aquasecurity/trivy (aquasec/trivy)
### [`v0.52.0`](https://togithub.com/aquasecurity/trivy/blob/HEAD/CHANGELOG.md#0520-2024-06-03)
[Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.51.4...v0.52.0)
##### Features
- Add Julia language analyzer support ([#5635](https://togithub.com/aquasecurity/trivy/issues/5635)) ([fecafb1](https://togithub.com/aquasecurity/trivy/commit/fecafb1fc5bb129c7485342a0775f0dd8bedd28e))
- add support for plugin index ([#6674](https://togithub.com/aquasecurity/trivy/issues/6674)) ([26faf8f](https://togithub.com/aquasecurity/trivy/commit/26faf8f3f04b1c5f9f81c03ffc6b2008732207e2))
- **misconf:** Add support for deprecating a check ([#6664](https://togithub.com/aquasecurity/trivy/issues/6664)) ([88702cf](https://togithub.com/aquasecurity/trivy/commit/88702cfd5918b093defc5b5580f7cbf16f5f2417))
- **misconf:** add Terraform 'removed' block to schema ([#6640](https://togithub.com/aquasecurity/trivy/issues/6640)) ([b7a0a13](https://togithub.com/aquasecurity/trivy/commit/b7a0a131a03ed49c08d3b0d481bc9284934fd6e1))
- **misconf:** register builtin Rego funcs from trivy-checks ([#6616](https://togithub.com/aquasecurity/trivy/issues/6616)) ([7c22ee3](https://togithub.com/aquasecurity/trivy/commit/7c22ee3df5ee51beb90e44428a99541b3d19ab98))
- **misconf:** resolve tf module from OpenTofu compatible registry ([#6743](https://togithub.com/aquasecurity/trivy/issues/6743)) ([ac74520](https://togithub.com/aquasecurity/trivy/commit/ac7452009bf7ca0fa8ee1de8807c792eabad405a))
- **misconf:** support for VPC resources for inbound/outbound rules ([#6779](https://togithub.com/aquasecurity/trivy/issues/6779)) ([349caf9](https://togithub.com/aquasecurity/trivy/commit/349caf96bc3dd81551d488044f1adfdb947f39fb))
- **misconf:** support symlinks inside of Helm archives ([#6621](https://togithub.com/aquasecurity/trivy/issues/6621)) ([4eae37c](https://togithub.com/aquasecurity/trivy/commit/4eae37c52b035b3576361c12f70d3d9517d0a73c))
- **nodejs:** add v9 pnpm lock file support ([#6617](https://togithub.com/aquasecurity/trivy/issues/6617)) ([1e08648](https://togithub.com/aquasecurity/trivy/commit/1e0864842e32a709941d4b4e8f521602bcee684d))
- **plugin:** specify plugin version ([#6683](https://togithub.com/aquasecurity/trivy/issues/6683)) ([d6dc567](https://togithub.com/aquasecurity/trivy/commit/d6dc56732babbc9d7f788c280a768d8648aa093d))
- **python:** add license support for `requirement.txt` files ([#6782](https://togithub.com/aquasecurity/trivy/issues/6782)) ([29615be](https://togithub.com/aquasecurity/trivy/commit/29615be85e8bfeaf5a0cd51829b1898c55fa4274))
- **python:** add line number support for `requirement.txt` files ([#6729](https://togithub.com/aquasecurity/trivy/issues/6729)) ([2bc54ad](https://togithub.com/aquasecurity/trivy/commit/2bc54ad2752aba5de4380cb92c13b09c0abefd73))
- **report:** Include licenses and secrets filtered by rego to ModifiedFindings ([#6483](https://togithub.com/aquasecurity/trivy/issues/6483)) ([fa3cf99](https://togithub.com/aquasecurity/trivy/commit/fa3cf993eace4be793f85907b42365269c597b91))
- **vex:** improve relationship support in CSAF VEX ([#6735](https://togithub.com/aquasecurity/trivy/issues/6735)) ([a447f6b](https://togithub.com/aquasecurity/trivy/commit/a447f6ba94b6f8b14177dc5e4369a788e2020d90))
