update

.goreleaser.yml

@@ -32,7 +32,7 @@ builds:
 dockers:
   # Arch: amd64
   - image_templates:
-      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-amd64'
+      - 'ghcr.io/threatcode/osv-scanner:{{ .Tag }}-amd64'
     dockerfile: goreleaser.dockerfile
     use: buildx
     build_flag_templates:
@@ -49,7 +49,7 @@ dockers:
       - "--platform=linux/amd64"
   # Arch: arm64
   - image_templates:
-      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-arm64'
+      - 'ghcr.io/threatcode/osv-scanner:{{ .Tag }}-arm64'
     dockerfile: goreleaser.dockerfile
     use: buildx
     build_flag_templates:
@@ -67,14 +67,14 @@ dockers:
     goarch: arm64
 
 docker_manifests:
-  - name_template: 'ghcr.io/google/osv-scanner:{{ .Tag }}'
+  - name_template: 'ghcr.io/threatcode/osv-scanner:{{ .Tag }}'
     image_templates:
-      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-amd64'
-      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-arm64'
-  - name_template: 'ghcr.io/google/osv-scanner:latest'
+      - 'ghcr.io/threatcode/osv-scanner:{{ .Tag }}-amd64'
+      - 'ghcr.io/threatcode/osv-scanner:{{ .Tag }}-arm64'
+  - name_template: 'ghcr.io/threatcode/osv-scanner:latest'
     image_templates:
-      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-amd64'
-      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-arm64'
+      - 'ghcr.io/threatcode/osv-scanner:{{ .Tag }}-amd64'
+      - 'ghcr.io/threatcode/osv-scanner:{{ .Tag }}-arm64'
 
 archives:
   - format: binary

CHANGELOG.md

@@ -3,53 +3,53 @@ v1.2.0:
 
 ### Major Features:
 
-- [Feature #168](https://github.com/google/osv-scanner/pull/168) Support for scanning debian package status file, usually located in `/var/lib/dpkg/status`. Thanks @cmaritan
-- [Feature #94](https://github.com/google/osv-scanner/pull/94) Specify what parser should be used in `--lockfile`.
-- [Feature #158](https://github.com/google/osv-scanner/pull/158) Specify output format to use with the `--format` flag.
-- [Feature #165](https://github.com/google/osv-scanner/pull/165) Respect `.gitignore` files by default when scanning.
-- [Feature #156](https://github.com/google/osv-scanner/pull/156) Support markdown table output format. Thanks @deftdawg
-- [Feature #59](https://github.com/google/osv-scanner/pull/59) Support `conan.lock` lockfiles and ecosystem Thanks @SSE4
+- [Feature #168](https://github.com/threatcode/osv-scanner/pull/168) Support for scanning debian package status file, usually located in `/var/lib/dpkg/status`. Thanks @cmaritan
+- [Feature #94](https://github.com/threatcode/osv-scanner/pull/94) Specify what parser should be used in `--lockfile`.
+- [Feature #158](https://github.com/threatcode/osv-scanner/pull/158) Specify output format to use with the `--format` flag.
+- [Feature #165](https://github.com/threatcode/osv-scanner/pull/165) Respect `.gitignore` files by default when scanning.
+- [Feature #156](https://github.com/threatcode/osv-scanner/pull/156) Support markdown table output format. Thanks @deftdawg
+- [Feature #59](https://github.com/threatcode/osv-scanner/pull/59) Support `conan.lock` lockfiles and ecosystem Thanks @SSE4
 - Updated documentation! Check it out here: https://google.github.io/osv-scanner/
 
