chore(deps): update docker.io/aquasec/trivy docker tag to v0.45.0 (!834) · Merge requests · Shivering-Isles / Infrastructure GitOps

Botaniker (Bot) requested to merge renovate/docker.io-aquasec-trivy-0.x into main Sep 04, 2023

This MR contains the following updates:

Package	Update	Change
docker.io/aquasec/trivy	minor	`0.37.3` -> `0.45.0`

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

`v0.45.0`

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5082

Changelog

cdab67e docs: add Bitnami (#5078)
7acc5e8 feat(docker): add support for scanning Bitnami components (#5062)
9628b1c feat: add support for .trivyignore.yaml (#5070)
4547e27 fix(terraform): improve detection of terraform files (#4984)
0c8919e feat: filter artifacts on --exclude-owned flag (#5059)
c04f234 fix(sbom): cyclonedx advisory should omit null value (#5041)
f811ed2 build: maximize build space for build tests (#5072)
69ea5bf feat: improve kbom component name (#5058)
3715dcb fix(pom): add licenses for pom artifacts (#5071)
07f7e98 chore(deps): Update defsec to v0.92.0 (#5068)
d4ca3cc chore: bump Go to 1.20 (#5067)
49fdd58 feat: PURL matching with qualifiers in OpenVEX (#5061)
4401998 feat(java): add graph support for pom.xml (#4902)
9c211d0 feat(swift): add vulns for cocoapods (#5037)
422fa41 fix: support image pull secret for additional workloads (#5052)
8e93386 fix: #5033 Superfluous double quote in html.tpl (#5036)
9345a98 docs(repo): update trivy repo usage and example (#5049)
5d8da70 perf: Optimize Dockerfile for reduced layers and size (#5038)
1be9da7 feat: scan K8s Resources Kind with --all-namespaces (#5043)
0e17d0b fix: vulnerability typo (#5044)
d70fab2 docs: adding a terraform tutorial to the docs (#3708)
2fa264a feat(report): add licenses to sarif format (#4866)
07ddf47 feat(misconf): show the resource name in the report (#4806)
9de3606 chore: update alpine base images (#5015)
ef70d20 feat: add Package.resolved swift files support (#4932)
ec5d8be feat(nodejs): parse licenses in yarn projects (#4652)
3114c87 fix: k8s private registries support (#5021)
6d79f55 bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)
9ace591 feat(vuln): support last_affected field from osv (#4944)
d442176 feat(server): add version endpoint (#4869)
63cd41d feat: k8s private registries support (#4987)
cb16e23 fix(server): add indirect prop to package (#4974)
a4e981b docs: add coverage (#4954)
6f03c79 feat(c): add location for lock file dependencies. (#4994)
c748705 docs: adding blog post on ec2 (#4813)
4e1316c revert 32bit bins (#4977)
fc959fc chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917)

`v0.44.1`

Compare Source

Changelog

f105279 fix(report): return severity colors in table format (#4969)
bc2b0ca build: maximize available disk space for release (#4937)
9493c6f test(cli): Fix assertion helptext (#4966)
b0359de chore(deps): Bump defsec to v0.91.1 (#4965)
d3a34e4 test: validate CycloneDX with the JSON schema (#4956)
798ef1b fix(server): add licenses to the Result message (#4955)
e8cf281 fix(aws): resolve endpoint if endpoint is passed (#4925)
f18b0db fix(sbom): move licenses to name field in Cyclonedx format (#4941)
a796701 add only uniq deps in dependsOn (#4943)
b544e0d use testify instead of gotest.tools (#4946)
067a0fc fix(nodejs): do not detect lock file in node_modules as an app (#4949)
e6d7705 bump go-dep-parser (#4936)
c584dc1 chore(deps): bump github.com/openvex/go-vex from 0.2.0 to 0.2.1 (#4914)
358d56b chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#4909)
17f3ea9 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#4912)
39ccbf7 test(aws): move part of unit tests to integration (#4884)
6d3ae3b docs(cli): update help string for file and dir skipping (#4872)
7d7a1ef chore(deps): bump sigstore/cosign-installer (#4910)
fc74950 chore(deps): bump github.com/sosedoff/gitkit from 0.3.0 to 0.4.0 (#4916)
b2a68bc chore(deps): bump k8s.io/api from 0.27.3 to 0.27.4 (#4918)
e5c0c15 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (#4919)
da37803 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#4913)
9744e64 chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 (#4915)
99eebc6 docs: update the discussion template (#4928)