- **vex:** support non-root components for products in OpenVEX ([#6728](https://togithub.com/aquasecurity/trivy/issues/6728)) ([9515695](https://togithub.com/aquasecurity/trivy/commit/9515695d45e9b5c20890e27e21e3ab45bfd4ce5f))
##### Bug Fixes
- clean up golangci lint configuration ([#6797](https://togithub.com/aquasecurity/trivy/issues/6797)) ([62de6f3](https://togithub.com/aquasecurity/trivy/commit/62de6f3feba6e4c56ad3922441d5b0f150c3d6b7))
- **cli:** always output fatal errors to stderr ([#6827](https://togithub.com/aquasecurity/trivy/issues/6827)) ([c2b9132](https://togithub.com/aquasecurity/trivy/commit/c2b9132a7e933a68df4cc0eb86aab23719ded1b5))
- close APKINDEX archive file ([#6672](https://togithub.com/aquasecurity/trivy/issues/6672)) ([5caf437](https://togithub.com/aquasecurity/trivy/commit/5caf4377f3a7fcb1f6e1a84c67136ae62d100be3))
- close settings.xml ([#6768](https://togithub.com/aquasecurity/trivy/issues/6768)) ([9c3e895](https://togithub.com/aquasecurity/trivy/commit/9c3e895fcb0852c00ac03ed21338768f76b5273b))
- close testfile ([#6830](https://togithub.com/aquasecurity/trivy/issues/6830)) ([aa0c413](https://togithub.com/aquasecurity/trivy/commit/aa0c413814e8915b38d2285c6a8ba5bc3f0705b4))
- **conda:** add support `pip` deps for `environment.yml` files ([#6675](https://togithub.com/aquasecurity/trivy/issues/6675)) ([150a773](https://togithub.com/aquasecurity/trivy/commit/150a77313e980cd63797a89a03afcbc97b285f38))
- **go:** add only non-empty root modules for `gobinaries` ([#6710](https://togithub.com/aquasecurity/trivy/issues/6710)) ([c96f2a5](https://togithub.com/aquasecurity/trivy/commit/c96f2a5b3de820da37e14594dd537c3b0949ae9c))
- **go:** include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` ([#6705](https://togithub.com/aquasecurity/trivy/issues/6705)) ([afb4f9d](https://togithub.com/aquasecurity/trivy/commit/afb4f9dc4730671ba004e1734fa66422c4c86dad))
- Golang version parsing from binaries w/GOEXPERIMENT ([#6696](https://togithub.com/aquasecurity/trivy/issues/6696)) ([696f2ae](https://togithub.com/aquasecurity/trivy/commit/696f2ae0ecdd4f90303f41249924a09ace70dd78))
- include packages unless it is not needed ([#6765](https://togithub.com/aquasecurity/trivy/issues/6765)) ([56dbe1f](https://togithub.com/aquasecurity/trivy/commit/56dbe1f6768fe67fbc1153b74fde0f83eaa1b281))
- **misconf:** don't shift ignore rule related to code ([#6708](https://togithub.com/aquasecurity/trivy/issues/6708)) ([39a746c](https://togithub.com/aquasecurity/trivy/commit/39a746c77837f873e87b81be40676818030f44c5))
- **misconf:** skip Rego errors with a nil location ([#6638](https://togithub.com/aquasecurity/trivy/issues/6638)) ([a2c522d](https://togithub.com/aquasecurity/trivy/commit/a2c522ddb229f049999c4ce74ef75a0e0f9fdc62))
- **misconf:** skip Rego errors with a nil location ([#6666](https://togithub.com/aquasecurity/trivy/issues/6666)) ([a126e10](https://togithub.com/aquasecurity/trivy/commit/a126e1075a44ef0e40c0dc1e214d1c5955f80242))
- node-collector high and critical cves ([#6707](https://togithub.com/aquasecurity/trivy/issues/6707)) ([ff32deb](https://togithub.com/aquasecurity/trivy/commit/ff32deb7bf9163c06963f557228260b3b8c161ed))
