search

nlamirault / dotfiles

My dotfiles
Other
0 stars 0 forks source link

Update dependency trivy to v0.46.0 #120

Closed renovate[bot] closed 10 months ago

renovate[bot] commented 11 months ago

Mend Renovate

This PR contains the following updates:

Package Update Change
trivy minor 0.37.3 -> 0.46.0

Release Notes

aquasecurity/trivy (trivy) ### [`v0.46.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.46.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.45.1...v0.46.0) ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/5377](https://togithub.com/aquasecurity/trivy/discussions/5377) #### Changelog - [`cbbd1ce`](https://togithub.com/aquasecurity/trivy/commit/cbbd1ce1f) feat(k8s): add support for vulnerability detection ([#​5268](https://togithub.com/aquasecurity/trivy/issues/5268)) - [`24a0d92`](https://togithub.com/aquasecurity/trivy/commit/24a0d9214) fix(python): override BOM in `requirements.txt` files ([#​5375](https://togithub.com/aquasecurity/trivy/issues/5375)) - [`0c3e2f0`](https://togithub.com/aquasecurity/trivy/commit/0c3e2f08b) docs: add kbom documentation ([#​5363](https://togithub.com/aquasecurity/trivy/issues/5363)) - [`6c12f04`](https://togithub.com/aquasecurity/trivy/commit/6c12f0428) test: use maximize build space for VM tests ([#​5362](https://togithub.com/aquasecurity/trivy/issues/5362)) - [`c413422`](https://togithub.com/aquasecurity/trivy/commit/c4134224a) chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 ([#​5365](https://togithub.com/aquasecurity/trivy/issues/5365)) - [`20ab703`](https://togithub.com/aquasecurity/trivy/commit/20ab7033b) fix(report): add escaping quotes in misconfig Title for asff template ([#​5351](https://togithub.com/aquasecurity/trivy/issues/5351)) - [`91841f5`](https://togithub.com/aquasecurity/trivy/commit/91841f59b) ci: add workflow to check Go versions of dependencies ([#​5340](https://togithub.com/aquasecurity/trivy/issues/5340)) - [`57ba05c`](https://togithub.com/aquasecurity/trivy/commit/57ba05c76) chore(deps): Upgrade defsec to v0.93.1 ([#​5348](https://togithub.com/aquasecurity/trivy/issues/5348)) - [`fef3ed4`](https://togithub.com/aquasecurity/trivy/commit/fef3ed435) chore(deps): bump alpine from 3.18.3 to 3.18.4 ([#​5300](https://togithub.com/aquasecurity/trivy/issues/5300)) - [`ced54ac`](https://togithub.com/aquasecurity/trivy/commit/ced54aced) fix: Report error when os.CreateTemp fails (to be consistent with other uses) ([#​5342](https://togithub.com/aquasecurity/trivy/issues/5342)) - [`2798df9`](https://togithub.com/aquasecurity/trivy/commit/2798df916) fix: add config files to FS for post-analyzers ([#​5333](https://togithub.com/aquasecurity/trivy/issues/5333)) - [`af485b3`](https://togithub.com/aquasecurity/trivy/commit/af485b33f) fix: fix MIME warnings after updating to Go 1.20 ([#​5336](https://togithub.com/aquasecurity/trivy/issues/5336)) - [`008babf`](https://togithub.com/aquasecurity/trivy/commit/008babfb8) build: fix a compile error with Go 1.21 ([#​5339](https://togithub.com/aquasecurity/trivy/issues/5339)) - [`00d9c46`](https://togithub.com/aquasecurity/trivy/commit/00d9c4666) feat: added `Metadata` into the k8s resource's scan report ([#​5322](https://togithub.com/aquasecurity/trivy/issues/5322)) - [`03b6787`](https://togithub.com/aquasecurity/trivy/commit/03b6787c4) ci: check only PR's in `actions/stale` ([#​5337](https://togithub.com/aquasecurity/trivy/issues/5337)) - [`e6d5889`](https://togithub.com/aquasecurity/trivy/commit/e6d5889ed) chore: update adopters template ([#​5330](https://togithub.com/aquasecurity/trivy/issues/5330)) - [`74dbd8a`](https://togithub.com/aquasecurity/trivy/commit/74dbd8a1f) ci: do not trigger tests on the push event ([#​5313](https://togithub.com/aquasecurity/trivy/issues/5313)) - [`393bfdc`](https://togithub.com/aquasecurity/trivy/commit/393bfdc1a) fix(sbom): use PURL or Group and Name in case of Java ([#​5154](https://togithub.com/aquasecurity/trivy/issues/5154)) - [`76eb8a5`](https://togithub.com/aquasecurity/trivy/commit/76eb8a57b) docs: add buildkite repository to ecosystem page ([#​5316](https://togithub.com/aquasecurity/trivy/issues/5316)) - [`6c74ee1`](https://togithub.com/aquasecurity/trivy/commit/6c74ee11f) chore(deps): bump docker/setup-qemu-action from 2 to 3 ([#​5290](https://togithub.com/aquasecurity/trivy/issues/5290)) - [`6119878`](https://togithub.com/aquasecurity/trivy/commit/6119878de) chore(deps): bump docker/setup-buildx-action from 2 to 3 ([#​5292](https://togithub.com/aquasecurity/trivy/issues/5292)) - [`a346587`](https://togithub.com/aquasecurity/trivy/commit/a346587b8) chore(deps): bump actions/cache from 3.3.1 to 3.3.2 ([#​5293](https://togithub.com/aquasecurity/trivy/issues/5293)) - [`7e613cc`](https://togithub.com/aquasecurity/trivy/commit/7e613cc5f) chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 ([#​5286](https://togithub.com/aquasecurity/trivy/issues/5286)) - [`f05bc4b`](https://togithub.com/aquasecurity/trivy/commit/f05bc4be4) chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 ([#​5289](https://togithub.com/aquasecurity/trivy/issues/5289)) - [`3be5e6b`](https://togithub.com/aquasecurity/trivy/commit/3be5e6b24) chore: enable go-critic ([#​5302](https://togithub.com/aquasecurity/trivy/issues/5302)) - [`f6cd21c`](https://togithub.com/aquasecurity/trivy/commit/f6cd21c87) chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 ([#​5288](https://togithub.com/aquasecurity/trivy/issues/5288)) - [`f7b9751`](https://togithub.com/aquasecurity/trivy/commit/f7b975187) chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 ([#​5287](https://togithub.com/aquasecurity/trivy/issues/5287)) - [`18d1687`](https://togithub.com/aquasecurity/trivy/commit/18d168769) close java-db client ([#​5273](https://togithub.com/aquasecurity/trivy/issues/5273)) - [`eb60e9f`](https://togithub.com/aquasecurity/trivy/commit/eb60e9f3c) chore(deps): bump docker/login-action from 2 to 3 ([#​5291](https://togithub.com/aquasecurity/trivy/issues/5291)) - [`5a92055`](https://togithub.com/aquasecurity/trivy/commit/5a92055e1) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts ([#​5294](https://togithub.com/aquasecurity/trivy/issues/5294)) - [`46afe65`](https://togithub.com/aquasecurity/trivy/commit/46afe65ee) chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 ([#​5304](https://togithub.com/aquasecurity/trivy/issues/5304)) - [`0bf2a11`](https://togithub.com/aquasecurity/trivy/commit/0bf2a11a2) chore(deps): bump github.com/opencontainers/image-spec ([#​5295](https://togithub.com/aquasecurity/trivy/issues/5295)) - [`23b5fec`](https://togithub.com/aquasecurity/trivy/commit/23b5fece0) fix(report): removes git::http from uri in sarif ([#​5244](https://togithub.com/aquasecurity/trivy/issues/5244)) - [`4f1d576`](https://togithub.com/aquasecurity/trivy/commit/4f1d576e5) Improve the meaning of sentence ([#​5301](https://togithub.com/aquasecurity/trivy/issues/5301)) - [`6ab2bdf`](https://togithub.com/aquasecurity/trivy/commit/6ab2bdfa7) chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 ([#​5297](https://togithub.com/aquasecurity/trivy/issues/5297)) - [`4217cff`](https://togithub.com/aquasecurity/trivy/commit/4217cffb5) chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 ([#​5296](https://togithub.com/aquasecurity/trivy/issues/5296)) - [`1840584`](https://togithub.com/aquasecurity/trivy/commit/184058470) add app nil check ([#​5274](https://togithub.com/aquasecurity/trivy/issues/5274)) - [`c5ae9f2`](https://togithub.com/aquasecurity/trivy/commit/c5ae9f265) typo: in secret.md ([#​5281](https://togithub.com/aquasecurity/trivy/issues/5281)) - [`562723f`](https://togithub.com/aquasecurity/trivy/commit/562723f0a) docs: add info about `github` format ([#​5265](https://togithub.com/aquasecurity/trivy/issues/5265)) - [`3dd5b1e`](https://togithub.com/aquasecurity/trivy/commit/3dd5b1e94) feat(dotnet): add license support for NuGet ([#​5217](https://togithub.com/aquasecurity/trivy/issues/5217)) - [`5c18475`](https://togithub.com/aquasecurity/trivy/commit/5c18475f3) docs: correctly export variables ([#​5260](https://togithub.com/aquasecurity/trivy/issues/5260)) - [`0c08dde`](https://togithub.com/aquasecurity/trivy/commit/0c08dde01) chore: Add line numbers for lint output ([#​5247](https://togithub.com/aquasecurity/trivy/issues/5247)) - [`0ccbb4f`](https://togithub.com/aquasecurity/trivy/commit/0ccbb4f7f) chore(cli): disable java-db flags in server mode ([#​5263](https://togithub.com/aquasecurity/trivy/issues/5263)) - [`908a491`](https://togithub.com/aquasecurity/trivy/commit/908a4914c) feat(db): allow passing registry options ([#​5226](https://togithub.com/aquasecurity/trivy/issues/5226)) - [`5b4652d`](https://togithub.com/aquasecurity/trivy/commit/5b4652d79) chore(deps): Bump up defsec to v0.93.0 ([#​5253](https://togithub.com/aquasecurity/trivy/issues/5253)) - [`faf8d49`](https://togithub.com/aquasecurity/trivy/commit/faf8d49c4) refactor(purl): use TypeApk from purl ([#​5232](https://togithub.com/aquasecurity/trivy/issues/5232)) - [`559c0f3`](https://togithub.com/aquasecurity/trivy/commit/559c0f30b) chore: enable more linters ([#​5228](https://togithub.com/aquasecurity/trivy/issues/5228)) - [`2baad46`](https://togithub.com/aquasecurity/trivy/commit/2baad4618) ci: bump GoReleaser from 1.16.2 to 1.20.0 ([#​5236](https://togithub.com/aquasecurity/trivy/issues/5236)) - [`df2bff9`](https://togithub.com/aquasecurity/trivy/commit/df2bff9f5) Fix typo on ide.md ([#​5239](https://togithub.com/aquasecurity/trivy/issues/5239)) - [`44656f2`](https://togithub.com/aquasecurity/trivy/commit/44656f285) refactor: use defined types ([#​5225](https://togithub.com/aquasecurity/trivy/issues/5225)) - [`37af529`](https://togithub.com/aquasecurity/trivy/commit/37af52994) fix(purl): skip local Go packages ([#​5190](https://togithub.com/aquasecurity/trivy/issues/5190)) - [`eea3320`](https://togithub.com/aquasecurity/trivy/commit/eea3320d8) docs: update info about license scanning in Yarn projects ([#​5207](https://togithub.com/aquasecurity/trivy/issues/5207)) - [`2e66620`](https://togithub.com/aquasecurity/trivy/commit/2e6662060) ci: auto apply labels ([#​5200](https://togithub.com/aquasecurity/trivy/issues/5200)) - [`49680dc`](https://togithub.com/aquasecurity/trivy/commit/49680dc88) fix link ([#​5203](https://togithub.com/aquasecurity/trivy/issues/5203)) ### [`v0.45.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.45.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.45.0...v0.45.1) #### Changelog - [`daae882`](https://togithub.com/aquasecurity/trivy/commit/daae88287) fix(purl): handle rust types ([#​5186](https://togithub.com/aquasecurity/trivy/issues/5186)) - [`81240cf`](https://togithub.com/aquasecurity/trivy/commit/81240cf08) chore: auto-close issues ([#​5177](https://togithub.com/aquasecurity/trivy/issues/5177)) - [`bd0accd`](https://togithub.com/aquasecurity/trivy/commit/bd0accd8a) chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 ([#​5093](https://togithub.com/aquasecurity/trivy/issues/5093)) - [`ecee794`](https://togithub.com/aquasecurity/trivy/commit/ecee79403) fix(k8s): kbom support addons labels ([#​5178](https://togithub.com/aquasecurity/trivy/issues/5178)) - [`9ebc25d`](https://togithub.com/aquasecurity/trivy/commit/9ebc25d88) test: validate SPDX with the JSON schema ([#​5124](https://togithub.com/aquasecurity/trivy/issues/5124)) - [`9a49a37`](https://togithub.com/aquasecurity/trivy/commit/9a49a3773) chore: bump trivy-kubernetes-latest ([#​5161](https://togithub.com/aquasecurity/trivy/issues/5161)) - [`ad1dc63`](https://togithub.com/aquasecurity/trivy/commit/ad1dc6327) docs: add 'Signature Verification' guide ([#​4731](https://togithub.com/aquasecurity/trivy/issues/4731)) - [`7c68d4a`](https://togithub.com/aquasecurity/trivy/commit/7c68d4a7e) docs: add image-scanner-with-trivy for ecosystem ([#​5159](https://togithub.com/aquasecurity/trivy/issues/5159)) - [`ed49609`](https://togithub.com/aquasecurity/trivy/commit/ed49609a7) fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem ([#​5158](https://togithub.com/aquasecurity/trivy/issues/5158)) - [`1953972`](https://togithub.com/aquasecurity/trivy/commit/19539722e) chore(deps): bump github.com/CycloneDX/cyclonedx-go ([#​5102](https://togithub.com/aquasecurity/trivy/issues/5102)) - [`c751601`](https://togithub.com/aquasecurity/trivy/commit/c7516011b) Update filtering.md ([#​5131](https://togithub.com/aquasecurity/trivy/issues/5131)) - [`ccc6d7c`](https://togithub.com/aquasecurity/trivy/commit/ccc6d7cb2) chore(deps): bump sigstore/cosign-installer ([#​5104](https://togithub.com/aquasecurity/trivy/issues/5104)) - [`48cbf45`](https://togithub.com/aquasecurity/trivy/commit/48cbf4553) chore(deps): bump github.com/cyphar/filepath-securejoin ([#​5143](https://togithub.com/aquasecurity/trivy/issues/5143)) - [`a9c2c74`](https://togithub.com/aquasecurity/trivy/commit/a9c2c74c5) chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 ([#​5103](https://togithub.com/aquasecurity/trivy/issues/5103)) - [`120ac68`](https://togithub.com/aquasecurity/trivy/commit/120ac68b5) chore(deps): bump easimon/maximize-build-space from 7 to 8 ([#​5105](https://togithub.com/aquasecurity/trivy/issues/5105)) - [`41eaa78`](https://togithub.com/aquasecurity/trivy/commit/41eaa78ae) chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 ([#​5126](https://togithub.com/aquasecurity/trivy/issues/5126)) - [`932f927`](https://togithub.com/aquasecurity/trivy/commit/932f92755) chaging adopters discussion tempalte ([#​5091](https://togithub.com/aquasecurity/trivy/issues/5091)) - [`db31333`](https://togithub.com/aquasecurity/trivy/commit/db3133346) chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 ([#​5092](https://togithub.com/aquasecurity/trivy/issues/5092)) - [`8c0b7d6`](https://togithub.com/aquasecurity/trivy/commit/8c0b7d619) chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 ([#​5094](https://togithub.com/aquasecurity/trivy/issues/5094)) - [`c61c664`](https://togithub.com/aquasecurity/trivy/commit/c61c664c3) chore(deps): bump github.com/aws/aws-sdk-go-v2/config ([#​5095](https://togithub.com/aquasecurity/trivy/issues/5095)) - [`a99944c`](https://togithub.com/aquasecurity/trivy/commit/a99944c1c) chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 ([#​5097](https://togithub.com/aquasecurity/trivy/issues/5097)) - [`9fc844e`](https://togithub.com/aquasecurity/trivy/commit/9fc844ecf) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity ([#​5098](https://togithub.com/aquasecurity/trivy/issues/5098)) - [`c504f8b`](https://togithub.com/aquasecurity/trivy/commit/c504f8be4) chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 ([#​5106](https://togithub.com/aquasecurity/trivy/issues/5106)) ### [`v0.45.