`v0.44.0`

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/4903

Changelog

d19c7d9 feat(repo): support local repositories (#4890)
3c19761 bump go-dep-parser (#4893)
e1c2a8c fix(misconf): add missing fields to proto (#4861)
8b8e0e8 fix: remove trivy-db package replacement (#4877)
f9efe44 chore(test): bump the integration test timeout to 15m (#4880)
7271d68 chore(deps): Update defsec to v0.91.0 (#4886)
c3bc67c chore: update CODEOWNERS (#4871)
232ba82 feat(vuln): support vulnerability status (#4867)
11618c9 feat(misconf): Support custom URLs for policy bundle (#4834)
0707569 refactor: replace with sortable packages (#4858)
fbe1c9e docs: correct license scanning sample command (#4855)
20c2246 fix(report): close the file (#4842)
24a3e54 feat(nodejs): add support for include-dev-deps flag for yarn (#4812)
a7bd7bb feat(misconf): Add support for independently enabling libraries (#4070)
4aa9ea0 feat(secret): add secret config file for cache calculation (#4837)
5d349d8 Fix a link in gitlab-ci.md (#4850)
a61531c fix(flag): use globalstar to skip directories (#4854)
78cc209 chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849)
9399604 fix(license): using common way for splitting licenses (#4434)
3e2416d fix(containerd): Use img platform in exporter instead of strict host platform (#4477)
ce77bb4 remove govulndb (#4783)
c05caae fix(java): inherit licenses from parents (#4817)
aca11b9 refactor: add allowed values for CLI flags (#4800)
4cecd17 add example regex to allow rules (#4827)
4bc8d29 feat(misconf): Support custom data for rego policies for cloud (#4745)
88243a0 docs: correcting the trivy k8s tutorial (#4815)
3c7d988 feat(cli): add --tf-exclude-downloaded-modules flag (#4810)
fd0fd10 fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)
d0d543b feat(misconf): enable --policy flag to accept directory and files both (#4777)
b43a3e6 feat(python): add license fields (#4722)
aef7b14 fix: support trivy k8s-version on k8s sub-command (#4786)

`v0.43.1`

Compare Source

Changelog

5d76aba chore(deps): Update defsec to v0.90.3 (#4793)
fed446c chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#4752)
df62927 chore(deps): bump alpine from 3.18.0 to 3.18.2 (#4748)
1b9b9a8 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 (#4758)
3c16ca8 docs(image): fix the comment on the soft/hard link (#4740)
e5bee5c check Type when filling pkgs in vulns (#4776)
4b9f310 feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770)
8e7fb7c chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 (#4756)
a9badea fix(rocky): add architectures support for advisories (#4691)
f8ebccc chore(deps): bump github.com/opencontainers/image-spec (#4751)
1c81948 chore(deps): bump github.com/package-url/packageurl-go (#4754)
497cc10 chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (#4750)
065f0af chore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 (#4755)
e260305 chore(deps): bump github.com/testcontainers/testcontainers-go (#4759)
0621402 fix: documentation about reseting trivy image (#4733)
798fdbc fix(suse): Add openSUSE Leap 15.5 eol date as well (#4744)
34a8929 fix: update Amazon Linux 1 EOL (#4761)

