Use src package

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/genuinetools/reg v0.16.0
 	github.com/gliderlabs/ssh v0.1.3 // indirect
 	github.com/golang/protobuf v1.3.1 // indirect
-	github.com/knqyf263/fanal v0.0.0-20190513061210-e1980f95d1f5
+	github.com/knqyf263/fanal v0.0.0-20190514052804-ca40e6cb0e1a
 	github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b
 	github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261
 	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936

go.sum

@@ -32,8 +32,6 @@ github.com/containerd/continuity v0.0.0-20180921161001-7f53d412b9eb h1:qSMRxG547
 github.com/containerd/continuity v0.0.0-20180921161001-7f53d412b9eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/coreos/clair v0.0.0-20180919182544-44ae4bc9590a h1:glxUtT0RlaVJU86kg78ygzfhwW6D+uj5H+aOK01QDgI=
 github.com/coreos/clair v0.0.0-20180919182544-44ae4bc9590a/go.mod h1:uXhHPWAoRqw0jJc2f8RrPCwRhIo9otQ8OEWUFtpCiwA=
-github.com/d4l3k/messagediff v1.2.1 h1:ZcAIMYsUg0EAp9X+tt8/enBE/Q8Yd5kzPynLyKptt9U=
-github.com/d4l3k/messagediff v1.2.1/go.mod h1:Oozbb1TVXFac9FtSIxHBMnBCq2qeH/2KkEQxENCrlLo=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -116,8 +114,8 @@ github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e h1:RgQk53JHp
 github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662/go.mod h1:bu1CcN4tUtoRcI/B/RFHhxMNKFHVq/c3SV+UTyduoXg=
-github.com/knqyf263/fanal v0.0.0-20190513061210-e1980f95d1f5 h1:d6oqR7xZEMoNDp0x7/g/DCKZ1n0exzr76eyzOz8p2ls=
-github.com/knqyf263/fanal v0.0.0-20190513061210-e1980f95d1f5/go.mod h1:/3MJJHzCSQm4xQMUnBAGx7aI5zvWA98twxekdDcLzbY=
+github.com/knqyf263/fanal v0.0.0-20190514052804-ca40e6cb0e1a h1:2zG9YY77/Nv+dMcAA3EzRwoUWP0cWmQIuAumhEYZtNQ=
+github.com/knqyf263/fanal v0.0.0-20190514052804-ca40e6cb0e1a/go.mod h1:HTp1oNm2dPtIooJCspQHukx37GjPpj5DHuqlebTp4TI=
 github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b h1:DiDMmSwuY27PJxA2Gs0+uI/bQ/ehKARaGXRdlp+wFis=
 github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao=
 github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261 h1:RPgPsbEsYj6LuOjZnKl2DvbfodNWRuWKZfWJkrD7l8s=

pkg/scanner/ospkg/debian/debian.go

@@ -34,15 +34,12 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
 
 	var vulns []vulnerability.DetectedVulnerability
 	for _, pkg := range pkgs {
-		if pkg.Type != analyzer.TypeSource {
-			continue
-		}
-		advisories, err := debianoval.Get(osVer, pkg.Name)
+		advisories, err := debianoval.Get(osVer, pkg.SrcName)
 		if err != nil {
 			return nil, xerrors.Errorf("failed to get debian OVAL: %w", err)
 		}
 
-		installed := utils.FormatVersion(pkg)
+		installed := utils.FormatSrcVersion(pkg)
 		installedVersion, err := version.NewVersion(installed)
 		if err != nil {
 			log.Logger.Debugf("failed to parse Debian installed package version: %w", err)
@@ -66,7 +63,7 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
 				vulns = append(vulns, vuln)
 			}
 		}
-		advisories, err = debian.Get(osVer, pkg.Name)
+		advisories, err = debian.Get(osVer, pkg.SrcName)
 		if err != nil {
 			return nil, xerrors.Errorf("failed to get debian advisory: %w", err)
 		}

pkg/scanner/ospkg/redhat/redhat.go

@@ -28,12 +28,12 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
 
 	var vulns []vulnerability.DetectedVulnerability
 	for _, pkg := range pkgs {
-		advisories, err := redhat.Get(osVer, pkg.Name)
+		advisories, err := redhat.Get(osVer, pkg.SrcName)
 		if err != nil {
 			return nil, xerrors.Errorf("failed to get Red Hat advisories: %w", err)
 		}
 
-		installed := utils.FormatVersion(pkg)
+		installed := utils.FormatSrcVersion(pkg)
 		installedVersion := version.NewVersion(installed)
 		for _, adv := range advisories {
 			fixedVersion := version.NewVersion(adv.FixedVersion)

pkg/scanner/ospkg/ubuntu/ubuntu.go

@@ -24,12 +24,12 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
 
 	var vulns []vulnerability.DetectedVulnerability
 	for _, pkg := range pkgs {
-		advisories, err := ubuntu.Get(osVer, pkg.Name)
+		advisories, err := ubuntu.Get(osVer, pkg.SrcName)
 		if err != nil {
 			return nil, xerrors.Errorf("failed to get Ubuntu advisories: %w", err)
 		}
 
-		installed := utils.FormatVersion(pkg)
+		installed := utils.FormatSrcVersion(pkg)
 		installedVersion, err := version.NewVersion(installed)
 		if err != nil {
 			log.Logger.Debugf("failed to parse Ubuntu installed package version: %w", err)

pkg/scanner/utils/utils.go

@@ -29,12 +29,21 @@ func MatchVersions(currentVersion *version.Version, rangeVersions []string) bool
 }
 
 func FormatVersion(pkg analyzer.Package) string {
-	v := pkg.Version
-	if pkg.Release != "" {
-		v = fmt.Sprintf("%s-%s", v, pkg.Release)
+	return formatVersion(pkg.Epoch, pkg.Version, pkg.Release)
+}
+
+func FormatSrcVersion(pkg analyzer.Package) string {
+	return formatVersion(pkg.SrcEpoch, pkg.SrcVersion, pkg.SrcRelease)
+}
+
+func formatVersion(epoch int, version, release string) string {
+	v := version
+	if release != "" {
+		v = fmt.Sprintf("%s-%s", v, release)
 	}
-	if pkg.Epoch != 0 {
-		v = fmt.Sprintf("%d:%s", pkg.Epoch, v)
+	if epoch != 0 {
+		v = fmt.Sprintf("%d:%s", epoch, v)
 	}
 	return v
+
 }