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.45.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.44.1...v0.45.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/5082](https://togithub.com/aquasecurity/trivy/discussions/5082) #### Changelog - [`cdab67e`](https://togithub.com/aquasecurity/trivy/commit/cdab67e7f) docs: add Bitnami ([#​5078](https://togithub.com/aquasecurity/trivy/issues/5078)) - [`7acc5e8`](https://togithub.com/aquasecurity/trivy/commit/7acc5e831) feat(docker): add support for scanning Bitnami components ([#​5062](https://togithub.com/aquasecurity/trivy/issues/5062)) - [`9628b1c`](https://togithub.com/aquasecurity/trivy/commit/9628b1cbf) feat: add support for .trivyignore.yaml ([#​5070](https://togithub.com/aquasecurity/trivy/issues/5070)) - [`4547e27`](https://togithub.com/aquasecurity/trivy/commit/4547e2766) fix(terraform): improve detection of terraform files ([#​4984](https://togithub.com/aquasecurity/trivy/issues/4984)) - [`0c8919e`](https://togithub.com/aquasecurity/trivy/commit/0c8919e1e) feat: filter artifacts on --exclude-owned flag ([#​5059](https://togithub.com/aquasecurity/trivy/issues/5059)) - [`c04f234`](https://togithub.com/aquasecurity/trivy/commit/c04f234fa) fix(sbom): cyclonedx advisory should omit `null` value ([#​5041](https://togithub.com/aquasecurity/trivy/issues/5041)) - [`f811ed2`](https://togithub.com/aquasecurity/trivy/commit/f811ed2d4) build: maximize build space for build tests ([#​5072](https://togithub.com/aquasecurity/trivy/issues/5072)) - [`69ea5bf`](https://togithub.com/aquasecurity/trivy/commit/69ea5bf70) feat: improve kbom component name ([#​5058](https://togithub.com/aquasecurity/trivy/issues/5058)) - [`3715dcb`](https://togithub.com/aquasecurity/trivy/commit/3715dcb3f) fix(pom): add licenses for pom artifacts ([#​5071](https://togithub.com/aquasecurity/trivy/issues/5071)) - [`07f7e98`](https://togithub.com/aquasecurity/trivy/commit/07f7e9853) chore(deps): Update defsec to v0.92.0 ([#​5068](https://togithub.com/aquasecurity/trivy/issues/5068)) - [`d4ca3cc`](https://togithub.com/aquasecurity/trivy/commit/d4ca3cce2) chore: bump Go to `1.20` ([#​5067](https://togithub.com/aquasecurity/trivy/issues/5067)) - [`49fdd58`](https://togithub.com/aquasecurity/trivy/commit/49fdd584b) feat: PURL matching with qualifiers in OpenVEX ([#​5061](https://togithub.com/aquasecurity/trivy/issues/5061)) - [`4401998`](https://togithub.com/aquasecurity/trivy/commit/4401998ec) feat(java): add graph support for pom.xml ([#​4902](https://togithub.com/aquasecurity/trivy/issues/4902)) - [`9c211d0`](https://togithub.com/aquasecurity/trivy/commit/9c211d005) feat(swift): add vulns for cocoapods ([#​5037](https://togithub.com/aquasecurity/trivy/issues/5037)) - [`422fa41`](https://togithub.com/aquasecurity/trivy/commit/422fa414e) fix: support image pull secret for additional workloads ([#​5052](https://togithub.com/aquasecurity/trivy/issues/5052)) - [`8e93386`](https://togithub.com/aquasecurity/trivy/commit/8e933860a) fix: [#​5033](https://togithub.com/aquasecurity/trivy/issues/5033) Superfluous double quote in html.tpl ([#​5036](https://togithub.com/aquasecurity/trivy/issues/5036)) - [`9345a98`](https://togithub.com/aquasecurity/trivy/commit/9345a98ed) docs(repo): update trivy repo usage and example ([#​5049](https://togithub.com/aquasecurity/trivy/issues/5049)) - [`5d8da70`](https://togithub.com/aquasecurity/trivy/commit/5d8da70c6) perf: Optimize Dockerfile for reduced layers and size ([#​5038](https://togithub.com/aquasecurity/trivy/issues/5038)) - [`1be9da7`](https://togithub.com/aquasecurity/trivy/commit/1be9da7aa) feat: scan K8s Resources Kind with --all-namespaces ([#​5043](https://togithub.com/aquasecurity/trivy/issues/5043)) - [`0e17d0b`](https://togithub.com/aquasecurity/trivy/commit/0e17d0bef) fix: vulnerability typo ([#​5044](https://togithub.com/aquasecurity/trivy/issues/5044)) - [`d70fab2`](https://togithub.com/aquasecurity/trivy/commit/d70fab231) docs: adding a terraform tutorial to the docs ([#​3708](https://togithub.com/aquasecurity/trivy/issues/3708)) - [`2fa264a`](https://togithub.com/aquasecurity/trivy/commit/2fa264ac1) feat(report): add licenses to sarif format ([#​4866](https://togithub.com/aquasecurity/trivy/issues/4866)) - [`07ddf47`](https://togithub.com/aquasecurity/trivy/commit/07ddf4790) feat(misconf): show the resource name in the report ([#​4806](https://togithub.com/aquasecurity/trivy/issues/4806)) - [`9de3606`](https://togithub.com/aquasecurity/trivy/commit/9de360623) chore: update alpine base images ([#​5015](https://togithub.com/aquasecurity/trivy/issues/5015)) - [`ef70d20`](https://togithub.com/aquasecurity/trivy/commit/ef70d2076) feat: add Package.resolved swift files support ([#​4932](https://togithub.com/aquasecurity/trivy/issues/4932)) - [`ec5d8be`](https://togithub.com/aquasecurity/trivy/commit/ec5d8bec0) feat(nodejs): parse licenses in yarn projects ([#​4652](https://togithub.com/aquasecurity/trivy/issues/4652)) - [`3114c87`](https://togithub.com/aquasecurity/trivy/commit/3114c87e6) fix: k8s private registries support ([#​5021](https://togithub.com/aquasecurity/trivy/issues/5021)) - [`6d79f55`](https://togithub.com/aquasecurity/trivy/commit/6d79f55db) bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 ([#​5018](https://togithub.com/aquasecurity/trivy/issues/5018)) - [`9ace591`](https://togithub.com/aquasecurity/trivy/commit/9ace59106) feat(vuln): support last_affected field from osv ([#​4944](https://togithub.com/aquasecurity/trivy/issues/4944)) - [`d442176`](https://togithub.com/aquasecurity/trivy/commit/d44217640) feat(server): add version endpoint ([#​4869](https://togithub.com/aquasecurity/trivy/issues/4869)) - [`63cd41d`](https://togithub.com/aquasecurity/trivy/commit/63cd41d20) feat: k8s private registries support ([#​4987](https://togithub.com/aquasecurity/trivy/issues/4987)) - [`cb16e23`](https://togithub.com/aquasecurity/trivy/commit/cb16e23f1) fix(server): add indirect prop to package ([#​4974](https://togithub.com/aquasecurity/trivy/issues/4974)) - [`a4e981b`](https://togithub.com/aquasecurity/trivy/commit/a4e981b4e) docs: add coverage ([#​4954](https://togithub.com/aquasecurity/trivy/issues/4954)) - [`6f03c79`](https://togithub.com/aquasecurity/trivy/commit/6f03c7940) feat(c): add location for lock file dependencies. ([#​4994](https://togithub.com/aquasecurity/trivy/issues/4994)) - [`c748705`](https://togithub.com/aquasecurity/trivy/commit/c74870500) docs: adding blog post on ec2 ([#​4813](https://togithub.com/aquasecurity/trivy/issues/4813)) - [`4e1316c`](https://togithub.com/aquasecurity/trivy/commit/4e1316c37) revert 32bit bins ([#​4977](https://togithub.com/aquasecurity/trivy/issues/4977)) - [`fc959fc`](https://togithub.com/aquasecurity/trivy/commit/fc959fc57) chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 ([#​4917](https://togithub.com/aquasecurity/trivy/issues/4917)) ### [`v0.44.