- **plugin:** initialize logger ([#6836](https://togithub.com/aquasecurity/trivy/issues/6836)) ([728e77a](https://togithub.com/aquasecurity/trivy/commit/728e77a7261dc3fcda1e61e79be066c789bbba0c))
- **python:** add package name and version validation for `requirements.txt` files. ([#6804](https://togithub.com/aquasecurity/trivy/issues/6804)) ([ea3a124](https://togithub.com/aquasecurity/trivy/commit/ea3a124fc7162c30c7f1a59bdb28db0b3c8bb86d))
- **report:** hide empty tables if all vulns has been filtered ([#6352](https://togithub.com/aquasecurity/trivy/issues/6352)) ([3d388d8](https://togithub.com/aquasecurity/trivy/commit/3d388d8552ef42d4d54176309a38c1879008527b))
- **sbom:** fix panic for `convert` mode when scanning json file derived from sbom file ([#6808](https://togithub.com/aquasecurity/trivy/issues/6808)) ([f92ea09](https://togithub.com/aquasecurity/trivy/commit/f92ea096856c7c262b05bd4d31c62689ebafac82))
- use of specified context to obtain cluster name ([#6645](https://togithub.com/aquasecurity/trivy/issues/6645)) ([39ebed4](https://togithub.com/aquasecurity/trivy/commit/39ebed45f8c218509d264bd3f3ca548fc33d2b3a))
##### Performance Improvements
- **misconf:** parse rego input once ([#6615](https://togithub.com/aquasecurity/trivy/issues/6615)) ([67c6b1d](https://togithub.com/aquasecurity/trivy/commit/67c6b1d473999003d682bdb42657bbf3a4a69a9c))
Configuration
📅 Schedule: Branch creation - "on sunday" in timezone America/Montreal, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
0.51.4->0.52.0Release Notes
aquasecurity/trivy (aquasec/trivy)
### [`v0.52.0`](https://togithub.com/aquasecurity/trivy/blob/HEAD/CHANGELOG.md#0520-2024-06-03) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.51.4...v0.52.0) ##### Features - Add Julia language analyzer support ([#5635](https://togithub.com/aquasecurity/trivy/issues/5635)) ([fecafb1](https://togithub.com/aquasecurity/trivy/commit/fecafb1fc5bb129c7485342a0775f0dd8bedd28e)) - add support for plugin index ([#6674](https://togithub.com/aquasecurity/trivy/issues/6674)) ([26faf8f](https://togithub.com/aquasecurity/trivy/commit/26faf8f3f04b1c5f9f81c03ffc6b2008732207e2)) - **misconf:** Add support for deprecating a check ([#6664](https://togithub.com/aquasecurity/trivy/issues/6664)) ([88702cf](https://togithub.com/aquasecurity/trivy/commit/88702cfd5918b093defc5b5580f7cbf16f5f2417)) - **misconf:** add Terraform 'removed' block to schema ([#6640](https://togithub.com/aquasecurity/trivy/issues/6640)) ([b7a0a13](https://togithub.com/aquasecurity/trivy/commit/b7a0a131a03ed49c08d3b0d481bc9284934fd6e1)) - **misconf:** register builtin Rego funcs from trivy-checks ([#6616](https://togithub.com/aquasecurity/trivy/issues/6616)) ([7c22ee3](https://togithub.com/aquasecurity/trivy/commit/7c22ee3df5ee51beb90e44428a99541b3d19ab98)) - **misconf:** resolve tf module from OpenTofu compatible registry ([#6743](https://togithub.com/aquasecurity/trivy/issues/6743)) ([ac74520](https://togithub.com/aquasecurity/trivy/commit/ac7452009bf7ca0fa8ee1de8807c792eabad405a)) - **misconf:** support for VPC resources for inbound/outbound rules ([#6779](https://togithub.com/aquasecurity/trivy/issues/6779)) ([349caf9](https://togithub.com/aquasecurity/trivy/commit/349caf96bc3dd81551d488044f1adfdb947f39fb)) - **misconf:** support symlinks inside of Helm archives ([#6621](https://togithub.com/aquasecurity/trivy/issues/6621)) ([4eae37c](https://togithub.com/aquasecurity/trivy/commit/4eae37c52b035b3576361c12f70d3d9517d0a73c)) - **nodejs:** add v9 pnpm lock file support ([#6617](https://togithub.com/aquasecurity/trivy/issues/6617)) ([1e08648](https://togithub.com/aquasecurity/trivy/commit/1e0864842e32a709941d4b4e8f521602bcee684d)) - **plugin:** specify plugin version ([#6683](https://togithub.com/aquasecurity/trivy/issues/6683)) ([d6dc567](https://togithub.com/aquasecurity/trivy/commit/d6dc56732babbc9d7f788c280a768d8648aa093d)) - **python:** add license support for `requirement.txt` files ([#6782](https://togithub.com/aquasecurity/trivy/issues/6782)) ([29615be](https://togithub.com/aquasecurity/trivy/commit/29615be85e8bfeaf5a0cd51829b1898c55fa4274)) - **python:** add line number support for `requirement.txt` files ([#6729](https://togithub.com/aquasecurity/trivy/issues/6729)) ([2bc54ad](https://togithub.com/aquasecurity/trivy/commit/2bc54ad2752aba5de4380cb92c13b09c0abefd73)) - **report:** Include licenses and secrets filtered by rego to ModifiedFindings ([#6483](https://togithub.com/aquasecurity/trivy/issues/6483)) ([fa3cf99](https://togithub.com/aquasecurity/trivy/commit/fa3cf993eace4be793f85907b42365269c597b91)) - **vex:** improve relationship support in CSAF VEX ([#6735](https://togithub.com/aquasecurity/trivy/issues/6735)) ([a447f6b](https://togithub.com/aquasecurity/trivy/commit/a447f6ba94b6f8b14177dc5e4369a788e2020d90)) - **vex:** support non-root components for products in OpenVEX ([#6728](https://togithub.com/aquasecurity/trivy/issues/6728)) ([9515695](https://togithub.com/aquasecurity/trivy/commit/9515695d45e9b5c20890e27e21e3ab45bfd4ce5f)) ##### Bug Fixes - clean up golangci lint configuration ([#6797](https://togithub.com/aquasecurity/trivy/issues/6797)) ([62de6f3](https://togithub.com/aquasecurity/trivy/commit/62de6f3feba6e4c56ad3922441d5b0f150c3d6b7)) - **cli:** always output fatal errors to stderr ([#6827](https://togithub.com/aquasecurity/trivy/issues/6827)) ([c2b9132](https://togithub.com/aquasecurity/trivy/commit/c2b9132a7e933a68df4cc0eb86aab23719ded1b5)) - close APKINDEX archive file ([#6672](https://togithub.com/aquasecurity/trivy/issues/6672)) ([5caf437](https://togithub.com/aquasecurity/trivy/commit/5caf4377f3a7fcb1f6e1a84c67136ae62d100be3)) - close settings.xml ([#6768](https://togithub.com/aquasecurity/trivy/issues/6768)) ([9c3e895](https://togithub.com/aquasecurity/trivy/commit/9c3e895fcb0852c00ac03ed21338768f76b5273b)) - close testfile ([#6830](https://togithub.com/aquasecurity/trivy/issues/6830)) ([aa0c413](https://togithub.com/aquasecurity/trivy/commit/aa0c413814e8915b38d2285c6a8ba5bc3f0705b4)) - **conda:** add support `pip` deps for `environment.yml` files ([#6675](https://togithub.com/aquasecurity/trivy/issues/6675)) ([150a773](https://togithub.com/aquasecurity/trivy/commit/150a77313e980cd63797a89a03afcbc97b285f38)) - **go:** add only non-empty root modules for `gobinaries` ([#6710](https://togithub.com/aquasecurity/trivy/issues/6710)) ([c96f2a5](https://togithub.com/aquasecurity/trivy/commit/c96f2a5b3de820da37e14594dd537c3b0949ae9c)) - **go:** include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` ([#6705](https://togithub.com/aquasecurity/trivy/issues/6705)) ([afb4f9d](https://togithub.com/aquasecurity/trivy/commit/afb4f9dc4730671ba004e1734fa66422c4c86dad)) - Golang version parsing from binaries w/GOEXPERIMENT ([#6696](https://togithub.com/aquasecurity/trivy/issues/6696)) ([696f2ae](https://togithub.com/aquasecurity/trivy/commit/696f2ae0ecdd4f90303f41249924a09ace70dd78)) - include packages unless it is not needed ([#6765](https://togithub.com/aquasecurity/trivy/issues/6765)) ([56dbe1f](https://togithub.com/aquasecurity/trivy/commit/56dbe1f6768fe67fbc1153b74fde0f83eaa1b281)) - **misconf:** don't shift ignore rule related to code ([#6708](https://togithub.com/aquasecurity/trivy/issues/6708)) ([39a746c](https://togithub.com/aquasecurity/trivy/commit/39a746c77837f873e87b81be40676818030f44c5)) - **misconf:** skip Rego errors with a nil location ([#6638](https://togithub.com/aquasecurity/trivy/issues/6638)) ([a2c522d](https://togithub.com/aquasecurity/trivy/commit/a2c522ddb229f049999c4ce74ef75a0e0f9fdc62)) - **misconf:** skip Rego errors with a nil location ([#6666](https://togithub.com/aquasecurity/trivy/issues/6666)) ([a126e10](https://togithub.com/aquasecurity/trivy/commit/a126e1075a44ef0e40c0dc1e214d1c5955f80242)) - node-collector high and critical cves ([#6707](https://togithub.com/aquasecurity/trivy/issues/6707)) ([ff32deb](https://togithub.com/aquasecurity/trivy/commit/ff32deb7bf9163c06963f557228260b3b8c161ed)) - **plugin:** initialize logger ([#6836](https://togithub.com/aquasecurity/trivy/issues/6836)) ([728e77a](https://togithub.com/aquasecurity/trivy/commit/728e77a7261dc3fcda1e61e79be066c789bbba0c)) - **python:** add package name and version validation for `requirements.txt` files. ([#6804](https://togithub.com/aquasecurity/trivy/issues/6804)) ([ea3a124](https://togithub.com/aquasecurity/trivy/commit/ea3a124fc7162c30c7f1a59bdb28db0b3c8bb86d)) - **report:** hide empty tables if all vulns has been filtered ([#6352](https://togithub.com/aquasecurity/trivy/issues/6352)) ([3d388d8](https://togithub.com/aquasecurity/trivy/commit/3d388d8552ef42d4d54176309a38c1879008527b)) - **sbom:** fix panic for `convert` mode when scanning json file derived from sbom file ([#6808](https://togithub.com/aquasecurity/trivy/issues/6808)) ([f92ea09](https://togithub.com/aquasecurity/trivy/commit/f92ea096856c7c262b05bd4d31c62689ebafac82)) - use of specified context to obtain cluster name ([#6645](https://togithub.com/aquasecurity/trivy/issues/6645)) ([39ebed4](https://togithub.com/aquasecurity/trivy/commit/39ebed45f8c218509d264bd3f3ca548fc33d2b3a)) ##### Performance Improvements - **misconf:** parse rego input once ([#6615](https://togithub.com/aquasecurity/trivy/issues/6615)) ([67c6b1d](https://togithub.com/aquasecurity/trivy/commit/67c6b1d473999003d682bdb42657bbf3a4a69a9c))Configuration
📅 Schedule: Branch creation - "on sunday" in timezone America/Montreal, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.