Skip to content

chore(deps): update docker.io/aquasec/trivy docker tag to v0.50.1

Botaniker (Bot) requested to merge renovate/docker.io-aquasec-trivy-0.x into main

This MR contains the following updates:

Package Update Change OpenSSF
docker.io/aquasec/trivy (source) minor 0.49.1 -> 0.50.1 OpenSSF Scorecard

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.50.1

Compare Source

Changelog

  • 5f69937 fix(sbom): fix error when parent of SPDX Relationships is not a package. (#​6399)
  • 258d153 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same deps from package-lock.json files v2 or later (#​6356)
  • ade033a docs: add info about support for package license detection in fs/repo modes (#​6381)
  • f85c9fa fix(nodejs): add support for parsing workspaces from package.json as an object (#​6231)
  • 9d7f5c9 fix: use 0600 perms for tmp files for post analyzers (#​6386)
  • f148eb1 fix(helm): scan the subcharts once (#​6382)
  • 97f95c4 docs(terraform): add file patterns for Terraform Plan (#​6393)
  • abd62ae fix(terraform): сhecking SSE encryption algorithm validity (#​6341)
  • 7c409fd fix(java): parse modules from pom.xml files once (#​6312)
  • 1b68327 chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#​6364)
  • a2482c1 fix(server): add Locations for Packages in client/server mode (#​6366)
  • e866bd5 fix(sbom): add check for CreationInfo to nil when detecting SPDX created using Trivy (#​6346)
  • 1870f28 fix(report): don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (#​6348)
  • 6c81e55 chore(ubuntu): Add Ubuntu 22.04 EOL date (#​6371)

v0.50.0

Compare Source

Release highlights and summary

👉 https://github.com/aquasecurity/trivy/discussions/6340

Changelog

  • 8ec3938 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#​6321)
  • f6c5d58 feat(java): add support licenses and graph for gradle lock files (#​6140)
  • c4022d6 feat(vex): consider root component for relationships (#​6313)
  • 3177924 fix: increase the default buffer size for scanning dpkg status files by 2 times (#​6298)
  • dd9620e chore: updates wazero to v1.7.0 (#​6301)
  • eb3ceb3 feat(sbom): Support license detection for SBOM scan (#​6072)
  • ab74caa refactor(sbom): use intermediate representation for SPDX (#​6310)
  • 71da44f docs(terraform): improve documentation for filtering by inline comments (#​6284)
  • 102b6df fix(terraform): fix policy document retrieval (#​6276)
  • aa19aaf refactor(terraform): remove unused custom error (#​6303)
  • 8fcef35 refactor(sbom): add intermediate representation for BOM (#​6240)
  • fb8c516 fix(amazon): check only major version of AL to find advisories (#​6295)
  • 96bd7ac fix(db): use schema version as tag only for trivy-db and trivy-java-db registries by default (#​6219)
  • 12c5bf0 fix(nodejs): add name validation for package name from package.json (#​6268)
  • d6c40ce docs: Added install instructions for FreeBSD (#​6293)
  • 9d2057a feat(image): customer podman host or socket option (#​6256)
  • 2a9d9bd chore(deps): bump wazero from 1.2.1 to 1.6.0 (#​6290)
  • 617c3e3 feat(java): mark dependencies from maven-invoker-plugin integration tests pom.xml files as Dev (#​6213)
  • 56cedc0 fix(license): reorder logic of how python package licenses are acquired (#​6220)
  • d7d7265 test(terraform): skip cached modules (#​6281)
  • 6639911 feat(secret): Support for detecting Hugging Face Access Tokens (#​6236)
  • 337cb75 fix(cloudformation): support of all SSE algorithms for s3 (#​6270)
  • 9361cdb feat(terraform): Terraform Plan snapshot scanning support (#​6176)
  • ee01e6e chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#​6249)
  • 3d2f583 fix: typo function name and comment optimization (#​6200)
  • c4b5ab7 fix(java): don't ignore runtime scope for pom.xml files (#​6223)
  • 355c1b5 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#​6242)
  • 7244ece chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#​6243)
  • 5cd0566 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#​6251)
  • ebb74a5 chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#​6253)
  • 24a8d6a chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#​6250)
  • 9d0d7ad chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#​6247)
  • e8230e1 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#​6246)
  • 04535b5 fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#​6215)
  • 939e34e chore(deps): Upgrade iac deps (#​6255)
  • 7cb6c02 feat: add info log message about dev deps suppression (#​6211)
  • c1d26ec test(k8s): use test-db for k8s integration tests (#​6222)
  • 4f70468 ci: add maximize-build-space for Test job (#​6221)
  • 1dfece8 fix(terraform): fix root module search (#​6160)
  • e1ea02c test(parser): squash test data for yarn (#​6203)
  • 64926d8 fix(terraform): do not re-expand dynamic blocks (#​6151)
  • eb54bb5 docs: update ecosystem page reporting with db app (#​6201)
  • dc76c6e fix: k8s summary separate infra and user finding results (#​6120)
  • 1b7e474 fix: add context to target finding on k8s table view (#​6099)
  • 876ab84 fix: Printf format err (#​6198)
  • eef7c4f refactor: better integration of the parser into Trivy (#​6183)
  • 069aae5 chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#​6189)
  • 4a9ac6d feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#​6108)
  • 9c5e5a0 fix(vex): CSAF filtering should consider relationships (#​5923)
  • 388f476 refactor(report): Replacing source_location in github report when scanning an image (#​5999)
  • cd3e4bc feat(vuln): ignore vulnerabilities by PURL (#​6178)
  • ce81c05 feat(java): add support for fetching packages from repos mentioned in pom.xml (#​6171)
  • cf0f0d0 feat(k8s): rancher rke2 version support (#​5988)
  • 8a3a113 docs: update kbom distribution for scanning (#​6019)
  • 19495ba chore: update CODEOWNERS (#​6173)
  • e787e1a fix(swift): try to use branch to resolve version (#​6168)
  • 327cf88 fix(terraform): ensure consistent path handling across OS (#​6161)
  • 8221473 fix(java): add only valid libs from pom.properties files from jars (#​6164)
  • 7694df1 fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#​6163)
  • 74dc5b6 chore(deps): merge go-dep-parser into Trivy (#​6094)
  • 32a02a9 docs(report): add remark about path to filter licenses using .trivyignore.yaml file (#​6145)
  • fb79ea7 docs: update template path for gitlab-ci tutorial (#​6144)
  • c6844a7 feat(report): support for filtering licenses and secrets via rego policy files (#​6004)
  • a813506 fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#​6113)
  • 14adbb4 refactor(deps): Merge defsec into trivy (#​6109)
  • efe0e0f chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#​6142)
  • 73dde32 docs: add SecObserve in CI/CD and reporting (#​6139)
  • aadbad1 fix(alpine): exclude empty licenses for apk packages (#​6130)
  • 14a0981 docs: add docs tutorial on custom policies with rego (#​6104)
  • 3ac6388 fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#​6102)
  • 3c1601b feat(vuln): show suppressed vulnerabilities in table (#​6084)
  • c107e1a docs: rename governance to principles (#​6107)
  • b26f217 docs: add governance (#​6090)
  • 7bd3b63 refactor(deps): Merge trivy-iac into Trivy (#​6005)
  • 535b5a9 feat(java): add dependency location support for gradle files (#​6083)
  • 428420e chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#​6038)
  • 7fec991 fix(misconf): get user from Config.User (#​6070)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.

Edited by Botaniker (Bot)

Merge request reports

Loading