aquasecurity/trivy (aquasec/trivy)
### [`v0.54.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.54.1)
[Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.54.0...v0.54.1)
##### Changelog
- [`854c61d`](https://togithub.com/aquasecurity/trivy/commit/854c61d34a550a9fcbab3bc59e55b868c15d1962) release: v0.54.1 \[release/v0.54] ([#7282](https://togithub.com/aquasecurity/trivy/issues/7282))
- [`334a1c2`](https://togithub.com/aquasecurity/trivy/commit/334a1c293bb3d490af2a6d80732f399efaac22f7) fix(flag): incorrect behavior for deprected flag `--clear-cache` \[backport: release/v0.54] ([#7285](https://togithub.com/aquasecurity/trivy/issues/7285))
- [`f61725c`](https://togithub.com/aquasecurity/trivy/commit/f61725c28b56d80fb46395479842a2ab0c517c5f) fix(java): Return error when trying to find a remote pom to avoid segfault \[backport: release/v0.54] ([#7283](https://togithub.com/aquasecurity/trivy/issues/7283))
- [`a7b7117`](https://togithub.com/aquasecurity/trivy/commit/a7b7117fe2c9608e990b42e702cc83675c48f888) fix(plugin): do not call GitHub content API for releases and tags \[backport: release/v0.54] ([#7279](https://togithub.com/aquasecurity/trivy/issues/7279))
### [`v0.54.0`](https://togithub.com/aquasecurity/trivy/blob/HEAD/CHANGELOG.md#0540-2024-07-30)
[Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.53.0...v0.54.0)
##### Features
- add `log.FilePath()` function for logger ([#7080](https://togithub.com/aquasecurity/trivy/issues/7080)) ([1f5f348](https://togithub.com/aquasecurity/trivy/commit/1f5f34895823fae81bf521fc939bee743a50e304))
- add openSUSE tumbleweed detection and scanning ([#6965](https://togithub.com/aquasecurity/trivy/issues/6965)) ([17b5dbf](https://togithub.com/aquasecurity/trivy/commit/17b5dbfa12180414b87859c6c46bfe6cc5ecf7ba))
- **cli:** rename `--vuln-type` flag to `--pkg-types` flag ([#7104](https://togithub.com/aquasecurity/trivy/issues/7104)) ([7cbdb0a](https://togithub.com/aquasecurity/trivy/commit/7cbdb0a0b5dff33e506e1c1f3119951fa241b432))
- **mariner:** Add support for Azure Linux ([#7186](https://togithub.com/aquasecurity/trivy/issues/7186)) ([5cbc452](https://togithub.com/aquasecurity/trivy/commit/5cbc452a09822d1bf300ead88f0d613d4cf0349a))
- **misconf:** enabled China configuration for ACRs ([#7156](https://togithub.com/aquasecurity/trivy/issues/7156)) ([d1ec89d](https://togithub.com/aquasecurity/trivy/commit/d1ec89d1db4b039f0e31076ccd1ca969fb15628e))
- **nodejs:** add license parser to pnpm analyser ([#7036](https://togithub.com/aquasecurity/trivy/issues/7036)) ([03ac93d](https://togithub.com/aquasecurity/trivy/commit/03ac93dc208f1b40896f3fa11fa1d45293176dca))
- **sbom:** add image labels into `SPDX` and `CycloneDX` reports ([#7257](https://togithub.com/aquasecurity/trivy/issues/7257)) ([4a2f492](https://togithub.com/aquasecurity/trivy/commit/4a2f492c6e685ff577fb96a7006cd0c43755baf4))
- **sbom:** add vulnerability support for SPDX formats ([#7213](https://togithub.com/aquasecurity/trivy/issues/7213)) ([efb1f69](https://togithub.com/aquasecurity/trivy/commit/efb1f6938321eec3529ef4fea6608261f6771ae0))