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.44.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.44.0...v0.44.1) #### Changelog - [`f105279`](https://togithub.com/aquasecurity/trivy/commit/f10527998) fix(report): return severity colors in table format ([#​4969](https://togithub.com/aquasecurity/trivy/issues/4969)) - [`bc2b0ca`](https://togithub.com/aquasecurity/trivy/commit/bc2b0ca6c) build: maximize available disk space for release ([#​4937](https://togithub.com/aquasecurity/trivy/issues/4937)) - [`9493c6f`](https://togithub.com/aquasecurity/trivy/commit/9493c6f08) test(cli): Fix assertion helptext ([#​4966](https://togithub.com/aquasecurity/trivy/issues/4966)) - [`b0359de`](https://togithub.com/aquasecurity/trivy/commit/b0359de66) chore(deps): Bump defsec to v0.91.1 ([#​4965](https://togithub.com/aquasecurity/trivy/issues/4965)) - [`d3a34e4`](https://togithub.com/aquasecurity/trivy/commit/d3a34e409) test: validate CycloneDX with the JSON schema ([#​4956](https://togithub.com/aquasecurity/trivy/issues/4956)) - [`798ef1b`](https://togithub.com/aquasecurity/trivy/commit/798ef1b64) fix(server): add licenses to the Result message ([#​4955](https://togithub.com/aquasecurity/trivy/issues/4955)) - [`e8cf281`](https://togithub.com/aquasecurity/trivy/commit/e8cf28147) fix(aws): resolve endpoint if endpoint is passed ([#​4925](https://togithub.com/aquasecurity/trivy/issues/4925)) - [`f18b0db`](https://togithub.com/aquasecurity/trivy/commit/f18b0db58) fix(sbom): move licenses to `name` field in Cyclonedx format ([#​4941](https://togithub.com/aquasecurity/trivy/issues/4941)) - [`a796701`](https://togithub.com/aquasecurity/trivy/commit/a79670156) add only uniq deps in dependsOn ([#​4943](https://togithub.com/aquasecurity/trivy/issues/4943)) - [`b544e0d`](https://togithub.com/aquasecurity/trivy/commit/b544e0dea) use testify instead of gotest.tools ([#​4946](https://togithub.com/aquasecurity/trivy/issues/4946)) - [`067a0fc`](https://togithub.com/aquasecurity/trivy/commit/067a0fcb9) fix(nodejs): do not detect lock file in node_modules as an app ([#​4949](https://togithub.com/aquasecurity/trivy/issues/4949)) - [`e6d7705`](https://togithub.com/aquasecurity/trivy/commit/e6d7705a5) bump go-dep-parser ([#​4936](https://togithub.com/aquasecurity/trivy/issues/4936)) - [`c584dc1`](https://togithub.com/aquasecurity/trivy/commit/c584dc176) chore(deps): bump github.com/openvex/go-vex from 0.2.0 to 0.2.1 ([#​4914](https://togithub.com/aquasecurity/trivy/issues/4914)) - [`358d56b`](https://togithub.com/aquasecurity/trivy/commit/358d56b6b) chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 ([#​4909](https://togithub.com/aquasecurity/trivy/issues/4909)) - [`17f3ea9`](https://togithub.com/aquasecurity/trivy/commit/17f3ea918) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore ([#​4912](https://togithub.com/aquasecurity/trivy/issues/4912)) - [`39ccbf7`](https://togithub.com/aquasecurity/trivy/commit/39ccbf7b5) test(aws): move part of unit tests to integration ([#​4884](https://togithub.com/aquasecurity/trivy/issues/4884)) - [`6d3ae3b`](https://togithub.com/aquasecurity/trivy/commit/6d3ae3bcf) docs(cli): update help string for file and dir skipping ([#​4872](https://togithub.com/aquasecurity/trivy/issues/4872)) - [`7d7a1ef`](https://togithub.com/aquasecurity/trivy/commit/7d7a1ef54) chore(deps): bump sigstore/cosign-installer ([#​4910](https://togithub.com/aquasecurity/trivy/issues/4910)) - [`fc74950`](https://togithub.com/aquasecurity/trivy/commit/fc7495017) chore(deps): bump github.com/sosedoff/gitkit from 0.3.0 to 0.4.0 ([#​4916](https://togithub.com/aquasecurity/trivy/issues/4916)) - [`b2a68bc`](https://togithub.com/aquasecurity/trivy/commit/b2a68bc06) chore(deps): bump k8s.io/api from 0.27.3 to 0.27.4 ([#​4918](https://togithub.com/aquasecurity/trivy/issues/4918)) - [`e5c0c15`](https://togithub.com/aquasecurity/trivy/commit/e5c0c15b6) chore(deps): bump github.com/secure-systems-lab/go-securesystemslib ([#​4919](https://togithub.com/aquasecurity/trivy/issues/4919)) - [`da37803`](https://togithub.com/aquasecurity/trivy/commit/da37803d5) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts ([#​4913](https://togithub.com/aquasecurity/trivy/issues/4913)) - [`9744e64`](https://togithub.com/aquasecurity/trivy/commit/9744e6498) chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 ([#​4915](https://togithub.com/aquasecurity/trivy/issues/4915)) - [`99eebc6`](https://togithub.com/aquasecurity/trivy/commit/99eebc670) docs: update the discussion template ([#​4928](https://togithub.com/aquasecurity/trivy/issues/4928)) ### [`v0.44.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.44.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.43.1...v0.44.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4903](https://togithub.com/aquasecurity/trivy/discussions/4903) #### Changelog - [`d19c7d9`](https://togithub.com/aquasecurity/trivy/commit/d19c7d9f2) feat(repo): support local repositories ([#​4890](https://togithub.com/aquasecurity/trivy/issues/4890)) - [`3c19761`](https://togithub.com/aquasecurity/trivy/commit/3c1976187) bump go-dep-parser ([#​4893](https://togithub.com/aquasecurity/trivy/issues/4893)) - [`e1c2a8c`](https://togithub.com/aquasecurity/trivy/commit/e1c2a8c80) fix(misconf): add missing fields to proto ([#​4861](https://togithub.com/aquasecurity/trivy/issues/4861)) - [`8b8e0e8`](https://togithub.com/aquasecurity/trivy/commit/8b8e0e83d) fix: remove trivy-db package replacement ([#​4877](https://togithub.com/aquasecurity/trivy/issues/4877)) - [`f9efe44`](https://togithub.com/aquasecurity/trivy/commit/f9efe44fd) chore(test): bump the integration test timeout to 15m ([#​4880](https://togithub.com/aquasecurity/trivy/issues/4880)) - [`7271d68`](https://togithub.com/aquasecurity/trivy/commit/7271d682f) chore(deps): Update defsec to v0.91.0 ([#​4886](https://togithub.com/aquasecurity/trivy/issues/4886)) - [`c3bc67c`](https://togithub.com/aquasecurity/trivy/commit/c3bc67c89) chore: update CODEOWNERS ([#​4871](https://togithub.com/aquasecurity/trivy/issues/4871)) - [`232ba82`](https://togithub.com/aquasecurity/trivy/commit/232ba823e) feat(vuln): support vulnerability status ([#​4867](https://togithub.com/aquasecurity/trivy/issues/4867)) - [`11618c9`](https://togithub.com/aquasecurity/trivy/commit/11618c940) feat(misconf): Support custom URLs for