`v0.43.0`

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/4741

Changelog

6008192 chore(deps): Update defsec to v0.90.1 (#4739)
73734ea feat(nodejs): support yarn workspaces (#4664)
22463ab feat(cli): add include-dev-deps flag (#4700)
790c805 fix(image): pass the secret scanner option to scan the img config (#4735)
86fec9c fix: scan job pod it not found on k8s-1.27.x (#4729)
26bc911 feat(docker): add support for mTLS authentication when connecting to registry (#4649)
d699e8c chore(deps): Update defsec to v0.90.0 (#4723)
1777878 fix: skip scanning the gpg-pubkey package (#4720)
9be0825 Fix http registry oci pull (#4701)
5d73b47 feat(misconf): Support skipping services (#4686)
46e784c docs: fix supported modes for pubspec.lock files (#4713)
0f61a84 fix(misconf): disable the terraform plan analyzer for other scanners (#4714)
8a1aa44 clarifying a dir path is required for custom policies (#4716)
fbab9ee chore: update alpine base images (#4715)
f84417b fix last-history-created (#4697)
85c681d feat: kbom and cyclonedx v1.5 spec support (#4708)
46748ce docs: add information about Aqua (#4590)
c6741bd fix: k8s escape resource filename on windows os (#4693)
a21acc7 ci: ignore merge queue branches (#4696)
32a3a33 chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 (#4695)
cbb47dc chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 (#4694)
e3d10d2 feat: cyclondx sbom custom property support (#4688)
e1770e0 ci: do not trigger tests in main (#4692)
337c0b7 add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690)
5ccee14 use group field for jar in cyclonedx (#4674)
96db52c feat(java): capture licenses from pom.xml (#4681)
3e902a5 feat(helm): make sessionAffinity configurable (#4623)
904f1cf fix: Show the correct URL of the secret scanning (#4682)
7d48c5d document expected file pattern definition format (#4654)
dcc73e9 fix: format arg error (#4642)
35c4262 feat(k8s): cyclonedx kbom support (#4557)
0e01851 fix(nodejs): remove unused fields for the pnpm lockfile (#4630)
4d9b444 fix(vm): update ext4-filesystem parser for parse multi block extents (#4616)
c29197a ci: update build IDs (#4641)
d7637ad fix(debian): update EOL for Debian 12 (#4647)
ef39eee chore(deps): bump go-containerregistry (#4639)
1ce8bb5 chore: unnecessary use of fmt.Sprintf (S1039) (#4637)
bc9513f fix(db): change argument order in Exists query for JavaDB (#4595)
aecd2f0 feat(aws): Add support to see successes in results (#4427)
2cbf402 chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4613)
0099b20 ci: do not trigger tests in main (#4614)
a597a54 chore(deps): bump sigstore/cosign-installer (#4609)
b453fbe chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 (#4608)
0e876d5 ci: bypass the required status checks (#4611)
a4f27d2 ci: support merge queue (#3652)
9e6411e ci: matrix build for testing (#4587)
ef6538a feat: trivy k8s private registry support (#4567)
139f3e1 docs: add general coverage page (#3859)
479cfdd chore: create SECURITY.md (#4601)

`v0.42.1`

Compare Source

Changelog

9a279fa ci: remove 32bit packages (#4585)
d52b0b7 fix(misconf): deduplicate misconf results (#4588)
9b531fa fix(vm): support sector size of 4096 (#4564)
8ca1bfd fix(misconf): terraform relative paths (#4571)
c20d466 fix(purl): skip unsupported library type (#4577)
52cbe79 fix(terraform): recursively detect all Root Modules (#4457)
4a5b915 fix(vm): support post analyzer for vm command (#4544)
56cdc55 fix(nodejs): change the type of the devDependencies field (#4560)
17d7536 fix(sbom): export empty dependencies in CycloneDX (#4568)
2796abe refactor: add composite fs for post-analyzers (#4556)
22a1573 chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4554)
4358665 chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#4526)
5081399 chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 (#4528)
e1a3812 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 (#4529)
283eef6 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 (#4536)
bbd7b98 chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 (#4549)
11c81bf chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#4532)
2d8d63e chore(deps): bump github.com/testcontainers/testcontainers-go (#4537)
a46839b chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#4530)
19715f5 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4534)

