werf/werf 软件分析报告

基础信息

项目名称:werf/werf

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1719694370940780544/1746783228540911616

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
prometheus client golang 资源管理错误漏洞 不加限制或调节的资源分配 MPS-2021-37056 CVE-2022-21698 高危
rack 存在HTTP请求的解释不一致性(HTTP请求私运)漏洞 HTTP请求走私 MPS-2022-15297 中危
OpenTelemetry-Go Contrib 安全漏洞 不加限制或调节的资源分配 MPS-83gr-xlom CVE-2023-45142 高危
CVE-2023-47108漏洞 不加限制或调节的资源分配 MPS-lrfd-7kb6 CVE-2023-47108 高危
SSH协议前缀截断攻击(Terrapin攻击) 安全相关信息的截断 MPS-nv0f-qtib CVE-2023-48795 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0 0.44.0 间接依赖 建议修复
golang.org/x/crypto v0.16.0 0.17.0 直接依赖 建议修复
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.29.0 0.44.0 间接依赖 可选修复
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0 0.46.0 间接依赖 可选修复
rack 3.0.8 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
BSD-3-Clause 57
MIT 122
自定义许可证 9
Apache-2.0 163
BSD-2-Clause 8
CC-BY-SA-4.0 2
MPL-2.0 6
Unicode-DFS-2016 2
Unlicense 1
ISC 3
GPL-3.0 2

