New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency trivy to v0.51.1 #273
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/trivy-0.x
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
April 17, 2023 13:33
8aec5b5
to
5ae744b
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.39.0
chore(deps): update dependency trivy to v0.40.0
Apr 17, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
June 1, 2023 07:47
5ae744b
to
e4189b2
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.40.0
chore(deps): update dependency trivy to v0.41.0
Jun 1, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
June 2, 2023 09:19
e4189b2
to
8601e7f
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.41.0
chore(deps): update dependency trivy to v0.42.0
Jun 2, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
June 10, 2023 08:10
8601e7f
to
0639717
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.42.0
chore(deps): update dependency trivy to v0.42.1
Jun 10, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
June 30, 2023 09:11
0639717
to
0324438
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.42.1
chore(deps): update dependency trivy to v0.43.0
Jun 30, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
July 7, 2023 09:50
0324438
to
a9c7aea
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.43.0
chore(deps): update dependency trivy to v0.43.1
Jul 7, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
August 1, 2023 10:27
a9c7aea
to
58474b9
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.43.1
chore(deps): update dependency trivy to v0.44.0
Aug 1, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
August 10, 2023 06:35
58474b9
to
ba1855c
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.44.0
chore(deps): update dependency trivy to v0.44.1
Aug 10, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
September 1, 2023 09:11
ba1855c
to
6a1791b
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.44.1
chore(deps): update dependency trivy to v0.45.0
Sep 1, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
September 16, 2023 07:32
6a1791b
to
00e84a0
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.45.0
chore(deps): update dependency trivy to v0.45.1
Sep 16, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
October 14, 2023 15:17
00e84a0
to
ea83dbe
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.45.1
chore(deps): update dependency trivy to v0.46.0
Oct 14, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
October 28, 2023 04:57
ea83dbe
to
2aec920
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.46.0
chore(deps): update dependency trivy to v0.46.1
Oct 28, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
November 6, 2023 06:45
2aec920
to
c37c6fc
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.46.1
chore(deps): update dependency trivy to v0.47.0
Nov 6, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
December 5, 2023 10:01
c37c6fc
to
becfcb8
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.47.0
chore(deps): update dependency trivy to v0.48.0
Dec 5, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
December 18, 2023 16:27
becfcb8
to
410cb40
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.48.0
chore(deps): update dependency trivy to v0.48.1
Dec 18, 2023
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
January 5, 2024 10:26
410cb40
to
cfdda50
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.48.1
chore(deps): update dependency trivy to v0.48.2
Jan 5, 2024
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
January 11, 2024 13:12
cfdda50
to
f0f3bcc
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.48.2
chore(deps): update dependency trivy to v0.48.3
Jan 11, 2024
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
February 1, 2024 11:01
f0f3bcc
to
bb7f2c9
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.48.3
chore(deps): update dependency trivy to v0.49.0
Feb 1, 2024
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
February 6, 2024 15:12
bb7f2c9
to
bf0ad1f
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.49.0
chore(deps): update dependency trivy to v0.49.1
Feb 6, 2024
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
March 19, 2024 04:09
bf0ad1f
to
0485820
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.49.1
chore(deps): update dependency trivy to v0.50.0
Mar 19, 2024
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
March 27, 2024 09:04
0485820
to
ee19210
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.50.0
chore(deps): update dependency trivy to v0.50.1
Mar 27, 2024
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
April 22, 2024 16:52
ee19210
to
9e9e699
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.50.1
chore(deps): update dependency trivy to v0.50.2
Apr 22, 2024
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.50.2
chore(deps): update dependency trivy to v0.50.4
Apr 24, 2024
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
April 24, 2024 13:27
9e9e699
to
210142c
Compare
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
May 3, 2024 13:15
210142c
to
19a80d5
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.50.4
chore(deps): update dependency trivy to v0.51.0
May 3, 2024
renovate
bot
force-pushed
the
renovate/trivy-0.x
branch
from
May 4, 2024 10:58
19a80d5
to
96a6fa8
Compare
renovate
bot
changed the title
chore(deps): update dependency trivy to v0.51.0
chore(deps): update dependency trivy to v0.51.1
May 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
Test plan: CI should pass with updated dependencies. No review required: this is an automated dependency update PR.
