Closed renovate[bot] closed 6 months ago
This PR contains the following updates:
0.47.0
0.49.1
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
0.47.0->0.49.1Release Notes
aquasecurity/trivy (trivy)
### [`v0.49.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.49.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.49.0...v0.49.1) #### Changelog - [`6ccc0a5`](https://togithub.com/aquasecurity/trivy/commit/6ccc0a554) fix: check unescaped `BomRef` when matching `PkgIdentifier` ([#6025](https://togithub.com/aquasecurity/trivy/issues/6025)) - [`458c5d9`](https://togithub.com/aquasecurity/trivy/commit/458c5d95e) docs: Fix broken link to "pronunciation" ([#6057](https://togithub.com/aquasecurity/trivy/issues/6057)) - [`5c0ff6d`](https://togithub.com/aquasecurity/trivy/commit/5c0ff6dad) chore(deps): bump actions/upload-artifact from 3 to 4 ([#6047](https://togithub.com/aquasecurity/trivy/issues/6047)) - [`e2bd7f7`](https://togithub.com/aquasecurity/trivy/commit/e2bd7f75d) chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 ([#6042](https://togithub.com/aquasecurity/trivy/issues/6042)) - [`f95fbcb`](https://togithub.com/aquasecurity/trivy/commit/f95fbcb67) chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 ([#6043](https://togithub.com/aquasecurity/trivy/issues/6043)) - [`7651bf5`](https://togithub.com/aquasecurity/trivy/commit/7651bf59b) ci: reduce `root-reserve-mb` size for `maximize-build-space` ([#6064](https://togithub.com/aquasecurity/trivy/issues/6064)) - [`fc20dfd`](https://togithub.com/aquasecurity/trivy/commit/fc20dfdd8) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 ([#6041](https://togithub.com/aquasecurity/trivy/issues/6041)) - [`3bd80e7`](https://togithub.com/aquasecurity/trivy/commit/3bd80e7c2) chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 ([#6039](https://togithub.com/aquasecurity/trivy/issues/6039)) - [`2900a21`](https://togithub.com/aquasecurity/trivy/commit/2900a2117) fix: fix cursor usage in Redis Clear function ([#6056](https://togithub.com/aquasecurity/trivy/issues/6056)) - [`85cb9a7`](https://togithub.com/aquasecurity/trivy/commit/85cb9a763) chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 ([#6037](https://togithub.com/aquasecurity/trivy/issues/6037)) - [`4e962c0`](https://togithub.com/aquasecurity/trivy/commit/4e962c02a) fix(nodejs): add local packages support for `pnpm-lock.yaml` files ([#6034](https://togithub.com/aquasecurity/trivy/issues/6034)) - [`aa48a7b`](https://togithub.com/aquasecurity/trivy/commit/aa48a7b86) chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 ([#6046](https://togithub.com/aquasecurity/trivy/issues/6046)) - [`8aabbea`](https://togithub.com/aquasecurity/trivy/commit/8aabbea2d) chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 ([#6044](https://togithub.com/aquasecurity/trivy/issues/6044)) - [`ec02a65`](https://togithub.com/aquasecurity/trivy/commit/ec02a655a) chore(deps): bump actions/cache from 3.3.2 to 4.0.0 ([#6048](https://togithub.com/aquasecurity/trivy/issues/6048)) - [`27d35ba`](https://togithub.com/aquasecurity/trivy/commit/27d35baa4) test: fix flaky `TestDockerEngine` ([#6054](https://togithub.com/aquasecurity/trivy/issues/6054)) - [`c3a66da`](https://togithub.com/aquasecurity/trivy/commit/c3a66da9c) chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 ([#6040](https://togithub.com/aquasecurity/trivy/issues/6040)) - [`2000fe2`](https://togithub.com/aquasecurity/trivy/commit/2000fe24c) chore(deps): bump easimon/maximize-build-space from 9 to 10 ([#6049](https://togithub.com/aquasecurity/trivy/issues/6049)) - [`2be6421`](https://togithub.com/aquasecurity/trivy/commit/2be642154) chore(deps): bump alpine from 3.19.0 to 3.19.1 ([#6051](https://togithub.com/aquasecurity/trivy/issues/6051)) - [`41c0ef6`](https://togithub.com/aquasecurity/trivy/commit/41c0ef642) chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 ([#6028](https://togithub.com/aquasecurity/trivy/issues/6028)) ### [`v0.49.