`v0.42.0`

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/4541

Changelog

854b639 chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
59e1a86 chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
9ef0113 feat: add SBOM analyzer (#4210)
dadd1e1 fix(sbom): update logic for work with files in spdx format (#4513)
1a65821 feat: azure workload identity support (#4489)
411862c feat(ubuntu): add eol date for 18.04 ESM (#4524)
62a1aaf fix(misconf): Update required extensions for terraformplan (#4523)
48b2e15 refactor(cyclonedx): add intermediate representation (#4490)
c15f269 fix(misconf): Remove debug print while scanning (#4521)
b6ee08e fix(java): remove duplicates of jar libs (#4515)
d474040 fix(java): fix overwriting project props in pom.xml (#4498)
4cf2f94 docs: Update compilation instructions (#4512)
18ce1c3 fix(nodejs): update logic for parsing pnpm lock files (#4502)
87eed38 fix(secret): remove aws-account-id rule (#4494)
b0c591e feat(oci): add support for referencing an input image by digest (#4470)
b84b5ec chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#4338)
305255a docs: fixed the format (#4503)
d586de5 fix(java): add support of * for exclusions for pom.xml files (#4501)
de6eef3 feat: adding issue template for documentation (#4453)
83a9c4a docs: switch glad to ghsa for Go (#4493)
5372722 chore(deps): Update defsec to v0.89.0 (#4474)
6fcd153 feat(misconf): Add terraformplan support (#4342)
72e302c feat(debian): add digests for dpkg (#4445)
7e99d08 chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#4478)
12a1789 feat(k8s): exclude node scanning by node labels (#4459)
919e8c9 docs: add info about multi-line mode for regexp from custom secret rules (#4159)
50fe43f feat(cli): convert JSON reports into a different format (#4452)
09db1d4 feat(image): add logic to guess base layer for docker-cis scan (#4344)
3f0721f fix(cyclonedx): set original names for packages (#4306)
0ef0dad feat: group subcommands (#4449)
3a7717f feat(cli): add retry to cache operations (#4189)
63cfb27 fix(vuln): report architecture for apk packages (#4247)
e136136 refactor: enable cases where return values are not needed in pipeline (#4443)
29b5f7e fix(image): resolve scan deadlock when error occurs in slow mode (#4336)
92ed344 docs(misconf): Update docs for kubernetes file patterns (#4435)
16af41b test: k8s integration tests (#4423)
cab8569 feat(redhat): add package digest for rpm (#4410)
92f9e98 feat(misconf): Add --reset-policy-bundle for policy bundle (#4167)
33fb047 fix: typo (#4431)
8b162f2 add user instruction to imgconf (#4429)
3b7c919 fix(k8s): add image sources (#4411)
c75d35f docs(scanning): Add versioning banner (#4415)
d298415 feat(cli): add mage command to update golden integration test files (#4380)
1a56295 feat: node-collector custom namespace support (#4407)
864ad10 chore(deps): bump owenrumney/go-sarif from v2.1.3 to v2.2.0 (#4378)
7a20d96 refactor(sbom): use multiline json for spdx-json format (#4404)
ea5fd75 fix(ubuntu): add EOL date for Ubuntu 23.04 (#4347)
56a01ec refactor: code-optimization (#4214)
6a0e152 feat(image): Add image-src flag to specify which runtime(s) to use (#4047)
50c8b41 test: skip wrong update of test golden files (#4379)
51ca653 refactor: don't return error for package.json without version/name (#4377)
e5e7ebc docs: cmd error (#4376)
6ee4960 test(cli): add test for config file and env combination (#2666)
c067b02 fix(report): set a correct file location for license scan output (#4326)
ff63748 ci: rpm repository for all versions and aarch64 (#4077)
0009b02 chore(alpine): Update Alpine to 3.18 (#4351)
d61ae8c fix(alpine): add EOL date for Alpine 3.18 (#4308)
636ce80 chore(deps): bump github.com/docker/distribution (#4337)
e859d10 feat: allow root break for mapfs (#4094)
a6ef37f docs(misconf): Remove examples.md (#4256)
dca8c03 fix(ubuntu): update eol dates for Ubuntu (#4258)
b003f58 feat(alpine): add digests for apk packages (#4168)
86f0016 chore: add discussion templates (#4190)
2f318ce fix(terraform): Support tfvars (#4123)
ec3906c chore: separate docs:generate (#4242)
37b25d2 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4246)
45d5edb refactor: define vulnerability scanner interfaces (#4117)
090a00e feat: unified k8s scan resources (#4188)
f2188eb chore(deps): Update defsec to v0.88.1 (#4178)
b79850f chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2 (#4141)
36acdfa chore: trivy bin ignore (#4212)
55fb723 feat(image): enforce image platform (#4083)
9c87cb2 chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.1.2 to 2.1.3 (#4143)
21cf179 chore(deps): bump github.com/docker/docker (#4144)
fbf7a77 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.1 to 2.0.2 (#4146)
547391c chore(deps): bump aquaproj/aqua-installer from 2.0.2 to 2.1.1 (#4140)
882bfdd fix(ubuntu): fix version selection logic for ubuntu esm (#4171)
949cd10 chore(deps): bump github.com/samber/lo from 1.37.0 to 1.38.1 (#4147)
93bc162 chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#4145)
57993ef chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.3 (#4138)
dc4baeb chore(deps): bump github.com/testcontainers/testcontainers-go (#4150)
25d0255 chore: install.sh support for windows (#4155)
73e5454 chore(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1 (#4166)
08de7c6 chore(deps): bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#4149)
ade4730 docs: moving skipping files out of others (#4154)