policy bundle ([#​4834](https://togithub.com/aquasecurity/trivy/issues/4834)) - [`0707569`](https://togithub.com/aquasecurity/trivy/commit/07075696d) refactor: replace with sortable packages ([#​4858](https://togithub.com/aquasecurity/trivy/issues/4858)) - [`fbe1c9e`](https://togithub.com/aquasecurity/trivy/commit/fbe1c9eb1) docs: correct license scanning sample command ([#​4855](https://togithub.com/aquasecurity/trivy/issues/4855)) - [`20c2246`](https://togithub.com/aquasecurity/trivy/commit/20c2246a6) fix(report): close the file ([#​4842](https://togithub.com/aquasecurity/trivy/issues/4842)) - [`24a3e54`](https://togithub.com/aquasecurity/trivy/commit/24a3e547d) feat(nodejs): add support for include-dev-deps flag for yarn ([#​4812](https://togithub.com/aquasecurity/trivy/issues/4812)) - [`a7bd7bb`](https://togithub.com/aquasecurity/trivy/commit/a7bd7bb65) feat(misconf): Add support for independently enabling libraries ([#​4070](https://togithub.com/aquasecurity/trivy/issues/4070)) - [`4aa9ea0`](https://togithub.com/aquasecurity/trivy/commit/4aa9ea096) feat(secret): add secret config file for cache calculation ([#​4837](https://togithub.com/aquasecurity/trivy/issues/4837)) - [`5d349d8`](https://togithub.com/aquasecurity/trivy/commit/5d349d814) Fix a link in gitlab-ci.md ([#​4850](https://togithub.com/aquasecurity/trivy/issues/4850)) - [`a61531c`](https://togithub.com/aquasecurity/trivy/commit/a61531c1f) fix(flag): use globalstar to skip directories ([#​4854](https://togithub.com/aquasecurity/trivy/issues/4854)) - [`78cc209`](https://togithub.com/aquasecurity/trivy/commit/78cc20937) chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible ([#​4849](https://togithub.com/aquasecurity/trivy/issues/4849)) - [`9399604`](https://togithub.com/aquasecurity/trivy/commit/93996041b) fix(license): using common way for splitting licenses ([#​4434](https://togithub.com/aquasecurity/trivy/issues/4434)) - [`3e2416d`](https://togithub.com/aquasecurity/trivy/commit/3e2416d77) fix(containerd): Use img platform in exporter instead of strict host platform ([#​4477](https://togithub.com/aquasecurity/trivy/issues/4477)) - [`ce77bb4`](https://togithub.com/aquasecurity/trivy/commit/ce77bb46c) remove govulndb ([#​4783](https://togithub.com/aquasecurity/trivy/issues/4783)) - [`c05caae`](https://togithub.com/aquasecurity/trivy/commit/c05caae43) fix(java): inherit licenses from parents ([#​4817](https://togithub.com/aquasecurity/trivy/issues/4817)) - [`aca11b9`](https://togithub.com/aquasecurity/trivy/commit/aca11b95d) refactor: add allowed values for CLI flags ([#​4800](https://togithub.com/aquasecurity/trivy/issues/4800)) - [`4cecd17`](https://togithub.com/aquasecurity/trivy/commit/4cecd17ea) add example regex to allow rules ([#​4827](https://togithub.com/aquasecurity/trivy/issues/4827)) - [`4bc8d29`](https://togithub.com/aquasecurity/trivy/commit/4bc8d29c1) feat(misconf): Support custom data for rego policies for cloud ([#​4745](https://togithub.com/aquasecurity/trivy/issues/4745)) - [`88243a0`](https://togithub.com/aquasecurity/trivy/commit/88243a0ad) docs: correcting the trivy k8s tutorial ([#​4815](https://togithub.com/aquasecurity/trivy/issues/4815)) - [`3c7d988`](https://togithub.com/aquasecurity/trivy/commit/3c7d988d7) feat(cli): add --tf-exclude-downloaded-modules flag ([#​4810](https://togithub.com/aquasecurity/trivy/issues/4810)) - [`fd0fd10`](https://togithub.com/aquasecurity/trivy/commit/fd0fd104f) fix(sbom): cyclonedx recommendations should include fixed versions for each package ([#​4794](https://togithub.com/aquasecurity/trivy/issues/4794)) - [`d0d543b`](https://togithub.com/aquasecurity/trivy/commit/d0d543b88) feat(misconf): enable --policy flag to accept directory and files both ([#​4777](https://togithub.com/aquasecurity/trivy/issues/4777)) - [`b43a3e6`](https://togithub.com/aquasecurity/trivy/commit/b43a3e623) feat(python): add license fields ([#​4722](https://togithub.com/aquasecurity/trivy/issues/4722)) - [`aef7b14`](https://togithub.com/aquasecurity/trivy/commit/aef7b148a) fix: support trivy k8s-version on k8s sub-command ([#​4786](https://togithub.com/aquasecurity/trivy/issues/4786)) ### [`v0.43.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.43.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.43.0...v0.43.1) #### Changelog - [`5d76aba`](https://togithub.com/aquasecurity/trivy/commit/5d76abadc) chore(deps): Update defsec to v0.90.3 ([#​4793](https://togithub.com/aquasecurity/trivy/issues/4793)) - [`fed446c`](https://togithub.com/aquasecurity/trivy/commit/fed446c51) chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 ([#​4752](https://togithub.com/aquasecurity/trivy/issues/4752)) - [`df62927`](https://togithub.com/aquasecurity/trivy/commit/df62927e5) chore(deps): bump alpine from 3.18.0 to 3.18.2 ([#​4748](https://togithub.com/aquasecurity/trivy/issues/4748)) - [`1b9b9a8`](https://togithub.com/aquasecurity/trivy/commit/1b9b9a84f) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 ([#​4758](https://togithub.com/aquasecurity/trivy/issues/4758)) - [`3c16ca8`](https://togithub.com/aquasecurity/trivy/commit/3c16ca821) docs(image): fix the comment on the soft/hard link ([#​4740](https://togithub.com/aquasecurity/trivy/issues/4740)) - [`e5bee5c`](https://togithub.com/aquasecurity/trivy/commit/e5bee5ccc) check Type when filling pkgs in vulns ([#​4776](https://togithub.com/aquasecurity/trivy/issues/4776)) - [`4b9f310`](https://togithub.com/aquasecurity/trivy/commit/4b9f310b9) feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script ([#​4770](https://togithub.com/aquasecurity/trivy/issues/4770)) - [`8e7fb7c`](https://togithub.com/aquasecurity/trivy/commit/8e7fb7cc8) chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 ([#​4756](https://togithub.com/aquasecurity/trivy/issues/4756)) - [`a9badea`](https://togithub.com/aquasecurity/trivy/commit/a9badeaba) fix(rocky): add architectures support for advisories ([#​4691](https://togithub.com/aquasecurity/trivy/issues/4691)) - [`f8ebccc`](https://togithub.com/aquasecurity/trivy/commit/f8ebccc68) chore(deps): bump github.com/opencontainers/image-spec ([#​4751](https://togithub.com/aquasecurity/trivy/issues/4751)) - [`1c81948`](https://togithub.com/aquasecurity/trivy/commit/1c81948e0) chore(deps): bump github.com/package-url/packageurl-go ([#​4754](https://togithub.com/aquasecurity/trivy/issues/4754)) - [`497cc10`](https://togithub.com/aquasecurity/trivy/commit/497cc10d8) chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 ([#​4750](https://togithub.com/aquasecurity/trivy/issues/4750)) - [`065f0af`](https://togithub.com/aquasecurity/trivy/commit/065f0afa5) chore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 ([#​4755](https://togithub.com/aquasecurity/trivy/issues/4755)) - [`e260305`](https://togithub.com/aquasecurity/trivy/commit/e2603056d) chore(deps): bump github.com/testcontainers/testcontainers-go ([#​4759](https://togithub.com/aquasecurity/trivy/issues/4759)) - [`0621402`](https://togithub.com/aquasecurity/trivy/commit/0621402bf) fix: documentation about reseting trivy image ([#​4733](https://togithub.com/aquasecurity/trivy/issues/4733)) - [`798fdbc`](https://togithub.com/aquasecurity/trivy/commit/798fdbc01) fix(suse): Add openSUSE Leap 15.5 eol date as well ([#​4744](https://togithub.com/aquasecurity/trivy/issues/4744)) - [`34a8929`](https://togithub.com/aquasecurity/trivy/commit/34a89293d) fix: update Amazon Linux 1 EOL ([#​4761](https://togithub.com/aquasecurity/trivy/issues/4761)) ### [`v0.43.