Closed renovate[bot] closed 4 months ago
This PR contains the following updates:
0.41.0
0.51.4
📅 Schedule: Branch creation - "on sunday" in timezone America/Montreal, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
0.41.0
->0.51.4
Release Notes
aquasecurity/trivy (aquasec/trivy)
### [`v0.51.4`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.51.4) #### Changelog - [`c06f467`](https://togithub.com/aquasecurity/trivy/commit/c06f467e6) chore: downgrade trivy-checks and trivy-aws - [`df4f760`](https://togithub.com/aquasecurity/trivy/commit/df4f7604a) build: use main package instead of main.go ([#6766](https://togithub.com/aquasecurity/trivy/issues/6766)) - [`bf7a8ed`](https://togithub.com/aquasecurity/trivy/commit/bf7a8ede3) chore(deps): bump the common group across 1 directory with 29 updates ([#6756](https://togithub.com/aquasecurity/trivy/issues/6756)) - [`acb22c6`](https://togithub.com/aquasecurity/trivy/commit/acb22c60a) chore(deps): bump the aws group with 8 updates ([#6738](https://togithub.com/aquasecurity/trivy/issues/6738)) - [`9a3510f`](https://togithub.com/aquasecurity/trivy/commit/9a3510ffd) chore(deps): bump the docker group with 2 updates ([#6739](https://togithub.com/aquasecurity/trivy/issues/6739)) - [`7806b37`](https://togithub.com/aquasecurity/trivy/commit/7806b37e2) ci: add `generic` dir to deb deploy script ([#6636](https://togithub.com/aquasecurity/trivy/issues/6636)) ### [`v0.51.2`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.51.2) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.51.1...v0.51.2) #### Changelog - [`eadc6fb`](https://togithub.com/aquasecurity/trivy/commit/eadc6fb64) fix: node-collector high and critical cves ([#6707](https://togithub.com/aquasecurity/trivy/issues/6707)) - [`cc489b1`](https://togithub.com/aquasecurity/trivy/commit/cc489b1af) Merge pull request from GHSA-xcq4-m2r3-cmrj - [`013f71a`](https://togithub.com/aquasecurity/trivy/commit/013f71a6a) chore: auto-bump golang patch versions ([#6711](https://togithub.com/aquasecurity/trivy/issues/6711)) - [`113a5b2`](https://togithub.com/aquasecurity/trivy/commit/113a5b216) fix(misconf): don't shift ignore rule related to code ([#6708](https://togithub.com/aquasecurity/trivy/issues/6708)) - [`733e5ac`](https://togithub.com/aquasecurity/trivy/commit/733e5ac1f) fix(go): include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` ([#6705](https://togithub.com/aquasecurity/trivy/issues/6705)) - [`d311e49`](https://togithub.com/aquasecurity/trivy/commit/d311e49bc) fix(go): add only non-empty root modules for `gobinaries` ([#6710](https://togithub.com/aquasecurity/trivy/issues/6710)) - [`cf1a7bf`](https://togithub.com/aquasecurity/trivy/commit/cf1a7bf30) refactor: unify package addition and vulnerability scanning ([#6579](https://togithub.com/aquasecurity/trivy/issues/6579)) - [`d465d9d`](https://togithub.com/aquasecurity/trivy/commit/d465d9d1e) fix: Golang version parsing from binaries w/GOEXPERIMENT ([#6696](https://togithub.com/aquasecurity/trivy/issues/6696)) - [`0af225c`](https://togithub.com/aquasecurity/trivy/commit/0af225ccf) fix(conda): add support `pip` deps for `environment.yml` files ([#6675](https://togithub.com/aquasecurity/trivy/issues/6675)) - [`6f64d55`](https://togithub.com/aquasecurity/trivy/commit/6f64d5518) fix(misconf): skip Rego errors with a nil location ([#6666](https://togithub.com/aquasecurity/trivy/issues/6666)) - [`8c27430`](https://togithub.com/aquasecurity/trivy/commit/8c27430a2) fix(misconf): skip Rego errors with a nil location ([#6638](https://togithub.com/aquasecurity/trivy/issues/6638)) - [`c2b46d3`](https://togithub.com/aquasecurity/trivy/commit/c2b46d3c2) refactor: unify Library and Package structs ([#6633](https://togithub.com/aquasecurity/trivy/issues/6633)) - [`4368f11`](https://togithub.com/aquasecurity/trivy/commit/4368f11e0) fix: use of specified context to obtain cluster name ([#6645](https://togithub.com/aquasecurity/trivy/issues/6645)) - [`5ec62f8`](https://togithub.com/aquasecurity/trivy/commit/5ec62f863) docs: fix usage of image-config-scanners ([#6635](https://togithub.com/aquasecurity/trivy/issues/6635)) ### [`v0.51.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.51.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.51.0...v0.51.1) #### Changelog - [`8016b82`](https://togithub.com/aquasecurity/trivy/commit/8016b821a) fix(fs): handle default skip dirs properly ([#6628](https://togithub.com/aquasecurity/trivy/issues/6628)) - [`7a25dad`](https://togithub.com/aquasecurity/trivy/commit/7a25dadb4) fix(misconf): load cached tf modules ([#6607](https://togithub.com/aquasecurity/trivy/issues/6607)) - [`9c794c0`](https://togithub.com/aquasecurity/trivy/commit/9c794c0ff) fix(misconf): do not use semver for parsing tf module versions ([#6614](https://togithub.com/aquasecurity/trivy/issues/6614)) ### [`v0.51.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.51.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.50.4...v0.51.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/6622](https://togithub.com/aquasecurity/trivy/discussions/6622) #### Changelog - [`14c1024`](https://togithub.com/aquasecurity/trivy/commit/14c1024b4) refactor: move setting scanners when using compliance reports to flag parsing ([#6619](https://togithub.com/aquasecurity/trivy/issues/6619)) - [`998f750`](https://togithub.com/aquasecurity/trivy/commit/998f75043) feat: introduce package UIDs for improved vulnerability mapping ([#6583](https://togithub.com/aquasecurity/trivy/issues/6583)) - [`770b141`](https://togithub.com/aquasecurity/trivy/commit/770b14113) perf(misconf): Improve cause performance ([#6586](https://togithub.com/aquasecurity/trivy/issues/6586)) - [`3ccb1a0`](https://togithub.com/aquasecurity/trivy/commit/3ccb1a0f1) docs: trivy-k8s new experiance remove un-used section ([#6608](https://togithub.com/aquasecurity/trivy/issues/6608)) - [`58cfd1b`](https://togithub.com/aquasecurity/trivy/commit/58cfd1b07) chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible ([#6612](https://togithub.com/aquasecurity/trivy/issues/6612)) - [`715963d`](https://togithub.com/aquasecurity/trivy/commit/715963d75) docs: remove mention of GitLab Gold because it doesn't exist anymore ([#6609](https://togithub.com/aquasecurity/trivy/issues/6609)) - [`37da98d`](https://togithub.com/aquasecurity/trivy/commit/37da98df4) feat(misconf): Use updated terminology for misconfiguration checks ([#6476](https://togithub.com/aquasecurity/trivy/issues/6476)) - [`cdee703`](https://togithub.com/aquasecurity/trivy/commit/cdee7030a) chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 ([#6593](https://togithub.com/aquasecurity/trivy/issues/6593)) - [`6a2225b`](https://togithub.com/aquasecurity/trivy/commit/6a2225b42) docs: use `generic` link from `trivy-repo` ([#6606](https://togithub.com/aquasecurity/trivy/issues/6606)) - [`a2a02de`](https://togithub.com/aquasecurity/trivy/commit/a2a02de7c) docs: update trivy k8s with new experience ([#6465](https://togithub.com/aquasecurity/trivy/issues/6465)) - [`e739ab8`](https://togithub.com/aquasecurity/trivy/commit/e739ab850) feat: support `--skip-images` scanning flag ([#6334](https://togithub.com/aquasecurity/trivy/issues/6334)) - [`c6d5d85`](https://togithub.com/aquasecurity/trivy/commit/c6d5d856c) BREAKING: add support for k8s `disable-node-collector` flag ([#6311](https://togithub.com/aquasecurity/trivy/issues/6311)) - [`194a814`](https://togithub.com/aquasecurity/trivy/commit/194a81468) chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 ([#6601](https://togithub.com/aquasecurity/trivy/issues/6601)) - [`03830c5`](https://togithub.com/aquasecurity/trivy/commit/03830c50c) chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 ([#6599](https://togithub.com/aquasecurity/trivy/issues/6599)) - [`8e814fa`](https://togithub.com/aquasecurity/trivy/commit/8e814fa23) chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 ([#6597](https://togithub.com/aquasecurity/trivy/issues/6597)) - [`2dc76ba`](https://togithub.com/aquasecurity/trivy/commit/2dc76ba78) chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 ([#6588](https://togithub.com/aquasecurity/trivy/issues/6588)) - [`c17176b`](https://togithub.com/aquasecurity/trivy/commit/c17176ba9) chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 ([#6595](https://togithub.com/aquasecurity/trivy/issues/6595)) - [`bce70af`](https://togithub.com/aquasecurity/trivy/commit/bce70af36) chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 ([#6596](https://togithub.com/aquasecurity/trivy/issues/6596)) - [`4369a19`](https://togithub.com/aquasecurity/trivy/commit/4369a19af) feat: add ubuntu 23.10 and 24.04 support ([#6573](https://togithub.com/aquasecurity/trivy/issues/6573)) - [`5566548`](https://togithub.com/aquasecurity/trivy/commit/5566548b7) chore(deps): bump azure/setup-helm from 3.5 to 4 ([#6590](https://togithub.com/aquasecurity/trivy/issues/6590)) - [`a8af76a`](https://togithub.com/aquasecurity/trivy/commit/a8af76a47) chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 ([#6587](https://togithub.com/aquasecurity/trivy/issues/6587)) - [`c8ed432`](https://togithub.com/aquasecurity/trivy/commit/c8ed432f2) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.24.6 to 1.27.4 ([#6598](https://togithub.com/aquasecurity/trivy/issues/6598)) - [`551a46e`](https://togithub.com/aquasecurity/trivy/commit/551a46efc) docs(go): add stdlib ([#6580](https://togithub.com/aquasecurity/trivy/issues/6580)) - [`261649b`](https://togithub.com/aquasecurity/trivy/commit/261649b11) chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.16 ([#6592](https://togithub.com/aquasecurity/trivy/issues/6592)) - [`acfddd4`](https://togithub.com/aquasecurity/trivy/commit/acfddd457) chore(deps): bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 ([#6600](https://togithub.com/aquasecurity/trivy/issues/6600)) - [`419e3d2`](https://togithub.com/aquasecurity/trivy/commit/419e3d202) feat(go): parse main mod version from build info settings ([#6564](https://togithub.com/aquasecurity/trivy/issues/6564)) - [`f0961d5`](https://togithub.com/aquasecurity/trivy/commit/f0961d54f) feat: respect custom exit code from plugin ([#6584](https://togithub.com/aquasecurity/trivy/issues/6584)) - [`a5d485c`](https://togithub.com/aquasecurity/trivy/commit/a5d485cf8) docs: add asdf and mise installation method ([#6063](https://togithub.com/aquasecurity/trivy/issues/6063)) - [`29b8faf`](https://togithub.com/aquasecurity/trivy/commit/29b8faf5f) feat(vuln): Handle scanning conan v2.x lockfiles ([#6357](https://togithub.com/aquasecurity/trivy/issues/6357)) - [`e3bef02`](https://togithub.com/aquasecurity/trivy/commit/e3bef0201) feat: add support `environment.yaml` files ([#6569](https://togithub.com/aquasecurity/trivy/issues/6569)) - [`916f6c6`](https://togithub.com/aquasecurity/trivy/commit/916f6c66f) fix: close plugin.yaml ([#6577](https://togithub.com/aquasecurity/trivy/issues/6577)) - [`8e6cd0e`](https://togithub.com/aquasecurity/trivy/commit/8e6cd0e91) fix: trivy k8s avoid deleting non-default node collector namespace ([#6559](https://togithub.com/aquasecurity/trivy/issues/6559)) - [`060d0bb`](https://togithub.com/aquasecurity/trivy/commit/060d0bb64) BREAKING: support exclude `kinds/namespaces` and include `kinds/namespaces` ([#6323](https://togithub.com/aquasecurity/trivy/issues/6323)) - [`2d090ef`](https://togithub.com/aquasecurity/trivy/commit/2d090ef2d) feat(go): add main module ([#6574](https://togithub.com/aquasecurity/trivy/issues/6574)) - [`6343e4f`](https://togithub.com/aquasecurity/trivy/commit/6343e4fc7) feat: add relationships ([#6563](https://togithub.com/aquasecurity/trivy/issues/6563)) - [`a018ee1`](https://togithub.com/aquasecurity/trivy/commit/a018ee1f9) ci: disable `Go` cache for `reusable-release.yaml` ([#6572](https://togithub.com/aquasecurity/trivy/issues/6572)) - [`5da053f`](https://togithub.com/aquasecurity/trivy/commit/5da053f30) docs: mention `--show-suppressed` is available in table ([#6571](https://togithub.com/aquasecurity/trivy/issues/6571)) - [`3d66cb8`](https://togithub.com/aquasecurity/trivy/commit/3d66cb8d8) chore: fix sqlite to support loong64 ([#6511](https://togithub.com/aquasecurity/trivy/issues/6511)) - [`9aca98c`](https://togithub.com/aquasecurity/trivy/commit/9aca98cca) fix(debian): sort dpkg info before parsing due to exclude directories ([#6551](https://togithub.com/aquasecurity/trivy/issues/6551)) - [`7811ad0`](https://togithub.com/aquasecurity/trivy/commit/7811ad0d2) docs: update info about config file ([#6547](https://togithub.com/aquasecurity/trivy/issues/6547)) - [`fae710d`](https://togithub.com/aquasecurity/trivy/commit/fae710db8) docs: remove RELEASE_VERSION from trivy.repo ([#6546](https://togithub.com/aquasecurity/trivy/issues/6546)) - [`d2d4022`](https://togithub.com/aquasecurity/trivy/commit/d2d4022ef) fix(sbom): change error to warning for multiple OSes ([#6541](https://togithub.com/aquasecurity/trivy/issues/6541)) - [`164b025`](https://togithub.com/aquasecurity/trivy/commit/164b02541) fix(vuln): skip empty versions ([#6542](https://togithub.com/aquasecurity/trivy/issues/6542)) - [`5dd9bd4`](https://togithub.com/aquasecurity/trivy/commit/5dd9bd470) feat(c): add license support for conan lock files ([#6329](https://togithub.com/aquasecurity/trivy/issues/6329)) - [`7c2017f`](https://togithub.com/aquasecurity/trivy/commit/7c2017fa7) fix(terraform): Attribute and fileset fixes ([#6544](https://togithub.com/aquasecurity/trivy/issues/6544)) - [`63c9469`](https://togithub.com/aquasecurity/trivy/commit/63c9469bd) refactor: change warning if no vulnerability details are found ([#6230](https://togithub.com/aquasecurity/trivy/issues/6230)) - [`aa822c2`](https://togithub.com/aquasecurity/trivy/commit/aa822c260) refactor(misconf): improve error handling in the Rego scanner ([#6527](https://togithub.com/aquasecurity/trivy/issues/6527)) - [`30cc88f`](https://togithub.com/aquasecurity/trivy/commit/30cc88fa8) ci: use tmp dir inside Trivy repo dir for GoReleaser ([#6533](https://togithub.com/aquasecurity/trivy/issues/6533)) - [`e32215c`](https://togithub.com/aquasecurity/trivy/commit/e32215c99) feat(go): parse main module of go binary files ([#6530](https://togithub.com/aquasecurity/trivy/issues/6530)) - [`d4da83c`](https://togithub.com/aquasecurity/trivy/commit/d4da83c63) chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 ([#6526](https://togithub.com/aquasecurity/trivy/issues/6526)) - [`0d7d97d`](https://togithub.com/aquasecurity/trivy/commit/0d7d97d13) refactor(misconf): simplify the retrieval of module annotations ([#6528](https://togithub.com/aquasecurity/trivy/issues/6528)) - [`9873cf3`](https://togithub.com/aquasecurity/trivy/commit/9873cf3b9) chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 ([#6523](https://togithub.com/aquasecurity/trivy/issues/6523)) - [`95c8fd9`](https://togithub.com/aquasecurity/trivy/commit/95c8fd912) docs(nodejs): add info about supported versions of pnpm lock files ([#6510](https://togithub.com/aquasecurity/trivy/issues/6510)) - [`12ec0df`](https://togithub.com/aquasecurity/trivy/commit/12ec0dfe9) feat(misconf): loading embedded checks as a fallback ([#6502](https://togithub.com/aquasecurity/trivy/issues/6502)) - [`9b7d713`](https://togithub.com/aquasecurity/trivy/commit/9b7d7132b) fix(misconf): Parse JSON k8s manifests properly ([#6490](https://togithub.com/aquasecurity/trivy/issues/6490)) - [`13e72ec`](https://togithub.com/aquasecurity/trivy/commit/13e72eca5) refactor: remove parallel walk ([#5180](https://togithub.com/aquasecurity/trivy/issues/5180)) - [`a986199`](https://togithub.com/aquasecurity/trivy/commit/a9861994e) fix: close pom.xml ([#6507](https://togithub.com/aquasecurity/trivy/issues/6507)) - [`46d5aba`](https://togithub.com/aquasecurity/trivy/commit/46d5abad4) fix(secret): convert severity for custom rules ([#6500](https://togithub.com/aquasecurity/trivy/issues/6500)) - [`34ab09d`](https://togithub.com/aquasecurity/trivy/commit/34ab09d55) fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories ([#6412](https://togithub.com/aquasecurity/trivy/issues/6412)) - [`1ba5b59`](https://togithub.com/aquasecurity/trivy/commit/1ba5b5952) fix: typo ([#6283](https://togithub.com/aquasecurity/trivy/issues/6283)) - [`4fab0f8`](https://togithub.com/aquasecurity/trivy/commit/4fab0f8b9) docs(k8s,image): fix command-line syntax issues ([#6403](https://togithub.com/aquasecurity/trivy/issues/6403)) - [`d770981`](https://togithub.com/aquasecurity/trivy/commit/d7709816c) chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 ([#6435](https://togithub.com/aquasecurity/trivy/issues/6435)) - [`4337068`](https://togithub.com/aquasecurity/trivy/commit/433706820) fix(misconf): avoid panic if the scheme is not valid ([#6496](https://togithub.com/aquasecurity/trivy/issues/6496)) - [`d82d6cb`](https://togithub.com/aquasecurity/trivy/commit/d82d6cb73) feat(image): goversion as stdlib ([#6277](https://togithub.com/aquasecurity/trivy/issues/6277)) - [`cfddfb3`](https://togithub.com/aquasecurity/trivy/commit/cfddfb33c) fix: add color for error inside of log message ([#6493](https://togithub.com/aquasecurity/trivy/issues/6493)) - [`dfcb0f9`](https://togithub.com/aquasecurity/trivy/commit/dfcb0f90d) chore(deps): bump actions/add-to-project from 0.4.1 to 1.0.0 ([#6438](https://togithub.com/aquasecurity/trivy/issues/6438)) - [`183eaaf`](https://togithub.com/aquasecurity/trivy/commit/183eaafb4) docs: fix links to OPA docs ([#6480](https://togithub.com/aquasecurity/trivy/issues/6480)) - [`94d6e8c`](https://togithub.com/aquasecurity/trivy/commit/94d6e8ced) refactor: replace zap with slog ([#6466](https://togithub.com/aquasecurity/trivy/issues/6466)) - [`336c47e`](https://togithub.com/aquasecurity/trivy/commit/336c47ecc) docs: update links to IaC schemas ([#6477](https://togithub.com/aquasecurity/trivy/issues/6477)) - [`06b4473`](https://togithub.com/aquasecurity/trivy/commit/06b44738e) chore: bump Go to 1.22 ([#6075](https://togithub.com/aquasecurity/trivy/issues/6075)) - [`a51cedd`](https://togithub.com/aquasecurity/trivy/commit/a51ceddad) refactor(terraform): sync funcs with Terraform ([#6415](https://togithub.com/aquasecurity/trivy/issues/6415)) - [`53517d6`](https://togithub.com/aquasecurity/trivy/commit/53517d622) feat(misconf): add helm-api-version and helm-kube-version flag ([#6332](https://togithub.com/aquasecurity/trivy/issues/6332)) - [`ad544e9`](https://togithub.com/aquasecurity/trivy/commit/ad544e97c) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.4.0 to 1.5.1 ([#6426](https://togithub.com/aquasecurity/trivy/issues/6426)) - [`089368d`](https://togithub.com/aquasecurity/trivy/commit/089368d96) chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 ([#6452](https://togithub.com/aquasecurity/trivy/issues/6452)) - [`1163565`](https://togithub.com/aquasecurity/trivy/commit/116356500) chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 ([#6430](https://togithub.com/aquasecurity/trivy/issues/6430)) - [`637da2b`](https://togithub.com/aquasecurity/trivy/commit/637da2b17) chore(deps): bump aquaproj/aqua-installer from 2.2.0 to 3.0.0 ([#6437](https://togithub.com/aquasecurity/trivy/issues/6437)) - [`13190e9`](https://togithub.com/aquasecurity/trivy/commit/13190e92d) fix(terraform): eval submodules ([#6411](https://togithub.com/aquasecurity/trivy/issues/6411)) - [`6bca7c3`](https://togithub.com/aquasecurity/trivy/commit/6bca7c3c7) refactor(terraform): remove unused options ([#6446](https://togithub.com/aquasecurity/trivy/issues/6446)) - [`8e4279b`](https://togithub.com/aquasecurity/trivy/commit/8e4279b86) refactor(terraform): remove unused file ([#6445](https://togithub.com/aquasecurity/trivy/issues/6445)) - [`e98c873`](https://togithub.com/aquasecurity/trivy/commit/e98c873ed) chore(deps): bump github.com/testcontainers/testcontainers-go to v0.28.0 ([#6387](https://togithub.com/aquasecurity/trivy/issues/6387)) - [`b1c2eab`](https://togithub.com/aquasecurity/trivy/commit/b1c2eab5a) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.0 to 1.10.0 ([#6427](https://togithub.com/aquasecurity/trivy/issues/6427)) - [`1c49a16`](https://togithub.com/aquasecurity/trivy/commit/1c49a16c6) fix(misconf): Escape template value correctly ([#6292](https://togithub.com/aquasecurity/trivy/issues/6292)) - [`8dd0fcd`](https://togithub.com/aquasecurity/trivy/commit/8dd0fcd61) feat(misconf): add support for wildcard ignores ([#6414](https://togithub.com/aquasecurity/trivy/issues/6414)) - [`74e4c6e`](https://togithub.com/aquasecurity/trivy/commit/74e4c6e01) fix(cloudformation): resolve `DedicatedMasterEnabled` parsing issue ([#6439](https://togithub.com/aquasecurity/trivy/issues/6439)) - [`245c120`](https://togithub.com/aquasecurity/trivy/commit/245c12053) refactor(terraform): remove