Closed renovate[bot] closed 1 year ago
This PR contains the following updates:
0.37.3
0.45.1
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
0.37.3
->0.45.1
Release Notes
aquasecurity/trivy (trivy)
### [`v0.45.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.45.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.45.0...v0.45.1) #### Changelog - [`daae882`](https://togithub.com/aquasecurity/trivy/commit/daae88287) fix(purl): handle rust types ([#5186](https://togithub.com/aquasecurity/trivy/issues/5186)) - [`81240cf`](https://togithub.com/aquasecurity/trivy/commit/81240cf08) chore: auto-close issues ([#5177](https://togithub.com/aquasecurity/trivy/issues/5177)) - [`bd0accd`](https://togithub.com/aquasecurity/trivy/commit/bd0accd8a) chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 ([#5093](https://togithub.com/aquasecurity/trivy/issues/5093)) - [`ecee794`](https://togithub.com/aquasecurity/trivy/commit/ecee79403) fix(k8s): kbom support addons labels ([#5178](https://togithub.com/aquasecurity/trivy/issues/5178)) - [`9ebc25d`](https://togithub.com/aquasecurity/trivy/commit/9ebc25d88) test: validate SPDX with the JSON schema ([#5124](https://togithub.com/aquasecurity/trivy/issues/5124)) - [`9a49a37`](https://togithub.com/aquasecurity/trivy/commit/9a49a3773) chore: bump trivy-kubernetes-latest ([#5161](https://togithub.com/aquasecurity/trivy/issues/5161)) - [`ad1dc63`](https://togithub.com/aquasecurity/trivy/commit/ad1dc6327) docs: add 'Signature Verification' guide ([#4731](https://togithub.com/aquasecurity/trivy/issues/4731)) - [`7c68d4a`](https://togithub.com/aquasecurity/trivy/commit/7c68d4a7e) docs: add image-scanner-with-trivy for ecosystem ([#5159](https://togithub.com/aquasecurity/trivy/issues/5159)) - [`ed49609`](https://togithub.com/aquasecurity/trivy/commit/ed49609a7) fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem ([#5158](https://togithub.com/aquasecurity/trivy/issues/5158)) - [`1953972`](https://togithub.com/aquasecurity/trivy/commit/19539722e) chore(deps): bump github.com/CycloneDX/cyclonedx-go ([#5102](https://togithub.com/aquasecurity/trivy/issues/5102)) - [`c751601`](https://togithub.com/aquasecurity/trivy/commit/c7516011b) Update filtering.md ([#5131](https://togithub.com/aquasecurity/trivy/issues/5131)) - [`ccc6d7c`](https://togithub.com/aquasecurity/trivy/commit/ccc6d7cb2) chore(deps): bump sigstore/cosign-installer ([#5104](https://togithub.com/aquasecurity/trivy/issues/5104)) - [`48cbf45`](https://togithub.com/aquasecurity/trivy/commit/48cbf4553) chore(deps): bump github.com/cyphar/filepath-securejoin ([#5143](https://togithub.com/aquasecurity/trivy/issues/5143)) - [`a9c2c74`](https://togithub.com/aquasecurity/trivy/commit/a9c2c74c5) chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 ([#5103](https://togithub.com/aquasecurity/trivy/issues/5103)) - [`120ac68`](https://togithub.com/aquasecurity/trivy/commit/120ac68b5) chore(deps): bump easimon/maximize-build-space from 7 to 8 ([#5105](https://togithub.com/aquasecurity/trivy/issues/5105)) - [`41eaa78`](https://togithub.com/aquasecurity/trivy/commit/41eaa78ae) chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 ([#5126](https://togithub.com/aquasecurity/trivy/issues/5126)) - [`932f927`](https://togithub.com/aquasecurity/trivy/commit/932f92755) chaging adopters discussion tempalte ([#5091](https://togithub.com/aquasecurity/trivy/issues/5091)) - [`db31333`](https://togithub.com/aquasecurity/trivy/commit/db3133346) chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 ([#5092](https://togithub.com/aquasecurity/trivy/issues/5092)) - [`8c0b7d6`](https://togithub.com/aquasecurity/trivy/commit/8c0b7d619) chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 ([#5094](https://togithub.com/aquasecurity/trivy/issues/5094)) - [`c61c664`](https://togithub.com/aquasecurity/trivy/commit/c61c664c3) chore(deps): bump github.com/aws/aws-sdk-go-v2/config ([#5095](https://togithub.com/aquasecurity/trivy/issues/5095)) - [`a99944c`](https://togithub.com/aquasecurity/trivy/commit/a99944c1c) chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 ([#5097](https://togithub.com/aquasecurity/trivy/issues/5097)) - [`9fc844e`](https://togithub.com/aquasecurity/trivy/commit/9fc844ecf) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity ([#5098](https://togithub.com/aquasecurity/trivy/issues/5098)) - [`c504f8b`](https://togithub.com/aquasecurity/trivy/commit/c504f8be4) chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 ([#5106](https://togithub.com/aquasecurity/trivy/issues/5106)) ### [`v0.45.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.45.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.44.1...v0.45.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/5082](https://togithub.com/aquasecurity/trivy/discussions/5082) #### Changelog - [`cdab67e`](https://togithub.com/aquasecurity/trivy/commit/cdab67e7f) docs: add Bitnami ([#5078](https://togithub.com/aquasecurity/trivy/issues/5078)) - [`7acc5e8`](https://togithub.com/aquasecurity/trivy/commit/7acc5e831) feat(docker): add support for scanning Bitnami components ([#5062](https://togithub.com/aquasecurity/trivy/issues/5062)) - [`9628b1c`](https://togithub.com/aquasecurity/trivy/commit/9628b1cbf) feat: add support for .trivyignore.yaml ([#5070](https://togithub.com/aquasecurity/trivy/issues/5070)) - [`4547e27`](https://togithub.com/aquasecurity/trivy/commit/4547e2766) fix(terraform): improve detection of terraform files ([#4984](https://togithub.com/aquasecurity/trivy/issues/4984)) - [`0c8919e`](https://togithub.com/aquasecurity/trivy/commit/0c8919e1e) feat: filter artifacts on --exclude-owned flag ([#5059](https://togithub.com/aquasecurity/trivy/issues/5059)) - [`c04f234`](https://togithub.com/aquasecurity/trivy/commit/c04f234fa) fix(sbom): cyclonedx advisory should omit `null` value ([#5041](https://togithub.com/aquasecurity/trivy/issues/5041)) - [`f811ed2`](https://togithub.com/aquasecurity/trivy/commit/f811ed2d4) build: maximize build space for build tests ([#5072](https://togithub.com/aquasecurity/trivy/issues/5072)) - [`69ea5bf`](https://togithub.com/aquasecurity/trivy/commit/69ea5bf70) feat: improve kbom component name ([#5058](https://togithub.com/aquasecurity/trivy/issues/5058)) - [`3715dcb`](https://togithub.com/aquasecurity/trivy/commit/3715dcb3f) fix(pom): add licenses for pom artifacts ([#5071](https://togithub.com/aquasecurity/trivy/issues/5071)) - [`07f7e98`](https://togithub.com/aquasecurity/trivy/commit/07f7e9853) chore(deps): Update defsec to v0.92.0 ([#5068](https://togithub.com/aquasecurity/trivy/issues/5068)) - [`d4ca3cc`](https://togithub.com/aquasecurity/trivy/commit/d4ca3cce2) chore: bump Go to `1.20` ([#5067](https://togithub.com/aquasecurity/trivy/issues/5067)) - [`49fdd58`](https://togithub.com/aquasecurity/trivy/commit/49fdd584b) feat: PURL matching with qualifiers in OpenVEX ([#5061](https://togithub.com/aquasecurity/trivy/issues/5061)) - [`4401998`](https://togithub.com/aquasecurity/trivy/commit/4401998ec) feat(java): add graph support for pom.xml ([#4902](https://togithub.com/aquasecurity/trivy/issues/4902)) - [`9c211d0`](https://togithub.com/aquasecurity/trivy/commit/9c211d005) feat(swift): add vulns for cocoapods ([#5037](https://togithub.com/aquasecurity/trivy/issues/5037)) - [`422fa41`](https://togithub.com/aquasecurity/trivy/commit/422fa414e) fix: support image pull secret for additional workloads ([#5052](https://togithub.com/aquasecurity/trivy/issues/5052)) - [`8e93386`](https://togithub.com/aquasecurity/trivy/commit/8e933860a) fix: [#5033](https://togithub.com/aquasecurity/trivy/issues/5033) Superfluous double quote in html.tpl ([#5036](https://togithub.com/aquasecurity/trivy/issues/5036)) - [`9345a98`](https://togithub.com/aquasecurity/trivy/commit/9345a98ed) docs(repo): update trivy repo usage and example ([#5049](https://togithub.com/aquasecurity/trivy/issues/5049)) - [`5d8da70`](https://togithub.com/aquasecurity/trivy/commit/5d8da70c6) perf: Optimize Dockerfile for reduced layers and size ([#5038](https://togithub.com/aquasecurity/trivy/issues/5038)) - [`1be9da7`](https://togithub.com/aquasecurity/trivy/commit/1be9da7aa) feat: scan K8s Resources Kind with --all-namespaces ([#5043](https://togithub.com/aquasecurity/trivy/issues/5043)) - [`0e17d0b`](https://togithub.com/aquasecurity/trivy/commit/0e17d0bef) fix: vulnerability typo ([#5044](https://togithub.com/aquasecurity/trivy/issues/5044)) - [`d70fab2`](https://togithub.com/aquasecurity/trivy/commit/d70fab231) docs: adding a terraform tutorial to the docs ([#3708](https://togithub.com/aquasecurity/trivy/issues/3708)) - [`2fa264a`](https://togithub.com/aquasecurity/trivy/commit/2fa264ac1) feat(report): add licenses to sarif format ([#4866](https://togithub.com/aquasecurity/trivy/issues/4866)) - [`07ddf47`](https://togithub.com/aquasecurity/trivy/commit/07ddf4790) feat(misconf): show the resource name in the report ([#4806](https://togithub.com/aquasecurity/trivy/issues/4806)) - [`9de3606`](https://togithub.com/aquasecurity/trivy/commit/9de360623) chore: update alpine base images ([#5015](https://togithub.com/aquasecurity/trivy/issues/5015)) - [`ef70d20`](https://togithub.com/aquasecurity/trivy/commit/ef70d2076) feat: add Package.resolved swift files support ([#4932](https://togithub.com/aquasecurity/trivy/issues/4932)) - [`ec5d8be`](https://togithub.com/aquasecurity/trivy/commit/ec5d8bec0) feat(nodejs): parse licenses in yarn projects ([#4652](https://togithub.com/aquasecurity/trivy/issues/4652)) - [`3114c87`](https://togithub.com/aquasecurity/trivy/commit/3114c87e6) fix: k8s private registries support ([#5021](https://togithub.com/aquasecurity/trivy/issues/5021)) - [`6d79f55`](https://togithub.com/aquasecurity/trivy/commit/6d79f55db) bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 ([#5018](https://togithub.com/aquasecurity/trivy/issues/5018)) - [`9ace591`](https://togithub.com/aquasecurity/trivy/commit/9ace59106) feat(vuln): support last_affected field from osv ([#4944](https://togithub.com/aquasecurity/trivy/issues/4944)) - [`d442176`](https://togithub.com/aquasecurity/trivy/commit/d44217640) feat(server): add version endpoint ([#4869](https://togithub.com/aquasecurity/trivy/issues/4869)) - [`63cd41d`](https://togithub.com/aquasecurity/trivy/commit/63cd41d20) feat: k8s private registries support ([#4987](https://togithub.com/aquasecurity/trivy/issues/4987)) - [`cb16e23`](https://togithub.com/aquasecurity/trivy/commit/cb16e23f1) fix(server): add indirect prop to package ([#4974](https://togithub.com/aquasecurity/trivy/issues/4974)) - [`a4e981b`](https://togithub.com/aquasecurity/trivy/commit/a4e981b4e) docs: add coverage ([#4954](https://togithub.com/aquasecurity/trivy/issues/4954)) - [`6f03c79`](https://togithub.com/aquasecurity/trivy/commit/6f03c7940) feat(c): add location for lock file dependencies. ([#4994](https://togithub.com/aquasecurity/trivy/issues/4994)) - [`c748705`](https://togithub.com/aquasecurity/trivy/commit/c74870500) docs: adding blog post on ec2 ([#4813](https://togithub.com/aquasecurity/trivy/issues/4813)) - [`4e1316c`](https://togithub.com/aquasecurity/trivy/commit/4e1316c37) revert 32bit bins ([#4977](https://togithub.com/aquasecurity/trivy/issues/4977)) - [`fc959fc`](https://togithub.com/aquasecurity/trivy/commit/fc959fc57) chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 ([#4917](https://togithub.com/aquasecurity/trivy/issues/4917)) ### [`v0.44.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.44.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.44.0...v0.44.1) #### Changelog - [`f105279`](https://togithub.com/aquasecurity/trivy/commit/f10527998) fix(report): return severity colors in table format ([#4969](https://togithub.com/aquasecurity/trivy/issues/4969)) - [`bc2b0ca`](https://togithub.com/aquasecurity/trivy/commit/bc2b0ca6c) build: maximize available disk space for release ([#4937](https://togithub.com/aquasecurity/trivy/issues/4937)) - [`9493c6f`](https://togithub.com/aquasecurity/trivy/commit/9493c6f08) test(cli): Fix assertion helptext ([#4966](https://togithub.com/aquasecurity/trivy/issues/4966)) - [`b0359de`](https://togithub.com/aquasecurity/trivy/commit/b0359de66) chore(deps): Bump defsec to v0.91.1 ([#4965](https://togithub.com/aquasecurity/trivy/issues/4965)) - [`d3a34e4`](https://togithub.com/aquasecurity/trivy/commit/d3a34e409) test: validate CycloneDX with the JSON schema ([#4956](https://togithub.com/aquasecurity/trivy/issues/4956)) - [`798ef1b`](https://togithub.com/aquasecurity/trivy/commit/798ef1b64) fix(server): add licenses to the Result message ([#4955](https://togithub.com/aquasecurity/trivy/issues/4955)) - [`e8cf281`](https://togithub.com/aquasecurity/trivy/commit/e8cf28147) fix(aws): resolve endpoint if endpoint is passed ([#4925](https://togithub.com/aquasecurity/trivy/issues/4925)) - [`f18b0db`](https://togithub.com/aquasecurity/trivy/commit/f18b0db58) fix(sbom): move licenses to `name` field in Cyclonedx format ([#4941](https://togithub.com/aquasecurity/trivy/issues/4941)) - [`a796701`](https://togithub.com/aquasecurity/trivy/commit/a79670156) add only uniq deps in dependsOn ([#4943](https://togithub.com/aquasecurity/trivy/issues/4943)) - [`b544e0d`](https://togithub.com/aquasecurity/trivy/commit/b544e0dea) use testify instead of gotest.tools ([#4946](https://togithub.com/aquasecurity/trivy/issues/4946)) - [`067a0fc`](https://togithub.com/aquasecurity/trivy/commit/067a0fcb9) fix(nodejs): do not detect lock file in node_modules as an app ([#4949](https://togithub.com/aquasecurity/trivy/issues/4949)) - [`e6d7705`](https://togithub.com/aquasecurity/trivy/commit/e6d7705a5) bump go-dep-parser ([#4936](https://togithub.com/aquasecurity/trivy/issues/4936)) - [`c584dc1`](https://togithub.com/aquasecurity/trivy/commit/c584dc176) chore(deps): bump github.com/openvex/go-vex from 0.2.0 to 0.2.1 ([#4914](https://togithub.com/aquasecurity/trivy/issues/4914)) - [`358d56b`](https://togithub.com/aquasecurity/trivy/commit/358d56b6b) chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 ([#4909](https://togithub.com/aquasecurity/trivy/issues/4909)) - [`17f3ea9`](https://togithub.com/aquasecurity/trivy/commit/17f3ea918) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore ([#4912](https://togithub.com/aquasecurity/trivy/issues/4912)) - [`39ccbf7`](https://togithub.com/aquasecurity/trivy/commit/39ccbf7b5) test(aws): move part of unit tests to integration ([#4884](https://togithub.com/aquasecurity/trivy/issues/4884)) - [`6d3ae3b`](https://togithub.com/aquasecurity/trivy/commit/6d3ae3bcf) docs(cli): update help string for file and dir skipping ([#4872](https://togithub.com/aquasecurity/trivy/issues/4872)) - [`7d7a1ef`](https://togithub.com/aquasecurity/trivy/commit/7d7a1ef54) chore(deps): bump sigstore/cosign-installer ([#4910](https://togithub.com/aquasecurity/trivy/issues/4910)) - [`fc74950`](https://togithub.com/aquasecurity/trivy/commit/fc7495017) chore(deps): bump github.com/sosedoff/gitkit from 0.3.0 to 0.4.0 ([#4916](https://togithub.com/aquasecurity/trivy/issues/4916)) - [`b2a68bc`](https://togithub.com/aquasecurity/trivy/commit/b2a68bc06) chore(deps): bump k8s.io/api from 0.27.3 to 0.27.4 ([#4918](https://togithub.com/aquasecurity/trivy/issues/4918)) - [`e5c0c15`](https://togithub.com/aquasecurity/trivy/commit/e5c0c15b6) chore(deps): bump github.com/secure-systems-lab/go-securesystemslib ([#4919](https://togithub.com/aquasecurity/trivy/issues/4919)) - [`da37803`](https://togithub.com/aquasecurity/trivy/commit/da37803d5) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts ([#4913](https://togithub.com/aquasecurity/trivy/issues/4913)) - [`9744e64`](https://togithub.com/aquasecurity/trivy/commit/9744e6498) chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 ([#4915](https://togithub.com/aquasecurity/trivy/issues/4915)) - [`99eebc6`](https://togithub.com/aquasecurity/trivy/commit/99eebc670) docs: update the discussion template ([#4928](https://togithub.com/aquasecurity/trivy/issues/4928)) ### [`v0.44.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.44.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.43.1...v0.44.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4903](https://togithub.com/aquasecurity/trivy/discussions/4903) #### Changelog - [`d19c7d9`](https://togithub.com/aquasecurity/trivy/commit/d19c7d9f2) feat(repo): support local repositories ([#4890](https://togithub.com/aquasecurity/trivy/issues/4890)) - [`3c19761`](https://togithub.com/aquasecurity/trivy/commit/3c1976187) bump go-dep-parser ([#4893](https://togithub.com/aquasecurity/trivy/issues/4893)) - [`e1c2a8c`](https://togithub.com/aquasecurity/trivy/commit/e1c2a8c80) fix(misconf): add missing fields to proto ([#4861](https://togithub.com/aquasecurity/trivy/issues/4861)) - [`8b8e0e8`](https://togithub.com/aquasecurity/trivy/commit/8b8e0e83d) fix: remove trivy-db package replacement ([#4877](https://togithub.com/aquasecurity/trivy/issues/4877)) - [`f9efe44`](https://togithub.com/aquasecurity/trivy/commit/f9efe44fd) chore(test): bump the integration test timeout to 15m ([#4880](https://togithub.com/aquasecurity/trivy/issues/4880)) - [`7271d68`](https://togithub.com/aquasecurity/trivy/commit/7271d682f) chore(deps): Update defsec to v0.91.0 ([#4886](https://togithub.com/aquasecurity/trivy/issues/4886)) - [`c3bc67c`](https://togithub.com/aquasecurity/trivy/commit/c3bc67c89) chore: update CODEOWNERS ([#4871](https://togithub.com/aquasecurity/trivy/issues/4871)) - [`232ba82`](https://togithub.com/aquasecurity/trivy/commit/232ba823e) feat(vuln): support vulnerability status ([#4867](https://togithub.com/aquasecurity/trivy/issues/4867)) - [`11618c9`](https://togithub.com/aquasecurity/trivy/commit/11618c940) feat(misconf): Support custom URLs for policy bundle ([#4834](https://togithub.com/aquasecurity/trivy/issues/4834)) - [`0707569`](https://togithub.com/aquasecurity/trivy/commit/07075696d) refactor: replace with sortable packages ([#4858](https://togithub.com/aquasecurity/trivy/issues/4858)) - [`fbe1c9e`](https://togithub.com/aquasecurity/trivy/commit/fbe1c9eb1) docs: correct license scanning sample command ([#4855](https://togithub.com/aquasecurity/trivy/issues/4855)) - [`20c2246`](https://togithub.com/aquasecurity/trivy/commit/20c2246a6) fix(report): close the file ([#4842](https://togithub.com/aquasecurity/trivy/issues/4842)) - [`24a3e54`](https://togithub.com/aquasecurity/trivy/commit/24a3e547d) feat(nodejs): add support for include-dev-deps flag for yarn ([#4812](https://togithub.com/aquasecurity/trivy/issues/4812)) - [`a7bd7bb`](https://togithub.com/aquasecurity/trivy/commit/a7bd7bb65) feat(misconf): Add support for independently enabling libraries ([#4070](https://togithub.com/aquasecurity/trivy/issues/4070)) - [`4aa9ea0`](https://togithub.com/aquasecurity/trivy/commit/4aa9ea096) feat(secret): add secret config file for cache calculation ([#4837](https://togithub.com/aquasecurity/trivy/issues/4837)) - [`5d349d8`](https://togithub.com/aquasecurity/trivy/commit/5d349d814) Fix a link in gitlab-ci.md ([#4850](https://togithub.com/aquasecurity/trivy/issues/4850)) - [`a61531c`](https://togithub.com/aquasecurity/trivy/commit/a61531c1f) fix(flag): use globalstar to skip directories ([#4854](https://togithub.com/aquasecurity/trivy/issues/4854)) - [`78cc209`](https://togithub.com/aquasecurity/trivy/commit/78cc20937) chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible ([#4849](https://togithub.com/aquasecurity/trivy/issues/4849)) - [`9399604`](https://togithub.com/aquasecurity/trivy/commit/93996041b) fix(license): using common way for splitting licenses ([#4434](https://togithub.com/aquasecurity/trivy/issues/4434)) - [`3e2416d`](https://togithub.com/aquasecurity/trivy/commit/3e2416d77) fix(containerd): Use img platform in exporter instead of strict host platform ([#4477](https://togithub.com/aquasecurity/trivy/issues/4477)) - [`ce77bb4`](https://togithub.com/aquasecurity/trivy/commit/ce77bb46c) remove govulndb ([#4783](https://togithub.com/aquasecurity/trivy/issues/4783)) - [`c05caae`](https://togithub.com/aquasecurity/trivy/commit/c05caae43) fix(java): inherit licenses from parents ([#4817](https://togithub.com/aquasecurity/trivy/issues/4817)) - [`aca11b9`](https://togithub.com/aquasecurity/trivy/commit/aca11b95d) refactor: add allowed values for CLI flags ([#4800](https://togithub.com/aquasecurity/trivy/issues/4800)) - [`4cecd17`](https://togithub.com/aquasecurity/trivy/commit/4cecd17ea) add example regex to allow rules ([#4827](https://togithub.com/aquasecurity/trivy/issues/4827)) - [`4bc8d29`](https://togithub.com/aquasecurity/trivy/commit/4bc8d29c1) feat(misconf): Support custom data for rego policies for cloud ([#4745](https://togithub.com/aquasecurity/trivy/issues/4745)) - [`88243a0`](https://togithub.com/aquasecurity/trivy/commit/88243a0ad) docs: correcting the trivy k8s tutorial ([#4815](https://togithub.com/aquasecurity/trivy/issues/4815)) - [`3c7d988`](https://togithub.com/aquasecurity/trivy/commit/3c7d988d7) feat(cli): add --tf-exclude-downloaded-modules flag ([#4810](https://togithub.com/aquasecurity/trivy/issues/4810)) - [`fd0fd10`](https://togithub.com/aquasecurity/trivy/commit/fd0fd104f) fix(sbom): cyclonedx recommendations should include fixed versions for each package ([#4794](https://togithub.com/aquasecurity/trivy/issues/4794)) - [`d0d543b`](https://togithub.com/aquasecurity/trivy/commit/d0d543b88) feat(misconf): enable --policy flag to accept directory and files both ([#4777](https://togithub.com/aquasecurity/trivy/issues/4777)) - [`b43a3e6`](https://togithub.com/aquasecurity/trivy/commit/b43a3e623) feat(python): add license fields ([#4722](https://togithub.com/aquasecurity/trivy/issues/4722)) - [`aef7b14`](https://togithub.com/aquasecurity/trivy/commit/aef7b148a) fix: support trivy k8s-version on k8s sub-command ([#4786](https://togithub.com/aquasecurity/trivy/issues/4786)) ### [`v0.43.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.43.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.43.0...v0.43.1) #### Changelog - [`5d76aba`](https://togithub.com/aquasecurity/trivy/commit/5d76abadc) chore(deps): Update defsec to v0.90.3 ([#4793](https://togithub.com/aquasecurity/trivy/issues/4793)) - [`fed446c`](https://togithub.com/aquasecurity/trivy/commit/fed446c51) chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 ([#4752](https://togithub.com/aquasecurity/trivy/issues/4752)) - [`df62927`](https://togithub.com/aquasecurity/trivy/commit/df62927e5) chore(deps): bump alpine from 3.18.0 to 3.18.2 ([#4748](https://togithub.com/aquasecurity/trivy/issues/4748)) - [`1b9b9a8`](https://togithub.com/aquasecurity/trivy/commit/1b9b9a84f) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 ([#4758](https://togithub.com/aquasecurity/trivy/issues/4758)) - [`3c16ca8`](https://togithub.com/aquasecurity/trivy/commit/3c16ca821) docs(image): fix the comment on the soft/hard link ([#4740](https://togithub.com/aquasecurity/trivy/issues/4740)) - [`e5bee5c`](https://togithub.com/aquasecurity/trivy/commit/e5bee5ccc) check Type when filling pkgs in vulns ([#4776](https://togithub.com/aquasecurity/trivy/issues/4776)) - [`4b9f310`](https://togithub.com/aquasecurity/trivy/commit/4b9f310b9) feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script ([#4770](https://togithub.com/aquasecurity/trivy/issues/4770)) - [`8e7fb7c`](https://togithub.com/aquasecurity/trivy/commit/8e7fb7cc8) chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 ([#4756](https://togithub.com/aquasecurity/trivy/issues/4756)) - [`a9badea`](https://togithub.com/aquasecurity/trivy/commit/a9badeaba) fix(rocky): add architectures support for advisories ([#4691](https://togithub.com/aquasecurity/trivy/issues/4691)) - [`f8ebccc`](https://togithub.com/aquasecurity/trivy/commit/f8ebccc68) chore(deps): bump github.com/opencontainers/image-spec ([#4751](https://togithub.com/aquasecurity/trivy/issues/4751)) - [`1c81948`](https://togithub.com/aquasecurity/trivy/commit/1c81948e0) chore(deps): bump github.com/package-url/packageurl-go ([#4754](https://togithub.com/aquasecurity/trivy/issues/4754)) - [`497cc10`](https://togithub.com/aquasecurity/trivy/commit/497cc10d8) chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 ([#4750](https://togithub.com/aquasecurity/trivy/issues/4750)) - [`065f0af`](https://togithub.com/aquasecurity/trivy/commit/065f0afa5) chore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 ([#4755](https://togithub.com/aquasecurity/trivy/issues/4755)) - [`e260305`](https://togithub.com/aquasecurity/trivy/commit/e2603056d) chore(deps): bump github.com/testcontainers/testcontainers-go ([#4759](https://togithub.com/aquasecurity/trivy/issues/4759)) - [`0621402`](https://togithub.com/aquasecurity/trivy/commit/0621402bf) fix: documentation about reseting trivy image ([#4733](https://togithub.com/aquasecurity/trivy/issues/4733)) - [`798fdbc`](https://togithub.com/aquasecurity/trivy/commit/798fdbc01) fix(suse): Add openSUSE Leap 15.5 eol date as well ([#4744](https://togithub.com/aquasecurity/trivy/issues/4744)) - [`34a8929`](https://togithub.com/aquasecurity/trivy/commit/34a89293d) fix: update Amazon Linux 1 EOL ([#4761](https://togithub.com/aquasecurity/trivy/issues/4761)) ### [`v0.43.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.43.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.42.1...v0.43.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4741](https://togithub.com/aquasecurity/trivy/discussions/4741) #### Changelog - [`6008192`](https://togithub.com/aquasecurity/trivy/commit/600819248) chore(deps): Update defsec to v0.90.1 ([#4739](https://togithub.com/aquasecurity/trivy/issues/4739)) - [`73734ea`](https://togithub.com/aquasecurity/trivy/commit/73734eab2) feat(nodejs): support yarn workspaces ([#4664](https://togithub.com/aquasecurity/trivy/issues/4664)) - [`22463ab`](https://togithub.com/aquasecurity/trivy/commit/22463abab) feat(cli): add include-dev-deps flag ([#4700](https://togithub.com/aquasecurity/trivy/issues/4700)) - [`790c805`](https://togithub.com/aquasecurity/trivy/commit/790c8054e) fix(image): pass the secret scanner option to scan the img config ([#4735](https://togithub.com/aquasecurity/trivy/issues/4735)) - [`86fec9c`](https://togithub.com/aquasecurity/trivy/commit/86fec9c4a) fix: scan job pod it not found on k8s-1.27.x ([#4729](https://togithub.com/aquasecurity/trivy/issues/4729)) - [`26bc911`](https://togithub.com/aquasecurity/trivy/commit/26bc91160) feat(docker): add support for mTLS authentication when connecting to registry ([#4649](https://togithub.com/aquasecurity/trivy/issues/4649)) - [`d699e8c`](https://togithub.com/aquasecurity/trivy/commit/d699e8c10) chore(deps): Update defsec to v0.90.0 ([#4723](https://togithub.com/aquasecurity/trivy/issues/4723)) - [`1777878`](https://togithub.com/aquasecurity/trivy/commit/1777878e8) fix: skip scanning the gpg-pubkey package ([#4720](https://togithub.com/aquasecurity/trivy/issues/4720)) - [`9be0825`](https://togithub.com/aquasecurity/trivy/commit/9be08253a) Fix http registry oci pull ([#4701](https://togithub.com/aquasecurity/trivy/issues/4701)) - [`5d73b47`](https://togithub.com/aquasecurity/trivy/commit/5d73b47db) feat(misconf): Support skipping services ([#4686](https://togithub.com/aquasecurity/trivy/issues/4686)) - [`46e784c`](https://togithub.com/aquasecurity/trivy/commit/46e784c8a) docs: fix supported modes for pubspec.lock files ([#4713](https://togithub.com/aquasecurity/trivy/issues/4713)) - [`0f61a84`](https://togithub.com/aquasecurity/trivy/commit/0f61a8471) fix(misconf): disable the terraform plan analyzer for other scanners ([#4714](https://togithub.com/aquasecurity/trivy/issues/4714)) - [`8a1aa44`](https://togithub.com/aquasecurity/trivy/commit/8a1aa448a) clarifying a dir path is