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.43.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.42.1...v0.43.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4741](https://togithub.com/aquasecurity/trivy/discussions/4741) #### Changelog - [`6008192`](https://togithub.com/aquasecurity/trivy/commit/600819248) chore(deps): Update defsec to v0.90.1 ([#​4739](https://togithub.com/aquasecurity/trivy/issues/4739)) - [`73734ea`](https://togithub.com/aquasecurity/trivy/commit/73734eab2) feat(nodejs): support yarn workspaces ([#​4664](https://togithub.com/aquasecurity/trivy/issues/4664)) - [`22463ab`](https://togithub.com/aquasecurity/trivy/commit/22463abab) feat(cli): add include-dev-deps flag ([#​4700](https://togithub.com/aquasecurity/trivy/issues/4700)) - [`790c805`](https://togithub.com/aquasecurity/trivy/commit/790c8054e) fix(image): pass the secret scanner option to scan the img config ([#​4735](https://togithub.com/aquasecurity/trivy/issues/4735)) - [`86fec9c`](https://togithub.com/aquasecurity/trivy/commit/86fec9c4a) fix: scan job pod it not found on k8s-1.27.x ([#​4729](https://togithub.com/aquasecurity/trivy/issues/4729)) - [`26bc911`](https://togithub.com/aquasecurity/trivy/commit/26bc91160) feat(docker): add support for mTLS authentication when connecting to registry ([#​4649](https://togithub.com/aquasecurity/trivy/issues/4649)) - [`d699e8c`](https://togithub.com/aquasecurity/trivy/commit/d699e8c10) chore(deps): Update defsec to v0.90.0 ([#​4723](https://togithub.com/aquasecurity/trivy/issues/4723)) - [`1777878`](https://togithub.com/aquasecurity/trivy/commit/1777878e8) fix: skip scanning the gpg-pubkey package ([#​4720](https://togithub.com/aquasecurity/trivy/issues/4720)) - [`9be0825`](https://togithub.com/aquasecurity/trivy/commit/9be08253a) Fix http registry oci pull ([#​4701](https://togithub.com/aquasecurity/trivy/issues/4701)) - [`5d73b47`](https://togithub.com/aquasecurity/trivy/commit/5d73b47db) feat(misconf): Support skipping services ([#​4686](https://togithub.com/aquasecurity/trivy/issues/4686)) - [`46e784c`](https://togithub.com/aquasecurity/trivy/commit/46e784c8a) docs: fix supported modes for pubspec.lock files ([#​4713](https://togithub.com/aquasecurity/trivy/issues/4713)) - [`0f61a84`](https://togithub.com/aquasecurity/trivy/commit/0f61a8471) fix(misconf): disable the terraform plan analyzer for other scanners ([#​4714](https://togithub.com/aquasecurity/trivy/issues/4714)) - [`8a1aa44`](https://togithub.com/aquasecurity/trivy/commit/8a1aa448a) clarifying a dir path is required for custom policies ([#​4716](https://togithub.com/aquasecurity/trivy/issues/4716)) - [`fbab9ee`](https://togithub.com/aquasecurity/trivy/commit/fbab9eea3) chore: update alpine base images ([#​4715](https://togithub.com/aquasecurity/trivy/issues/4715)) - [`f84417b`](https://togithub.com/aquasecurity/trivy/commit/f84417bba) fix last-history-created ([#​4697](https://togithub.com/aquasecurity/trivy/issues/4697)) - [`85c681d`](https://togithub.com/aquasecurity/trivy/commit/85c681d44) feat: kbom and cyclonedx v1.5 spec support ([#​4708](https://togithub.com/aquasecurity/trivy/issues/4708)) - [`46748ce`](https://togithub.com/aquasecurity/trivy/commit/46748ce6e) docs: add information about Aqua ([#​4590](https://togithub.com/aquasecurity/trivy/issues/4590)) - [`c6741bd`](https://togithub.com/aquasecurity/trivy/commit/c6741bddf) fix: k8s escape resource filename on windows os ([#​4693](https://togithub.com/aquasecurity/trivy/issues/4693)) - [`a21acc7`](https://togithub.com/aquasecurity/trivy/commit/a21acc7e0) ci: ignore merge queue branches ([#​4696](https://togithub.com/aquasecurity/trivy/issues/4696)) - [`32a3a33`](https://togithub.com/aquasecurity/trivy/commit/32a3a3311) chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 ([#​4695](https://togithub.com/aquasecurity/trivy/issues/4695)) - [`cbb47dc`](https://togithub.com/aquasecurity/trivy/commit/cbb47dc7c) chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 ([#​4694](https://togithub.com/aquasecurity/trivy/issues/4694)) - [`e3d10d2`](https://togithub.com/aquasecurity/trivy/commit/e3d10d251) feat: cyclondx sbom custom property support ([#​4688](https://togithub.com/aquasecurity/trivy/issues/4688)) - [`e1770e0`](https://togithub.com/aquasecurity/trivy/commit/e1770e046) ci: do not trigger tests in main ([#​4692](https://togithub.com/aquasecurity/trivy/issues/4692)) - [`337c0b7`](https://togithub.com/aquasecurity/trivy/commit/337c0b70d) add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date ([#​4690](https://togithub.com/aquasecurity/trivy/issues/4690)) - [`5ccee14`](https://togithub.com/aquasecurity/trivy/commit/5ccee1430) use group field for jar in cyclonedx ([#​4674](https://togithub.com/aquasecurity/trivy/issues/4674)) - [`96db52c`](https://togithub.com/aquasecurity/trivy/commit/96db52c3f) feat(java): capture licenses from pom.xml ([#​4681](https://togithub.com/aquasecurity/trivy/issues/4681)) - [`3e902a5`](https://togithub.com/aquasecurity/trivy/commit/3e902a57a) feat(helm): make sessionAffinity configurable ([#​4623](https://togithub.com/aquasecurity/trivy/issues/4623)) - [`904f1cf`](https://togithub.com/aquasecurity/trivy/commit/904f1cf24) fix: Show the correct URL of the secret scanning ([#​4682](https://togithub.com/aquasecurity/trivy/issues/4682)) - [`7d48c5d`](https://togithub.com/aquasecurity/trivy/commit/7d48c5d5d) document expected file pattern definition format ([#​4654](https://togithub.com/aquasecurity/trivy/issues/4654)) - [`dcc73e9`](https://togithub.com/aquasecurity/trivy/commit/dcc73e964) fix: format arg error ([#​4642](https://togithub.com/aquasecurity/trivy/issues/4642)) - [`35c4262`](https://togithub.com/aquasecurity/trivy/commit/35c4262d0) feat(k8s): cyclonedx kbom support ([#​4557](https://togithub.com/aquasecurity/trivy/issues/4557)) - [`0e01851`](https://togithub.com/aquasecurity/trivy/commit/0e01851e9) fix(nodejs): remove unused fields for the pnpm lockfile ([#​4630](https://togithub.com/aquasecurity/trivy/issues/4630)) - [`4d9b444`](https://togithub.com/aquasecurity/trivy/commit/4d9b44449) fix(vm): update ext4-filesystem parser for parse multi block extents ([#​4616](https://togithub.com/aquasecurity/trivy/issues/4616)) - [`c29197a`](https://togithub.com/aquasecurity/trivy/commit/c29197ab7) ci: update build IDs ([#​4641](https://togithub.com/aquasecurity/trivy/issues/4641)) - [`d7637ad`](https://togithub.com/aquasecurity/trivy/commit/d7637adc6) fix(debian): update EOL