metrics collection ([#6444](https://togithub.com/aquasecurity/trivy/issues/6444)) - [`86714bf`](https://togithub.com/aquasecurity/trivy/commit/86714bf6b) feat(cloudformation): add support for logging and endpoint access for EKS ([#6440](https://togithub.com/aquasecurity/trivy/issues/6440)) - [`a758392`](https://togithub.com/aquasecurity/trivy/commit/a75839212) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.53.1 ([#6424](https://togithub.com/aquasecurity/trivy/issues/6424)) - [`4d00d8b`](https://togithub.com/aquasecurity/trivy/commit/4d00d8b52) chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.10 ([#6428](https://togithub.com/aquasecurity/trivy/issues/6428)) - [`3ad2b3e`](https://togithub.com/aquasecurity/trivy/commit/3ad2b3e25) chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 ([#6429](https://togithub.com/aquasecurity/trivy/issues/6429)) - [`8baccd7`](https://togithub.com/aquasecurity/trivy/commit/8baccd790) fix(db): check schema version for image name only ([#6410](https://togithub.com/aquasecurity/trivy/issues/6410)) - [`e75a90f`](https://togithub.com/aquasecurity/trivy/commit/e75a90f2e) chore(deps): bump github.com/google/wire from 0.5.0 to 0.6.0 ([#6425](https://togithub.com/aquasecurity/trivy/issues/6425)) - [`6625bd3`](https://togithub.com/aquasecurity/trivy/commit/6625bd32e) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.149.1 to 1.155.1 ([#6433](https://togithub.com/aquasecurity/trivy/issues/6433)) - [`826fe60`](https://togithub.com/aquasecurity/trivy/commit/826fe6073) chore(deps): bump actions/cache from 4.0.0 to 4.0.2 ([#6436](https://togithub.com/aquasecurity/trivy/issues/6436)) - [`f23ed77`](https://togithub.com/aquasecurity/trivy/commit/f23ed7759) feat(misconf): Support private registries for misconf check bundle ([#6327](https://togithub.com/aquasecurity/trivy/issues/6327)) - [`df024e8`](https://togithub.com/aquasecurity/trivy/commit/df024e88d) feat(cloudformation): inline ignore support for YAML templates ([#6358](https://togithub.com/aquasecurity/trivy/issues/6358)) - [`29dee32`](https://togithub.com/aquasecurity/trivy/commit/29dee3281) feat(terraform): ignore resources by nested attributes ([#6302](https://togithub.com/aquasecurity/trivy/issues/6302)) - [`1a67472`](https://togithub.com/aquasecurity/trivy/commit/1a67472d2) perf(helm): load in-memory files ([#6383](https://togithub.com/aquasecurity/trivy/issues/6383)) - [`09e37b7`](https://togithub.com/aquasecurity/trivy/commit/09e37b7c6) feat(aws): apply filter options to result ([#6367](https://togithub.com/aquasecurity/trivy/issues/6367)) - [`87a9aa6`](https://togithub.com/aquasecurity/trivy/commit/87a9aa60d) feat(aws): quiet flag support ([#6331](https://togithub.com/aquasecurity/trivy/issues/6331)) - [`712dcd3`](https://togithub.com/aquasecurity/trivy/commit/712dcd300) fix(misconf): clear location URI for SARIF ([#6405](https://togithub.com/aquasecurity/trivy/issues/6405)) - [`625f22b`](https://togithub.com/aquasecurity/trivy/commit/625f22b81) test(cloudformation): add CF tests ([#6315](https://togithub.com/aquasecurity/trivy/issues/6315)) - [`6a2f6fd`](https://togithub.com/aquasecurity/trivy/commit/6a2f6fde4) fix(cloudformation): infer type after resolving a function ([#6406](https://togithub.com/aquasecurity/trivy/issues/6406)) ### [`v0.50.4`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.50.4) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.50.2...v0.50.4) #### Note v0.50.3 hads a critical problem, and we deleted it and released v0.50.4. #### Changelog - [`e47fd48`](https://togithub.com/aquasecurity/trivy/commit/e47fd487c) fix(sbom): change error to warning for multiple OSes ([#6541](https://togithub.com/aquasecurity/trivy/issues/6541)) ### [`v0.50.2`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.50.2) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.50.1...v0.50.2) #### Changelog - [`9aa9e17`](https://togithub.com/aquasecurity/trivy/commit/9aa9e173b) ci: use tmp dir inside Trivy repo dir for GoReleaser ([#6533](https://togithub.com/aquasecurity/trivy/issues/6533)) - [`058f483`](https://togithub.com/aquasecurity/trivy/commit/058f4839d) chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 ([#6526](https://togithub.com/aquasecurity/trivy/issues/6526)) - [`9e3d2c5`](https://togithub.com/aquasecurity/trivy/commit/9e3d2c5f9) chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 ([#6523](https://togithub.com/aquasecurity/trivy/issues/6523)) - [`2ad8e33`](https://togithub.com/aquasecurity/trivy/commit/2ad8e332e) fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories ([#6412](https://togithub.com/aquasecurity/trivy/issues/6412)) ### [`v0.50.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.50.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.50.0...v0.50.1) #### Changelog - [`5f69937`](https://togithub.com/aquasecurity/trivy/commit/5f69937cc) fix(sbom): fix error when parent of SPDX Relationships is not a package. ([#6399](https://togithub.com/aquasecurity/trivy/issues/6399)) - [`258d153`](https://togithub.com/aquasecurity/trivy/commit/258d15346) fix(nodejs): merge `Indirect`, `Dev`, `ExternalReferences` fields for same deps from `package-lock.json` files v2 or later ([#6356](https://togithub.com/aquasecurity/trivy/issues/6356)) - [`ade033a`](https://togithub.com/aquasecurity/trivy/commit/ade033a83) docs: add info about support for package license detection in `fs`/`repo` modes ([#6381](https://togithub.com/aquasecurity/trivy/issues/6381)) - [`f85c9fa`](https://togithub.com/aquasecurity/trivy/commit/f85c9fac6) fix(nodejs): add support for parsing `workspaces` from `package.json` as an object ([#6231](https://togithub.com/aquasecurity/trivy/issues/6231)) - [`9d7f5c9`](https://togithub.com/aquasecurity/trivy/commit/9d7f5c948) fix: use `0600` perms for tmp files for post analyzers ([#6386](https://togithub.com/aquasecurity/trivy/issues/6386)) - [`f148eb1`](https://togithub.com/aquasecurity/trivy/commit/f148eb10f) fix(helm): scan the subcharts once ([#6382](https://togithub.com/aquasecurity/trivy/issues/6382)) - [`97f95c4`](https://togithub.com/aquasecurity/trivy/commit/97f95c4dd) docs(terraform): add file patterns for Terraform Plan ([#6393](https://togithub.com/aquasecurity/trivy/issues/6393)) - [`abd62ae`](https://togithub.com/aquasecurity/trivy/commit/abd62ae74) fix(terraform): сhecking SSE encryption algorithm validity ([#6341](https://togithub.com/aquasecurity/trivy/issues/6341)) - [`7c409fd`](https://togithub.com/aquasecurity/trivy/commit/7c409fd27) fix(java): parse modules from `pom.xml` files once ([#6312](https://togithub.com/aquasecurity/trivy/issues/6312)) - [`1b68327`](https://togithub.com/aquasecurity/trivy/commit/1b68327b6) chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible ([#6364](https://togithub.com/aquasecurity/trivy/issues/6364)) - [`a2482c1`](https://togithub.com/aquasecurity/trivy/commit/a2482c14e) fix(server): add Locations for `Packages` in client/server mode ([#6366](https://togithub.com/aquasecurity/trivy/issues/6366)) - [`e866bd5`](https://togithub.com/aquasecurity/trivy/commit/e866bd5b5) fix(sbom): add check for `CreationInfo` to nil when detecting SPDX created using Trivy ([#6346](https://togithub.com/aquasecurity/trivy/issues/6346)) - [`1870f28`](https://togithub.com/aquasecurity/trivy/commit/1870f2846) fix(report): don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used ([#6348](https://togithub.com/aquasecurity/trivy/issues/6348)) - [`6c81e55`](https://togithub.com/aquasecurity/trivy/commit/6c81e5505) chore(ubuntu): Add Ubuntu 22.04 EOL date ([#6371](https://togithub.com/aquasecurity/trivy/issues/6371)) ### [`v0.50.