required for custom policies ([#4716](https://togithub.com/aquasecurity/trivy/issues/4716)) - [`fbab9ee`](https://togithub.com/aquasecurity/trivy/commit/fbab9eea3) chore: update alpine base images ([#4715](https://togithub.com/aquasecurity/trivy/issues/4715)) - [`f84417b`](https://togithub.com/aquasecurity/trivy/commit/f84417bba) fix last-history-created ([#4697](https://togithub.com/aquasecurity/trivy/issues/4697)) - [`85c681d`](https://togithub.com/aquasecurity/trivy/commit/85c681d44) feat: kbom and cyclonedx v1.5 spec support ([#4708](https://togithub.com/aquasecurity/trivy/issues/4708)) - [`46748ce`](https://togithub.com/aquasecurity/trivy/commit/46748ce6e) docs: add information about Aqua ([#4590](https://togithub.com/aquasecurity/trivy/issues/4590)) - [`c6741bd`](https://togithub.com/aquasecurity/trivy/commit/c6741bddf) fix: k8s escape resource filename on windows os ([#4693](https://togithub.com/aquasecurity/trivy/issues/4693)) - [`a21acc7`](https://togithub.com/aquasecurity/trivy/commit/a21acc7e0) ci: ignore merge queue branches ([#4696](https://togithub.com/aquasecurity/trivy/issues/4696)) - [`32a3a33`](https://togithub.com/aquasecurity/trivy/commit/32a3a3311) chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 ([#4695](https://togithub.com/aquasecurity/trivy/issues/4695)) - [`cbb47dc`](https://togithub.com/aquasecurity/trivy/commit/cbb47dc7c) chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 ([#4694](https://togithub.com/aquasecurity/trivy/issues/4694)) - [`e3d10d2`](https://togithub.com/aquasecurity/trivy/commit/e3d10d251) feat: cyclondx sbom custom property support ([#4688](https://togithub.com/aquasecurity/trivy/issues/4688)) - [`e1770e0`](https://togithub.com/aquasecurity/trivy/commit/e1770e046) ci: do not trigger tests in main ([#4692](https://togithub.com/aquasecurity/trivy/issues/4692)) - [`337c0b7`](https://togithub.com/aquasecurity/trivy/commit/337c0b70d) add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date ([#4690](https://togithub.com/aquasecurity/trivy/issues/4690)) - [`5ccee14`](https://togithub.com/aquasecurity/trivy/commit/5ccee1430) use group field for jar in cyclonedx ([#4674](https://togithub.com/aquasecurity/trivy/issues/4674)) - [`96db52c`](https://togithub.com/aquasecurity/trivy/commit/96db52c3f) feat(java): capture licenses from pom.xml ([#4681](https://togithub.com/aquasecurity/trivy/issues/4681)) - [`3e902a5`](https://togithub.com/aquasecurity/trivy/commit/3e902a57a) feat(helm): make sessionAffinity configurable ([#4623](https://togithub.com/aquasecurity/trivy/issues/4623)) - [`904f1cf`](https://togithub.com/aquasecurity/trivy/commit/904f1cf24) fix: Show the correct URL of the secret scanning ([#4682](https://togithub.com/aquasecurity/trivy/issues/4682)) - [`7d48c5d`](https://togithub.com/aquasecurity/trivy/commit/7d48c5d5d) document expected file pattern definition format ([#4654](https://togithub.com/aquasecurity/trivy/issues/4654)) - [`dcc73e9`](https://togithub.com/aquasecurity/trivy/commit/dcc73e964) fix: format arg error ([#4642](https://togithub.com/aquasecurity/trivy/issues/4642)) - [`35c4262`](https://togithub.com/aquasecurity/trivy/commit/35c4262d0) feat(k8s): cyclonedx kbom support ([#4557](https://togithub.com/aquasecurity/trivy/issues/4557)) - [`0e01851`](https://togithub.com/aquasecurity/trivy/commit/0e01851e9) fix(nodejs): remove unused fields for the pnpm lockfile ([#4630](https://togithub.com/aquasecurity/trivy/issues/4630)) - [`4d9b444`](https://togithub.com/aquasecurity/trivy/commit/4d9b44449) fix(vm): update ext4-filesystem parser for parse multi block extents ([#4616](https://togithub.com/aquasecurity/trivy/issues/4616)) - [`c29197a`](https://togithub.com/aquasecurity/trivy/commit/c29197ab7) ci: update build IDs ([#4641](https://togithub.com/aquasecurity/trivy/issues/4641)) - [`d7637ad`](https://togithub.com/aquasecurity/trivy/commit/d7637adc6) fix(debian): update EOL for Debian 12 ([#4647](https://togithub.com/aquasecurity/trivy/issues/4647)) - [`ef39eee`](https://togithub.com/aquasecurity/trivy/commit/ef39eeedf) chore(deps): bump go-containerregistry ([#4639](https://togithub.com/aquasecurity/trivy/issues/4639)) - [`1ce8bb5`](https://togithub.com/aquasecurity/trivy/commit/1ce8bb535) chore: unnecessary use of fmt.Sprintf (S1039) ([#4637](https://togithub.com/aquasecurity/trivy/issues/4637)) - [`bc9513f`](https://togithub.com/aquasecurity/trivy/commit/bc9513fc5) fix(db): change argument order in Exists query for JavaDB ([#4595](https://togithub.com/aquasecurity/trivy/issues/4595)) - [`aecd2f0`](https://togithub.com/aquasecurity/trivy/commit/aecd2f0bf) feat(aws): Add support to see successes in results ([#4427](https://togithub.com/aquasecurity/trivy/issues/4427)) - [`2cbf402`](https://togithub.com/aquasecurity/trivy/commit/2cbf402b6) chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 ([#4613](https://togithub.com/aquasecurity/trivy/issues/4613)) - [`0099b20`](https://togithub.com/aquasecurity/trivy/commit/0099b20e3) ci: do not trigger tests in main ([#4614](https://togithub.com/aquasecurity/trivy/issues/4614)) - [`a597a54`](https://togithub.com/aquasecurity/trivy/commit/a597a54fb) chore(deps): bump sigstore/cosign-installer ([#4609](https://togithub.com/aquasecurity/trivy/issues/4609)) - [`b453fbe`](https://togithub.com/aquasecurity/trivy/commit/b453fbec3) chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 ([#4608](https://togithub.com/aquasecurity/trivy/issues/4608)) - [`0e876d5`](https://togithub.com/aquasecurity/trivy/commit/0e876d5aa) ci: bypass the required status checks ([#4611](https://togithub.com/aquasecurity/trivy/issues/4611)) - [`a4f27d2`](https://togithub.com/aquasecurity/trivy/commit/a4f27d24a) ci: support merge queue ([#3652](https://togithub.com/aquasecurity/trivy/issues/3652)) - [`9e6411e`](https://togithub.com/aquasecurity/trivy/commit/9e6411e9f) ci: matrix build for testing ([#4587](https://togithub.com/aquasecurity/trivy/issues/4587)) - [`ef6538a`](https://togithub.com/aquasecurity/trivy/commit/ef6538a17) feat: trivy k8s private registry support ([#4567](https://togithub.com/aquasecurity/trivy/issues/4567)) - [`139f3e1`](https://togithub.com/aquasecurity/trivy/commit/139f3e1e3) docs: add general coverage page ([#3859](https://togithub.com/aquasecurity/trivy/issues/3859)) - [`479cfdd`](https://togithub.com/aquasecurity/trivy/commit/479cfdd40) chore: create SECURITY.md ([#4601](https://togithub.com/aquasecurity/trivy/issues/4601)) ### [`v0.42.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.42.