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
gopkg.in/inf.v0 v0.9.1 间接依赖 go
chef-utils 16.16.13 间接依赖 bundler
github.com/BurntSushi/toml v1.2.1 间接依赖 go
ipaddress 0.8.3 间接依赖 bundler
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 间接依赖 go
golang.org/x/text v0.14.0 间接依赖 go
github.com/tidwall/pretty v1.2.1 间接依赖 go
github.com/alessio/shellescape v1.4.1 直接依赖 go
wmi-lite 1.0.5 间接依赖 bundler
github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 直接依赖 go
github.com/cpuguy83/go-md2man/v2 v2.0.2 间接依赖 go
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 间接依赖 go
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 间接依赖 go
yell 2.2.2 间接依赖 bundler
awesome_print 1.9.2 间接依赖 bundler
github.com/docker/docker-credential-helpers v0.7.0 间接依赖 go
rake 13.1.0 间接依赖 bundler
github.com/gogo/protobuf v1.3.2 间接依赖 go
public_suffix 5.0.4 间接依赖 bundler
github.com/google/gnostic v0.6.9 间接依赖 go
github.com/oklog/ulid v1.3.1 间接依赖 go
parallel 1.24.0 间接依赖 bundler
github.com/prashantv/gostub v1.1.0 直接依赖 go
sassc 2.4.0 间接依赖 bundler
github.com/dominikbraun/graph v0.23.0 间接依赖 go
github.com/gofrs/flock v0.8.1 间接依赖 go
github.com/sigstore/rekor v1.2.0 间接依赖 go
github.com/VividCortex/ewma v1.2.0 间接依赖 go
github.com/russross/blackfriday/v2 v2.1.0 间接依赖 go
github.com/go-openapi/jsonreference v0.20.2 间接依赖 go
github.com/go-git/go-git/v5 v5.11.0 直接依赖 go
typhoeus 1.4.1 间接依赖 bundler
ffi 1.15.4 间接依赖 bundler
http_parser.rb 0.8.0 间接依赖 bundler
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 直接依赖 go
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0 间接依赖 go
github.com/opencontainers/go-digest v1.0.0 直接依赖 go
github.com/mitchellh/mapstructure v1.5.0 间接依赖 go
github.com/containerd/console v1.0.3 间接依赖 go
github.com/aws/aws-sdk-go-v2/credentials v1.13.22 间接依赖 go
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 间接依赖 go
golang.org/x/crypto v0.16.0 直接依赖 go
github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2 间接依赖 go
github.com/tonistiigi/fsutil v0.0.0-20230105215944-fb433841cbfa 间接依赖 go
github.com/wI2L/jsondiff v0.4.0 间接依赖 go
contracts 0.16.1 间接依赖 bundler
sigs.k8s.io/kustomize/kustomize/v4 v4.5.7 间接依赖 go
github.com/tidwall/sjson v1.2.5 间接依赖 go
github.com/werf/copy-recurse v0.2.7 直接依赖 go
github.com/moby/locker v1.0.1 间接依赖 go
go.opentelemetry.io/otel/trace v1.14.0 直接依赖 go
listen 3.8.0 间接依赖 bundler
github.com/klauspost/compress v1.16.4 间接依赖 go
sass-embedded 1.63.6 间接依赖 bundler
github.com/mitchellh/reflectwalk v1.0.2 间接依赖 go
toml-rb 2.0.1 间接依赖 bundler
ethon 0.16.0 间接依赖 bundler
golang.org/x/mod v0.12.0 直接依赖 go
golang.org/x/time v0.3.0 间接依赖 go
k8s.io/component-base v0.26.6 间接依赖 go
github.com/docker/go-units v0.5.0 直接依赖 go
rb-inotify 0.10.1 间接依赖 bundler
github.com/emicklei/go-restful/v3 v3.10.2 间接依赖 go
github.com/maorfr/helm-plugin-utils v0.6.1-0.20230319074221-e61910f7f295 间接依赖 go
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 间接依赖 go
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 间接依赖 go
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.29.0 间接依赖 go
github.com/hashicorp/go-cty-funcs v0.0.0-20200930094925-2721b1e36840 间接依赖 go
rsc.io/letsencrypt v0.0.3 间接依赖 go
libyajl2 2.1.0 间接依赖 bundler
k8s.io/metrics v0.26.6 间接依赖 go
github.com/apparentlymart/go-textseg/v13 v13.0.0 间接依赖 go
go.opentelemetry.io/proto/otlp v0.19.0 间接依赖 go
github.com/klauspost/pgzip v1.2.6-0.20220930104621-17e8dac29df8 间接依赖 go
github.com/sourcegraph/conc v0.3.0 间接依赖 go
github.com/go-logr/logr v1.2.4 间接依赖 go