`v0.41.0`

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/4135

Changelog

1be1e2e fix(spdx): add workaround for no src packages (#4118)
45bc9e0 test(golang): rename broken go.mod (#4129)
3334e78 feat(sbom): add supplier field (#4122)
27fb1bf test(misconf): skip downloading of policies for tests #4126
845ae31 refactor: use debug message for post-analyze errors (#4037)
11a5b91 feat(sbom): add VEX support (#4053)
5eab464 feat(sbom): add primary package purpose field for SPDX (#4119)
a00d00e fix(k8s): fix quiet flag (#4120)
9bc3269 fix(python): parse of pip extras (#4103)
8559841 feat(java): use full path for nested jars (#3992)
0650e0e feat(license): add new flag for classifier confidence level (#4073)
43b6496 feat: config and fs compliance support (#4097)
9181bc1 chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#3952)
48e021e feat(spdx): add support for SPDX 2.3 (#4058)
107752d fix: k8s all-namespaces support (#4096)
bd0c603 perf(misconf): replace with post-analyzers (#4090)
76662d5 fix(helm): update networking API version detection (#4106)
be47b68 feat(image): custom docker host option (#3599)
cc18f92 style: debug flag is incorrect and needs extra - (#4087)
572a619 docs(vuln): Document inline vulnerability filtering comments (#4024)
914c6f0 feat(fs): customize error callback during fs walk (#4038)
3f02fee fix(ubuntu): skip copyright files from subfolders (#4076)
57bb77c docs: restructure scanners (#3977)
b19b56c fix: fix file does not exist error for post-analyzers (#4061)