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.42.0...v0.42.1) #### Changelog - [`9a279fa`](https://togithub.com/aquasecurity/trivy/commit/9a279fa7b) ci: remove 32bit packages ([#4585](https://togithub.com/aquasecurity/trivy/issues/4585)) - [`d52b0b7`](https://togithub.com/aquasecurity/trivy/commit/d52b0b7bc) fix(misconf): deduplicate misconf results ([#4588](https://togithub.com/aquasecurity/trivy/issues/4588)) - [`9b531fa`](https://togithub.com/aquasecurity/trivy/commit/9b531fa27) fix(vm): support sector size of 4096 ([#4564](https://togithub.com/aquasecurity/trivy/issues/4564)) - [`8ca1bfd`](https://togithub.com/aquasecurity/trivy/commit/8ca1bfdd2) fix(misconf): terraform relative paths ([#4571](https://togithub.com/aquasecurity/trivy/issues/4571)) - [`c20d466`](https://togithub.com/aquasecurity/trivy/commit/c20d46604) fix(purl): skip unsupported library type ([#4577](https://togithub.com/aquasecurity/trivy/issues/4577)) - [`52cbe79`](https://togithub.com/aquasecurity/trivy/commit/52cbe7975) fix(terraform): recursively detect all Root Modules ([#4457](https://togithub.com/aquasecurity/trivy/issues/4457)) - [`4a5b915`](https://togithub.com/aquasecurity/trivy/commit/4a5b91557) fix(vm): support post analyzer for vm command ([#4544](https://togithub.com/aquasecurity/trivy/issues/4544)) - [`56cdc55`](https://togithub.com/aquasecurity/trivy/commit/56cdc55f7) fix(nodejs): change the type of the devDependencies field ([#4560](https://togithub.com/aquasecurity/trivy/issues/4560)) - [`17d7536`](https://togithub.com/aquasecurity/trivy/commit/17d753676) fix(sbom): export empty dependencies in CycloneDX ([#4568](https://togithub.com/aquasecurity/trivy/issues/4568)) - [`2796abe`](https://togithub.com/aquasecurity/trivy/commit/2796abe1e) refactor: add composite fs for post-analyzers ([#4556](https://togithub.com/aquasecurity/trivy/issues/4556)) - [`22a1573`](https://togithub.com/aquasecurity/trivy/commit/22a157380) chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 ([#4554](https://togithub.com/aquasecurity/trivy/issues/4554)) - [`4358665`](https://togithub.com/aquasecurity/trivy/commit/43586659a) chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 ([#4526](https://togithub.com/aquasecurity/trivy/issues/4526)) - [`5081399`](https://togithub.com/aquasecurity/trivy/commit/508139965) chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 ([#4528](https://togithub.com/aquasecurity/trivy/issues/4528)) - [`e1a3812`](https://togithub.com/aquasecurity/trivy/commit/e1a38128a) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 ([#4529](https://togithub.com/aquasecurity/trivy/issues/4529)) - [`283eef6`](https://togithub.com/aquasecurity/trivy/commit/283eef637) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 ([#4536](https://togithub.com/aquasecurity/trivy/issues/4536)) - [`bbd7b98`](https://togithub.com/aquasecurity/trivy/commit/bbd7b9874) chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 ([#4549](https://togithub.com/aquasecurity/trivy/issues/4549)) - [`11c81bf`](https://togithub.com/aquasecurity/trivy/commit/11c81bf2f) chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 ([#4532](https://togithub.com/aquasecurity/trivy/issues/4532)) - [`2d8d63e`](https://togithub.com/aquasecurity/trivy/commit/2d8d63e61) chore(deps): bump github.com/testcontainers/testcontainers-go ([#4537](https://togithub.com/aquasecurity/trivy/issues/4537)) - [`a46839b`](https://togithub.com/aquasecurity/trivy/commit/a46839b1c) chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 ([#4530](https://togithub.com/aquasecurity/trivy/issues/4530)) - [`19715f5`](https://togithub.com/aquasecurity/trivy/commit/19715f5de) chore(deps): bump github.com/aws/aws-sdk-go-v2/config ([#4534](https://togithub.com/aquasecurity/trivy/issues/4534)) ### [`v0.42.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.42.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.41.0...v0.42.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4541](https://togithub.com/aquasecurity/trivy/discussions/4541) #### Changelog - [`854b639`](https://togithub.com/aquasecurity/trivy/commit/854b63940) chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 ([#4533](https://togithub.com/aquasecurity/trivy/issues/4533)) - [`59e1a86`](https://togithub.com/aquasecurity/trivy/commit/59e1a8664) chore(deps): bump alpine from 3.17.3 to 3.18.0 ([#4525](https://togithub.com/aquasecurity/trivy/issues/4525)) - [`9ef0113`](https://togithub.com/aquasecurity/trivy/commit/9ef01133c) feat: add SBOM analyzer ([#4210](https://togithub.com/aquasecurity/trivy/issues/4210)) - [`dadd1e1`](https://togithub.com/aquasecurity/trivy/commit/dadd1e10c) fix(sbom): update logic for work with files in spdx format ([#4513](https://togithub.com/aquasecurity/trivy/issues/4513)) - [`1a65821`](https://togithub.com/aquasecurity/trivy/commit/1a658210a) feat: azure workload identity support ([#4489](https://togithub.com/aquasecurity/trivy/issues/4489)) - [`411862c`](https://togithub.com/aquasecurity/trivy/commit/411862c90) feat(ubuntu): add eol date for 18.04 ESM ([#4524](https://togithub.com/aquasecurity/trivy/issues/4524)) - [`62a1aaf`](https://togithub.com/aquasecurity/trivy/commit/62a1aaf03) fix(misconf): Update required extensions for terraformplan ([#4523](https://togithub.com/aquasecurity/trivy/issues/4523)) - [`48b2e15`](https://togithub.com/aquasecurity/trivy/commit/48b2e15c2) refactor(cyclonedx): add intermediate representation ([#4490](https://togithub.com/aquasecurity/trivy/issues/4490)) - [`c15f269`](https://togithub.com/aquasecurity/trivy/commit/c15f269a9) fix(misconf): Remove debug print while scanning ([#4521](https://togithub.com/aquasecurity/trivy/issues/4521)) - [`b6ee08e`](https://togithub.com/aquasecurity/trivy/commit/b6ee08e55) fix(java): remove duplicates of jar libs ([#4515](https://togithub.com/aquasecurity/trivy/issues/4515)) - [`d474040`](https://togithub.com/aquasecurity/trivy/commit/d4740401a) fix(java): fix overwriting project props in pom.xml ([#4498](https://togithub.com/aquasecurity/trivy/issues/4498)) - [`4cf2f94`](https://togithub.com/aquasecurity/trivy/commit/4cf2f94d0) docs: Update compilation instructions ([#4512](https://togithub.com/aquasecurity/trivy/issues/4512)) - [`18ce1c3`](https://togithub.com/aquasecurity/trivy/commit/18ce1c336) fix(nodejs): update logic for parsing pnpm lock files ([#4502](https://togithub.com/aquasecurity/trivy/issues/4502)) - [`87eed38`](https://togithub.com/aquasecurity/trivy/commit/87eed38c6) fix(secret): remove aws-account-id rule ([#4494](https://togithub.com/aquasecurity/trivy/issues/4494)) - [`b0c591e`](https://togithub.com/aquasecurity/trivy/commit/b0c591ef6) feat(oci): add support for referencing an input image by digest ([#4470](https://togithub.com/aquasecurity/trivy/issues/4470)) - [`b84b5ec`](https://togithub.com/aquasecurity/trivy/commit/b84b5ecfc) chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 ([#4338](https://togithub.com/aquasecurity/trivy/issues/4338)) - [`305255a`](https://togithub.com/aquasecurity/trivy/commit/305255a49) docs: fixed the format ([#4503](https://togithub.com/aquasecurity/trivy/issues/4503)) - [`d586de5`](https://togithub.com/aquasecurity/trivy/commit/d586de585) fix(java): add support of \* for exclusions for pom.xml files ([#4501](https://togithub.com/aquasecurity/trivy/issues/4501)) - [`de6eef3`](https://togithub.com/aquasecurity/trivy/commit/de6eef3b0) feat: adding issue template for documentation ([#4453](https://togithub.com/aquasecurity/trivy/issues/4453)) - [`83a9c4a`](https://togithub.com/aquasecurity/trivy/commit/83a9c4a4c) docs: switch glad to ghsa for Go ([#4493](https://togithub.com/aquasecurity/trivy/issues/4493)) - [`5372722`](https://togithub.com/aquasecurity/trivy/commit/537272257) chore(deps): Update defsec to v0.89.0 ([#4474](https://togithub.com/aquasecurity/trivy/issues/4474)) - [`6fcd153`](https://togithub.com/aquasecurity/trivy/commit/6fcd1538d) feat(misconf): Add terraformplan support ([#4342](https://togithub.com/aquasecurity/trivy/issues/4342)) - [`72e302c`](https://togithub.com/aquasecurity/trivy/commit/72e302cf8) feat(debian): add digests for dpkg ([#4445](https://togithub.com/aquasecurity/trivy/issues/4445)) - [`7e99d08`](https://togithub.com/aquasecurity/trivy/commit/7e99d08a1) chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 ([#4478](https://togithub.com/aquasecurity/trivy/issues/4478)) - [`12a1789`](https://togithub.com/aquasecurity/trivy/commit/12a1789be) feat(k8s): exclude node scanning by node labels ([#4459](https://togithub.com/aquasecurity/trivy/issues/4459)) - [`919e8c9`](https://togithub.com/aquasecurity/trivy/commit/919e8c92b) docs: add info about multi-line mode for regexp from custom secret rules ([#4159](https://togithub.com/aquasecurity/trivy/issues/4159)) - [`50fe43f`](https://togithub.com/aquasecurity/trivy/commit/50fe43f14) feat(cli): convert JSON reports into a different format ([#4452](https://togithub.com/aquasecurity/trivy/issues/4452)) - [`09db1d4`](https://togithub.com/aquasecurity/trivy/commit/09db1d438) feat(image): add logic to guess base layer for docker-cis scan ([#4344](https://togithub.com/aquasecurity/trivy/issues/4344)) - [`3f0721f`](https://togithub.com/aquasecurity/trivy/commit/3f0721ff6) fix(cyclonedx): set original names for packages ([#4306](https://togithub.com/aquasecurity/trivy/issues/4306)) - [`0ef0dad`](https://togithub.com/aquasecurity/trivy/commit/0ef0dadb1) feat: group subcommands ([#4449](https://togithub.com/aquasecurity/trivy/issues/4449)) - [`3a7717f`](https://togithub.com/aquasecurity/trivy/commit/3a7717fde) feat(cli): add retry to cache operations ([#4189](https://togithub.com/aquasecurity/trivy/issues/4189)) - [`63cfb27`](https://togithub.com/aquasecurity/trivy/commit/63cfb2714) fix(vuln): report architecture for `apk` packages ([#4247](https://togithub.com/aquasecurity/trivy/issues/4247)) - [`e136136`](https://togithub.com/aquasecurity/trivy/commit/e1361368a) refactor: enable cases where return values are not needed in pipeline ([#4443](https://togithub.com/aquasecurity/trivy/issues/4443)) - [`29b5f7e`](https://togithub.com/aquasecurity/trivy/commit/29b5f7e8e) fix(image): resolve scan deadlock when error occurs in slow mode ([#4336](https://togithub.com/aquasecurity/trivy/issues/4336)) - [`92ed344`](https://togithub.com/aquasecurity/trivy/commit/92ed344e8) docs(misconf): Update docs for kubernetes file patterns ([#4435](https://togithub.com/aquasecurity/trivy/issues/4435)) - [`16af41b`](https://togithub.com/aquasecurity/trivy/commit/16af41be1) test: k8s integration tests ([#4423](https://togithub.com/aquasecurity/trivy/issues/4423)) - [`cab8569`](https://togithub.com/aquasecurity/trivy/commit/cab8569cd) feat(redhat): add package digest for rpm ([#4410](https://togithub.com/aquasecurity/trivy/issues/4410)) - [`92f9e98`](https://togithub.com/aquasecurity/trivy/commit/92f9e98d0) feat(misconf): Add `--reset-policy-bundle` for policy bundle ([#4167](https://togithub.com/aquasecurity/trivy/issues/4167)) - [`33fb047`](https://togithub.com/aquasecurity/trivy/commit/33fb04763) fix: typo ([#4431](https://togithub.com/aquasecurity/trivy/issues/4431)) - [`8b162f2`](https://togithub.com/aquasecurity/trivy/commit/8b162f287) add user instruction to imgconf ([#4429](https://togithub.com/aquasecurity/trivy/issues/4429)) - [`3b7c919`](https://togithub.com/aquasecurity/trivy/commit/3b7c9198d) fix(k8s): add image sources ([#4411](https://togithub.com/aquasecurity/trivy/issues/4411)) - [`c75d35f`](https://togithub.com/aquasecurity/trivy/commit/c75d35ff6) docs(scanning): Add versioning banner ([#4415](https://togithub.com/aquasecurity/trivy/issues/4415)) - [`d298415`](https://togithub.com/aquasecurity/trivy/commit/d298415c0) feat(cli): add mage command to update golden integration test files ([#4380](https://togithub.com/aquasecurity/trivy/issues/4380)) - [`1a56295`](https://togithub.com/aquasecurity/trivy/commit/1a56295ff) feat: node-collector custom namespace support ([#4407](https://togithub.com/aquasecurity/trivy/issues/4407)) - [`864ad10`](https://togithub.com/aquasecurity/trivy/commit/864ad10a3) chore(deps): bump owenrumney/go-sarif from v2.1.3 to v2.2.0 ([#4378](https://togithub.com/aquasecurity/trivy/issues/4378)) - [`7a20d96`](https://togithub.com/aquasecurity/trivy/commit/7a20d9622) refactor(sbom): use multiline json for spdx-json format ([#4404](https://togithub.com/aquasecurity/trivy/issues/4404)) - [`ea5fd75`](https://togithub.com/aquasecurity/trivy/commit/ea5fd75ff) fix(ubuntu): add EOL date for Ubuntu 23.04 ([#4347](https://togithub.com/aquasecurity/trivy/issues/4347)) - [`56a01ec`](https://togithub.com/aquasecurity/trivy/commit/56a01ec6f) refactor: code-optimization ([#4214](https://togithub.com/aquasecurity/trivy/issues/4214)) - [`6a0e152`](https://togithub.com/aquasecurity/trivy/commit/6a0e15265) feat(image): Add image-src flag to specify which runtime(s) to use ([#4047](https://togithub.com/aquasecurity/trivy/issues/4047)) - [`50c8b41`](https://togithub.com/aquasecurity/trivy/commit/50c8b418a) test: skip wrong update of test golden files ([#4379](https://togithub.com/aquasecurity/trivy/issues/4379)) - [`51ca653`](https://togithub.com/aquasecurity/trivy/commit/51ca6536c) refactor: don't return error for package.json without version/name ([#4377](https://togithub.com/aquasecurity/trivy/issues/4377)) - [`e5e7ebc`](https://togithub.com/aquasecurity/trivy/commit/e5e7ebcda) docs: cmd error ([#4376](https://togithub.com/aquasecurity/trivy/issues/4376)) - [`6ee4960`](https://togithub.com/aquasecurity/trivy/commit/6ee496077) test(cli): add test for config file and env combination ([#2666](https://togithub.com/aquasecurity/trivy/issues/2666)) - [`c067b02`](https://togithub.com/aquasecurity/trivy/commit/c067b026e) fix(report): set a correct file location for license scan output ([#4326](https://togithub.com/aquasecurity/trivy/issues/4326)) - [`ff63748`](https://togithub.com/aquasecurity/trivy/commit/ff6374829) ci: rpm repository for all versions and aarch64 ([#4077](https://togithub.com/aquasecurity/trivy/issues/4077)) - [`0009b02`](https://togithub.com/aquasecurity/trivy/commit/0009b02bb) chore(alpine): Update Alpine to 3.18 ([#4351](https://togithub.com/aquasecurity/trivy/issues/4351)) - [`d61ae8c`](https://togithub.com/aquasecurity/trivy/commit/d61ae8cc7) fix(alpine): add