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd 间接依赖 go
pedump 0.6.2 间接依赖 bundler
k8s.io/kubectl v0.26.6 直接依赖 go
google-protobuf 3.25.2 间接依赖 bundler
github.com/theupdateframework/notary v0.6.1 间接依赖 go
tzinfo 2.0.6 间接依赖 bundler
github.com/vbauerster/mpb/v8 v8.3.0 间接依赖 go
github.com/helm/helm-2to3 v0.10.3 直接依赖 go
github.com/chai2010/gettext-go v1.0.2 间接依赖 go
omnibus 8.2.2 间接依赖 bundler
jekyll-watch 2.2.1 间接依赖 bundler
github.com/google/go-containerregistry v0.14.0 直接依赖 go
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 间接依赖 go
citrus 3.0.2 间接依赖 bundler
github.com/seccomp/libseccomp-golang v0.10.0 间接依赖 go
github.com/json-iterator/go v1.1.12 间接依赖 go
github.com/bmatcuk/doublestar v1.3.4 直接依赖 go
nokogiri 1.16.0 间接依赖 bundler
github.com/moby/spdystream v0.2.0 间接依赖 go
concurrent-ruby 1.2.2 间接依赖 bundler
github.com/ncw/directio v1.0.5 间接依赖 go
i18n 1.14.1 间接依赖 bundler
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 直接依赖 go
kramdown-parser-gfm 1.1.0 间接依赖 bundler
ffi 1.16.3 间接依赖 bundler
github.com/MakeNowJust/heredoc v1.0.0 间接依赖 go
jekyll-include-cache 0.2.1 间接依赖 bundler
go.mongodb.org/mongo-driver v1.11.3 间接依赖 go
github.com/mitchellh/go-wordwrap v1.0.0 间接依赖 go
github.com/Masterminds/semver v1.5.0 直接依赖 go
gopkg.in/oleiade/reflections.v1 v1.0.0 直接依赖 go
k8s.io/apimachinery v0.27.3 直接依赖 go
github.com/manifoldco/promptui v0.9.0 间接依赖 go
github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f 间接依赖 go
github.com/google/gofuzz v1.2.0 间接依赖 go
github.com/avelino/slugify v0.0.0-20180501145920-855f152bd774 间接依赖 go
github.com/mitchellh/go-homedir v1.1.0 间接依赖 go
github.com/go-openapi/errors v0.20.3 间接依赖 go
go.opentelemetry.io/otel/sdk v1.14.0 直接依赖 go
github.com/werf/lockgate v0.1.1 直接依赖 go
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0 间接依赖 go
github.com/pelletier/go-toml v1.9.5 间接依赖 go
github.com/sigstore/sigstore v1.6.4 间接依赖 go
github.com/mistifyio/go-zfs/v3 v3.0.0 间接依赖 go
bou.ke/monkey v1.0.2 直接依赖 go
github.com/prometheus/client_golang v1.15.1 间接依赖 go
github.com/go-git/go-billy/v5 v5.5.0 间接依赖 go
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 间接依赖 go
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 间接依赖 go
github.com/peterbourgon/diskv v2.0.1+incompatible 间接依赖 go
dario.cat/mergo v1.0.0 间接依赖 go
github.com/montanaflynn/stats v0.7.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 间接依赖 go
k8s.io/apiextensions-apiserver v0.26.2 间接依赖 go
jekyll-sass-converter 3.0.0 间接依赖 bundler
chef-config 16.16.13 间接依赖 bundler
thor 0.20.3 间接依赖 bundler
github.com/spf13/pflag v1.0.5 直接依赖 go
github.com/stretchr/testify v1.8.4 间接依赖 go
github.com/hashicorp/errwrap v1.1.0 间接依赖 go
rack 3.0.8 间接依赖 bundler
github.com/moby/term v0.5.0 直接依赖 go
rexml 3.2.6 间接依赖 bundler
github.com/Masterminds/squirrel v1.5.3 间接依赖 go
github.com/davecgh/go-spew v1.1.1 间接依赖 go
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 间接依赖 go
github.com/cenkalti/backoff/v4 v4.2.0 间接依赖 go
github.com/skeema/knownhosts v1.2.1 间接依赖 go
unicode-display_width 2.5.0 间接依赖 bundler
github.com/josharian/intern v1.0.0 间接依赖 go
github.com/otiai10/copy v1.12.0 直接依赖 go
github.com/cespare/xxhash/v2 v2.2.0 间接依赖 go
github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f 间接依赖 go
go.etcd.io/bbolt v1.3.7 间接依赖 go
github.com/docker/cli v23.0.6+incompatible 直接依赖 go
jekyll-sanity 1.6.0 间接依赖 bundler
mixlib-versioning 1.2.12 间接依赖 bundler
github.com/jmoiron/sqlx v1.3.5 间接依赖 go
go.uber.org/multierr v1.11.0 间接依赖 go