 ### Minor Updates:
-- [Feature #178](https://github.com/google/osv-scanner/pull/178) Support SPDX 2.3.
-- [Feature #221](https://github.com/google/osv-scanner/pull/221) Support dependencyManagement section in Maven poms.
-- [Feature #167](https://github.com/google/osv-scanner/pull/167) Make osvscanner API library public.
-- [Feature #141](https://github.com/google/osv-scanner/pull/141) Retry OSV API calls to mitigate transient network issues. Thanks @davift
-- [Feature #220](https://github.com/google/osv-scanner/pull/220) Vulnerability output is ordered deterministically.
-- [Feature #179](https://github.com/google/osv-scanner/pull/179) Log number of packages scanned from SBOM.
+- [Feature #178](https://github.com/threatcode/osv-scanner/pull/178) Support SPDX 2.3.
+- [Feature #221](https://github.com/threatcode/osv-scanner/pull/221) Support dependencyManagement section in Maven poms.
+- [Feature #167](https://github.com/threatcode/osv-scanner/pull/167) Make osvscanner API library public.
+- [Feature #141](https://github.com/threatcode/osv-scanner/pull/141) Retry OSV API calls to mitigate transient network issues. Thanks @davift
+- [Feature #220](https://github.com/threatcode/osv-scanner/pull/220) Vulnerability output is ordered deterministically.
+- [Feature #179](https://github.com/threatcode/osv-scanner/pull/179) Log number of packages scanned from SBOM.
 - General dependency updates
 
 ### Fixes
-- [Bug #161](https://github.com/google/osv-scanner/pull/161) Exit with non zero exit code when there is a general error.
-- [Bug #185](https://github.com/google/osv-scanner/pull/185) Properly omit Source from JSON output.
+- [Bug #161](https://github.com/threatcode/osv-scanner/pull/161) Exit with non zero exit code when there is a general error.
+- [Bug #185](https://github.com/threatcode/osv-scanner/pull/185) Properly omit Source from JSON output.
 
 v1.1.0:
 ===
 
 This update adds support for NuGet ecosystem and various bug fixes by the community.
 
-- [Feature #98](https://github.com/google/osv-scanner/pull/98): Support for NuGet ecosystem.
-- [Feature #71](https://github.com/google/osv-scanner/issues/71): Now supports Pipfile.lock scanning.
-- [Bug #85](https://github.com/google/osv-scanner/issues/85): Even better support for narrow terminals by shortening osv.dev URLs.
-- [Bug #105](https://github.com/google/osv-scanner/issues/105): Fix rare cases of too many open file handles.
-- [Bug #131](https://github.com/google/osv-scanner/pull/131): Fix table highlighting overflow.
-- [Bug #101](https://github.com/google/osv-scanner/issues/101): Now supports 32 bit systems.
+- [Feature #98](https://github.com/threatcode/osv-scanner/pull/98): Support for NuGet ecosystem.
+- [Feature #71](https://github.com/threatcode/osv-scanner/issues/71): Now supports Pipfile.lock scanning.
+- [Bug #85](https://github.com/threatcode/osv-scanner/issues/85): Even better support for narrow terminals by shortening osv.dev URLs.
+- [Bug #105](https://github.com/threatcode/osv-scanner/issues/105): Fix rare cases of too many open file handles.
+- [Bug #131](https://github.com/threatcode/osv-scanner/pull/131): Fix table highlighting overflow.
+- [Bug #101](https://github.com/threatcode/osv-scanner/issues/101): Now supports 32 bit systems.
 
 
 v1.0.2
 ===
 
 This is a minor patch release to mitigate human readable output issues on narrow terminals (#85).
 
-- [Bug #85](https://github.com/google/osv-scanner/issues/85): Better support for narrow terminals.
+- [Bug #85](https://github.com/threatcode/osv-scanner/issues/85): Better support for narrow terminals.
 
 
 v1.0.1
 ===
 Various bug fixes and improvements. Many thanks to the amazing contributions and suggestions from the community!
 
 - Feature: ARM64 builds are now also available!
-- [Feature #46](https://github.com/google/osv-scanner/pull/46): Gradle lockfile support.
-- [Feature #50](https://github.com/google/osv-scanner/pull/46): Add version command.
-- [Bug #52](https://github.com/google/osv-scanner/issues/52): Fixes 0 exit code being wrongly emitted when vulnerabilities are present.
+- [Feature #46](https://github.com/threatcode/osv-scanner/pull/46): Gradle lockfile support.
+- [Feature #50](https://github.com/threatcode/osv-scanner/pull/46): Add version command.
+- [Bug #52](https://github.com/threatcode/osv-scanner/issues/52): Fixes 0 exit code being wrongly emitted when vulnerabilities are present.