`v0.40.0`

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/4074

Changelog

b43b19b feat(flag): Support globstar for --skip-files and --skip-directories (#4026)
1480500 chore(deps): bump actions/stale from 7 to 8 (#3955)
83bb97a fix: return insecure option to download javadb (#4064)
79a1ba3 fix(nodejs): don't stop parsing when unsupported yarn.lock protocols are found (#4052)
ff1c43a ci: add gpg signing for RPM packages (#4056)
b608b11 fix(k8s): current context title (#4055)
2c3b60f fix(k8s): quit support on k8s progress bar (#4021)
a6b8642 chore: add a note about Dockerfile.canary (#4050)
90b8066 ci: fix path to canary binaries (#4045)
dcefc6b fix(vuln): report architecture for debian packages (#4032)
601e25f feat: add support for Chainguard's commercial distro (#3641)
0bebec1 ci: bump goreleaser for Github Action from 1.4.1 to 1.16.2 (#3979)
707ea94 fix(vuln): fix error message for remote scanners (#4031)
8e1fe76 feat(report): add image metadata to SARIF (#4020)
4b36e97 docs: fix broken cache link on Installation page (#3999)
f0df725 fix: lock downloading policies and database (#4017)
009675c fix: avoid concurrent access to the global map (#4014)
3ed86aa feat(rust): add Cargo.lock v3 support (#4012)
f31dea4 feat: auth support oci download server subcommand (#4008)
d37c50a chore(deps): bump github.com/docker/docker (#4009)
693d205 chore: install.sh support for armv7 (#3985)
65d89b9 chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#3961)

`v0.39.1`

Compare Source

Changelog

a119ef8 fix(rust): fix panic when 'dependencies' field is not used in cargo.toml (#3997)
c8283ce fix(sbom): fix infinite loop for cyclonedx (#3998)
6c8b042 chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.4.0 (#3954)
c42f360 fix: use warning for errors from enrichment files for post-analyzers (#3972)
20c21ca chore(deps): bump github.com/docker/docker (#3963)
54388ff fix(helm): added annotation to psp configurable from values (#3893)
99a2519 chore(deps): bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.1 (#3962)
d113b93 fix(secret): update built-in rule tests (#3855)
5ab6d25 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.23.0 to 2.30.1 (#3957)
0767cb8 test: rewrite scripts in Go (#3968)
428ee19 docs(cli): Improve glob documentation (#3945)
3e00dc3 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#3959)
cf2f0b2 ci: check CLI references (#3967)
70f507e chore(deps): bump alpine from 3.17.2 to 3.17.3 (#3951)
befabc6 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.212 to 1.44.234 (#3956)
ee69abb chore(deps): bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#3958)
8901f7b chore(deps): bump actions/setup-go from 3 to 4 (#3953)
4e6bbbc chore(deps): bump actions/cache from 3.2.6 to 3.3.1 (#3950)
d70f346 chore(deps): bump github.com/containerd/containerd from 1.6.19 to 1.7.0 (#3965)
3efb2fd chore(deps): bump github.com/sigstore/rekor from 1.0.1 to 1.1.0 (#3964)