github.com/tidwall/match v1.1.1 间接依赖 go
github.com/go-gorp/gorp/v3 v3.0.5 间接依赖 go
ohai 16.13.0 间接依赖 bundler
gopkg.in/go-jose/go-jose.v2 v2.6.1 间接依赖 go
github.com/gookit/color v1.5.3 直接依赖 go
github.com/go-openapi/strfmt v0.21.7 直接依赖 go
github.com/moby/patternmatcher v0.5.0 间接依赖 go
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 间接依赖 go
github.com/moby/sys/mountinfo v0.6.2 间接依赖 go
github.com/containerd/typeurl v1.0.2 间接依赖 go
colorator 1.1.0 间接依赖 bundler
github.com/lithammer/dedent v1.1.0 间接依赖 go
github.com/moby/sys/signal v0.7.0 间接依赖 go
github.com/deislabs/oras v0.12.0 直接依赖 go
github.com/containers/buildah v1.30.0 直接依赖 go
github.com/container-orchestrated-devices/container-device-interface v0.5.4 间接依赖 go
github.com/inconshreveable/mousetrap v1.1.0 间接依赖 go
gopkg.in/square/go-jose.v2 v2.6.0 间接依赖 go
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d 直接依赖 go
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 间接依赖 go
github.com/mailru/easyjson v0.7.7 间接依赖 go
plist 3.6.0 间接依赖 bundler
github.com/jinzhu/gorm v1.9.12 间接依赖 go
aws-sdk-s3 1.103.0 间接依赖 bundler
github.com/agext/levenshtein v1.2.3 间接依赖 go
github.com/onsi/gomega v1.27.10 直接依赖 go
aws-sdk-kms 1.49.0 间接依赖 bundler
aws-sdk-core 3.121.1 间接依赖 bundler
rb-fsevent 0.11.2 间接依赖 bundler
github.com/aws/smithy-go v1.13.5 间接依赖 go
aws-partitions 1.514.0 间接依赖 bundler
github.com/pjbgf/sha1cd v0.3.0 间接依赖 go
github.com/gophercloud/gophercloud v1.4.0 直接依赖 go
github.com/emirpasic/gods v1.18.1 间接依赖 go
github.com/modern-go/reflect2 v1.0.2 间接依赖 go
k8s.io/component-helpers v0.26.6 间接依赖 go
extras 0.3.0 间接依赖 bundler
github.com/google/pprof v0.0.0-20230309165930-d61513b1440d 间接依赖 go
gopkg.in/yaml.v2 v2.4.0 直接依赖 go
github.com/hashicorp/go-version v1.6.0 直接依赖 go
github.com/vbatts/tar-split v0.11.3 间接依赖 go
github.com/chzyer/readline v1.5.1 间接依赖 go
github.com/spf13/cast v1.5.0 间接依赖 go
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c 间接依赖 go
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 间接依赖 go
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 间接依赖 go
k8s.io/client-go v0.27.3 直接依赖 go
addressable 2.8.0 间接依赖 bundler
github.com/Masterminds/sprig/v3 v3.2.3 直接依赖 go
github.com/containers/image/v5 v5.25.0 直接依赖 go
github.com/zclconf/go-cty v1.10.0 间接依赖 go
mercenary 0.4.0 间接依赖 bundler
github.com/tidwall/gjson v1.14.2 间接依赖 go
mixlib-log 3.0.9 间接依赖 bundler
gopkg.in/warnings.v0 v0.1.2 间接依赖 go
github.com/onsi/ginkgo/v2 v2.11.0 直接依赖 go
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 间接依赖 go
helm.sh/helm/v3 v3.11.2 直接依赖 go
minitest 5.20.0 间接依赖 bundler
github.com/gofrs/uuid v4.4.0+incompatible 间接依赖 go
github.com/gorilla/mux v1.8.0 间接依赖 go
github.com/beorn7/perks v1.0.1 间接依赖 go
gopkg.in/errgo.v2 v2.1.0 直接依赖 go
github.com/mattn/go-isatty v0.0.17 间接依赖 go
github.com/go-openapi/validate v0.22.1 直接依赖 go
github.com/containerd/typeurl/v2 v2.1.1 间接依赖 go
json 2.5.1 间接依赖 bundler
github.com/sylabs/sif/v2 v2.11.1 间接依赖 go
github.com/apparentlymart/go-cidr v1.0.1 间接依赖 go
github.com/openshift/imagebuilder v1.2.5-0.20230315213933-1693aaac1009 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 间接依赖 go
github.com/docker/docker v23.0.6+incompatible 直接依赖 go
net-scp 3.0.0 间接依赖 bundler
k8s.io/cli-runtime v0.26.6 直接依赖 go
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 间接依赖 go
terminal-table 3.0.2 间接依赖 bundler
golang.org/x/sys v0.15.0 间接依赖 go
mini_portile2 2.8.5 间接依赖 bundler
google.golang.org/grpc v1.55.0 间接依赖 go
