4.0 | 间接依赖 | go |
| google.golang.org/grpc | v1.59.0 | 直接依赖 | go |
| github.com/go-logr/stdr | v1.2.2 | 间接依赖 | go |
| github.com/florianl/go-tc | v0.4.2 | 直接依赖 | go |
| github.com/google/shlex | v0.0.0-20191202100458-e7afc7fbc510 | 直接依赖 | go |
| gomodules.xyz/jsonpatch/v2 | v2.4.0 | 直接依赖 | go |
| go.uber.org/atomic | v1.11.0 | 直接依赖 | go |
| github.com/containernetworking/cni | v1.1.2 | 直接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.1 | 直接依赖 | go |
| github.com/docker/cli | v24.0.7+incompatible | 直接依赖 | go |
| cloud.google.com/go/security | v1.15.4 | 直接依赖 | go |
| github.com/monochromegane/go-gitignore | v0.0.0-20200626010858-205db1a8cc00 | 间接依赖 | go |
| javax.enterprise:cdi-api | 1.2 | 直接依赖 | maven |
| github.com/containerd/stargz-snapshotter/estargz | v0.14.3 | 间接依赖 | go |
| github.com/opencontainers/go-digest | v1.0.0 | 间接依赖 | go |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20231120223509-83a465c0220f | 直接依赖 | go |
| gopkg.in/yaml.v2 | v2.4.0 | 直接依赖 | go |
| github.com/grpc-ecosystem/go-grpc-prometheus | v1.2.0 | 直接依赖 | go |
| go.opencensus.io | v0.24.0 | 间接依赖 | go |
| go.starlark.net | v0.0.0-20230525235612-a134d8f9ddca | 间接依赖 | go |
| github.com/mitchellh/mapstructure | v1.5.0 | 间接依赖 | go |
| cloud.google.com/go | v0.110.10 | 间接依赖 | go |
| github.com/Masterminds/goutils | v1.1.1 | 间接依赖 | go |
| sigs.k8s.io/controller-runtime | v0.16.3 | 直接依赖 | go |
| github.com/go-openapi/jsonreference | v0.20.2 | 间接依赖 | go |
| github.com/ryanuber/go-glob | v1.0.0 | 直接依赖 | go |
| github.com/hashicorp/errwrap | v1.1.0 | 间接依赖 | go |
| javax.servlet:javax.servlet-api | 3.1.0 | 直接依赖 | maven |
| k8s.io/cli-runtime | v0.28.4 | 直接依赖 | go |
| go.opentelemetry.io/otel | v1.21.0 | 直接依赖 | go |
| github.com/mitchellh/go-homedir | v1.1.0 | 直接依赖 | go |
| k8s.io/apimachinery | v0.28.4 | 直接依赖 | go |
| golang.org/x/mod | v0.14.0 | 间接依赖 | go |
| github.com/onsi/ginkgo/v2 | v2.13.0 | 间接依赖 | go |
| github.com/sagikazarmark/slog-shim | v0.1.0 | 间接依赖 | go |
| golang.org/x/net | v0.18.0 | 直接依赖 | go |
| github.com/openshift/api | v0.0.0-20231121202920-a295b8c5f513 | 直接依赖 | go |
| go.opentelemetry.io/otel/trace | v1.21.0 | 直接依赖 | go |
| github.com/josharian/native | v1.1.0 | 直接依赖 | go |
| github.com/Masterminds/sprig/v3 | v3.2.3 | 直接依赖 | go |
| golang.org/x/term | v0.14.0 | 间接依赖 | go |
| github.com/subosito/gotenv | v1.6.0 | 间接依赖 | go |
| github.com/florianl/go-nflog/v2 | v2.0.1 | 直接依赖 | go |
| istio.io/api | v1.19.0-alpha.1.0.20231130210426-342d60d7bee6 | 直接依赖 | go |
| github.com/mdlayher/netlink | v1.7.1 | 间接依赖 | go |
| golang.org/x/text | v0.14.0 | 间接依赖 | go |
| github.com/golang/protobuf | v1.5.3 | 直接依赖 | go |
| github.com/opencontainers/image-spec | v1.1.0-rc5 | 间接依赖 | go |
| github.com/hashicorp/golang-lru/v2 | v2.0.7 | 直接依赖 | go |
| github.com/matttproud/golang_protobuf_extensions/v2 | v2.0.0 | 间接依赖 | go |
| github.com/spf13/viper | v1.17.0 | 直接依赖 | go |
| github.com/docker/docker-credential-helpers | v0.7.0 | 间接依赖 | go |
| github.com/BurntSushi/toml | v1.3.2 | 间接依赖 | go |
| github.com/googleapis/enterprise-certificate-proxy | v0.3.2 | 间接依赖 | go |
| github.com/gobwas/glob | v0.2.3 | 间接依赖 | go |
| github.com/moby/spdystream | v0.2.0 | 间接依赖 | go |
| github.com/docker/distribution | v2.8.2+incompatible | 间接依赖 | go |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp | v1.21.0 | 直接依赖 | go |
| istio.io/client-go | v1.19.0-alpha.1.0.20231130211226-46ba363b2dc1 | 直接依赖 | go |
| golang.org/x/exp | v0.0.0-20231110203233-9a3e6036ecaa | 直接依赖 | go |
| github.com/alecthomas/participle | v0.4.1 | 间接依赖 | go |