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.50.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.49.1...v0.50.0) ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/6340](https://togithub.com/aquasecurity/trivy/discussions/6340) #### Changelog - [`8ec3938`](https://togithub.com/aquasecurity/trivy/commit/8ec3938e0) chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 ([#6321](https://togithub.com/aquasecurity/trivy/issues/6321)) - [`f6c5d58`](https://togithub.com/aquasecurity/trivy/commit/f6c5d5800) feat(java): add support licenses and graph for gradle lock files ([#6140](https://togithub.com/aquasecurity/trivy/issues/6140)) - [`c4022d6`](https://togithub.com/aquasecurity/trivy/commit/c4022d61b) feat(vex): consider root component for relationships ([#6313](https://togithub.com/aquasecurity/trivy/issues/6313)) - [`3177924`](https://togithub.com/aquasecurity/trivy/commit/317792433) fix: increase the default buffer size for scanning dpkg status files by 2 times ([#6298](https://togithub.com/aquasecurity/trivy/issues/6298)) - [`dd9620e`](https://togithub.com/aquasecurity/trivy/commit/dd9620ef3) chore: updates wazero to v1.7.0 ([#6301](https://togithub.com/aquasecurity/trivy/issues/6301)) - [`eb3ceb3`](https://togithub.com/aquasecurity/trivy/commit/eb3ceb323) feat(sbom): Support license detection for SBOM scan ([#6072](https://togithub.com/aquasecurity/trivy/issues/6072)) - [`ab74caa`](https://togithub.com/aquasecurity/trivy/commit/ab74caa87) refactor(sbom): use intermediate representation for SPDX ([#6310](https://togithub.com/aquasecurity/trivy/issues/6310)) - [`71da44f`](https://togithub.com/aquasecurity/trivy/commit/71da44f7e) docs(terraform): improve documentation for filtering by inline comments ([#6284](https://togithub.com/aquasecurity/trivy/issues/6284)) - [`102b6df`](https://togithub.com/aquasecurity/trivy/commit/102b6df73) fix(terraform): fix policy document retrieval ([#6276](https://togithub.com/aquasecurity/trivy/issues/6276)) - [`aa19aaf`](https://togithub.com/aquasecurity/trivy/commit/aa19aaf4e) refactor(terraform): remove unused custom error ([#6303](https://togithub.com/aquasecurity/trivy/issues/6303)) - [`8fcef35`](https://togithub.com/aquasecurity/trivy/commit/8fcef352b) refactor(sbom): add intermediate representation for BOM ([#6240](https://togithub.com/aquasecurity/trivy/issues/6240)) - [`fb8c516`](https://togithub.com/aquasecurity/trivy/commit/fb8c516de) fix(amazon): check only major version of AL to find advisories ([#6295](https://togithub.com/aquasecurity/trivy/issues/6295)) - [`96bd7ac`](https://togithub.com/aquasecurity/trivy/commit/96bd7ac59) fix(db): use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default ([#6219](https://togithub.com/aquasecurity/trivy/issues/6219)) - [`12c5bf0`](https://togithub.com/aquasecurity/trivy/commit/12c5bf080) fix(nodejs): add name validation for package name from `package.json` ([#6268](https://togithub.com/aquasecurity/trivy/issues/6268)) - [`d6c40ce`](https://togithub.com/aquasecurity/trivy/commit/d6c40ce05) docs: Added install instructions for FreeBSD ([#6293](https://togithub.com/aquasecurity/trivy/issues/6293)) - [`9d2057a`](https://togithub.com/aquasecurity/trivy/commit/9d2057a7c) feat(image): customer podman host or socket option ([#6256](https://togithub.com/aquasecurity/trivy/issues/6256)) - [`2a9d9bd`](https://togithub.com/aquasecurity/trivy/commit/2a9d9bd21) chore(deps): bump wazero from 1.2.1 to 1.6.0 ([#6290](https://togithub.com/aquasecurity/trivy/issues/6290)) - [`617c3e3`](https://togithub.com/aquasecurity/trivy/commit/617c3e31b) feat(java): mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` ([#6213](https://togithub.com/aquasecurity/trivy/issues/6213)) - [`56cedc0`](https://togithub.com/aquasecurity/trivy/commit/56cedc0d6) fix(license): reorder logic of how python package licenses are acquired ([#6220](https://togithub.com/aquasecurity/trivy/issues/6220)) - [`d7d7265`](https://togithub.com/aquasecurity/trivy/commit/d7d7265eb) test(terraform): skip cached modules ([#6281](https://togithub.com/aquasecurity/trivy/issues/6281)) - [`6639911`](https://togithub.com/aquasecurity/trivy/commit/663991166) feat(secret): Support for detecting Hugging Face Access Tokens ([#6236](https://togithub.com/aquasecurity/trivy/issues/6236)) - [`337cb75`](https://togithub.com/aquasecurity/trivy/commit/337cb7535) fix(cloudformation): support of all SSE algorithms for s3 ([#6270](https://togithub.com/aquasecurity/trivy/issues/6270)) - [`9361cdb`](https://togithub.com/aquasecurity/trivy/commit/9361cdb7e) feat(terraform): Terraform Plan snapshot scanning support ([#6176](https://togithub.com/aquasecurity/trivy/issues/6176)) - [`ee01e6e`](https://togithub.com/aquasecurity/trivy/commit/ee01e6e2f) chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 ([#6249](https://togithub.com/aquasecurity/trivy/issues/6249)) - [`3d2f583`](https://togithub.com/aquasecurity/trivy/commit/3d2f583ec) fix: typo function name and comment optimization ([#6200](https://togithub.com/aquasecurity/trivy/issues/6200)) - [`c4b5ab7`](https://togithub.com/aquasecurity/trivy/commit/c4b5ab788) fix(java): don't ignore runtime scope for pom.xml files ([#6223](https://togithub.com/aquasecurity/trivy/issues/6223)) - [`355c1b5`](https://togithub.com/aquasecurity/trivy/commit/355c1b583) chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 ([#6242](https://togithub.com/aquasecurity/trivy/issues/6242)) - [`7244ece`](https://togithub.com/aquasecurity/trivy/commit/7244ece53) chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 ([#6243](https://togithub.com/aquasecurity/trivy/issues/6243)) - [`5cd0566`](https://togithub.com/aquasecurity/trivy/commit/5cd056684) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 ([#6251](https://togithub.com/aquasecurity/trivy/issues/6251)) - [`ebb74a5`](https://togithub.com/aquasecurity/trivy/commit/ebb74a5de) chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 ([#6253](https://togithub.com/aquasecurity/trivy/issues/6253)) - [`24a8d6a`](https://togithub.com/aquasecurity/trivy/commit/24a8d6aaa) chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 ([#6250](https://togithub.com/aquasecurity/trivy/issues/6250)) - [`9d0d7ad`](https://togithub.com/aquasecurity/trivy/commit/9d0d7ad88) chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 ([#6247](https://togithub.com/aquasecurity/trivy/issues/6247)) - [`e8230e1`](https://togithub.com/aquasecurity/trivy/commit/e8230e19d) chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 ([#6246](https://togithub.com/aquasecurity/trivy/issues/6246)) - [`04535b5`](https://togithub.com/aquasecurity/trivy/commit/04535b554) fix(license): add FilePath to results to allow for license path filtering via trivyignore file ([#6215](https://togithub.com/aquasecurity/trivy/issues/6215)) - [`939e34e`](https://togithub.com/aquasecurity/trivy/commit/939e34e37) chore(deps): Upgrade iac deps ([#6255](https://togithub.com/aquasecurity/trivy/issues/6255)) - [`7cb6c02`](https://togithub.com/aquasecurity/trivy/commit/7cb6c02a4) feat: add info log message about dev deps suppression ([#6211](https://togithub.com/aquasecurity/trivy/issues/6211)) - [`c1d26ec`](https://togithub.com/aquasecurity/trivy/commit/c1d26ec33) test(k8s): use test-db for k8s integration tests ([#6222](https://togithub.com/aquasecurity/trivy/issues/6222)) - [`4f70468`](https://togithub.com/aquasecurity/trivy/commit/4f70468bd) ci: add maximize-build-space for `Test` job ([#6221](https://togithub.com/aquasecurity/trivy/issues/6221)) - [`1dfece8`](https://togithub.com/aquasecurity/trivy/commit/1dfece89d) fix(terraform): fix root module search ([#6160](https://togithub.com/aquasecurity/trivy/issues/6160)) - [`e1ea02c`](https://togithub.com/aquasecurity/trivy/commit/e1ea02c7b) test(parser): squash test data for yarn ([#6203](https://togithub.com/aquasecurity/trivy/issues/6203)) - [`64926d8`](https://togithub.com/aquasecurity/trivy/commit/64926d842) fix(terraform): do not re-expand dynamic blocks ([#6151](https://togithub.com/aquasecurity/trivy/issues/6151)) - [`eb54bb5`](https://togithub.com/aquasecurity/trivy/commit/eb54bb5da) docs: update ecosystem page reporting with db app ([#6201](https://togithub.com/aquasecurity/trivy/issues/6201)) - [`dc76c6e`](https://togithub.com/aquasecurity/trivy/commit/dc76c6e4f) fix: k8s summary separate infra and user finding results ([#6120](https://togithub.com/aquasecurity/trivy/issues/6120)) - [`1b7e474`](https://togithub.com/aquasecurity/trivy/commit/1b7e47424) fix: add context to target finding on k8s table view ([#6099](https://togithub.com/aquasecurity/trivy/issues/6099)) - [`876ab84`](https://togithub.com/aquasecurity/trivy/commit/876ab84b3) fix: Printf format err ([#6198](https://togithub.com/aquasecurity/trivy/issues/6198)) - [`eef7c4f`](https://togithub.com/aquasecurity/trivy/commit/eef7c4fb4) refactor: better integration of the parser into Trivy ([#6183](https://togithub.com/aquasecurity/trivy/issues/6183)) - [`069aae5`](https://togithub.com/aquasecurity/trivy/commit/069aae59e) chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 ([#6189](https://togithub.com/aquasecurity/trivy/issues/6189)) - [`4a9ac6d`](https://togithub.com/aquasecurity/trivy/commit/4a9ac6d19) feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction ([#6108](https://togithub.com/aquasecurity/trivy/issues/6108)) - [`9c5e5a0`](https://togithub.com/aquasecurity/trivy/commit/9c5e5a04e) fix(vex): CSAF filtering should consider relationships ([#5923](https://togithub.com/aquasecurity/trivy/issues/5923)) - [`388f476`](https://togithub.com/aquasecurity/trivy/commit/388f47669) refactor(report): Replacing `source_location` in `github` report when scanning an image ([#5999](https://togithub.com/aquasecurity/trivy/issues/5999)) - [`cd3e4bc`](https://togithub.com/aquasecurity/trivy/commit/cd3e4bcac) feat(vuln): ignore vulnerabilities by PURL ([#6178](https://togithub.com/aquasecurity/trivy/issues/6178)) - [`ce81c05`](https://togithub.com/aquasecurity/trivy/commit/ce81c0585) feat(java): add support for fetching packages from repos mentioned in pom.xml ([#6171](https://togithub.com/aquasecurity/trivy/issues/6171)) - [`cf0f0d0`](https://togithub.com/aquasecurity/trivy/commit/cf0f0d00c) feat(k8s): rancher rke2 version support ([#5988](https://togithub.com/aquasecurity/trivy/issues/5988)) - [`8a3a113`](https://togithub.com/aquasecurity/trivy/commit/8a3a113ee) docs: update kbom distribution for scanning ([#6019](https://togithub.com/aquasecurity/trivy/issues/6019)) - [`19495ba`](https://togithub.com/aquasecurity/trivy/commit/19495ba7c) chore: update CODEOWNERS ([#6173](https://togithub.com/aquasecurity/trivy/issues/6173)) - [`e787e1a`](https://togithub.com/aquasecurity/trivy/commit/e787e1af0) fix(swift): try to use branch to resolve version ([#6168](https://togithub.com/aquasecurity/trivy/issues/6168)) - [`327cf88`](https://togithub.com/aquasecurity/trivy/commit/327cf8839) fix(terraform): ensure consistent path handling across OS ([#6161](https://togithub.com/aquasecurity/trivy/issues/6161)) - [`8221473`](https://togithub.com/aquasecurity/trivy/commit/82214736a) fix(java): add only valid libs from `pom.properties` files from `jars` ([#6164](https://togithub.com/aquasecurity/trivy/issues/6164)) - [`7694df1`](https://togithub.com/aquasecurity/trivy/commit/7694df11f) fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source ([#6163](https://togithub.com/aquasecurity/trivy/issues/6163)) - [`74dc5b6`](https://togithub.com/aquasecurity/trivy/commit/74dc5b680) chore(deps): merge go-dep-parser into Trivy ([#6094](https://togithub.com/aquasecurity/trivy/issues/6094)) - [`32a02a9`](https://togithub.com/aquasecurity/trivy/commit/32a02a95d) docs(report): add remark about `path` to filter licenses using `.trivyignore.yaml` file ([#6145](https://togithub.com/aquasecurity/trivy/issues/6145)) - [`fb79ea7`](https://togithub.com/aquasecurity/trivy/commit/fb79ea7c9) docs: update template path for gitlab-ci tutorial ([#6144](https://togithub.com/aquasecurity/trivy/issues/6144)) - [`c6844a7`](https://togithub.com/aquasecurity/trivy/commit/c6844a73f) feat(report): support for filtering licenses and secrets via rego policy files ([#6004](https://togithub.com/aquasecurity/trivy/issues/6004)) - [`a813506`](https://togithub.com/aquasecurity/trivy/commit/a813506f4) fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file ([#6113](https://togithub.com/aquasecurity/trivy/issues/6113)) - [`14adbb4`](https://togithub.com/aquasecurity/trivy/commit/14adbb446) refactor(deps): Merge defsec into trivy ([#6109](https://togithub.com/aquasecurity/trivy/issues/6109)) - [`efe0e0f`](https://togithub.com/aquasecurity/trivy/commit/efe0e0f8f) chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 ([#6142](https://togithub.com/aquasecurity/trivy/issues/6142)) - [`73dde32`](https://togithub.com/aquasecurity/trivy/commit/73dde3263) docs: add SecObserve in CI/CD and reporting ([#6139](https://togithub.com/aquasecurity/trivy/issues/6139)) - [`aadbad1`](https://togithub.com/aquasecurity/trivy/commit/aadbad1d7) fix(alpine): exclude