README.md

@@ -1,9 +1,9 @@
 # OSV-Scanner
 
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/google/osv-scanner/badge)](https://api.securityscorecards.dev/projects/github.com/google/osv-scanner)
-[![Go Report Card](https://goreportcard.com/badge/github.com/google/osv-scanner)](https://goreportcard.com/report/github.com/google/osv-scanner)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/threatcode/osv-scanner/badge)](https://api.securityscorecards.dev/projects/github.com/threatcode/osv-scanner)
+[![Go Report Card](https://goreportcard.com/badge/github.com/threatcode/osv-scanner)](https://goreportcard.com/report/github.com/threatcode/osv-scanner)
 [![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)
-[![GitHub Release](https://img.shields.io/github/v/release/google/osv-scanner)](https://github.com/google/osv-scanner/releases)
+[![GitHub Release](https://img.shields.io/github/v/release/threatcode/osv-scanner)](https://github.com/threatcode/osv-scanner/releases)
 
 Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
 
@@ -23,7 +23,7 @@ Read our [detailed documentation](https://google.github.io/osv-scanner) to learn
 ## Contribute
 
 ### Report Problems
-If you have what looks like a bug, please use the [Github issue tracking system](https://github.com/google/osv-scanner/issues). Before you file an issue, please search existing issues to see if your issue is already covered.
+If you have what looks like a bug, please use the [Github issue tracking system](https://github.com/threatcode/osv-scanner/issues). Before you file an issue, please search existing issues to see if your issue is already covered.
 
 ### Contributing code to `osv-scanner`
 
@@ -32,4 +32,4 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for documentation on how to contribute co
 
 ## Stargazers over time
 
-[![Stargazers over time](https://starchart.cc/google/osv-scanner.svg)](https://starchart.cc/google/osv-scanner)
+[![Stargazers over time](https://starchart.cc/threatcode/osv-scanner.svg)](https://starchart.cc/threatcode/osv-scanner)

action.yml

@@ -15,7 +15,7 @@ inputs:
     default: 'amd64'
 runs:
   using: 'docker'
-  image: 'ghcr.io/google/osv-scanner:${{ inputs.version }}-${{ inputs.arch }}'
+  image: 'ghcr.io/threatcode/osv-scanner:${{ inputs.version }}-${{ inputs.arch }}'
   args:
     - '--skip-git'
     - ${{ inputs.to-scan }}

cmd/osv-scanner/main.go

@@ -6,8 +6,8 @@ import (
 	"io"
 	"os"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/osvscanner"
+	"github.com/threatcode/osv-scanner/internal/output"
+	"github.com/threatcode/osv-scanner/pkg/osvscanner"
 
 	"github.com/urfave/cli/v2"
 )

docs/_config.yml

@@ -56,7 +56,7 @@ callouts:
 
 aux_links:
   "OSV-Scanner on GitHub":
-    - https://github.com/google/osv-scanner
+    - https://github.com/threatcode/osv-scanner
 
 nav_external_links:
   - title: OSV.dev

docs/contribute.md

@@ -7,8 +7,8 @@ nav_order: 6
 ## Contribute
 
 ### Report Problems
-If you have what looks like a bug, please use the [Github issue tracking system](https://github.com/google/osv-scanner/issues). Before you file an issue, please search existing issues to see if your issue is already covered.
+If you have what looks like a bug, please use the [Github issue tracking system](https://github.com/threatcode/osv-scanner/issues). Before you file an issue, please search existing issues to see if your issue is already covered.
 
 ### Contributing code to `osv-scanner`
 
-See [CONTRIBUTING.md](https://github.com/google/osv-scanner/blob/main/CONTRIBUTING.md) for documentation on how to contribute code.
+See [CONTRIBUTING.md](https://github.com/threatcode/osv-scanner/blob/main/CONTRIBUTING.md) for documentation on how to contribute code.