for Debian 12 ([#​4647](https://togithub.com/aquasecurity/trivy/issues/4647)) - [`ef39eee`](https://togithub.com/aquasecurity/trivy/commit/ef39eeedf) chore(deps): bump go-containerregistry ([#​4639](https://togithub.com/aquasecurity/trivy/issues/4639)) - [`1ce8bb5`](https://togithub.com/aquasecurity/trivy/commit/1ce8bb535) chore: unnecessary use of fmt.Sprintf (S1039) ([#​4637](https://togithub.com/aquasecurity/trivy/issues/4637)) - [`bc9513f`](https://togithub.com/aquasecurity/trivy/commit/bc9513fc5) fix(db): change argument order in Exists query for JavaDB ([#​4595](https://togithub.com/aquasecurity/trivy/issues/4595)) - [`aecd2f0`](https://togithub.com/aquasecurity/trivy/commit/aecd2f0bf) feat(aws): Add support to see successes in results ([#​4427](https://togithub.com/aquasecurity/trivy/issues/4427)) - [`2cbf402`](https://togithub.com/aquasecurity/trivy/commit/2cbf402b6) chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 ([#​4613](https://togithub.com/aquasecurity/trivy/issues/4613)) - [`0099b20`](https://togithub.com/aquasecurity/trivy/commit/0099b20e3) ci: do not trigger tests in main ([#​4614](https://togithub.com/aquasecurity/trivy/issues/4614)) - [`a597a54`](https://togithub.com/aquasecurity/trivy/commit/a597a54fb) chore(deps): bump sigstore/cosign-installer ([#​4609](https://togithub.com/aquasecurity/trivy/issues/4609)) - [`b453fbe`](https://togithub.com/aquasecurity/trivy/commit/b453fbec3) chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 ([#​4608](https://togithub.com/aquasecurity/trivy/issues/4608)) - [`0e876d5`](https://togithub.com/aquasecurity/trivy/commit/0e876d5aa) ci: bypass the required status checks ([#​4611](https://togithub.com/aquasecurity/trivy/issues/4611)) - [`a4f27d2`](https://togithub.com/aquasecurity/trivy/commit/a4f27d24a) ci: support merge queue ([#​3652](https://togithub.com/aquasecurity/trivy/issues/3652)) - [`9e6411e`](https://togithub.com/aquasecurity/trivy/commit/9e6411e9f) ci: matrix build for testing ([#​4587](https://togithub.com/aquasecurity/trivy/issues/4587)) - [`ef6538a`](https://togithub.com/aquasecurity/trivy/commit/ef6538a17) feat: trivy k8s private registry support ([#​4567](https://togithub.com/aquasecurity/trivy/issues/4567)) - [`139f3e1`](https://togithub.com/aquasecurity/trivy/commit/139f3e1e3) docs: add general coverage page ([#​3859](https://togithub.com/aquasecurity/trivy/issues/3859)) - [`479cfdd`](https://togithub.com/aquasecurity/trivy/commit/479cfdd40) chore: create SECURITY.md ([#​4601](https://togithub.com/aquasecurity/trivy/issues/4601)) ### [`v0.42.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.42.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.42.0...v0.42.1) #### Changelog - [`9a279fa`](https://togithub.com/aquasecurity/trivy/commit/9a279fa7b) ci: remove 32bit packages ([#​4585](https://togithub.com/aquasecurity/trivy/issues/4585)) - [`d52b0b7`](https://togithub.com/aquasecurity/trivy/commit/d52b0b7bc) fix(misconf): deduplicate misconf results ([#​4588](https://togithub.com/aquasecurity/trivy/issues/4588)) - [`9b531fa`](https://togithub.com/aquasecurity/trivy/commit/9b531fa27) fix(vm): support sector size of 4096 ([#​4564](https://togithub.com/aquasecurity/trivy/issues/4564)) - [`8ca1bfd`](https://togithub.com/aquasecurity/trivy/commit/8ca1bfdd2) fix(misconf): terraform relative paths ([#​4571](https://togithub.com/aquasecurity/trivy/issues/4571)) - [`c20d466`](https://togithub.com/aquasecurity/trivy/commit/c20d46604) fix(purl): skip unsupported library type ([#​4577](https://togithub.com/aquasecurity/trivy/issues/4577)) - [`52cbe79`](https://togithub.com/aquasecurity/trivy/commit/52cbe7975) fix(terraform): recursively detect all Root Modules ([#​4457](https://togithub.com/aquasecurity/trivy/issues/4457)) - [`4a5b915`](https://togithub.com/aquasecurity/trivy/commit/4a5b91557) fix(vm): support post analyzer for vm command ([#​4544](https://togithub.com/aquasecurity/trivy/issues/4544)) - [`56cdc55`](https://togithub.com/aquasecurity/trivy/commit/56cdc55f7) fix(nodejs): change the type of the devDependencies field ([#​4560](https://togithub.com/aquasecurity/trivy/issues/4560)) - [`17d7536`](https://togithub.com/aquasecurity/trivy/commit/17d753676) fix(sbom): export empty dependencies in CycloneDX ([#​4568](https://togithub.com/aquasecurity/trivy/issues/4568)) - [`2796abe`](https://togithub.com/aquasecurity/trivy/commit/2796abe1e) refactor: add composite fs for post-analyzers ([#​4556](https://togithub.com/aquasecurity/trivy/issues/4556)) - [`22a1573`](https://togithub.com/aquasecurity/trivy/commit/22a157380) chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 ([#​4554](https://togithub.com/aquasecurity/trivy/issues/4554)) - [`4358665`](https://togithub.com/aquasecurity/trivy/commit/43586659a) chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 ([#​4526](https://togithub.com/aquasecurity/trivy/issues/4526)) - [`5081399`](https://togithub.com/aquasecurity/trivy/commit/508139965) chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 ([#​4528](https://togithub.com/aquasecurity/trivy/issues/4528)) - [`e1a3812`](https://togithub.com/aquasecurity/trivy/commit/e1a38128a) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 ([#​4529](https://togithub.com/aquasecurity/trivy/issues/4529)) - [`283eef6`](https://togithub.com/aquasecurity/trivy/commit/283eef637) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 ([#​4536](https://togithub.com/aquasecurity/trivy/issues/4536)) - [`bbd7b98`](https://togithub.com/aquasecurity/trivy/commit/bbd7b9874) chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 ([#​4549](https://togithub.com/aquasecurity/trivy/issues/4549)) - [`11c81bf`](https://togithub.com/aquasecurity/trivy/commit/11c81bf2f) chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 ([#​4532](https://togithub.com/aquasecurity/trivy/issues/4532)) - [`2d8d63e`](https://togithub.com/aquasecurity/trivy/commit/2d8d63e61) chore(deps): bump github.com/testcontainers/testcontainers-go ([#​4537](https://togithub.com/aquasecurity/trivy/issues/4537)) - [`a46839b`](https://togithub.com/aquasecurity/trivy/commit/a46839b1c) chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 ([#​4530](https://togithub.com/aquasecurity/trivy/issues/4530)) - [`19715f5`](https://togithub.com/aquasecurity/trivy/commit/19715f5de) chore(deps): bump github.com/aws/aws-sdk-go-v2/config ([#​4534](https://togithub.com/aquasecurity/trivy/issues/4534)) ### [`v0.42.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.42.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.41.0...v0.42.