empty licenses for apk packages ([#6130](https://togithub.com/aquasecurity/trivy/issues/6130)) - [`14a0981`](https://togithub.com/aquasecurity/trivy/commit/14a0981ef) docs: add docs tutorial on custom policies with rego ([#6104](https://togithub.com/aquasecurity/trivy/issues/6104)) - [`3ac6388`](https://togithub.com/aquasecurity/trivy/commit/3ac63887d) fix(nodejs): use project dir when searching for workspaces for Yarn.lock files ([#6102](https://togithub.com/aquasecurity/trivy/issues/6102)) - [`3c1601b`](https://togithub.com/aquasecurity/trivy/commit/3c1601b6c) feat(vuln): show suppressed vulnerabilities in table ([#6084](https://togithub.com/aquasecurity/trivy/issues/6084)) - [`c107e1a`](https://togithub.com/aquasecurity/trivy/commit/c107e1af2) docs: rename governance to principles ([#6107](https://togithub.com/aquasecurity/trivy/issues/6107)) - [`b26f217`](https://togithub.com/aquasecurity/trivy/commit/b26f21717) docs: add governance ([#6090](https://togithub.com/aquasecurity/trivy/issues/6090)) - [`7bd3b63`](https://togithub.com/aquasecurity/trivy/commit/7bd3b630b) refactor(deps): Merge trivy-iac into Trivy ([#6005](https://togithub.com/aquasecurity/trivy/issues/6005)) - [`535b5a9`](https://togithub.com/aquasecurity/trivy/commit/535b5a96d) feat(java): add dependency location support for `gradle` files ([#6083](https://togithub.com/aquasecurity/trivy/issues/6083)) - [`428420e`](https://togithub.com/aquasecurity/trivy/commit/428420ee8) chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 ([#6038](https://togithub.com/aquasecurity/trivy/issues/6038)) - [`7fec991`](https://togithub.com/aquasecurity/trivy/commit/7fec991c5) fix(misconf): get `user` from `Config.User` ([#6070](https://togithub.com/aquasecurity/trivy/issues/6070)) ### [`v0.49.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.49.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.49.0...v0.49.1) #### Changelog - [`6ccc0a5`](https://togithub.com/aquasecurity/trivy/commit/6ccc0a554) fix: check unescaped `BomRef` when matching `PkgIdentifier` ([#6025](https://togithub.com/aquasecurity/trivy/issues/6025)) - [`458c5d9`](https://togithub.com/aquasecurity/trivy/commit/458c5d95e) docs: Fix broken link to "pronunciation" ([#6057](https://togithub.com/aquasecurity/trivy/issues/6057)) - [`5c0ff6d`](https://togithub.com/aquasecurity/trivy/commit/5c0ff6dad) chore(deps): bump actions/upload-artifact from 3 to 4 ([#6047](https://togithub.com/aquasecurity/trivy/issues/6047)) - [`e2bd7f7`](https://togithub.com/aquasecurity/trivy/commit/e2bd7f75d) chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 ([#6042](https://togithub.com/aquasecurity/trivy/issues/6042)) - [`f95fbcb`](https://togithub.com/aquasecurity/trivy/commit/f95fbcb67) chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 ([#6043](https://togithub.com/aquasecurity/trivy/issues/6043)) - [`7651bf5`](https://togithub.com/aquasecurity/trivy/commit/7651bf59b) ci: reduce `root-reserve-mb` size for `maximize-build-space` ([#6064](https://togithub.com/aquasecurity/trivy/issues/6064)) - [`fc20dfd`](https://togithub.com/aquasecurity/trivy/commit/fc20dfdd8) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 ([#6041](https://togithub.com/aquasecurity/trivy/issues/6041)) - [`3bd80e7`](https://togithub.com/aquasecurity/trivy/commit/3bd80e7c2) chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 ([#6039](https://togithub.com/aquasecurity/trivy/issues/6039)) - [`2900a21`](https://togithub.com/aquasecurity/trivy/commit/2900a2117) fix: fix cursor usage in Redis Clear function ([#6056](https://togithub.com/aquasecurity/trivy/issues/6056)) - [`85cb9a7`](https://togithub.com/aquasecurity/trivy/commit/85cb9a763) chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 ([#6037](https://togithub.com/aquasecurity/trivy/issues/6037)) - [`4e962c0`](https://togithub.com/aquasecurity/trivy/commit/4e962c02a) fix(nodejs): add local packages support for `pnpm-lock.yaml` files ([#6034](https://togithub.com/aquasecurity/trivy/issues/6034)) - [`aa48a7b`](https://togithub.com/aquasecurity/trivy/commit/aa48a7b86) chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 ([#6046](https://togithub.com/aquasecurity/trivy/issues/6046)) - [`8aabbea`](https://togithub.com/aquasecurity/trivy/commit/8aabbea2d) chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 ([#6044](https://togithub.com/aquasecurity/trivy/issues/6044)) - [`ec02a65`](https://togithub.com/aquasecurity/trivy/commit/ec02a655a) chore(deps): bump actions/cache from 3.3.2 to 4.0.0 ([#6048](https://togithub.com/aquasecurity/trivy/issues/6048)) - [`27d35ba`](https://togithub.com/aquasecurity/trivy/commit/27d35baa4) test: fix flaky `TestDockerEngine` ([#6054](https://togithub.com/aquasecurity/trivy/issues/6054)) - [`c3a66da`](https://togithub.com/aquasecurity/trivy/commit/c3a66da9c) chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 ([#6040](https://togithub.com/aquasecurity/trivy/issues/6040)) - [`2000fe2`](https://togithub.com/aquasecurity/trivy/commit/2000fe24c) chore(deps): bump easimon/maximize-build-space from 9 to 10 ([#6049](https://togithub.com/aquasecurity/trivy/issues/6049)) - [`2be6421`](https://togithub.com/aquasecurity/trivy/commit/2be642154) chore(deps): bump alpine from 3.19.0 to 3.19.1 ([#6051](https://togithub.com/aquasecurity/trivy/issues/6051)) - [`41c0ef6`](https://togithub.com/aquasecurity/trivy/commit/41c0ef642) chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 ([#6028](https://togithub.com/aquasecurity/trivy/issues/6028)) ### [`v0.49.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.49.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.48.3...v0.49.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/6033](https://togithub.com/aquasecurity/trivy/discussions/6033) #### Changelog - [`729a051`](https://togithub.com/aquasecurity/trivy/commit/729a0512a) fix(java): recursive check all nested depManagements with import scope for pom.xml files ([#5982](https://togithub.com/aquasecurity/trivy/issues/5982)) - [`884745b`](https://togithub.com/aquasecurity/trivy/commit/884745b5e) chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 ([#6029](https://togithub.com/aquasecurity/trivy/issues/6029)) - [`59e5433`](https://togithub.com/aquasecurity/trivy/commit/59e54334d) fix(cli): inconsistent behavior across CLI flags, environment variables, and config files ([#5843](https://togithub.com/aquasecurity/trivy/issues/5843)) - [`5924c02`](https://togithub.com/aquasecurity/trivy/commit/5924c021d) feat(rust): Support workspace.members parsing for Cargo.toml analysis ([#5285](https://togithub.com/aquasecurity/trivy/issues/5285)) - [`4df9363`](https://togithub.com/aquasecurity/trivy/commit/4df936389) docs: add note about Bun ([#6001](https://togithub.com/aquasecurity/trivy/issues/6001)) - [`70dd572`](https://togithub.com/aquasecurity/trivy/commit/70dd572ef) fix(report): use `AWS_REGION` env for secrets in `asff` template ([#6011](https://togithub.com/aquasecurity/trivy/issues/6011)) - [`13f797f`](https://togithub.com/aquasecurity/trivy/commit/13f797f88) fix: check returned error before deferring f.Close() ([#6007](https://togithub.com/aquasecurity/trivy/issues/6007)) - [`adfde63`](https://togithub.com/aquasecurity/trivy/commit/adfde63d0) feat(misconf): add support of buildkit instructions when building dockerfile from image config ([#5990](https://togithub.com/aquasecurity/trivy/issues/5990)) - [`e2eb70e`](https://togithub.com/aquasecurity/trivy/commit/e2eb70ecb) feat(vuln): enable `--vex` for all targets ([#5992](https://togithub.com/aquasecurity/trivy/issues/5992)) - [`f9da021`](https://togithub.com/aquasecurity/trivy/commit/f9da02131) docs: update link to data sources ([#6000](https://togithub.com/aquasecurity/trivy/issues/6000)) - [`b4b90cf`](https://togithub.com/aquasecurity/trivy/commit/b4b90cfe2) feat(java): add support for line numbers for pom.xml files ([#5991](https://togithub.com/aquasecurity/trivy/issues/5991)) - [`fb36c4e`](https://togithub.com/aquasecurity/trivy/commit/fb36c4ed0) refactor(sbom): use new `metadata.tools` struct for CycloneDX ([#5981](https://togithub.com/aquasecurity/trivy/issues/5981)) - [`f6be42b`](https://togithub.com/aquasecurity/trivy/commit/f6be42b71) docs: Update troubleshooting guide with image not found error ([#5983](https://togithub.com/aquasecurity/trivy/issues/5983)) - [`bb6caea`](https://togithub.com/aquasecurity/trivy/commit/bb6caea5c) style: update band logos ([#5968](https://togithub.com/aquasecurity/trivy/issues/5968)) - [`189a46a`](https://togithub.com/aquasecurity/trivy/commit/189a46a01) chore(deps): Update misconfig deps ([#5956](https://togithub.com/aquasecurity/trivy/issues/5956)) - [`91a2547`](https://togithub.com/aquasecurity/trivy/commit/91a2547d1) docs: update cosign tutorial and commands, update kyverno policy ([#5929](https://togithub.com/aquasecurity/trivy/issues/5929)) - [`a96f66f`](https://togithub.com/aquasecurity/trivy/commit/a96f66f17) docs: update command to scan go binary ([#5969](https://togithub.com/aquasecurity/trivy/issues/5969)) - [`2212d14`](https://togithub.com/aquasecurity/trivy/commit/2212d1443) fix: handle non-parsable images names ([#5965](https://togithub.com/aquasecurity/trivy/issues/5965)) - [`7cad04b`](https://togithub.com/aquasecurity/trivy/commit/7cad04bdf) chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 ([#5693](https://togithub.com/aquasecurity/trivy/issues/5693)) - [`fbc1a83`](https://togithub.com/aquasecurity/trivy/commit/fbc1a83f3) fix(amazon): save system files for pkgs containing `amzn` in src ([#5951](https://togithub.com/aquasecurity/trivy/issues/5951)) - [`260aa28`](https://togithub.com/aquasecurity/trivy/commit/260aa281f) fix(alpine): Add EOL support for alpine 3.19. ([#5938](https://togithub.com/aquasecurity/trivy/issues/5938)) - [`2c9d7c6`](https://togithub.com/aquasecurity/trivy/commit/2c9d7c6b5) feat: allow end-users to adjust K8S client QPS and burst ([#5910](https://togithub.com/aquasecurity/trivy/issues/5910)) - [`ffe2ca7`](https://togithub.com/aquasecurity/trivy/commit/ffe2ca7cb) chore(deps): bump go-ebs-file ([#5934](https://togithub.com/aquasecurity/trivy/issues/5934)) - [`f90d4ee`](https://togithub.com/aquasecurity/trivy/commit/f90d4ee43) fix(nodejs): find licenses for packages with slash ([#5836](https://togithub.com/aquasecurity/trivy/issues/5836)) - [`c75143f`](https://togithub.com/aquasecurity/trivy/commit/c75143f5e) fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports ([#5922](https://togithub.com/aquasecurity/trivy/issues/5922)) - [`a3fac90`](https://togithub.com/aquasecurity/trivy/commit/a3fac90b4) fix: ignore no init containers ([#5939](https://togithub.com/aquasecurity/trivy/issues/5939)) - [`b1b4734`](https://togithub.com/aquasecurity/trivy/commit/b1b4734f5) docs: Fix documentation of ecosystem ([#5940](https://togithub.com/aquasecurity/trivy/issues/5940)) - [`a2b6549`](https://togithub.com/aquasecurity/trivy/commit/a2b654945) docs(misconf): multiple ignores in comment ([#5926](https://togithub.com/aquasecurity/trivy/issues/5926)) - [`ae134a9`](https://togithub.com/aquasecurity/trivy/commit/ae134a9b3) fix(secret): find aws secrets ending with a comma or dot ([#5921](https://togithub.com/aquasecurity/trivy/issues/5921)) - [`c8c55fe`](https://togithub.com/aquasecurity/trivy/commit/c8c55fe21) chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 ([#5885](https://togithub.com/aquasecurity/trivy/issues/5885)) - [`4d2e785`](https://togithub.com/aquasecurity/trivy/commit/4d2e785ff) docs: ✨ Updated ecosystem docs with reference to new community app ([#5918](https://togithub.com/aquasecurity/trivy/issues/5918)) - [`7895657`](https://togithub.com/aquasecurity/trivy/commit/7895657c8) fix(java): don't remove excluded deps from upper pom's ([#5838](https://togithub.com/aquasecurity/trivy/issues/5838)) - [`37e7e3e`](https://togithub.com/aquasecurity/trivy/commit/37e7e3eab) fix(java): check if a version exists when determining GAV by file name for `jar` files ([#5630](https://togithub.com/aquasecurity/trivy/issues/5630)) - [`d0c81e2`](https://togithub.com/aquasecurity/trivy/commit/d0c81e23c) feat(vex): add PURL matching for CSAF VEX ([#5890](https://togithub.com/aquasecurity/trivy/issues/5890)) - [`958e1f1`](https://togithub.com/aquasecurity/trivy/commit/958e1f11f) fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. ([#5901](https://togithub.com/aquasecurity/trivy/issues/5901)) - [`56c4e24`](https://togithub.com/aquasecurity/trivy/commit/56c4e248a) revert(report): don't escape new line characters for sarif format ([#5897](https://togithub.com/aquasecurity/trivy/issues/5897)) - [`92d9b3d`](https://togithub.com/aquasecurity/trivy/commit/92d9b3dbb) docs: improve filter by rego ([#5402](https://togithub.com/aquasecurity/trivy/issues/5402)) - [`a626cdf`](https://togithub.com/aquasecurity/trivy/commit/a626cdf33) chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 ([#5892](https://togithub.com/aquasecurity/trivy/issues/5892)) - [`47b6c28`](https://togithub.com/aquasecurity/trivy/commit/47b6c2817) docs: add_scan2html_to_trivy_ecosystem ([#5875](https://togithub.com/aquasecurity/trivy/issues/5875)) - [`0ebb6c4`](https://togithub.com/aquasecurity/trivy/commit/0ebb6c468) fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode ([#5888](https://togithub.com/aquasecurity/trivy/issues/5888)) - [`c47ed0d`](https://togithub.com/aquasecurity/trivy/commit/c47ed0d81) feat(vex): Add support for CSAF format ([#5535](https://togithub.com/aquasecurity/trivy/issues/5535)) - [`2cdd65d`](https://togithub.com/aquasecurity/trivy/commit/2cdd65dd6) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 ([#5880](https://togithub.com/aquasecurity/trivy/issueConfiguration
📅 Schedule: Branch creation - "on sunday" in timezone America/Montreal, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.