- share build-in rules ([#7207](https://togithub.com/aquasecurity/trivy/issues/7207)) ([bff317c](https://togithub.com/aquasecurity/trivy/commit/bff317c77bf4a5f615a80d9875d129213bd52f6d))
- **vex:** retrieve VEX attestations from OCI registries ([#7249](https://togithub.com/aquasecurity/trivy/issues/7249)) ([c2fd2e0](https://togithub.com/aquasecurity/trivy/commit/c2fd2e0d89567a0ccd996dda8790f3c3305ea6f7))
- **vex:** VEX Repository support ([#7206](https://togithub.com/aquasecurity/trivy/issues/7206)) ([88ba460](https://togithub.com/aquasecurity/trivy/commit/88ba46047c93e6046292523ae701de774dfdc4dc))
- **vuln:** add `--pkg-relationships` ([#7237](https://togithub.com/aquasecurity/trivy/issues/7237)) ([5c37361](https://togithub.com/aquasecurity/trivy/commit/5c37361600d922db27dd594b2a80c010a19b3a6e))
##### Bug Fixes
- Add dependencyManagement exclusions to the child exclusions ([#6969](https://togithub.com/aquasecurity/trivy/issues/6969)) ([dc68a66](https://togithub.com/aquasecurity/trivy/commit/dc68a662a701980d6529f61a65006f1e4728a3e5))
- add missing platform and type to spec ([#7149](https://togithub.com/aquasecurity/trivy/issues/7149)) ([c8a7abd](https://togithub.com/aquasecurity/trivy/commit/c8a7abd3b508975fcf10c254d13d1a2cd42da657))
- **cli:** error on missing config file ([#7154](https://togithub.com/aquasecurity/trivy/issues/7154)) ([7fa5e7d](https://togithub.com/aquasecurity/trivy/commit/7fa5e7d0ab67f20d434b2922725988695e32e6af))
- close file when failed to open gzip ([#7164](https://togithub.com/aquasecurity/trivy/issues/7164)) ([2a577a7](https://togithub.com/aquasecurity/trivy/commit/2a577a7bae37e5731dceaea8740683573b6b70a5))
- **dotnet:** don't include non-runtime libraries into report for `*.deps.json` files ([#7039](https://togithub.com/aquasecurity/trivy/issues/7039)) ([5bc662b](https://togithub.com/aquasecurity/trivy/commit/5bc662be9a8f072599f90abfd3b400c8ab055ed6))
- **dotnet:** show `nuget package dir not found` log only when checking `nuget` packages ([#7194](https://togithub.com/aquasecurity/trivy/issues/7194)) ([d76feba](https://togithub.com/aquasecurity/trivy/commit/d76febaee107c645e864da0f4d74a8f6ae4ad232))
- ignore nodes when listing permission is not allowed ([#7107](https://togithub.com/aquasecurity/trivy/issues/7107)) ([25f8143](https://togithub.com/aquasecurity/trivy/commit/25f8143f120965c636c5ea8386398b211b082398))
- **java:** avoid panic if deps from `pom` in `it` dir are not found ([#7245](https://togithub.com/aquasecurity/trivy/issues/7245)) ([4e54a7e](https://togithub.com/aquasecurity/trivy/commit/4e54a7e84c33c1be80c52c6db78c634bc3911715))
- **java:** use `go-mvn-version` to remove `Package` duplicates ([#7088](https://togithub.com/aquasecurity/trivy/issues/7088)) ([a7a304d](https://togithub.com/aquasecurity/trivy/commit/a7a304d53e1ce230f881c28c4f35885774cf3b9a))
- **misconf:** do not evaluate TF when a load error occurs ([#7109](https://togithub.com/aquasecurity/trivy/issues/7109)) ([f27c236](https://togithub.com/aquasecurity/trivy/commit/f27c236d6e155cb366aeef619b6ea96d20fb93da))
- **nodejs:** detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` ([#7110](https://togithub.com/aquasecurity/trivy/issues/7110)) ([54bb8bd](https://togithub.com/aquasecurity/trivy/commit/54bb8bdfb934d114b5570005853bf4bc0d40c609))