| github.com/prometheus/procfs | v0.12.0 | 间接依赖 | go |
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | 间接依赖 | go |
| Flask-JSON | 0.4.0 | 间接依赖 | pip |
| github.com/coreos/go-oidc/v3 | v3.7.0 | 直接依赖 | go |
| github.com/prometheus/client_model | v0.5.0 | 直接依赖 | go |
| golang.org/x/sys | v0.14.1-0.20231108175955-e4099bfacb8c | 直接依赖 | go |
| github.com/containernetworking/plugins | v1.3.0 | 直接依赖 | go |
| github.com/asaskevich/govalidator | v0.0.0-20230301143203-a9d515a09cc2 | 间接依赖 | go |
| javax.websocket:javax.websocket-api | 1.1 | 直接依赖 | maven |
| sigs.k8s.io/kustomize/kyaml | v0.14.3 | 间接依赖 | go |
| github.com/lestrrat-go/jwx | v1.2.26 | 直接依赖 | go |
| github.com/mitchellh/go-wordwrap | v1.0.1 | 间接依赖 | go |
| github.com/go-openapi/jsonpointer | v0.20.0 | 间接依赖 | go |
| github.com/google/cel-go | v0.16.1 | 直接依赖 | go |
| github.com/hashicorp/go-multierror | v1.1.1 | 直接依赖 | go |
| github.com/census-instrumentation/opencensus-proto | v0.4.1 | 直接依赖 | go |
| test-requirements.txt | 间接依赖 | pip | |
| github.com/goccy/go-json | v0.10.2 | 间接依赖 | go |
| k8s.io/api | v0.28.4 | 直接依赖 | go |
| github.com/google/btree | v1.1.2 | 间接依赖 | go |
| gopkg.in/natefinch/lumberjack.v2 | v2.2.1 | 直接依赖 | go |
| github.com/lestrrat-go/blackmagic | v1.0.2 | 间接依赖 | go |
| golang.org/x/crypto | v0.15.0 | 间接依赖 | go |
| github.com/cncf/xds/go | v0.0.0-20231121184454-5b9bca5544b3 | 直接依赖 | go |
| go.uber.org/mock | v0.3.0 | 间接依赖 | go |
| github.com/cenkalti/backoff/v4 | v4.2.1 | 直接依赖 | go |
| github.com/prometheus/common | v0.45.0 | 直接依赖 | go |
| go.opentelemetry.io/otel/exporters/prometheus | v0.44.0 | 直接依赖 | go |
| github.com/stoewer/go-strcase | v1.3.0 | 直接依赖 | go |
| google.golang.org/genproto/googleapis/api | v0.0.0-20231120223509-83a465c0220f | 直接依赖 | go |
| github.com/go-openapi/swag | v0.22.4 | 间接依赖 | go |
| k8s.io/component-base | v0.28.4 | 间接依赖 | go |
| github.com/spf13/afero | v1.10.0 | 间接依赖 | go |
| github.com/xeipuuv/gojsonreference | v0.0.0-20180127040603-bd5ef7bd5415 | 间接依赖 | go |
| github.com/antlr/antlr4/runtime/Go/antlr/v4 | v4.0.0-20230305170008-8188dc5388df | 间接依赖 | go |
| github.com/gorilla/mux | v1.8.1 | 直接依赖 | go |
| github.com/cyphar/filepath-securejoin | v0.2.4 | 间接依赖 | go |
| k8s.io/apiextensions-apiserver | v0.28.3 | 直接依赖 | go |
| github.com/cheggaaa/pb/v3 | v3.1.4 | 直接依赖 | go |
| javax.ws.rs:javax.ws.rs-api | 2.0 | 直接依赖 | maven |
| github.com/lestrrat-go/backoff/v2 | v2.0.8 | 间接依赖 | go |
| prometheus-client | 0.17.0 | 间接依赖 | pip |
| cloud.google.com/go/logging | v1.8.1 | 直接依赖 | go |
| github.com/imdario/mergo | v1.0.0 | 间接依赖 | go |
| k8s.io/apiserver | v0.28.4 | 直接依赖 | go |
| github.com/quic-go/qtls-go1-20 | v0.4.1 | 间接依赖 | go |
| jaeger-client | 3.13.0 | 间接依赖 | pip |
| github.com/evanphx/json-patch | v5.7.0+incompatible | 间接依赖 | go |
| github.com/hashicorp/go-version | v1.6.0 | 直接依赖 | go |
| github.com/lestrrat-go/option | v1.0.1 | 间接依赖 | go |
| github.com/envoyproxy/protoc-gen-validate | v1.0.2 | 间接依赖 | go |
| github.com/golang/groupcache | v0.0.0-20210331224755-41bb18bfe9da | 间接依赖 | go |
| sigs.k8s.io/kustomize/api | v0.13.5-0.20230601165947-6ce0bf390ce3 | 间接依赖 | go |
| github.com/moby/buildkit | v0.12.3 | 直接依赖 | go |
| github.com/chai2010/gettext-go | v1.0.2 | 间接依赖 | go |
| k8s.io/kubectl | v0.28.4 | 直接依赖 | go |
| golang.org/x/time | v0.4.0 | 直接依赖 | go |
| cloud.google.com/go/compute | v1.23.3 | 间接依赖 | go |
| go.opentelemetry.io/otel/metric | v1.21.0 | 直接依赖 | go |
| github.com/exponent-io/jsonpath | v0.0.0-20151013193312-d6023ce2651d | 间接依赖 | go |
| github.com/davecgh/go-spew | v1.1.2-0.20180830191138-d8f796af33cc | 直接依赖 | go |