docs/index.md

@@ -7,10 +7,10 @@ nav_order: 1
 ---
 # OSV-Scanner
 
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/google/osv-scanner/badge)](https://api.securityscorecards.dev/projects/github.com/google/osv-scanner)
-[![Go Report Card](https://goreportcard.com/badge/github.com/google/osv-scanner)](https://goreportcard.com/report/github.com/google/osv-scanner)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/threatcode/osv-scanner/badge)](https://api.securityscorecards.dev/projects/github.com/threatcode/osv-scanner)
+[![Go Report Card](https://goreportcard.com/badge/github.com/threatcode/osv-scanner)](https://goreportcard.com/report/github.com/threatcode/osv-scanner)
 [![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)
-[![GitHub Release](https://img.shields.io/github/v/release/google/osv-scanner)](https://github.com/google/osv-scanner/releases)
+[![GitHub Release](https://img.shields.io/github/v/release/threatcode/osv-scanner)](https://github.com/threatcode/osv-scanner/releases)
 
 Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
 

docs/installation.md

@@ -7,7 +7,7 @@ nav_order: 2
 
 ## Installing
 
-You may download the [SLSA3](https://slsa.dev) compliant binaries for Linux, macOS, and Windows from our [releases page](https://github.com/google/osv-scanner/releases).
+You may download the [SLSA3](https://slsa.dev) compliant binaries for Linux, macOS, and Windows from our [releases page](https://github.com/threatcode/osv-scanner/releases).
 
 ### Package Managers
 
@@ -50,7 +50,7 @@ pkg_add osv-scanner
 Alternatively, you can install this from source by running:
 
 ```bash
-go install github.com/google/osv-scanner/cmd/osv-scanner@v1
+go install github.com/threatcode/osv-scanner/cmd/osv-scanner@v1
 ```
 
 This requires Go 1.18+ to be installed.
@@ -65,7 +65,7 @@ which can be used to verify the source and provenance of the binaries with the [
 
 E.g. 
 ```bash
-slsa-verifier verify-artifact ./osv-scanner_1.2.0_linux_amd64 --provenance-path multiple.intoto2.jsonl --source-uri github.com/google/osv-scanner --source-tag v1.2.0
+slsa-verifier verify-artifact ./osv-scanner_1.2.0_linux_amd64 --provenance-path multiple.intoto2.jsonl --source-uri github.com/threatcode/osv-scanner --source-tag v1.2.0
 ```
 
 ## SemVer Adherence

docs/usage.md

@@ -24,7 +24,7 @@ Git directories are searched for the latest commit hash. Searching for git commi
 
 By default, OSV-Scanner will not scan files that are ignored by `.gitignore` files. All recursively scanned files are matched to a git repository (if it exists) and any matching `.gitignore` files within that repository are taken into account.
 
-There is a [known issue](https://github.com/google/osv-scanner/issues/209) that the parser does not correctly respect repository boundaries.
+There is a [known issue](https://github.com/threatcode/osv-scanner/issues/209) that the parser does not correctly respect repository boundaries.
 
 The `--no-ignore` flag can be used to force the scanner to scan ignored files.
 
@@ -56,7 +56,7 @@ It is possible to specify more than one lockfile at a time; you can also specify
 osv-scanner --lockfile 'requirements.txt:/path/to/your/extra-requirements.txt'
 ```
 
-A wide range of lockfiles are supported by utilizing this [lockfile package](https://github.com/google/osv-scanner/tree/main/pkg/lockfile). This is the current list of supported lockfiles:
+A wide range of lockfiles are supported by utilizing this [lockfile package](https://github.com/threatcode/osv-scanner/tree/main/pkg/lockfile). This is the current list of supported lockfiles:
 
 - `buildscript-gradle.lockfile`
 - `Cargo.lock`
@@ -71,9 +71,9 @@ A wide range of lockfiles are supported by utilizing this [lockfile package](htt
 - `Pipfile.lock`
 - `pnpm-lock.yaml`
 - `poetry.lock`
-- `pom.xml`[\*](https://github.com/google/osv-scanner/issues/35)
+- `pom.xml`[\*](https://github.com/threatcode/osv-scanner/issues/35)
 - `pubspec.lock`
-- `requirements.txt`[\*](https://github.com/google/osv-scanner/issues/34)
+- `requirements.txt`[\*](https://github.com/threatcode/osv-scanner/issues/34)
 - `yarn.lock`
 
 The scanner also supports:
@@ -125,7 +125,7 @@ Currently only Debian based docker image scanning is supported.
 
 Requires `docker` to be installed and the tool to have permission calling it.
 
-This currently does not scan the filesystem of the Docker container, and has various other limitations. Follow [this issue](https://github.com/google/osv-scanner/issues/64) for updates on container scanning!
+This currently does not scan the filesystem of the Docker container, and has various other limitations. Follow [this issue](https://github.com/threatcode/osv-scanner/issues/64) for updates on container scanning!
 
 #### Example
 
@@ -138,18 +138,18 @@ osv-scanner --docker image_name:latest
 The simplest way to get the osv-scanner docker image is to pull from GitHub Container Registry:
 