- **report:** hide empty table when all secrets/license/misconfigs are ignored ([#7171](https://togithub.com/aquasecurity/trivy/issues/7171)) ([c3036de](https://togithub.com/aquasecurity/trivy/commit/c3036de6d7719323d306a9666ccc8d928d936f9a))
- **secret:** skip regular strings contain secret patterns ([#7182](https://togithub.com/aquasecurity/trivy/issues/7182)) ([174b1e3](https://togithub.com/aquasecurity/trivy/commit/174b1e3515a6394cf8d523216d6267c1aefb820a))
- **secret:** trim excessively long lines ([#7192](https://togithub.com/aquasecurity/trivy/issues/7192)) ([92b13be](https://togithub.com/aquasecurity/trivy/commit/92b13be668bd20f8e9dac2f0cb8e5a2708b9b3b5))
- **secret:** update length of `hugging-face-access-token` ([#7216](https://togithub.com/aquasecurity/trivy/issues/7216)) ([8c87194](https://togithub.com/aquasecurity/trivy/commit/8c87194f0a6b194bc5d340c8a65bd99a3132d973))
- **server:** pass license categories to options ([#7203](https://togithub.com/aquasecurity/trivy/issues/7203)) ([9d52018](https://togithub.com/aquasecurity/trivy/commit/9d5201808da89607ae43570bdf1f335b482a6b79))
##### Performance Improvements
- **debian:** use `bytes.Index` in `emptyLineSplit` to cut allocation ([#7065](https://togithub.com/aquasecurity/trivy/issues/7065)) ([acbec05](https://togithub.com/aquasecurity/trivy/commit/acbec053c985388a26d899e73b4b7f5a6d1fa210))
Configuration
📅 Schedule: Branch creation - "on sunday" in timezone America/Montreal, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
0.53.0->0.54.1Release Notes
aquasecurity/trivy (aquasec/trivy)
### [`v0.54.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.54.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.54.0...v0.54.1) ##### Changelog - [`854c61d`](https://togithub.com/aquasecurity/trivy/commit/854c61d34a550a9fcbab3bc59e55b868c15d1962) release: v0.54.1 \[release/v0.54] ([#7282](https://togithub.com/aquasecurity/trivy/issues/7282)) - [`334a1c2`](https://togithub.com/aquasecurity/trivy/commit/334a1c293bb3d490af2a6d80732f399efaac22f7) fix(flag): incorrect behavior for deprected flag `--clear-cache` \[backport: release/v0.54] ([#7285](https://togithub.com/aquasecurity/trivy/issues/7285)) - [`f61725c`](https://togithub.com/aquasecurity/trivy/commit/f61725c28b56d80fb46395479842a2ab0c517c5f) fix(java): Return error when trying to find a remote pom to avoid segfault \[backport: release/v0.54] ([#7283](https://togithub.com/aquasecurity/trivy/issues/7283)) - [`a7b7117`](https://togithub.com/aquasecurity/trivy/commit/a7b7117fe2c9608e990b42e702cc83675c48f888) fix(plugin): do not call GitHub content API for releases and tags \[backport: release/v0.54] ([#7279](https://togithub.com/aquasecurity/trivy/issues/7279)) ### [`v0.54.0`](https://togithub.com/aquasecurity/trivy/blob/HEAD/CHANGELOG.md#0540-2024-07-30) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.53.0...v0.54.0) ##### Features - add `log.FilePath()` function for logger ([#7080](https://togithub.com/aquasecurity/trivy/issues/7080)) ([1f5f348](https://togithub.com/aquasecurity/trivy/commit/1f5f34895823fae81bf521fc939bee743a50e304)) - add