chore(deps): update docker.io/aquasec/trivy docker tag to v0.47.0

This MR contains the following updates:

Package	Update	Change
docker.io/aquasec/trivy	minor	0.46.1 -> 0.47.0

---

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.47.0

Compare Source

Release highlights and summary

https://github.com/aquasecurity/trivy/discussions/5520

Changelog

• d6df5fb docs: add info that license scanning supports file-patterns flag (#​5484)
• 156d4cc docs: add Zora integration into Ecosystem session (#​5490)
• 772d1d0 fix(sbom): Use UUID as BomRef for packages with empty purl (#​5448)
• df47073 ci: use maximize build space for K8s tests (#​5387)
• fed4710 fix: correct error mismatch causing race in fast walks (#​5516)
• 46f1b9e docs: k8s vulnerability scanning (#​5515)
• fdb3a15 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#​5506)
• d0d956f chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#​5493)
• 68b0797 docs: remove glad for java datasources (#​5508)
• 474167c chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#​5475)
• 7299867 chore: remove unused logger attribute in amazon detector (#​5476)
• 8656bd9 fix: correct error mismatch causing race in fast walks (#​5482)
• 2e10cd2 chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#​5502)
• 13df746 chore(deps): bump docker/build-push-action from 4 to 5 (#​5500)
• b0141cf chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#​5491)
• 520830b fix(server): add licenses to BlobInfo message (#​5382)
• 9a6e125 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#​5501)
• 6e59272 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#​5497)
• f3de7bc feat: scan vulns on k8s core component apps (#​5418)
• e2fb3dd fix(java): fix infinite loop when relativePath field points to pom.xml being scanned (#​5470)
• 3e833be chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#​5472)
• ca50b77 fix(sbom): save digests for package/application when scanning SBOM files (#​5432)
• 048150d docs: fix the broken link (#​5454)
• 013d901 docs: fix error when installing PyYAML for gh pages (#​5462)
• 26b4959 fix(java): download java-db once (#​5442)
• 57fa701 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#​5447)
• 53c9a7d docs(misconf): Update --tf-exclude-downloaded-modules description (#​5419)
• 01c98d1 feat(misconf): Support --ignore-policy in config scans (#​5359)
• 05b3c86 docs(misconf): fix broken table for Use container image section (#​5425)
• 1a15a3a feat(dart): add graph support (#​5374)
• f2a12f5 refactor: define a new struct for scan targets (#​5397)
• 6040d9f fix(sbom): add missed primaryURL and source severity for CycloneDX (#​5399)
• e5317c7 fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#​5393)
• 9fba79f chore(deps): move to aws-sdk-go-v2 (#​5381)
• 00f2059 docs: remove --scanners none (#​5384)
• 57a1022 docs: Update container_image.md #​5182 (#​5193)
• 5b2b4ea feat(report): Add InstalledFiles field to Package (#​4706)

---

Configuration

Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.