EOL date for Alpine 3.18 ([#4308](https://togithub.com/aquasecurity/trivy/issues/4308)) - [`636ce80`](https://togithub.com/aquasecurity/trivy/commit/636ce808f) chore(deps): bump github.com/docker/distribution ([#4337](https://togithub.com/aquasecurity/trivy/issues/4337)) - [`e859d10`](https://togithub.com/aquasecurity/trivy/commit/e859d10ee) feat: allow root break for mapfs ([#4094](https://togithub.com/aquasecurity/trivy/issues/4094)) - [`a6ef37f`](https://togithub.com/aquasecurity/trivy/commit/a6ef37fa3) docs(misconf): Remove examples.md ([#4256](https://togithub.com/aquasecurity/trivy/issues/4256)) - [`dca8c03`](https://togithub.com/aquasecurity/trivy/commit/dca8c039e) fix(ubuntu): update eol dates for Ubuntu ([#4258](https://togithub.com/aquasecurity/trivy/issues/4258)) - [`b003f58`](https://togithub.com/aquasecurity/trivy/commit/b003f58b2) feat(alpine): add digests for apk packages ([#4168](https://togithub.com/aquasecurity/trivy/issues/4168)) - [`86f0016`](https://togithub.com/aquasecurity/trivy/commit/86f001616) chore: add discussion templates ([#4190](https://togithub.com/aquasecurity/trivy/issues/4190)) - [`2f318ce`](https://togithub.com/aquasecurity/trivy/commit/2f318ce97) fix(terraform): Support tfvars ([#4123](https://togithub.com/aquasecurity/trivy/issues/4123)) - [`ec3906c`](https://togithub.com/aquasecurity/trivy/commit/ec3906c24) chore: separate docs:generate ([#4242](https://togithub.com/aquasecurity/trivy/issues/4242)) - [`37b25d2`](https://togithub.com/aquasecurity/trivy/commit/37b25d28b) chore(deps): bump github.com/aws/aws-sdk-go-v2/config ([#4246](https://togithub.com/aquasecurity/trivy/issues/4246)) - [`45d5edb`](https://togithub.com/aquasecurity/trivy/commit/45d5edb0d) refactor: define vulnerability scanner interfaces ([#4117](https://togithub.com/aquasecurity/trivy/issues/4117)) - [`090a00e`](https://togithub.com/aquasecurity/trivy/commit/090a00e71) feat: unified k8s scan resources ([#4188](https://togithub.com/aquasecurity/trivy/issues/4188)) - [`f2188eb`](https://togithub.com/aquasecurity/trivy/commit/f2188eb56) chore(deps): Update defsec to v0.88.1 ([#4178](https://togithub.com/aquasecurity/trivy/issues/4178)) - [`b79850f`](https://togithub.com/aquasecurity/trivy/commit/b79850f41) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2 ([#4141](https://togithub.com/aquasecurity/trivy/issues/4141)) - [`36acdfa`](https://togithub.com/aquasecurity/trivy/commit/36acdfa8d) chore: trivy bin ignore ([#4212](https://togithub.com/aquasecurity/trivy/issues/4212)) - [`55fb723`](https://togithub.com/aquasecurity/trivy/commit/55fb723a6) feat(image): enforce image platform ([#4083](https://togithub.com/aquasecurity/trivy/issues/4083)) - [`9c87cb2`](https://togithub.com/aquasecurity/trivy/commit/9c87cb271) chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.1.2 to 2.1.3 ([#4143](https://togithub.com/aquasecurity/trivy/issues/4143)) - [`21cf179`](https://togithub.com/aquasecurity/trivy/commit/21cf179f6) chore(deps): bump github.com/docker/docker ([#4144](https://togithub.com/aquasecurity/trivy/issues/4144)) - [`fbf7a77`](https://togithub.com/aquasecurity/trivy/commit/fbf7a77ae) chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.1 to 2.0.2 ([#4146](https://togithub.com/aquasecurity/trivy/issues/4146)) - [`547391c`](https://togithub.com/aquasecurity/trivy/commit/547391c22) chore(deps): bump aquaproj/aqua-installer from 2.0.2 to 2.1.1 ([#4140](https://togithub.com/aquasecurity/trivy/issues/4140)) - [`882bfdd`](https://togithub.com/aquasecurity/trivy/commit/882bfdd78) fix(ubuntu): fix version selection logic for ubuntu esm ([#4171](https://togithub.com/aquasecurity/trivy/issues/4171)) - [`949cd10`](https://togithub.com/aquasecurity/trivy/commit/949cd10c0) chore(deps): bump github.com/samber/lo from 1.37.0 to 1.38.1 ([#4147](https://togithub.com/aquasecurity/trivy/issues/4147)) - [`93bc162`](https://togithub.com/aquasecurity/trivy/commit/93bc162ca) chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 ([#4145](https://togithub.com/aquasecurity/trivy/issues/4145)) - [`57993ef`](https://togithub.com/aquasecurity/trivy/commit/57993ef67) chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.3 ([#4138](https://togithub.com/aquasecurity/trivy/issues/4138)) - [`dc4baeb`](https://togithub.com/aquasecurity/trivy/commit/dc4baeb35) chore(deps): bump github.com/testcontainers/testcontainers-go ([#4150](https://togithub.com/aquasecurity/trivy/issues/4150)) - [`25d0255`](https://togithub.com/aquasecurity/trivy/commit/25d0255dc) chore: install.sh support for windows ([#4155](https://togithub.com/aquasecurity/trivy/issues/4155)) - [`73e5454`](https://togithub.com/aquasecurity/trivy/commit/73e54549f) chore(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1 ([#4166](https://togithub.com/aquasecurity/trivy/issues/4166)) - [`08de7c6`](https://togithub.com/aquasecurity/trivy/commit/08de7c613) chore(deps): bump golang.org/x/crypto from 0.7.0 to 0.8.0 ([#4149](https://togithub.com/aquasecurity/trivy/issues/4149)) - [`ade4730`](https://togithub.com/aquasecurity/trivy/commit/ade4730fa) docs: moving skipping files out of others ([#4154](https://togithub.com/aquasecurity/trivy/issues/4154)) ### [`v0.41.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.41.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.40.0...v0.41.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4135](https://togithub.com/aquasecurity/trivy/discussions/4135) #### Changelog - [`1be1e2e`](https://togithub.com/aquasecurity/trivy/commit/1be1e2e63) fix(spdx): add workaround for no src packages ([#4118](https://togithub.com/aquasecurity/trivy/issues/4118)) - [`45bc9e0`](https://togithub.com/aquasecurity/trivy/commit/45bc9e0de) test(golang): rename broken go.mod ([#4129](https://togithub.com/aquasecurity/trivy/issues/4129)) - [`3334e78`](https://togithub.com/aquasecurity/trivy/commit/3334e78fa) feat(sbom): add supplier field ([#4122](https://togithub.com/aquasecurity/trivy/issues/4122)) - [`27fb1bf`](https://togithub.com/aquasecurity/trivy/commit/27fb1bfde) test(misconf): skip downloading of policies for tests [#4126](https://togithub.com/aquasecurity/trivy/issues/4126) - [`845ae31`](https://togithub.com/aquasecurity/trivy/commit/845ae31e5) refactor: use debug message for post-analyze errors ([#4037](https://togithub.com/aquasecurity/trivy/issues/4037)) - [`11a5b91`](https://togithub.com/aquasecurity/trivy/commit/11a5b91a1) feat(sbom): add VEX support ([#4053](https://togithub.com/aquasecurity/trivy/issues/4053)) - [`5eab464`](https://togithub.com/aquasecurity/trivy/commit/5eab46498) feat(sbom): add primary package purpose field for SPDX ([#4119](https://togithub.com/aquasecurity/trivy/issues/4119)) - [`a00d00e`](https://togithub.com/aquasecurity/trivy/commit/a00d00eb9) fix(k8s): fix quiet flag ([#4120](https://togithub.com/aquasecurity/trivy/issues/4120)) -Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.