openSUSE tumbleweed detection and scanning ([#6965](https://togithub.com/aquasecurity/trivy/issues/6965)) ([17b5dbf](https://togithub.com/aquasecurity/trivy/commit/17b5dbfa12180414b87859c6c46bfe6cc5ecf7ba)) - **cli:** rename `--vuln-type` flag to `--pkg-types` flag ([#7104](https://togithub.com/aquasecurity/trivy/issues/7104)) ([7cbdb0a](https://togithub.com/aquasecurity/trivy/commit/7cbdb0a0b5dff33e506e1c1f3119951fa241b432)) - **mariner:** Add support for Azure Linux ([#7186](https://togithub.com/aquasecurity/trivy/issues/7186)) ([5cbc452](https://togithub.com/aquasecurity/trivy/commit/5cbc452a09822d1bf300ead88f0d613d4cf0349a)) - **misconf:** enabled China configuration for ACRs ([#7156](https://togithub.com/aquasecurity/trivy/issues/7156)) ([d1ec89d](https://togithub.com/aquasecurity/trivy/commit/d1ec89d1db4b039f0e31076ccd1ca969fb15628e)) - **nodejs:** add license parser to pnpm analyser ([#7036](https://togithub.com/aquasecurity/trivy/issues/7036)) ([03ac93d](https://togithub.com/aquasecurity/trivy/commit/03ac93dc208f1b40896f3fa11fa1d45293176dca)) - **sbom:** add image labels into `SPDX` and `CycloneDX` reports ([#7257](https://togithub.com/aquasecurity/trivy/issues/7257)) ([4a2f492](https://togithub.com/aquasecurity/trivy/commit/4a2f492c6e685ff577fb96a7006cd0c43755baf4)) - **sbom:** add vulnerability support for SPDX formats ([#7213](https://togithub.com/aquasecurity/trivy/issues/7213)) ([efb1f69](https://togithub.com/aquasecurity/trivy/commit/efb1f6938321eec3529ef4fea6608261f6771ae0)) - share build-in rules ([#7207](https://togithub.com/aquasecurity/trivy/issues/7207)) ([bff317c](https://togithub.com/aquasecurity/trivy/commit/bff317c77bf4a5f615a80d9875d129213bd52f6d)) - **vex:** retrieve VEX attestations from OCI registries ([#7249](https://togithub.com/aquasecurity/trivy/issues/7249)) ([c2fd2e0](https://togithub.com/aquasecurity/trivy/commit/c2fd2e0d89567a0ccd996dda8790f3c3305ea6f7)) - **vex:** VEX Repository support ([#7206](https://togithub.com/aquasecurity/trivy/issues/7206)) ([88ba460](https://togithub.com/aquasecurity/trivy/commit/88ba46047c93e6046292523ae701de774dfdc4dc)) - **vuln:** add `--pkg-relationships` ([#7237](https://togithub.com/aquasecurity/trivy/issues/7237)) ([5c37361](https://togithub.com/aquasecurity/trivy/commit/5c37361600d922db27dd594b2a80c010a19b3a6e)) ##### Bug Fixes - Add dependencyManagement exclusions to the child exclusions ([#6969](https://togithub.com/aquasecurity/trivy/issues/6969)) ([dc68a66](https://togithub.com/aquasecurity/trivy/commit/dc68a662a701980d6529f61a65006f1e4728a3e5)) - add missing platform and type to spec ([#7149](https://togithub.com/aquasecurity/trivy/issues/7149)) ([c8a7abd](https://togithub.com/aquasecurity/trivy/commit/c8a7abd3b508975fcf10c254d13d1a2cd42da657)) - **cli:** error on missing config file ([#7154](https://togithub.com/aquasecurity/trivy/issues/7154)) ([7fa5e7d](https://togithub.com/aquasecurity/trivy/commit/7fa5e7d0ab67f20d434b2922725988695e32e6af)) - close file when failed to open gzip ([#7164](https://togithub.com/aquasecurity/trivy/issues/7164)) ([2a577a7](https://togithub.com/aquasecurity/trivy/commit/2a577a7bae37e5731dceaea8740683573b6b70a5)) - **dotnet:** don't