Release Notes
aquasecurity/trivy (trivy)
v0.51.1
Compare Source
Changelog
8016b82
fix(fs): handle default skip dirs properly (#6628)7a25dad
fix(misconf): load cached tf modules (#6607)9c794c0
fix(misconf): do not use semver for parsing tf module versions (#6614)v0.51.0
Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/6622
Changelog
14c1024
refactor: move setting scanners when using compliance reports to flag parsing (#6619)998f750
feat: introduce package UIDs for improved vulnerability mapping (#6583)770b141
perf(misconf): Improve cause performance (#6586)3ccb1a0
docs: trivy-k8s new experiance remove un-used section (#6608)58cfd1b
chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible (#6612)715963d
docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)37da98d
feat(misconf): Use updated terminology for misconfiguration checks (#6476)cdee703
chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 (#6593)6a2225b
docs: usegeneric
link fromtrivy-repo
(#6606)a2a02de
docs: update trivy k8s with new experience (#6465)e739ab8
feat: support--skip-images
scanning flag (#6334)c6d5d85
BREAKING: add support for k8sdisable-node-collector
flag (#6311)194a814
chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 (#6601)03830c5
chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 (#6599)8e814fa
chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#6597)2dc76ba
chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#6588)c17176b
chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 (#6595)bce70af
chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 (#6596)4369a19
feat: add ubuntu 23.10 and 24.04 support (#6573)5566548
chore(deps): bump azure/setup-helm from 3.5 to 4 (#6590)a8af76a
chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#6587)c8ed432
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.24.6 to 1.27.4 (#6598)551a46e
docs(go): add stdlib (#6580)261649b
chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.16 (#6592)acfddd4
chore(deps): bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 (#6600)419e3d2
feat(go): parse main mod version from build info settings (#6564)f0961d5
feat: respect custom exit code from plugin (#6584)a5d485c
docs: add asdf and mise installation method (#6063)29b8faf
feat(vuln): Handle scanning conan v2.x lockfiles (#6357)e3bef02
feat: add supportenvironment.yaml
files (#6569)916f6c6
fix: close plugin.yaml (#6577)8e6cd0e
fix: trivy k8s avoid deleting non-default node collector namespace (#6559)060d0bb
BREAKING: support excludekinds/namespaces
and includekinds/namespaces
(#6323)2d090ef
feat(go): add main module (#6574)6343e4f
feat: add relationships (#6563)a018ee1
ci: disableGo
cache forreusable-release.yaml
(#6572)5da053f
docs: mention--show-suppressed
is available in table (#6571)3d66cb8
chore: fix sqlite to support loong64 (#6511)9aca98c
fix(debian): sort dpkg info before parsing due to exclude directories (#6551)7811ad0
docs: update info about config file (#6547)fae710d
docs: remove RELEASE_VERSION from trivy.repo (#6546)d2d4022
fix(sbom): change error to warning for multiple OSes (#6541)164b025
fix(vuln): skip empty versions (#6542)5dd9bd4
feat(c): add license support for conan lock files (#6329)7c2017f
fix(terraform): Attribute and fileset fixes (#6544)63c9469
refactor: change warning if no vulnerability details are found (#6230)aa822c2
refactor(misconf): improve error handling in the Rego scanner (#6527)30cc88f
ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)e32215c
feat(go): parse main module of go binary files (#6530)d4da83c
chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)0d7d97d
refactor(misconf): simplify the retrieval of module annotations (#6528)9873cf3
chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)95c8fd9
docs(nodejs): add info about supported versions of pnpm lock files (#6510)12ec0df
feat(misconf): loading embedded checks as a fallback (#6502)9b7d713
fix(misconf): Parse JSON k8s manifests properly (#6490)13e72ec
refactor: remove parallel walk (#5180)a986199
fix: close pom.xml (#6507)46d5aba
fix(secret): convert severity for custom rules (#6500)34ab09d
fix(java): update logic to detectpom.xml
file snapshot artifacts from remote repositories (#6412)1ba5b59
fix: typo (#6283)4fab0f8
docs(k8s,image): fix command-line syntax issues (#6403)d770981
chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#6435)4337068
fix(misconf): avoid panic if the scheme is not valid (#6496)d82d6cb
feat(image): goversion as stdlib (#6277)cfddfb3
fix: add color for error inside of log message (#6493)dfcb0f9
chore(deps): bump actions/add-to-project from 0.4.1 to 1.0.0 (#6438)183eaaf
docs: fix links to OPA docs (#6480)94d6e8c
refactor: replace zap with slog (#6466)336c47e
docs: update links to IaC schemas (#6477)06b4473
chore: bump Go to 1.22 (#6075)a51cedd