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.49.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.48.3...v0.49.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/6033](https://togithub.com/aquasecurity/trivy/discussions/6033) #### Changelog - [`729a051`](https://togithub.com/aquasecurity/trivy/commit/729a0512a) fix(java): recursive check all nested depManagements with import scope for pom.xml files ([#5982](https://togithub.com/aquasecurity/trivy/issues/5982)) - [`884745b`](https://togithub.com/aquasecurity/trivy/commit/884745b5e) chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 ([#6029](https://togithub.com/aquasecurity/trivy/issues/6029)) - [`59e5433`](https://togithub.com/aquasecurity/trivy/commit/59e54334d) fix(cli): inconsistent behavior across CLI flags, environment variables, and config files ([#5843](https://togithub.com/aquasecurity/trivy/issues/5843)) - [`5924c02`](https://togithub.com/aquasecurity/trivy/commit/5924c021d) feat(rust): Support workspace.members parsing for Cargo.toml analysis ([#5285](https://togithub.com/aquasecurity/trivy/issues/5285)) - [`4df9363`](https://togithub.com/aquasecurity/trivy/commit/4df936389) docs: add note about Bun ([#6001](https://togithub.com/aquasecurity/trivy/issues/6001)) - [`70dd572`](https://togithub.com/aquasecurity/trivy/commit/70dd572ef) fix(report): use `AWS_REGION` env for secrets in `asff` template ([#6011](https://togithub.com/aquasecurity/trivy/issues/6011)) - [`13f797f`](https://togithub.com/aquasecurity/trivy/commit/13f797f88) fix: check returned error before deferring f.Close() ([#6007](https://togithub.com/aquasecurity/trivy/issues/6007)) - [`adfde63`](https://togithub.com/aquasecurity/trivy/commit/adfde63d0) feat(misconf): add support of buildkit instructions when building dockerfile from image config ([#5990](https://togithub.com/aquasecurity/trivy/issues/5990)) - [`e2eb70e`](https://togithub.com/aquasecurity/trivy/commit/e2eb70ecb) feat(vuln): enable `--vex` for all targets ([#5992](https://togithub.com/aquasecurity/trivy/issues/5992)) - [`f9da021`](https://togithub.com/aquasecurity/trivy/commit/f9da02131) docs: update link to data sources ([#6000](https://togithub.com/aquasecurity/trivy/issues/6000)) - [`b4b90cf`](https://togithub.com/aquasecurity/trivy/commit/b4b90cfe2) feat(java): add support for line numbers for pom.xml files ([#5991](https://togithub.com/aquasecurity/trivy/issues/5991)) - [`fb36c4e`](https://togithub.com/aquasecurity/trivy/commit/fb36c4ed0) refactor(sbom): use new `metadata.tools` struct for CycloneDX ([#5981](https://togithub.com/aquasecurity/trivy/issues/5981)) - [`f6be42b`](https://togithub.com/aquasecurity/trivy/commit/f6be42b71) docs: Update troubleshooting guide with image not found error ([#5983](https://togithub.com/aquasecurity/trivy/issues/5983)) - [`bb6caea`](https://togithub.com/aquasecurity/trivy/commit/bb6caea5c) style: update band logos ([#5968](https://togithub.com/aquasecurity/trivy/issues/5968)) - [`189a46a`](https://togithub.com/aquasecurity/trivy/commit/189a46a01) chore(deps): Update misconfig deps ([#5956](https://togithub.com/aquasecurity/trivy/issues/5956)) - [`91a2547`](https://togithub.com/aquasecurity/trivy/commit/91a2547d1) docs: update cosign tutorial and commands, update kyverno policy ([#5929](https://togithub.com/aquasecurity/trivy/issues/5929)) - [`a96f66f`](https://togithub.com/aquasecurity/trivy/commit/a96f66f17) docs: update command to scan go binary ([#5969](https://togithub.com/aquasecurity/trivy/issues/5969)) - [`2212d14`](https://togithub.com/aquasecurity/trivy/commit/2212d1443) fix: handle non-parsable images names ([#5965](https://togithub.com/aquasecurity/trivy/issues/5965)) - [`7cad04b`](https://togithub.com/aquasecurity/trivy/commit/7cad04bdf) chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 ([#5693](https://togithub.com/aquasecurity/trivy/issues/5693)) - [`fbc1a83`](https://togithub.com/aquasecurity/trivy/commit/fbc1a83f3) fix(amazon): save system files for pkgs containing `amzn` in src ([#5951](https://togithub.com/aquasecurity/trivy/issues/5951)) - [`260aa28`](https://togithub.com/aquasecurity/trivy/commit/260aa281f) fix(alpine): Add EOL support for alpine 3.19. ([#5938](https://togithub.com/aquasecurity/trivy/issues/5938)) - [`2c9d7c6`](https://togithub.com/aquasecurity/trivy/commit/2c9d7c6b5) feat: allow end-users to adjust K8S client QPS and burst ([#5910](https://togithub.com/aquasecurity/trivy/issues/5910)) - [`ffe2ca7`](https://togithub.com/aquasecurity/trivy/commit/ffe2ca7cb) chore(deps): bump go-ebs-file ([#5934](https://togithub.com/aquasecurity/trivy/issues/5934)) - [`f90d4ee`](https://togithub.com/aquasecurity/trivy/commit/f90d4ee43) fix(nodejs): find licenses for packages with slash ([#5836](https://togithub.com/aquasecurity/trivy/issues/5836)) - [`c75143f`](https://togithub.com/aquasecurity/trivy/commit/c75143f5e) fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports ([#5922](https://togithub.com/aquasecurity/trivy/issues/5922)) - [`a3fac90`](https://togithub.com/aquasecurity/trivy/commit/a3fac90b4) fix: ignore no init containers ([#5939](https://togithub.com/aquasecurity/trivy/issues/5939)) - [`b1b4734`](https://togithub.com/aquasecurity/trivy/commit/b1b4734f5) docs: Fix documentation of ecosystem ([#5940](https://togithub.com/aquasecurity/trivy/issues/5940)) - [`a2b6549`](https://togithub.com/aquasecurity/trivy/commit/a2b654945) docs(misconf): multiple ignores in comment ([#5926](https://togithub.com/aquasecurity/trivy/issues/5926)) - [`ae134a9`](https://togithub.com/aquasecurity/trivy/commit/ae134a9b3) fix(secret): find aws secrets ending with a comma or dot ([#5921](https://togithub.com/aquasecurity/trivy/issues/5921)) - [`c8c55fe`](https://togithub.com/aquasecurity/trivy/commit/c8c55fe21) chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 ([#5885](https://togithub.com/aquasecurity/trivy/issues/5885)) - [`4d2e785`](https://togithub.com/aquasecurity/trivy/commit/4d2e785ff) docs: ✨ Updated ecosystem docs with reference to new community app ([#5918](https://togithub.com/aquasecurity/trivy/issues/5918)) - [`7895657`](https://togithub.com/aquasecurity/trivy/commit/7895657c8) fix(java): don't remove excluded deps from upper pom's ([#5838](https://togithub.com/aquasecurity/trivy/issues/5838)) - [`37e7e3e`](https://togithub.com/aquasecurity/trivy/commit/37e7e3eab) fix(java): check if a version exists when determining GAV by file name for `jar` files ([#5630](https://togithub.com/aquasecurity/trivy/issues/5630)) - [`d0c81e2`](https://togithub.com/aquasecurity/trivy/commit/d0c81e23c) feat(vex): add PURL matching for CSAF VEX ([#5890](https://togithub.com/aquasecurity/trivy/issues/5890)) - [`958e1f1`](https://togithub.com/aquasecurity/trivy/commit/958e1f11f) fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. ([#5901](https://togithub.com/aquasecurity/trivy/issues/5901)) - [`56c4e24`](https://togithub.com/aquasecurity/trivy/commit/56c4e248a) revert(report): don't escape new line characters for sarif format ([#5897](https://togithub.com/aquasecurity/trivy/issues/5897)) - [`92d9b3d`](https://togithub.com/aquasecurity/trivy/commit/92d9b3dbb) docs: improve filter by rego ([#5402](https://togithub.com/aquasecurity/trivy/issues/5402)) - [`a626cdf`](https://togithub.com/aquasecurity/trivy/commit/a626cdf33) chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 ([#5892](https://togithub.com/aquasecurity/trivy/issues/5892)) - [`47b6c28`](https://togithub.com/aquasecurity/trivy/commit/47b6c2817) docs: add_scan2html_to_trivy_ecosystem ([#5875](https://togithub.com/aquasecurity/trivy/issues/5875)) - [`0ebb6c4`](https://togithub.com/aquasecurity/trivy/commit/0ebb6c468) fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode ([#5888](https://togithub.com/aquasecurity/trivy/issues/5888)) - [`c47ed0d`](https://togithub.com/aquasecurity/trivy/commit/c47ed0d81) feat(vex): Add support for CSAF format ([#5535](https://togithub.com/aquasecurity/trivy/issues/5535)) - [`2cdd65d`](https://togithub.com/aquasecurity/trivy/commit/2cdd65dd6) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 ([#5880](https://togithub.com/aquasecurity/trivy/issues/5880)) - [`cba67d1`](https://togithub.com/aquasecurity/trivy/commit/cba67d1f0) chore(deps): bump actions/setup-go from 4 to 5 ([#5845](https://togithub.com/aquasecurity/trivy/issues/5845)) - [`d990e70`](https://togithub.com/aquasecurity/trivy/commit/d990e702a) chore(deps): bump actions/stale from 8 to 9 ([#5846](https://togithub.com/aquasecurity/trivy/issues/5846)) - [`c72dfbf`](https://togithub.com/aquasecurity/trivy/commit/c72dfbfbb) chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 ([#5853](https://togithub.com/aquasecurity/trivy/issues/5853)) - [`1218984`](https://togithub.com/aquasecurity/trivy/commit/121898423) chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 ([#5847](https://togithub.com/aquasecurity/trivy/issues/5847)) - [`682210a`](https://togithub.com/aquasecurity/trivy/commit/682210ac6) chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 ([#5854](https://togithub.com/aquasecurity/trivy/issues/5854)) - [`e1a60cc`](https://togithub.com/aquasecurity/trivy/commit/e1a60cc88) chore(deps): bump alpine from 3.18.5 to 3.19.0 ([#5849](https://togithub.com/aquasecurity/trivy/issues/5849)) - [`b508414`](https://togithub.com/aquasecurity/trivy/commit/b508414ca) chore(deps): bump actions/setup-python from 4 to 5 ([#5848](https://togithub.com/aquasecurity/trivy/issues/5848)) - [`df3e90a`](https://togithub.com/aquasecurity/trivy/commit/df3e90af8) feat(python): parse licenses from dist-info folder ([#4724](https://togithub.com/aquasecurity/trivy/issues/4724)) - [`fa2e883`](https://togithub.com/aquasecurity/trivy/commit/fa2e88360) chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 ([#5852](https://togithub.com/aquasecurity/trivy/issues/5852)) - [`30eff9c`](https://togithub.com/aquasecurity/trivy/commit/30eff9c83) feat(nodejs): add yarn alias support ([#5818](https://togithub.com/aquasecurity/trivy/issues/5818)) - [`013df4c`](https://togithub.com/aquasecurity/trivy/commit/013df4c6b) chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 ([#5850](https://togithub.com/aquasecurity/trivy/issues/5850)) - [`b1489f3`](https://togithub.com/aquasecurity/trivy/commit/b1489f348) chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 ([#5856](https://togithub.com/aquasecurity/trivy/issues/5856)) - [`7f2e422`](https://togithub.com/aquasecurity/trivy/commit/7f2e4223f) chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 ([#5855](https://togithub.com/aquasecurity/trivy/issues/5855)) - [`da597c4`](https://togithub.com/aquasecurity/trivy/commit/da597c479) refactor: propagate time through context values ([#5858](https://togithub.com/aquasecurity/trivy/issues/5858)) - [`1607eee`](https://togithub.com/aquasecurity/trivy/commit/1607eee77) refactor: move PkgRef under PkgIdentifier ([#5831](https://togithub.com/aquasecurity/trivy/issues/5831)) - [`b3d516e`](https://togithub.com/aquasecurity/trivy/commit/b3d516eaf) fix(cyclonedx): fix unmarshal for licenses ([#5828](https://togithub.com/aquasecurity/trivy/issues/5828)) - [`c17b660`](https://togithub.com/aquasecurity/trivy/commit/c17b6603d) chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 ([#5830](https://togithub.com/aquasecurity/trivy/issues/5830)) - [`1f0d629`](https://togithub.com/aquasecurity/trivy/commit/1f0d6290c) feat(vuln): include pkg identifier on detected vulnerabilities ([#5439](https://togithub.com/aquasecurity/trivy/issues/5439)) ### [`v0.48.3`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.48.3) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.48.2...v0.48.3) ##### Changelog - [`eac7513`](https://togithub.com/aquasecurity/trivy/commit/eac751339) chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 ([#5892](https://togithub.com/aquasecurity/trivy/issues/5892)) - [`d866b71`](https://togithub.com/aquasecurity/trivy/commit/d866b71dd) chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 ([#5855](https://togithub.com/aquasecurity/trivy/issues/5855)) - [`34ba96e`](https://togithub.com/aquasecurity/trivy/commit/34ba96eb7) chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 ([#5830](https://togithub.com/aquasecurity/trivy/issues/5830)) ### [`v0.48.2`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.48.2) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.48.1...v0.48.2) ##### Changelog - [`4cdff0e`](https://togithub.com/aquasecurity/trivy/commit/4cdff0e57) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from v1.116.0 to v1.134.0 ([#5822](https://togithub.com/aquasecurity/trivy/issues/5822)) - [`be969d4`](https://togithub.com/aquasecurity/trivy/commit/be969d413) chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 ([#5809](https://togithub.com/aquasecurity/trivy/issues/5809)) - [`81748f5`](https://togithub.com/aquasecurity/trivy/commit/81748f5ad) chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 ([#5805](https://togithub.com/aquasecurity/trivy/issues/5805)) ### [`v0.48.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.48.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.48.0...v0.48.1) #### Changelog - [`ba825b2`](https://togithub.com/aquasecurity/trivy/commit/ba825b2ae) chore(deps): bump trivy-iac to v0.7.1 ([#5797](https://togithub.com/aquasecurity/trivy/issues/5797)) - [`abf227e`](https://togithub.com/aquasecurity/trivy/commit/abf227e06) fix(bitnami): use a different comparer for detecting vulnerabilities ([#5633](https://togithub.com/aquasecurity/trivy/issues/5633)) - [`df49ea4`](https://togithub.com/aquasecurity/trivy/commit/df49ea4a1) refactor(sbom): disable html escaping for CycloneDX ([#5764](https://togithub.com/aquasecurity/trivy/issues/5764)) - [`f25e2df`](https://togithub.com/aquasecurity/trivy/commit/f25e2df1c) refactor(purl): use `pub` from `package-url` ([#5784](https://togithub.com/aquasecurity/trivy/issues/5784)) - [`b5e3b77`](https://togithub.com/aquasecurity/trivy/commit/b5e3b77f0) docs(python): add note to using `pip freeze` for `compatible releases` ([#5760](https://togithub.com/aquasecurity/trivy/issues/5760)) - [`6cc00c2`](https://togithub.com/aquasecurity/trivy/commit/6cc00c2f0) fix(report): use OS information for OS packages purl in `github` template ([#5783](https://togithub.com/aquasecurity/trivy/issues/5783)) - [`c317fe8`](https://togithub.com/aquasecurity/trivy/commit/c317fe828) fix(report): fix error if miconfigs are empty ([#5782](https://togithub.com/aquasecurity/trivy/issues/5782)) - [`9b4bced`](https://togithub.com/aquasecurity/trivy/commit/9b4bcedf0) refactor(vuln): don't remove VendorSeverity in JSON report ([#5761](https://togithub.com/aquasecurity/trivy/issues/5761)) - [`be5a550`](https://togithub.com/aquasecurity/trivy/commit/be5a55049) fix(report): don't mark misconfig passed tests as failed in junit.tpl ([#5767](https://togithub.com/aquasecurity/trivy/issues/5767)) - [`01edbda`](https://togithub.com/aquasecurity/trivy/commit/01edbda34) docs(k8s): replace --scanners config with --scanners misconfig in docs ([#5746](https://togithub.com/aquasecurity/trivy/issues/5746)) - [`eb97419`](https://togithub.com/aquasecurity/trivy/commit/eb9741954) fix(report): update Gitlab template ([#5721](https://togithub.com/aquasecurity/trivy/issues/5721)) - [`be1c554`](https://togithub.com/aquasecurity/trivy/commit/be1c55497) feat(secret): add support