chore(deps): update docker.io/aquasec/trivy docker tag to v0.50.1

This MR contains the following updates:

Package	Update	Change	OpenSSF
docker.io/aquasec/trivy (source)	minor	0.49.1 -> 0.50.1

---

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.50.1

Compare Source

Changelog

• 5f69937 fix(sbom): fix error when parent of SPDX Relationships is not a package. (#​6399)
• 258d153 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same deps from package-lock.json files v2 or later (#​6356)
• ade033a docs: add info about support for package license detection in fs/repo modes (#​6381)
• f85c9fa fix(nodejs): add support for parsing workspaces from package.json as an object (#​6231)
• 9d7f5c9 fix: use 0600 perms for tmp files for post analyzers (#​6386)
• f148eb1 fix(helm): scan the subcharts once (#​6382)
• 97f95c4 docs(terraform): add file patterns for Terraform Plan (#​6393)
• abd62ae fix(terraform): сhecking SSE encryption algorithm validity (#​6341)
• 7c409fd fix(java): parse modules from pom.xml files once (#​6312)
• 1b68327 chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#​6364)
• a2482c1 fix(server): add Locations for Packages in client/server mode (#​6366)
• e866bd5 fix(sbom): add check for CreationInfo to nil when detecting SPDX created using Trivy (#​6346)
• 1870f28 fix(report): don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (#​6348)
• 6c81e55 chore(ubuntu): Add Ubuntu 22.04 EOL date (#​6371)

v0.50.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6340

Changelog

• 8ec3938 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#​6321)
• f6c5d58 feat(java): add support licenses and graph for gradle lock files (#​6140)
• c4022d6 feat(vex): consider root component for relationships (#​6313)
• 3177924 fix: increase the default buffer size for scanning dpkg status files by 2 times (#​6298)
• dd9620e chore: updates wazero to v1.7.0 (#​6301)
• eb3ceb3 feat(sbom): Support license detection for SBOM scan (#​6072)
• ab74caa refactor(sbom): use intermediate representation for SPDX (#​6310)
• 71da44f docs(terraform): improve documentation for filtering by inline comments (#​6284)
• 102b6df fix(terraform): fix policy document retrieval (#​6276)
• aa19aaf refactor(terraform): remove unused custom error (#​6303)
• 8fcef35 refactor(sbom): add intermediate representation for BOM (#​6240)
• fb8c516 fix(amazon): check only major version of AL to find advisories (#​6295)
• 96bd7ac fix(db): use schema version as tag only for trivy-db and trivy-java-db registries by default (#​6219)
• 12c5bf0 fix(nodejs): add name validation for package name from package.json (#​6268)
• d6c40ce docs: Added install instructions for FreeBSD (#​6293)
• 9d2057a feat(image): customer podman host or socket option (#​6256)
• 2a9d9bd chore(deps): bump wazero from 1.2.1 to 1.6.0 (#​6290)
• 617c3e3 feat(java): mark dependencies from maven-invoker-plugin integration tests pom.xml files as Dev (#​6213)
• 56cedc0 fix(license): reorder logic of how python package licenses are acquired (#​6220)
• d7d7265 test(terraform): skip cached modules (#​6281)
• 6639911 feat(secret): Support for detecting Hugging Face Access Tokens (#​6236)
• 337cb75 fix(cloudformation): support of all SSE algorithms for s3 (#​6270)
• 9361cdb feat(terraform): Terraform Plan snapshot scanning support (#​6176)
• ee01e6e chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#​6249)
• 3d2f583 fix: typo function name and comment optimization (#​6200)
• c4b5ab7 fix(java): don't ignore runtime scope for pom.xml files (#​6223)
• 355c1b5 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#​6242)
• 7244ece chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#​6243)
• 5cd0566 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#​6251)
• ebb74a5 chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#​6253)
• 24a8d6a chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#​6250)
• 9d0d7ad chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#​6247)
• e8230e1 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#​6246)
• 04535b5 fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#​6215)
• 939e34e chore(deps): Upgrade iac deps (#​6255)
• 7cb6c02 feat: add info log message about dev deps suppression (#​6211)
• c1d26ec test(k8s): use test-db for k8s integration tests (#​6222)
• 4f70468 ci: add maximize-build-space for Test job (#​6221)
• 1dfece8 fix(terraform): fix root module search (#​6160)
• e1ea02c test(parser): squash test data for yarn (#​6203)
• 64926d8 fix(terraform): do not re-expand dynamic blocks (#​6151)
• eb54bb5 docs: update ecosystem page reporting with db app (#​6201)
• dc76c6e fix: k8s summary separate infra and user finding results (#​6120)
• 1b7e474 fix: add context to target finding on k8s table view (#​6099)
• 876ab84 fix: Printf format err (#​6198)
• eef7c4f refactor: better integration of the parser into Trivy (#​6183)
• 069aae5 chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#​6189)
• 4a9ac6d feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#​6108)
• 9c5e5a0 fix(vex): CSAF filtering should consider relationships (#​5923)
• 388f476 refactor(report): Replacing source_location in github report when scanning an image (#​5999)
• cd3e4bc feat(vuln): ignore vulnerabilities by PURL (#​6178)
• ce81c05 feat(java): add support for fetching packages from repos mentioned in pom.xml (#​6171)
• cf0f0d0 feat(k8s): rancher rke2 version support (#​5988)
• 8a3a113 docs: update kbom distribution for scanning (#​6019)
• 19495ba chore: update CODEOWNERS (#​6173)
• e787e1a fix(swift): try to use branch to resolve version (#​6168)
• 327cf88 fix(terraform): ensure consistent path handling across OS (#​6161)
• 8221473 fix(java): add only valid libs from pom.properties files from jars (#​6164)
• 7694df1 fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#​6163)
• 74dc5b6 chore(deps): merge go-dep-parser into Trivy (#​6094)
• 32a02a9 docs(report): add remark about path to filter licenses using .trivyignore.yaml file (#​6145)
• fb79ea7 docs: update template path for gitlab-ci tutorial (#​6144)
• c6844a7 feat(report): support for filtering licenses and secrets via rego policy files (#​6004)
• a813506 fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#​6113)
• 14adbb4 refactor(deps): Merge defsec into trivy (#​6109)
• efe0e0f chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#​6142)
• 73dde32 docs: add SecObserve in CI/CD and reporting (#​6139)
• aadbad1 fix(alpine): exclude empty licenses for apk packages (#​6130)
• 14a0981 docs: add docs tutorial on custom policies with rego (#​6104)
• 3ac6388 fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#​6102)
• 3c1601b feat(vuln): show suppressed vulnerabilities in table (#​6084)
• c107e1a docs: rename governance to principles (#​6107)
• b26f217 docs: add governance (#​6090)
• 7bd3b63 refactor(deps): Merge trivy-iac into Trivy (#​6005)
• 535b5a9 feat(java): add dependency location support for gradle files (#​6083)
• 428420e chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#​6038)
• 7fec991 fix(misconf): get user from Config.User (#​6070)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.