include non-runtime libraries into report for `*.deps.json` files ([#7039](https://togithub.com/aquasecurity/trivy/issues/7039)) ([5bc662b](https://togithub.com/aquasecurity/trivy/commit/5bc662be9a8f072599f90abfd3b400c8ab055ed6)) - **dotnet:** show `nuget package dir not found` log only when checking `nuget` packages ([#7194](https://togithub.com/aquasecurity/trivy/issues/7194)) ([d76feba](https://togithub.com/aquasecurity/trivy/commit/d76febaee107c645e864da0f4d74a8f6ae4ad232)) - ignore nodes when listing permission is not allowed ([#7107](https://togithub.com/aquasecurity/trivy/issues/7107)) ([25f8143](https://togithub.com/aquasecurity/trivy/commit/25f8143f120965c636c5ea8386398b211b082398)) - **java:** avoid panic if deps from `pom` in `it` dir are not found ([#7245](https://togithub.com/aquasecurity/trivy/issues/7245)) ([4e54a7e](https://togithub.com/aquasecurity/trivy/commit/4e54a7e84c33c1be80c52c6db78c634bc3911715)) - **java:** use `go-mvn-version` to remove `Package` duplicates ([#7088](https://togithub.com/aquasecurity/trivy/issues/7088)) ([a7a304d](https://togithub.com/aquasecurity/trivy/commit/a7a304d53e1ce230f881c28c4f35885774cf3b9a)) - **misconf:** do not evaluate TF when a load error occurs ([#7109](https://togithub.com/aquasecurity/trivy/issues/7109)) ([f27c236](https://togithub.com/aquasecurity/trivy/commit/f27c236d6e155cb366aeef619b6ea96d20fb93da)) - **nodejs:** detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` ([#7110](https://togithub.com/aquasecurity/trivy/issues/7110)) ([54bb8bd](https://togithub.com/aquasecurity/trivy/commit/54bb8bdfb934d114b5570005853bf4bc0d40c609)) - **report:** hide empty table when all secrets/license/misconfigs are ignored ([#7171](https://togithub.com/aquasecurity/trivy/issues/7171)) ([c3036de](https://togithub.com/aquasecurity/trivy/commit/c3036de6d7719323d306a9666ccc8d928d936f9a)) - **secret:** skip regular strings contain secret patterns ([#7182](https://togithub.com/aquasecurity/trivy/issues/7182)) ([174b1e3](https://togithub.com/aquasecurity/trivy/commit/174b1e3515a6394cf8d523216d6267c1aefb820a)) - **secret:** trim excessively long lines ([#7192](https://togithub.com/aquasecurity/trivy/issues/7192)) ([92b13be](https://togithub.com/aquasecurity/trivy/commit/92b13be668bd20f8e9dac2f0cb8e5a2708b9b3b5)) - **secret:** update length of `hugging-face-access-token` ([#7216](https://togithub.com/aquasecurity/trivy/issues/7216)) ([8c87194](https://togithub.com/aquasecurity/trivy/commit/8c87194f0a6b194bc5d340c8a65bd99a3132d973)) - **server:** pass license categories to options ([#7203](https://togithub.com/aquasecurity/trivy/issues/7203)) ([9d52018](https://togithub.com/aquasecurity/trivy/commit/9d5201808da89607ae43570bdf1f335b482a6b79)) ##### Performance Improvements - **debian:** use `bytes.Index` in `emptyLineSplit` to cut allocation ([#7065](https://togithub.com/aquasecurity/trivy/issues/7065)) ([acbec05](https://togithub.com/aquasecurity/trivy/commit/acbec053c985388a26d899e73b4b7f5a6d1fa210))Configuration
📅 Schedule: Branch creation - "on sunday" in timezone America/Montreal, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.