`v0.39.0`

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/3949

Changelog

ed59096 docs(cli): added makefile and go file to create docs (#3930)
a2f39a3 chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946)
5a10631 chore: ignore gpg key (#3943)
4072115 feat(cyclonedx): support dependency graph (#3177)
7cad265 chore(deps): Bump defsec to v0.85.0 (#3940)
f8b5733 feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919)
10796a2 feat(server): redis with public TLS certs support (#3783)
abff139 feat(flag): Add glob support to --skip-dirs and --skip-files (#3866)
b40f60c chore: replace make with mage (#3932)
67236f6 fix(sbom): add checksum to files (#3888)
00de24b chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928)
5976d1f chore: remove unused mount volumes (#3927)
f14bed4 feat: add auth support for downloading OCI artifacts (#3915)
1ee0518 refactor(purl): use epoch in qualifier (#3913)
0000252 chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#3727)
ca0d972 feat(image): add registry options (#3906)
0336555 feat(rust): dependency tree and line numbers support for cargo lock file (#3746)
dd9cd95 chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905)
edb0682 feat(php): add support for location, licenses and graph for composer.lock files (#3873)
c02b15b chore(deps): updates wazero to 1.0.0 (#3904)
63ef760 feat(image): discover SBOM in OCI referrers (#3768)
3fa703c docs: change cache-dir key in config file (#3897)
4d78747 fix(sbom): use release and epoch for SPDX package version (#3896)
67572df ci: add gpg signing for RPM packages (#3612)
e76d5ff docs: Update incorrect comment for skip-update flag (#3878)
011ea60 refactor(misconf): simplify policy filesystem (#3875)
6445309 feat(nodejs): parse package.json alongside yarn.lock (#3757)
6e9c2c3 fix(spdx): add PkgDownloadLocation field (#3879)
18eeea2 fix(report): try to guess direct deps for dependency tree (#3852)
02b6914 chore(amazon): update EOL (#3876)
79096e1 fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877)
fc2e80c feat(amazon): add al2023 support (#3854)
5f8d69d chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (#3736)
7916aaf docs(misconf): Add information about selectors (#3703)
1b1ed39 docs(cli): update CLI docs with cobra (#3815)
234a360 feat: k8s parallel processing (#3693)
b864b3b docs: add DefectDojo in the Security Management section (#3871)
ad34c98 chore(deps): updates wazero to 1.0.0-rc.2 (#3853)
7148de3 refactor: add pipeline (#3868)
927acf9 feat(cli): add javadb metadata to version info (#3835)
33074cf chore(deps): Move compliance types to defsec (#3842)
ba9b041 feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#3849)
a754a04 feat: add node toleration option (#3823)
9e4b57f fix: allow mapfs to open dirs (#3867)
09fd299 fix(report): update uri only for os class targets (#3846)
09e1302 feat(nodejs): Add v3 npm lock file support (#3826)
52cbfeb feat(nodejs): parse package.json files alongside package-lock.json (#2916)
d6a2d63 docs(misconf): Fix links to built in policies (#3841)

`v0.38.3`

Compare Source

Changelog

a12f58b chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.86.1 to 1.89.1 (#3827)
ee51835 fix(java): skip empty files for jar post analyzer (#3832)
3987a67 fix(docker): build healthcheck command for line without /bin/sh prefix (#3831)
2bb25e7 refactor(license): use goyacc for license parser (#3824)
00c763b chore(deps): bump github.com/docker/docker from 23.0.0-rc.1+incompatible to 23.0.1+incompatible (#3586)
cac5881 fix: populate timeout context to node-collector (#3766)
bd9c6e6 fix: exclude node collector scanning (#3771)
20f1067 fix: display correct flag in error message when skipping java db update #3808
1fac7bf fix: disable jar analyzer for scanners other than vuln (#3810)
aaf2658 fix(sbom): fix incompliant license format for spdx (#3335)
f830763 fix(java): the project props take precedence over the parent's props (#3320)
1aa3b7d docs: add canary build info to README.md (#3799)
57904c0 docs: adding link to gh token generation (#3784)
bdccf72 docs: changing docs in accordance with #3460 (#3787)

`v0.38.2`

Compare Source

Changelog

800473a chore(deps): bump github.com/moby/buildkit from 0.11.0 to 0.11.4 (#3789)
e6ab389 chore(deps): bump actions/add-to-project from 0.4.0 to 0.4.1 (#3724)
6614398 fix(license): disable jar analyzer for licence scan only (#3780)
1dc6fee bump trivy-issue-action to v0.0.0; skip pkg dir (#3781)
3357ed0 fix: skip checking dirs for required post-analyzers (#3773)
1064636 docs: add information about plugin format (#3749)
60b7ef5 fix(sbom): add trivy version to spdx creators tool field (#3756)