refactor(terraform): sync funcs with Terraform (#6415)53517d6
feat(misconf): add helm-api-version and helm-kube-version flag (#6332)ad544e9
chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.4.0 to 1.5.1 (#6426)089368d
chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 (#6452)1163565
chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 (#6430)637da2b
chore(deps): bump aquaproj/aqua-installer from 2.2.0 to 3.0.0 (#6437)13190e9
fix(terraform): eval submodules (#6411)6bca7c3
refactor(terraform): remove unused options (#6446)8e4279b
refactor(terraform): remove unused file (#6445)e98c873
chore(deps): bump github.com/testcontainers/testcontainers-go to v0.28.0 (#6387)b1c2eab
chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.0 to 1.10.0 (#6427)1c49a16
fix(misconf): Escape template value correctly (#6292)8dd0fcd
feat(misconf): add support for wildcard ignores (#6414)74e4c6e
fix(cloudformation): resolveDedicatedMasterEnabled
parsing issue (#6439)245c120
refactor(terraform): remove metrics collection (#6444)86714bf
feat(cloudformation): add support for logging and endpoint access for EKS (#6440)a758392
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.53.1 (#6424)4d00d8b
chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.10 (#6428)3ad2b3e
chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#6429)8baccd7
fix(db): check schema version for image name only (#6410)e75a90f
chore(deps): bump github.com/google/wire from 0.5.0 to 0.6.0 (#6425)6625bd3
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.149.1 to 1.155.1 (#6433)826fe60
chore(deps): bump actions/cache from 4.0.0 to 4.0.2 (#6436)f23ed77
feat(misconf): Support private registries for misconf check bundle (#6327)df024e8
feat(cloudformation): inline ignore support for YAML templates (#6358)29dee32
feat(terraform): ignore resources by nested attributes (#6302)1a67472
perf(helm): load in-memory files (#6383)09e37b7
feat(aws): apply filter options to result (#6367)87a9aa6
feat(aws): quiet flag support (#6331)712dcd3
fix(misconf): clear location URI for SARIF (#6405)625f22b
test(cloudformation): add CF tests (#6315)6a2f6fd
fix(cloudformation): infer type after resolving a function (#6406)v0.50.4
Compare Source
Note
v0.50.3 hads a critical problem, and we deleted it and released v0.50.4.
Changelog
e47fd48
fix(sbom): change error to warning for multiple OSes (#6541)v0.50.2
Compare Source
Changelog
9aa9e17
ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)058f483
chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)9e3d2c5
chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)2ad8e33
fix(java): update logic to detectpom.xml
file snapshot artifacts from remote repositories (#6412)v0.50.1
Compare Source
Changelog
5f69937
fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399)258d153
fix(nodejs): mergeIndirect
,Dev
,ExternalReferences
fields for same deps frompackage-lock.json
files v2 or later (#6356)ade033a
docs: add info about support for package license detection infs
/repo
modes (#6381)f85c9fa
fix(nodejs): add support for parsingworkspaces
frompackage.json
as an object (#6231)9d7f5c9
fix: use0600
perms for tmp files for post analyzers (#6386)f148eb1
fix(helm): scan the subcharts once (#6382)97f95c4
docs(terraform): add file patterns for Terraform Plan (#6393)abd62ae
fix(terraform): сhecking SSE encryption algorithm validity (#6341)7c409fd
fix(java): parse modules frompom.xml
files once (#6312)1b68327
chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#6364)a2482c1
fix(server): add Locations forPackages
in client/server mode (#6366)e866bd5
fix(sbom): add check forCreationInfo
to nil when detecting SPDX created using Trivy (#6346)1870f28
fix(report): don't include empty strings in.vulnerabilities[].identifiers[].url
whengitlab.tpl
is used (#6348)6c81e55
chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371)v0.50.0
Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/6340
Changelog
8ec3938
chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321)f6c5d58
feat(java): add support licenses and graph for gradle lock files (#6140)c4022d6
feat(vex): consider root component for relationships (#6313)3177924
fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298)dd9620e
chore: updates wazero to v1.7.0 (#6301)eb3ceb3
feat(sbom): Support license detection for SBOM scan (#6072)ab74caa
refactor(sbom): use intermediate representation for SPDX (#6310)71da44f
docs(terraform): improve documentation for filtering by inline comments (#6284)102b6df
fix(terraform): fix policy document retrieval (#6276)aa19aaf
refactor(terraform): remove unused custom error (#6303)8fcef35
refactor(sbom): add intermediate representation for BOM (#6240)fb8c516
fix(amazon): check only major version of AL to find advisories (#6295)96bd7ac
fix(db): use schema version as tag only fortrivy-db