github.com/shopspring/decimal v1.2.0 间接依赖 go
github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 间接依赖 go
github.com/moby/sys/symlink v0.2.0 间接依赖 go
ffi-yajl 2.4.0 间接依赖 bundler
github.com/apparentlymart/go-textseg/v12 v12.0.0 间接依赖 go
github.com/lib/pq v1.10.7 间接依赖 go
github.com/xlab/treeprint v1.1.0 间接依赖 go
rouge 4.2.0 间接依赖 bundler
liquid 4.0.4 间接依赖 bundler
github.com/morikuni/aec v1.0.0 间接依赖 go
rainbow 3.1.1 间接依赖 bundler
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da 间接依赖 go
github.com/matttproud/golang_protobuf_extensions v1.0.4 间接依赖 go
github.com/gobwas/glob v0.2.3 间接依赖 go
golang.org/x/sync v0.3.0 间接依赖 go
github.com/werf/kubedog v0.11.0 直接依赖 go
racc 1.7.3 间接依赖 bundler
github.com/samber/lo v1.38.1 直接依赖 go
liquid-tag-parser 2.0.2 间接依赖 bundler
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 间接依赖 go
github.com/Microsoft/hcsshim v0.10.0-rc.8 间接依赖 go
github.com/docker/buildx v0.10.4 直接依赖 go
github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 间接依赖 go
github.com/proglottis/gpgme v0.1.3 间接依赖 go
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 间接依赖 go
github.com/mitchellh/copystructure v1.2.0 直接依赖 go
mixlib-config 3.0.9 间接依赖 bundler
github.com/jonboulle/clockwork v0.3.0 间接依赖 go
oras.land/oras-go v1.2.3 直接依赖 go
k8s.io/helm v2.17.0+incompatible 直接依赖 go
github.com/werf/nelm v0.0.0-00010101000000-000000000000 直接依赖 go
github.com/containers/common v0.52.0 直接依赖 go
golang.org/x/term v0.15.0 间接依赖 go
tomlrb 1.3.0 间接依赖 bundler
github.com/containernetworking/plugins v1.2.0 间接依赖 go
github.com/fsnotify/fsnotify v1.6.0 间接依赖 go
iostruct 0.0.4 间接依赖 bundler
golang.org/x/net v0.19.0 直接依赖 go
go.opentelemetry.io/otel/metric v0.37.0 间接依赖 go
github.com/go-openapi/jsonpointer v0.19.6 间接依赖 go
safe_yaml 1.0.5 间接依赖 bundler
github.com/sirupsen/logrus v1.9.3 直接依赖 go
license_scout 1.2.13 间接依赖 bundler
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de 间接依赖 go
k8s.io/apiserver v0.26.2 间接依赖 go
github.com/ulikunitz/xz v0.5.11 间接依赖 go
forwardable-extended 2.6.0 间接依赖 bundler
sigs.k8s.io/kustomize/api v0.12.1 间接依赖 go
ruby-progressbar 1.11.0 间接依赖 bundler
github.com/cloudflare/circl v1.3.3 间接依赖 go
github.com/google/uuid v1.3.0 直接依赖 go
github.com/minio/minio v0.0.0-20210311070216-f92b7a562103 直接依赖 go
go.opentelemetry.io/otel v1.14.0 直接依赖 go
github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 间接依赖 go
github.com/go-openapi/swag v0.22.3 间接依赖 go
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 间接依赖 go
github.com/miekg/pkcs11 v1.1.1 间接依赖 go
github.com/go-openapi/loads v0.21.2 间接依赖 go
github.com/Masterminds/vcs v1.13.3 间接依赖 go
sprockets 4.2.1 间接依赖 bundler
github.com/dustin/go-humanize v1.0.1 直接依赖 go
github.com/spaolacci/murmur3 v1.1.0 直接依赖 go
em-websocket 0.5.3 间接依赖 bundler
github.com/kevinburke/ssh_config v1.2.0 间接依赖 go
github.com/gogo/googleapis v1.4.1 间接依赖 go
github.com/aymanbagabas/go-udiff v0.1.3 间接依赖 go
github.com/jmespath/go-jmespath v0.4.0 间接依赖 go
github.com/google/go-cmp v0.6.0 间接依赖 go
aws-eventstream 1.2.0 间接依赖 bundler
golang.org/x/oauth2 v0.7.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 间接依赖 go
github.com/aws/aws-sdk-go-v2 v1.18.0 间接依赖 go
github.com/sergi/go-diff v1.2.0 间接依赖 go
github.com/containerd/continuity v0.4.1 间接依赖 go
go.opencensus.io v0.24.0 间接依赖 go
multipart-post 2.1.1 间接依赖 bundler
kramdown 2.4.0 间接依赖 bundler
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e 间接依赖 go
github.com/disiqueira/gotree/v3 v3.0.2 间接依赖 go