of GitHub fine-grained tokens ([#5740](https://togithub.com/aquasecurity/trivy/issues/5740)) - [`a5342da`](https://togithub.com/aquasecurity/trivy/commit/a5342da06) fix(misconf): add an image misconf to result ([#5731](https://togithub.com/aquasecurity/trivy/issues/5731)) - [`108a5b0`](https://togithub.com/aquasecurity/trivy/commit/108a5b05c) feat(secret): added support of Docker registry credentials ([#5720](https://togithub.com/aquasecurity/trivy/issues/5720)) - [`6080e24`](https://togithub.com/aquasecurity/trivy/commit/6080e245c) chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 ([#5717](https://togithub.com/aquasecurity/trivy/issues/5717)) - [`e27ec32`](https://togithub.com/aquasecurity/trivy/commit/e27ec3261) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 ([#5701](https://togithub.com/aquasecurity/trivy/issues/5701)) ### [`v0.48.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.48.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.47.0...v0.48.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/5724](https://togithub.com/aquasecurity/trivy/discussions/5724) #### Changelog - [`f2aa9bf`](https://togithub.com/aquasecurity/trivy/commit/f2aa9bf3e) chore(deps): bump sigstore/cosign-installer from [`4a86152`](https://togithub.com/aquasecurity/trivy/commit/4a861528be5e691840a69536975ada1d4c30349d) to [`1fc5bd3`](https://togithub.com/aquasecurity/trivy/commit/1fc5bd396d372bee37d608f955b336615edf79c8) ([#5696](https://togithub.com/aquasecurity/trivy/issues/5696)) - [`6d7e2f8`](https://togithub.com/aquasecurity/trivy/commit/6d7e2f811) chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 ([#5694](https://togithub.com/aquasecurity/trivy/issues/5694)) - [`0ff5f96`](https://togithub.com/aquasecurity/trivy/commit/0ff5f96bb) feat: filter k8s core components vuln results ([#5713](https://togithub.com/aquasecurity/trivy/issues/5713)) - [`a54d1e9`](https://togithub.com/aquasecurity/trivy/commit/a54d1e95f) feat(vuln): remove duplicates in Fixed Version ([#5596](https://togithub.com/aquasecurity/trivy/issues/5596)) - [`99c04c4`](https://togithub.com/aquasecurity/trivy/commit/99c04c438) feat(report): output plugin ([#4863](https://togithub.com/aquasecurity/trivy/issues/4863)) - [`70078b9`](https://togithub.com/aquasecurity/trivy/commit/70078b9c0) chore(deps): bump alpine from 3.18.4 to 3.18.5 ([#5700](https://togithub.com/aquasecurity/trivy/issues/5700)) - [`49e83a6`](https://togithub.com/aquasecurity/trivy/commit/49e83a6ad) chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 ([#5704](https://togithub.com/aquasecurity/trivy/issues/5704)) - [`af32cb3`](https://togithub.com/aquasecurity/trivy/commit/af32cb310) chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 ([#5699](https://togithub.com/aquasecurity/trivy/issues/5699)) - [`1766271`](https://togithub.com/aquasecurity/trivy/commit/176627192) chore(deps): bump actions/github-script from 6 to 7 ([#5697](https://togithub.com/aquasecurity/trivy/issues/5697)) - [`7ee8547`](https://togithub.com/aquasecurity/trivy/commit/7ee854767) chore(deps): bump easimon/maximize-build-space from 8 to 9 ([#5695](https://togithub.com/aquasecurity/trivy/issues/5695)) - [`654147f`](https://togithub.com/aquasecurity/trivy/commit/654147fc6) docs: typo in modules.md ([#5712](https://togithub.com/aquasecurity/trivy/issues/5712)) - [`2569575`](https://togithub.com/aquasecurity/trivy/commit/256957523) feat: Add flag to configure node-collector image ref ([#5710](https://togithub.com/aquasecurity/trivy/issues/5710)) - [`c061009`](https://togithub.com/aquasecurity/trivy/commit/c0610097a) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 ([#5702](https://togithub.com/aquasecurity/trivy/issues/5702)) - [`aedbd85`](https://togithub.com/aquasecurity/trivy/commit/aedbd85d6) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 ([#5698](https://togithub.com/aquasecurity/trivy/issues/5698)) - [`e018b9c`](https://togithub.com/aquasecurity/trivy/commit/e018b9c42) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 ([#5706](https://togithub.com/aquasecurity/trivy/issues/5706)) - [`b5874e3`](https://togithub.com/aquasecurity/trivy/commit/b5874e3ad) feat(misconf): Add `--misconfig-scanners` option ([#5670](https://togithub.com/aquasecurity/trivy/issues/5670)) - [`075d8f6`](https://togithub.com/aquasecurity/trivy/commit/075d8f628) chore: bump Go to 1.21 ([#5662](https://togithub.com/aquasecurity/trivy/issues/5662)) - [`16b757d`](https://togithub.com/aquasecurity/trivy/commit/16b757d18) feat: Packagesprops support ([#5605](https://togithub.com/aquasecurity/trivy/issues/5605)) - [`372efc9`](https://togithub.com/aquasecurity/trivy/commit/372efc9ec) chore(deps): Bump up trivy misconf deps ([#5656](https://togithub.com/aquasecurity/trivy/issues/5656)) - [`edad5f6`](https://togithub.com/aquasecurity/trivy/commit/edad5f690) docs: update adopters discussion template ([#5632](https://togithub.com/aquasecurity/trivy/issues/5632)) - [`ed9d340`](https://togithub.com/aquasecurity/trivy/commit/ed9d34030) docs: terraform tutorial links updated to point to correct loc ([#5661](https://togithub.com/aquasecurity/trivy/issues/5661)) - [`8ff574e`](https://togithub.com/aquasecurity/trivy/commit/8ff574e3f) fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` ([#5647](https://togithub.com/aquasecurity/trivy/issues/5647)) - [`ad977a4`](https://togithub.com/aquasecurity/trivy/commit/ad977a425) fix(nodejs): support protocols for dependency section in yarn.lock files ([#5612](https://togithub.com/aquasecurity/trivy/issues/5612)) - [`b1dc60b`](https://togithub.com/aquasecurity/trivy/commit/b1dc60b88) fix(secret): exclude upper case before secret for `alibaba-access-key-id` ([#5618](https://togithub.com/aquasecurity/trivy/issues/5618)) - [`65351d4`](https://togithub.com/aquasecurity/trivy/commit/65351d4f2) docs: Update Arch Linux package URL in installation.md ([#5619](https://togithub.com/aquasecurity/trivy/issues/5619)) - [`c866f1c`](https://togithub.com/aquasecurity/trivy/commit/c866f1c4e) chore: add prefix to image errors ([#5601](https://togithub.com/aquasecurity/trivy/issues/5601)) - [`ed0022b`](https://togithub.com/aquasecurity/trivy/commit/ed0022b91) docs(vuln): fix link anchor ([#5606](https://togithub.com/aquasecurity/trivy/issues/5606)) - [`3c81727`](https://togithub.com/aquasecurity/trivy/commit/3c8172703) docs: Add Dagger integration section and cleanup Ecosystem CICD docs page ([#5608](https://togithub.com/aquasecurity/trivy/issues/5608)) - [`2145464`](https://togithub.com/aquasecurity/trivy/commit/214546427) fix: k8s friendly error messages kbom non cluster scans ([#5594](https://togithub.com/aquasecurity/trivy/issues/5594)) - [`44d0b28`](https://togithub.com/aquasecurity/trivy/commit/44d0b28ad) feat: set InstalledFiles for DEB and RPM packages ([#5488](https://togithub.com/aquasecurity/trivy/issues/5488)) - [`ae4bcf6`](https://togithub.com/aquasecurity/trivy/commit/ae4bcf6a0) fix(report): use time.Time for CreatedAt ([#5598](https://togithub.com/aquasecurity/trivy/issues/5598)) - [`b6fafa0`](https://togithub.com/aquasecurity/trivy/commit/b6fafa04a) test: retry containerd initialization ([#5597](https://togithub.com/aquasecurity/trivy/issues/5597)) - [`1336223`](https://togithub.com/aquasecurity/trivy/commit/13362233c) feat(misconf): Expose misconf engine debug logs with `--debug` option ([#5550](https://togithub.com/aquasecurity/trivy/issues/5550)) - [`7105186`](https://togithub.com/aquasecurity/trivy/commit/71051863c) test: mock VM walker ([#5589](https://togithub.com/aquasecurity/trivy/issues/5589)) - [`d9d7f3f`](https://togithub.com/aquasecurity/trivy/commit/d9d7f3f19) chore: bump node-collector v0.0.9 ([#5591](https://togithub.com/aquasecurity/trivy/issues/5591)) - [`e3c28f8`](https://togithub.com/aquasecurity/trivy/commit/e3c28f8ee) feat(misconf): Add support for `--cf-params` for CFT ([#5507](https://togithub.com/aquasecurity/trivy/issues/5507)) - [`ac0e327`](https://togithub.com/aquasecurity/trivy/commit/ac0e32749) feat(flag): replace '--slow' with '--parallel' ([#5572](https://togithub.com/aquasecurity/trivy/issues/5572)) - [`5372067`](https://togithub.com/aquasecurity/trivy/commit/537206761) fix(report): add escaping for Sarif format ([#5568](https://togithub.com/aquasecurity/trivy/issues/5568)) - [`a389529`](https://togithub.com/aquasecurity/trivy/commit/a3895298d) chore: show a deprecation notice for `--scanners config` ([#5587](https://togithub.com/aquasecurity/trivy/issues/5587)) - [`f4dd062`](https://togithub.com/aquasecurity/trivy/commit/f4dd062f5) feat(report): Add CreatedAt to the JSON report. ([#5542](https://togithub.com/aquasecurity/trivy/issues/5542)) ([#5549](https://togithub.com/aquasecurity/trivy/issues/5549)) - [`d005f5a`](https://togithub.com/aquasecurity/trivy/commit/d005f5af2) test: mock RPM DB ([#5567](https://togithub.com/aquasecurity/trivy/issues/5567)) - [`a96ec35`](https://togithub.com/aquasecurity/trivy/commit/a96ec3557) feat: add aliases to '--scanners' ([#5558](https://togithub.com/aquasecurity/trivy/issues/5558)) - [`950e431`](https://togithub.com/aquasecurity/trivy/commit/950e431f0) refactor: reintroduce output writer ([#5564](https://togithub.com/aquasecurity/trivy/issues/5564)) - [`2310f0d`](https://togithub.com/aquasecurity/trivy/commit/2310f0dd6) chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 ([#5543](https://togithub.com/aquasecurity/trivy/issues/5543)) - [`04b93e9`](https://togithub.com/aquasecurity/trivy/commit/04b93e9fd) chore: not load plugins for auto-generating docs ([#5569](https://togithub.com/aquasecurity/trivy/issues/5569)) - [`cccaa15`](https://togithub.com/aquasecurity/trivy/commit/cccaa15cc) chore: sort supported AWS services ([#5570](https://togithub.com/aquasecurity/trivy/issues/5570)) - [`3891e3d`](https://togithub.com/aquasecurity/trivy/commit/3891e3d5d) fix: no schedule toleration ([#5562](https://togithub.com/aquasecurity/trivy/issues/5562)) - [`138feb0`](https://togithub.com/aquasecurity/trivy/commit/138feb024) fix(cli): set correct `scanners` for `k8s` target ([#5561](https://togithub.com/aquasecurity/trivy/issues/5561)) - [`cb241a8`](https://togithub.com/aquasecurity/trivy/commit/cb241a800) fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX ([#5533](https://togithub.com/aquasecurity/trivy/issues/5533)) - [`e7f6a5c`](https://togithub.com/aquasecurity/trivy/commit/e7f6a5c80) refactor(misconf): Update refactored dependencies ([#5245](https://togithub.com/aquasecurity/trivy/issues/5245)) - [`2f5afa5`](https://togithub.com/aquasecurity/trivy/commit/2f5afa5f2) feat(secret): add built-in rule for JWT tokens ([#5480](https://togithub.com/aquasecurity/trivy/issues/5480)) - [`91fc8da`](https://togithub.com/aquasecurity/trivy/commit/91fc8dac9) fix: trivy k8s parse ecr image with arn ([#5537](https://togithub.com/aquasecurity/trivy/issues/5537)) - [`05df244`](https://togithub.com/aquasecurity/trivy/commit/05df24477) fix: fail k8s resource scanning ([#5529](https://togithub.com/aquasecurity/trivy/issues/5529)) - [`a1b4744`](https://togithub.com/aquasecurity/trivy/commit/a1b47441a) refactor(misconf): don't remove Highlighted in json format ([#5531](https://togithub.com/aquasecurity/trivy/issues/5531)) - [`7712f8f`](https://togithub.com/aquasecurity/trivy/commit/7712f8f21) docs(k8s): fix link in kubernetes.md ([#5524](https://togithub.com/aquasecurity/trivy/issues/5524)) - [`043fbfc`](https://togithub.com/aquasecurity/trivy/commit/043fbfcd3) docs(k8s): fix whitespace in list syntax ([#5525](https://togithub.com/aquasecurity/trivy/issues/5525))Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.