andtrivy-java-db
registries by default (#6219)12c5bf0
fix(nodejs): add name validation for package name frompackage.json
(#6268)d6c40ce
docs: Added install instructions for FreeBSD (#6293)9d2057a
feat(image): customer podman host or socket option (#6256)2a9d9bd
chore(deps): bump wazero from 1.2.1 to 1.6.0 (#6290)617c3e3
feat(java): mark dependencies frommaven-invoker-plugin
integration tests pom.xml files asDev
(#6213)56cedc0
fix(license): reorder logic of how python package licenses are acquired (#6220)d7d7265
test(terraform): skip cached modules (#6281)6639911
feat(secret): Support for detecting Hugging Face Access Tokens (#6236)337cb75
fix(cloudformation): support of all SSE algorithms for s3 (#6270)9361cdb
feat(terraform): Terraform Plan snapshot scanning support (#6176)ee01e6e
chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#6249)3d2f583
fix: typo function name and comment optimization (#6200)c4b5ab7
fix(java): don't ignore runtime scope for pom.xml files (#6223)355c1b5
chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#6242)7244ece
chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#6243)5cd0566
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#6251)ebb74a5
chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#6253)24a8d6a
chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#6250)9d0d7ad
chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#6247)e8230e1
chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#6246)04535b5
fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215)939e34e
chore(deps): Upgrade iac deps (#6255)7cb6c02
feat: add info log message about dev deps suppression (#6211)c1d26ec
test(k8s): use test-db for k8s integration tests (#6222)4f70468
ci: add maximize-build-space forTest
job (#6221)1dfece8
fix(terraform): fix root module search (#6160)e1ea02c
test(parser): squash test data for yarn (#6203)64926d8
fix(terraform): do not re-expand dynamic blocks (#6151)eb54bb5
docs: update ecosystem page reporting with db app (#6201)dc76c6e
fix: k8s summary separate infra and user finding results (#6120)1b7e474
fix: add context to target finding on k8s table view (#6099)876ab84
fix: Printf format err (#6198)eef7c4f
refactor: better integration of the parser into Trivy (#6183)069aae5
chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#6189)4a9ac6d
feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108)9c5e5a0
fix(vex): CSAF filtering should consider relationships (#5923)388f476
refactor(report): Replacingsource_location
ingithub
report when scanning an image (#5999)cd3e4bc
feat(vuln): ignore vulnerabilities by PURL (#6178)ce81c05
feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171)cf0f0d0
feat(k8s): rancher rke2 version support (#5988)8a3a113
docs: update kbom distribution for scanning (#6019)19495ba
chore: update CODEOWNERS (#6173)e787e1a
fix(swift): try to use branch to resolve version (#6168)327cf88
fix(terraform): ensure consistent path handling across OS (#6161)8221473
fix(java): add only valid libs frompom.properties
files fromjars
(#6164)7694df1
fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163)74dc5b6
chore(deps): merge go-dep-parser into Trivy (#6094)32a02a9
docs(report): add remark aboutpath
to filter licenses using.trivyignore.yaml
file (#6145)fb79ea7
docs: update template path for gitlab-ci tutorial (#6144)c6844a7
feat(report): support for filtering licenses and secrets via rego policy files (#6004)a813506
fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113)14adbb4
refactor(deps): Merge defsec into trivy (#6109)efe0e0f
chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#6142)73dde32
docs: add SecObserve in CI/CD and reporting (#6139)aadbad1
fix(alpine): exclude empty licenses for apk packages (#6130)14a0981
docs: add docs tutorial on custom policies with rego (#6104)3ac6388
fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102)3c1601b
feat(vuln): show suppressed vulnerabilities in table (#6084)c107e1a
docs: rename governance to principles (#6107)b26f217
docs: add governance (#6090)7bd3b63
refactor(deps): Merge trivy-iac into Trivy (#6005)535b5a9
feat(java): add dependency location support forgradle
files (#6083)428420e
chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#6038)7fec991
fix(misconf): getuser
fromConfig.User
(#6070)v0.49.1
Compare Source
Changelog
6ccc0a5
fix: check unescapedBomRef
when matchingPkgIdentifier
(#6025)458c5d9
docs: Fix broken link to "pronunciation" (#6057)5c0ff6d
chore(deps): bump actions/upload-artifact from 3 to 4 (#6047)e2bd7f7
chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#6042)f95fbcb
chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#6043)7651bf5
ci: reduceroot-reserve-mb
size formaximize-build-space
(#6064)fc20dfd
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#6041)3bd80e7
chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#6039)2900a21
fix: fix cursor usage in Redis Clear function (#6056)85cb9a7
chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#6037)4e962c0
fix(nodejs): add local packages support forpnpm-lock.yaml
files (#6034)aa48a7b
chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#6046)8aabbea
chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#6044)ec02a65
chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#6048)27d35ba
test: fix flakyTestDockerEngine
(#6054)c3a66da
chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#6040)2000fe2
chore(deps): bump easimon/maximize-build-space from 9 to 10 (#6049)2be6421
chore(deps): bump alpine from 3.19.0 to 3.19.1 (#6051)41c0ef6
chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#6028)v0.49.0
Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/6033
Changelog
729a051
fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)884745b
chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029)59e5433
fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)5924c02
feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)4df9363
docs: add note about Bun (#6001)70dd572
fix(report): useAWS_REGION
env for secrets inasff
template (#6011)13f797f
fix: check returned error before deferring f.Close() (#6007)adfde63
feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)e2eb70e
feat(vuln): enable--vex
for all targets (#5992)f9da021
docs: update link to data sources (#6000)b4b90cf
feat(java): add support for line numbers for pom.xml files (#5991)fb36c4e
refactor(sbom): use newmetadata.tools
struct for CycloneDX (#5981)f6be42b
docs: Update troubleshooting guide with image not found error (#5983)bb6caea
style: update band logos (#5968)189a46a
chore(deps): Update misconfig deps (#5956)91a2547
docs: update cosign tutorial and commands, update kyverno policy (#5929)a96f66f
docs: update command to scan go binary (#5969)2212d14
fix: handle non-parsable images names (#5965)7cad04b
chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693)fbc1a83
fix(amazon): save system files for pkgs containingamzn
in src (#5951)260aa28
fix(alpine): Add EOL support for alpine 3.19. (#5938)2c9d7c6
feat: allow end-users to adjust K8S client QPS and burst (#5910)ffe2ca7
chore(deps): bump go-ebs-file (#5934)f90d4ee
fix(nodejs): find licenses for packages with slash (#5836)c75143f
fix(sbom): usegroup
field for pom.xml and nodejs files for CycloneDX reports (#5922)a3fac90
fix: ignore no init containers (#5939)b1b4734
docs: Fix documentation of ecosystem (#5940)a2b6549
docs(misconf): multiple ignores in comment (#5926)ae134a9
fix(secret): find aws secrets ending with a comma or dot (#5921)c8c55fe
chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885)4d2e785
docs: ✨ Updated ecosystem docs with reference to new community app (#5918)7895657
fix(java): don't remove excluded deps from upper pom's (#5838)37e7e3e
fix(java): check if a version exists when determining GAV by file name forjar
files (#5630)d0c81e2
feat(vex): add PURL matching for CSAF VEX (#5890)958e1f1
fix(secret):AWS Secret Access Key
must include only secrets withaws
text. (#5901)56c4e24
revert(report): don't escape new line characters for sarif format (#5897)92d9b3d
docs: improve filter by rego (#5402)a626cdf
chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)47b6c28
docs: add_scan2html_to_trivy_ecosystem (#5875)0ebb6c4
fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)c47ed0d
feat(vex): Add support for CSAF format (#5535)2cdd65d
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880)cba67d1
chore(deps): bump actions/setup-go from 4 to 5 (#5845)d990e70
chore(deps): bump actions/stale from 8 to 9 (#5846)c72dfbf
chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853)1218984
chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847)682210a
chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854)e1a60cc
chore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849)b508414
chore(deps): bump actions/setup-python from 4 to 5 (#5848)df3e90a
feat(python): parse licenses from dist-info folder (#4724)fa2e883
chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852)30eff9c
feat(nodejs): add yarn alias support (#5818)013df4c
chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850)b1489f3
chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856)7f2e422
chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)da597c4
refactor: propagate time through context values (#5858)1607eee
refactor: move PkgRef under PkgIdentifier (#5831)b3d516e
fix(cyclonedx): fix unmarshal for licenses (#5828)c17b660
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)1f0d629
feat(vuln): include pkgConfiguration
📅 Schedule: Branch creation - "on the 1st through 7th day of the month" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.