github.com/prometheus/procfs v0.9.0 间接依赖 go
github.com/go-logr/stdr v1.2.2 间接依赖 go
github.com/rodaine/table v1.1.0 直接依赖 go
github.com/hashicorp/hcl/v2 v2.8.2 间接依赖 go
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 间接依赖 go
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 间接依赖 go
gopkg.in/ini.v1 v1.67.0 直接依赖 go
github.com/mattn/go-colorable v0.1.13 间接依赖 go
github.com/docker/go-metrics v0.0.1 间接依赖 go
github.com/jinzhu/copier v0.3.5 间接依赖 go
github.com/opencontainers/runc v1.1.5 间接依赖 go
github.com/theupdateframework/go-tuf v0.5.2 间接依赖 go
github.com/go-errors/errors v1.0.1 间接依赖 go
github.com/fluxcd/flagger v1.31.0 直接依赖 go
github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 间接依赖 go
html-proofer 3.19.4 间接依赖 bundler
public_suffix 4.0.6 间接依赖 bundler
k8s.io/api v0.27.3 直接依赖 go
rainbow 3.0.0 间接依赖 bundler
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd 间接依赖 go
github.com/docker/cli-docs-tool v0.5.1 间接依赖 go
github.com/go-openapi/analysis v0.21.4 间接依赖 go
github.com/werf/logboek v0.6.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 间接依赖 go
github.com/containers/ocicrypt v1.1.7 间接依赖 go
github.com/djherbis/buffer v1.2.0 直接依赖 go
github.com/fsouza/go-dockerclient v1.9.7 间接依赖 go
github.com/cloudflare/cfssl v1.4.1 间接依赖 go
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 间接依赖 go
github.com/go-openapi/runtime v0.26.0 间接依赖 go
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 间接依赖 go
fuzzyurl 0.9.0 间接依赖 bundler
github.com/sigstore/fulcio v1.2.0 间接依赖 go
github.com/huandu/xstrings v1.3.3 间接依赖 go
github.com/golang/protobuf v1.5.3 间接依赖 go
github.com/spf13/cobra v1.7.0 直接依赖 go
github.com/fatih/camelcase v1.0.0 间接依赖 go
net-ssh 6.1.0 间接依赖 bundler
github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f 间接依赖 go
jmespath 1.6.1 间接依赖 bundler
webrick 1.8.1 间接依赖 bundler
github.com/google/btree v1.0.1 间接依赖 go
github.com/moby/sys/sequential v0.5.0 间接依赖 go
train-core 3.8.1 间接依赖 bundler
github.com/daviddengcn/go-colortext v1.0.0 间接依赖 go
github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6 间接依赖 go
chef-cleanroom 1.0.4 间接依赖 bundler
golang.org/x/exp v0.0.0-20230321023759-10a507213a29 间接依赖 go
github.com/containerd/cgroups v1.1.0 间接依赖 go
github.com/jellydator/ttlcache/v3 v3.1.0 间接依赖 go
github.com/mattn/go-runewidth v0.0.14 间接依赖 go
github.com/compose-spec/compose-go v1.6.0 间接依赖 go
sigs.k8s.io/yaml v1.3.0 直接依赖 go
github.com/evanphx/json-patch v5.6.0+incompatible 间接依赖 go
activesupport 6.1.7.6 间接依赖 bundler
gopkg.in/yaml.v3 v3.0.1 直接依赖 go
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 间接依赖 go
mixlib-shellout 3.2.5 间接依赖 bundler
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0 直接依赖 go
k8s.io/klog/v2 v2.100.1 直接依赖 go
github.com/prometheus/client_model v0.4.0 间接依赖 go
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d 间接依赖 go
github.com/imdario/mergo v0.3.15 间接依赖 go
github.com/oleiade/reflections v1.0.1 间接依赖 go
github.com/go-openapi/spec v0.20.9 直接依赖 go
k8s.io/klog v1.0.0 直接依赖 go
github.com/mattn/go-sqlite3 v2.0.1+incompatible 间接依赖 go
github.com/containerd/containerd v1.7.2 直接依赖 go
github.com/Masterminds/goutils v1.1.1 直接依赖 go
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 间接依赖 go
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb 间接依赖 go
github.com/moby/buildkit v0.11.6 直接依赖 go
github.com/opencontainers/runtime-spec v1.1.0-rc.3 直接依赖 go
github.com/hashicorp/go-multierror v1.1.1 直接依赖 go
github.com/felixge/httpsnoop v1.0.3 间接依赖 go