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4541](https://togithub.com/aquasecurity/trivy/discussions/4541) #### Changelog - [`854b639`](https://togithub.com/aquasecurity/trivy/commit/854b63940) chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 ([#​4533](https://togithub.com/aquasecurity/trivy/issues/4533)) - [`59e1a86`](https://togithub.com/aquasecurity/trivy/commit/59e1a8664) chore(deps): bump alpine from 3.17.3 to 3.18.0 ([#​4525](https://togithub.com/aquasecurity/trivy/issues/4525)) - [`9ef0113`](https://togithub.com/aquasecurity/trivy/commit/9ef01133c) feat: add SBOM analyzer ([#​4210](https://togithub.com/aquasecurity/trivy/issues/4210)) - [`dadd1e1`](https://togithub.com/aquasecurity/trivy/commit/dadd1e10c) fix(sbom): update logic for work with files in spdx format ([#​4513](https://togithub.com/aquasecurity/trivy/issues/4513)) - [`1a65821`](https://togithub.com/aquasecurity/trivy/commit/1a658210a) feat: azure workload identity support ([#​4489](https://togithub.com/aquasecurity/trivy/issues/4489)) - [`411862c`](https://togithub.com/aquasecurity/trivy/commit/411862c90) feat(ubuntu): add eol date for 18.04 ESM ([#​4524](https://togithub.com/aquasecurity/trivy/issues/4524)) - [`62a1aaf`](https://togithub.com/aquasecurity/trivy/commit/62a1aaf03) fix(misconf): Update required extensions for terraformplan ([#​4523](https://togithub.com/aquasecurity/trivy/issues/4523)) - [`48b2e15`](https://togithub.com/aquasecurity/trivy/commit/48b2e15c2) refactor(cyclonedx): add intermediate representation ([#​4490](https://togithub.com/aquasecurity/trivy/issues/4490)) - [`c15f269`](https://togithub.com/aquasecurity/trivy/commit/c15f269a9) fix(misconf): Remove debug print while scanning ([#​4521](https://togithub.com/aquasecurity/trivy/issues/4521)) - [`b6ee08e`](https://togithub.com/aquasecurity/trivy/commit/b6ee08e55) fix(java): remove duplicates of jar libs ([#​4515](https://togithub.com/aquasecurity/trivy/issues/4515)) - [`d474040`](https://togithub.com/aquasecurity/trivy/commit/d4740401a) fix(java): fix overwriting project props in pom.xml ([#​4498](https://togithub.com/aquasecurity/trivy/issues/4498)) - [`4cf2f94`](https://togithub.com/aquasecurity/trivy/commit/4cf2f94d0) docs: Update compilation instructions ([#​4512](https://togithub.com/aquasecurity/trivy/issues/4512)) - [`18ce1c3`](https://togithub.com/aquasecurity/trivy/commit/18ce1c336) fix(nodejs): update logic for parsing pnpm lock files ([#​4502](https://togithub.com/aquasecurity/trivy/issues/4502)) - [`87eed38`](https://togithub.com/aquasecurity/trivy/commit/87eed38c6) fix(secret): remove aws-account-id rule ([#​4494](https://togithub.com/aquasecurity/trivy/issues/4494)) - [`b0c591e`](https://togithub.com/aquasecurity/trivy/commit/b0c591ef6) feat(oci): add support for referencing an input image by digest ([#​4470](https://togithub.com/aquasecurity/trivy/issues/4470)) - [`b84b5ec`](https://togithub.com/aquasecurity/trivy/commit/b84b5ecfc) chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 ([#​4338](https://togithub.com/aquasecurity/trivy/issues/4338)) - [`305255a`](https://togithub.com/aquasecurity/trivy/commit/305255a49) docs: fixed the format ([#​4503](https://togithub.com/aquasecurity/trivy/issues/4503)) - [`d586de5`](https://togithub.com/aquasecurity/trivy/commit/d586de585) fix(java): add support of \* for exclusions for pom.xml files ([#​4501](https://togithub.com/aquasecurity/trivy/issues/4501)) - [`de6eef3`](https://togithub.com/aquasecurity/trivy/commit/de6eef3b0) feat: adding issue template for documentation ([#​4453](https://togithub.com/aquasecurity/trivy/issues/4453)) - [`83a9c4a`](https://togithub.com/aquasecurity/trivy/commit/83a9c4a4c) docs: switch glad to ghsa for Go ([#​4493](https://togithub.com/aquasecurity/trivy/issues/4493)) - [`5372722`](https://togithub.com/aquasecurity/trivy/commit/537272257) chore(deps): Update defsec to v0.89.0 ([#​4474](https://togithub.com/aquasecurity/trivy/issues/4474)) - [`6fcd153`](https://togithub.com/aquasecurity/trivy/commit/6fcd1538d) feat(misconf): Add terraformplan support ([#​4342](https://togithub.com/aquasecurity/trivy/issues/4342)) - [`72e302c`](https://togithub.com/aquasecurity/trivy/commit/72e302cf8) feat(debian): add digests for dpkg ([#​4445](https://togithub.com/aquasecurity/trivy/issues/4445)) - [`7e99d08`](https://togithub.com/aquasecurity/trivy/commit/7e99d08a1) chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 ([#​4478](https://togithub.com/aquasecurity/trivy/issues/4478)) - [`12a1789`](https://togithub.com/aquasecurity/trivy/commit/12a1789be) feat(k8s): exclude node scanning by node labels ([#​4459](https://togithub.com/aquasecurity/trivy/issues/4459)) - [`919e8c9`](https://togithub.com/aquasecurity/trivy/commit/919e8c92b) docs: add info about multi-line mode for regexp from custom secret rules ([#​4159](https://togithub.com/aquasecurity/trivy/issues/4159)) - [`50fe43f`](https://togithub.com/aquasecurity/trivy/commit/50fe43f14) feat(cli): convert JSON reports into a different format ([#​4452](https://togithub.com/aquasecurity/trivy/issues/4452)) - [`09db1d4`](https://togithub.com/aquasecurity/trivy/commit/09db1d438) feat(image): add logic to guess base layer for docker-cis scan ([#​4344](https://togithub.com/aquasecurity/trivy/issues/4344)) - [`3f0721f`](https://togithub.com/aquasecurity/trivy/commit/3f0721ff6) fix(cyclonedx): set original names for packages ([#​4306](https://togithub.com/aquasecurity/trivy/issues/4306)) - [`0ef0dad`](https://togithub.com/aquasecurity/trivy/commit/0ef0dadb1) feat: group subcommands ([#​4449](https://togithub.com/aquasecurity/trivy/issues/4449)) - [`3a7717f`](https://togithub.com/aquasecurity/trivy/commit/3a7717fde) feat(cli): add retry to cache operations ([#​4189](https://togithub.com/aquasecurity/trivy/issues/4189)) - [`63cfb27`](https://togithub.com/aquasecurity/trivy/commit/63cfb2714) fix(vuln): report architecture for `apk` packages ([#​4247](https://togithub.com/aquasecurity/trivy/issues/4247)) - [`e136136`](https://togithub.com/aquasecurity/trivy/commit/e1361368a) refactor: enable cases where return values are not needed in pipeline ([#​4443](https://togithub.com/aquasecurity/trivy/issues/4443)) - [`29b5f7e`](https://togithub.com/aquasecurity/trivy/commit/29b5f7e8e) fix(image): resolve scan deadlock when error occurs in slow mode ([#​4336](https://togithub.com/aquasecurity/trivy/issues/4336)) - [`92ed344`](https://togithub.com/aquasecurity/trivy/commit/92ed344e8) docs(misconf): Update docs for kubernetes file patterns ([#​4435](https://togithub.com/aquasecurity/trivy/issues/4435)) - [`16af41b`](https://togithub.com/aquasecurity/trivy/commit/16af41be1) test: k8s integration tests ([#​4423](https://togithub.com/aquasecurity/trivy/issues/4423)) - [`cab8569`](https://togithub.com/aquasecurity/trivy/commit/cab8569cd) feat(redhat): add package digest for rpm ([#​4410](https://togithub.com/aquasecurity/trivy/issues/4410)) - [`92f9e98`](https://togithub.com/aquasecurity/trivy/commit/92f9e98d0) feat(misconf): Add `--reset-policy-bundle` for policy bundle ([#​4167](https://togithub.com/aquasecurity/trivy/issues/4167)) - [`33fb047`](https://togithub.com/aquasecurity/trivy/commit/33fb04763) fix: typo ([#​4431](https://togithub.com/aquasecurity/trivy/issues/4431)) - [`8b162f2`](https://togithub.com/aquasecurity/trivy/commit/8b162f287) add user instruction to imgconf (

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.