 ```bash
-docker pull ghcr.io/google/osv-scanner:latest
+docker pull ghcr.io/threatcode/osv-scanner:latest
 ```
 
 Once you have the image, you can test that it works by running:
 
 ```bash
-docker run -it ghcr.io/google/osv-scanner -h
+docker run -it ghcr.io/threatcode/osv-scanner -h
 ```
 
 Finally, to run it, mount the directory you want to scan to `/src` and pass the
 appropriate osv-scanner flags:
 
 ```bash
-docker run -it -v ${PWD}:/src ghcr.io/google/osv-scanner -L /src/go.mod
+docker run -it -v ${PWD}:/src ghcr.io/threatcode/osv-scanner -L /src/go.mod
 ```

go.mod

@@ -1,4 +1,4 @@
-module github.com/google/osv-scanner
+module github.com/threatcode/osv-scanner
 
 go 1.19
 

internal/govulncheckshim/client.go

@@ -9,7 +9,7 @@ import (
 	"golang.org/x/vuln/client"
 	gvcOSV "golang.org/x/vuln/osv"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/threatcode/osv-scanner/pkg/models"
 )
 
 type localSource struct {

internal/govulncheckshim/client_test.go

@@ -7,7 +7,7 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/threatcode/osv-scanner/pkg/models"
 )
 
 func newTestClient(t *testing.T) *localSource {

internal/govulncheckshim/govulncheckshim.go

@@ -10,7 +10,7 @@ import (
 	"golang.org/x/vuln/exp/govulncheck"
 	"golang.org/x/vuln/vulncheck"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/threatcode/osv-scanner/pkg/models"
 )
 
 type packageError struct {

internal/govulncheckshim/govulncheckshim_test.go

@@ -7,8 +7,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/threatcode/osv-scanner/internal/testutility"
+	"github.com/threatcode/osv-scanner/pkg/models"
 )
 
 func Test_RunGoVulnCheck(t *testing.T) {

internal/output/machinejson.go

@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"io"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/threatcode/osv-scanner/pkg/models"
 )
 
 // PrintJSONResults writes results to the provided writer in JSON format

internal/output/markdowntable.go

@@ -3,7 +3,7 @@ package output
 import (
 	"io"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/threatcode/osv-scanner/pkg/models"
 
 	"github.com/jedib0t/go-pretty/v6/table"
 )

internal/output/reporter.go

@@ -5,7 +5,7 @@ import (
 	"io"
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/threatcode/osv-scanner/pkg/models"
 )
 
 type Reporter struct {

internal/output/table.go

@@ -6,8 +6,8 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/osv"
+	"github.com/threatcode/osv-scanner/pkg/models"
+	"github.com/threatcode/osv-scanner/pkg/osv"
 
 	"github.com/jedib0t/go-pretty/v6/table"
 	"github.com/jedib0t/go-pretty/v6/text"

internal/semantic/compare_test.go

@@ -2,7 +2,7 @@ package semantic_test
 
 import (
 	"bufio"
-	"github.com/google/osv-scanner/internal/semantic"
+	"github.com/threatcode/osv-scanner/internal/semantic"
 	"os"
 	"strings"
 	"testing"

internal/semantic/parse_test.go

@@ -2,8 +2,8 @@ package semantic_test
 
 import (
 	"errors"
-	"github.com/google/osv-scanner/internal/semantic"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/threatcode/osv-scanner/internal/semantic"
+	"github.com/threatcode/osv-scanner/pkg/lockfile"
 	"testing"
 )
 

internal/semantic/types.go

@@ -1,5 +1,5 @@
 package semantic
 
-import "github.com/google/osv-scanner/pkg/lockfile"
+import "github.com/threatcode/osv-scanner/pkg/lockfile"
 
 type Ecosystem = lockfile.Ecosystem