github.com/pkg/errors v0.9.1 直接依赖 go
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b 直接依赖 go
github.com/fvbommel/sortorder v1.0.1 间接依赖 go
golang.org/x/tools v0.13.0 间接依赖 go
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f 间接依赖 go
github.com/tchap/go-patricia/v2 v2.3.1 间接依赖 go
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 间接依赖 go
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 间接依赖 go
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 直接依赖 go
google.golang.org/appengine v1.6.7 间接依赖 go
addressable 2.8.6 间接依赖 bundler
github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 间接依赖 go
github.com/google/go-intervals v0.0.2 间接依赖 go
github.com/bugsnag/bugsnag-go v1.5.3 间接依赖 go
github.com/rivo/uniseg v0.4.4 间接依赖 go
github.com/opencontainers/runtime-tools v0.9.1-0.20230317050512-e931285f4b69 间接依赖 go
github.com/xanzy/ssh-agent v0.3.3 间接依赖 go
github.com/fatih/color v1.14.1 间接依赖 go
eventmachine 1.2.7 间接依赖 bundler
mixlib-cli 2.1.8 间接依赖 bundler
pathutil 0.16.2 间接依赖 bundler
github.com/docker/distribution v2.8.2+incompatible 直接依赖 go
zhexdump 0.0.2 间接依赖 bundler
github.com/containernetworking/cni v1.1.2 间接依赖 go
github.com/cyphar/filepath-securejoin v0.2.4 间接依赖 go
sigs.k8s.io/kustomize/kyaml v0.13.9 间接依赖 go
aws-sigv4 1.4.0 间接依赖 bundler
zeitwerk 2.6.12 间接依赖 bundler
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 间接依赖 go
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f 间接依赖 go
github.com/opencontainers/selinux v1.11.0 间接依赖 go
github.com/djherbis/nio/v3 v3.0.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/config v1.18.23 间接依赖 go
mvdan.cc/xurls v1.1.0 直接依赖 go
github.com/chanced/caps v1.0.1 间接依赖 go
github.com/containers/storage v1.46.1 直接依赖 go
jekyll 4.3.3 间接依赖 bundler
github.com/Masterminds/semver/v3 v3.2.1 间接依赖 go
github.com/containerd/ttrpc v1.2.2 间接依赖 go
github.com/containerd/stargz-snapshotter/estargz v0.14.3 间接依赖 go
github.com/rubenv/sql-migrate v1.2.0 间接依赖 go
github.com/mattn/go-shellwords v1.0.12 间接依赖 go
github.com/gosuri/uitable v0.0.4 直接依赖 go
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea 间接依赖 go
github.com/mvdan/xurls v1.1.0 间接依赖 go
github.com/Microsoft/go-winio v0.6.1 间接依赖 go
github.com/xeipuuv/gojsonschema v1.2.0 间接依赖 go
github.com/aws/aws-sdk-go v1.44.289 直接依赖 go
github.com/prometheus/common v0.42.0 间接依赖 go
github.com/vishvananda/netlink v1.2.1-beta.2 间接依赖 go
google.golang.org/protobuf v1.30.0 间接依赖 go
(0)
上一篇 2024年1月15日
下一篇 2024年1月15日

相关推荐

  • intel/haxm 软件分析报告

    基础信息 项目名称:intel/haxm 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721279641070108672/1729695519162720256 此报告由Murphysec提供 漏洞列表 暂无…

    软件分析 2023年11月29日
    0
  • Tyrrrz/CliFx 软件分析报告

    基础信息 项目名称:Tyrrrz/CliFx 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1751561900252925952/1751561905307062272 此报告由Murphysec提供 漏洞列表 …

    软件分析 2024年1月28日
    0
  • react-bootstrap/react-bootstrap 软件分析报告

    基础信息 项目名称:react-bootstrap/react-bootstrap 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1762724391536115712/1762724444627615744 此报…

    软件分析 2024年2月28日
    0
  • ossf/allstar 软件分析报告

    基础信息 项目名称:ossf/allstar 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1758279252521922560/1758279252559671296 此报告由Murphysec提供 漏洞列表 …

    软件分析 2024年2月16日
    0
  • cipchk/ng-alain 软件分析报告

    基础信息 项目名称:cipchk/ng-alain 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721089284055830528/1727650866024374272 此报告由Murphysec提供 漏洞…

    软件分析 2023年11月23日
    0