`v0.38.1`

Compare Source

Changelog

497c955 feat(misconf): Add support to show policy bundle version (#3743)
5d54310 fix(python): fix error with optional dependencies in pyproject.toml (#3741)
44cf1e2 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.210 to 1.44.212 (#3740)
743b4b0 add id for package.json files (#3750)
6de4385 chore(deps): bump github.com/containerd/containerd from 1.6.18 to 1.6.19 (#3738)
9a0ceef chore(deps): bump actions/cache from 3.2.4 to 3.2.6 (#3725)
0501b46 chore(deps): bump github.com/google/go-containerregistry (#3731)
ee3004d chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#3732)
5c8e604 chore(deps): bump alpine from 3.17.1 to 3.17.2 (#3723)

`v0.38.0`

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/3719

Changelog

bc08366 fix(cli): pass integer to exit-on-eol (#3716)
23cdac0 feat: add kubernetes pss compliance (#3498)
302c8ae feat: Adding --module-dir and --enable-modules (#3677)
34120f4 feat: add special IDs for filtering secrets (#3702)
e399ed8 chore(deps): Update defsec (#3713)
ef7b762 docs(misconf): Add guide on input schema (#3692)
00daebc feat(go): support dependency graph and show only direct dependencies in the tree (#3691)
98d1031 feat: docker multi credential support (#3631)
b791362 feat: summarize vulnerabilities in compliance reports (#3651)
719fdb1 feat(python): parse pyproject.toml alongside poetry.lock (#3695)
3ff5699 feat(python): add dependency tree for poetry lock file (#3665)
33909d9 fix(cyclonedx): incompliant affect ref (#3679)
d85a3e0 chore(helm): update skip-db-update environment variable (#3657)
551899c fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675)
3aaa2cf fix(sbom): export empty dependencies in CycloneDX (#3664)
9d1300c docs: java-db air-gap doc tweaks (#3561)
793cc43 feat(go): license support (#3683)
6a3294e feat(ruby): add dependency tree/location support for Gemfile.lock (#3669)
e9dc21d fix(k8s): k8s label size (#3678)
12976d4 fix(cyclondx): fix array empty value, null to [] (#3676)
1dc2b34 refactor: rewrite gomod analyzer as post-analyzer (#3674)
92eaf63 feat: config outdated-api result filtered by k8s version (#3578)
9af436b fix: Update to Alpine 3.17.2 (#3655)
88ee68d feat: add support for virtual files (#3654)
75c96bd feat: add post-analyzers (#3640)
baea399 chore(deps): updates wazero to 1.0.0-pre.9 (#3653)
7ca0db1 chore(deps): bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#3528)
866999e chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 (#3633)
b7bfb9a feat(python): add dependency locations for Pipfile.lock (#3614)
9badef2 chore(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 (#3648)
d856595 fix(java): fix groupID selection by ArtifactID for jar files. (#3644)
fe7c26a chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.63.1 to 1.85.0 (#3607)
f251dfc fix(aws): Adding a fix for update-cache flag that is not applied on AWS scans. (#3619)
9be8062 feat(cli): add command completion (#3061)
370098d docs(misconf): update dockerfile link (#3627)
32acd29 feat(flag): add exit-on-eosl option (#3423)
aa8e185 chore(deps): bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.2 (#3533)
86603bb fix(cli): make java db repository configurable (#3595)
7b1e173 chore: bump trivy-kubernetes (#3613)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.

chore(deps): update docker.io/aquasec/trivy docker tag to v0.45.0

Release Notes

⚡Release highlights and summary⚡

Changelog

Changelog

⚡Release highlights and summary⚡

Changelog

Changelog

⚡Release highlights and summary⚡

Changelog

Changelog

⚡Release highlights and summary⚡

Changelog

⚡Release highlights and summary⚡

Changelog

⚡Release highlights and summary⚡

Changelog

Changelog

⚡Release highlights and summary⚡

Changelog

Changelog

Changelog

Changelog

⚡Release highlights and summary⚡

Changelog

Configuration

Merge request reports