Closed renovate[bot] closed 1 year ago
This PR contains the following updates:
0.37.3
0.44.0
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
0.37.3
->0.44.0
Release Notes
aquasecurity/trivy (trivy)
### [`v0.44.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.44.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.43.1...v0.44.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4903](https://togithub.com/aquasecurity/trivy/discussions/4903) #### Changelog - [`d19c7d9`](https://togithub.com/aquasecurity/trivy/commit/d19c7d9f2) feat(repo): support local repositories ([#4890](https://togithub.com/aquasecurity/trivy/issues/4890)) - [`3c19761`](https://togithub.com/aquasecurity/trivy/commit/3c1976187) bump go-dep-parser ([#4893](https://togithub.com/aquasecurity/trivy/issues/4893)) - [`e1c2a8c`](https://togithub.com/aquasecurity/trivy/commit/e1c2a8c80) fix(misconf): add missing fields to proto ([#4861](https://togithub.com/aquasecurity/trivy/issues/4861)) - [`8b8e0e8`](https://togithub.com/aquasecurity/trivy/commit/8b8e0e83d) fix: remove trivy-db package replacement ([#4877](https://togithub.com/aquasecurity/trivy/issues/4877)) - [`f9efe44`](https://togithub.com/aquasecurity/trivy/commit/f9efe44fd) chore(test): bump the integration test timeout to 15m ([#4880](https://togithub.com/aquasecurity/trivy/issues/4880)) - [`7271d68`](https://togithub.com/aquasecurity/trivy/commit/7271d682f) chore(deps): Update defsec to v0.91.0 ([#4886](https://togithub.com/aquasecurity/trivy/issues/4886)) - [`c3bc67c`](https://togithub.com/aquasecurity/trivy/commit/c3bc67c89) chore: update CODEOWNERS ([#4871](https://togithub.com/aquasecurity/trivy/issues/4871)) - [`232ba82`](https://togithub.com/aquasecurity/trivy/commit/232ba823e) feat(vuln): support vulnerability status ([#4867](https://togithub.com/aquasecurity/trivy/issues/4867)) - [`11618c9`](https://togithub.com/aquasecurity/trivy/commit/11618c940) feat(misconf): Support custom URLs for policy bundle ([#4834](https://togithub.com/aquasecurity/trivy/issues/4834)) - [`0707569`](https://togithub.com/aquasecurity/trivy/commit/07075696d) refactor: replace with sortable packages ([#4858](https://togithub.com/aquasecurity/trivy/issues/4858)) - [`fbe1c9e`](https://togithub.com/aquasecurity/trivy/commit/fbe1c9eb1) docs: correct license scanning sample command ([#4855](https://togithub.com/aquasecurity/trivy/issues/4855)) - [`20c2246`](https://togithub.com/aquasecurity/trivy/commit/20c2246a6) fix(report): close the file ([#4842](https://togithub.com/aquasecurity/trivy/issues/4842)) - [`24a3e54`](https://togithub.com/aquasecurity/trivy/commit/24a3e547d) feat(nodejs): add support for include-dev-deps flag for yarn ([#4812](https://togithub.com/aquasecurity/trivy/issues/4812)) - [`a7bd7bb`](https://togithub.com/aquasecurity/trivy/commit/a7bd7bb65) feat(misconf): Add support for independently enabling libraries ([#4070](https://togithub.com/aquasecurity/trivy/issues/4070)) - [`4aa9ea0`](https://togithub.com/aquasecurity/trivy/commit/4aa9ea096) feat(secret): add secret config file for cache calculation ([#4837](https://togithub.com/aquasecurity/trivy/issues/4837)) - [`5d349d8`](https://togithub.com/aquasecurity/trivy/commit/5d349d814) Fix a link in gitlab-ci.md ([#4850](https://togithub.com/aquasecurity/trivy/issues/4850)) - [`a61531c`](https://togithub.com/aquasecurity/trivy/commit/a61531c1f) fix(flag): use globalstar to skip directories ([#4854](https://togithub.com/aquasecurity/trivy/issues/4854)) - [`78cc209`](https://togithub.com/aquasecurity/trivy/commit/78cc20937) chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible ([#4849](https://togithub.com/aquasecurity/trivy/issues/4849)) - [`9399604`](https://togithub.com/aquasecurity/trivy/commit/93996041b) fix(license): using common way for splitting licenses ([#4434](https://togithub.com/aquasecurity/trivy/issues/4434)) - [`3e2416d`](https://togithub.com/aquasecurity/trivy/commit/3e2416d77) fix(containerd): Use img platform in exporter instead of strict host platform ([#4477](https://togithub.com/aquasecurity/trivy/issues/4477)) - [`ce77bb4`](https://togithub.com/aquasecurity/trivy/commit/ce77bb46c) remove govulndb ([#4783](https://togithub.com/aquasecurity/trivy/issues/4783)) - [`c05caae`](https://togithub.com/aquasecurity/trivy/commit/c05caae43) fix(java): inherit licenses from parents ([#4817](https://togithub.com/aquasecurity/trivy/issues/4817)) - [`aca11b9`](https://togithub.com/aquasecurity/trivy/commit/aca11b95d) refactor: add allowed values for CLI flags ([#4800](https://togithub.com/aquasecurity/trivy/issues/4800)) - [`4cecd17`](https://togithub.com/aquasecurity/trivy/commit/4cecd17ea) add example regex to allow rules ([#4827](https://togithub.com/aquasecurity/trivy/issues/4827)) - [`4bc8d29`](https://togithub.com/aquasecurity/trivy/commit/4bc8d29c1) feat(misconf): Support custom data for rego policies for cloud ([#4745](https://togithub.com/aquasecurity/trivy/issues/4745)) - [`88243a0`](https://togithub.com/aquasecurity/trivy/commit/88243a0ad) docs: correcting the trivy k8s tutorial ([#4815](https://togithub.com/aquasecurity/trivy/issues/4815)) - [`3c7d988`](https://togithub.com/aquasecurity/trivy/commit/3c7d988d7) feat(cli): add --tf-exclude-downloaded-modules flag ([#4810](https://togithub.com/aquasecurity/trivy/issues/4810)) - [`fd0fd10`](https://togithub.com/aquasecurity/trivy/commit/fd0fd104f) fix(sbom): cyclonedx recommendations should include fixed versions for each package ([#4794](https://togithub.com/aquasecurity/trivy/issues/4794)) - [`d0d543b`](https://togithub.com/aquasecurity/trivy/commit/d0d543b88) feat(misconf): enable --policy flag to accept directory and files both ([#4777](https://togithub.com/aquasecurity/trivy/issues/4777)) - [`b43a3e6`](https://togithub.com/aquasecurity/trivy/commit/b43a3e623) feat(python): add license fields ([#4722](https://togithub.com/aquasecurity/trivy/issues/4722)) - [`aef7b14`](https://togithub.com/aquasecurity/trivy/commit/aef7b148a) fix: support trivy k8s-version on k8s sub-command ([#4786](https://togithub.com/aquasecurity/trivy/issues/4786)) ### [`v0.43.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.43.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.43.0...v0.43.1) #### Changelog - [`5d76aba`](https://togithub.com/aquasecurity/trivy/commit/5d76abadc) chore(deps): Update defsec to v0.90.3 ([#4793](https://togithub.com/aquasecurity/trivy/issues/4793)) - [`fed446c`](https://togithub.com/aquasecurity/trivy/commit/fed446c51) chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 ([#4752](https://togithub.com/aquasecurity/trivy/issues/4752)) - [`df62927`](https://togithub.com/aquasecurity/trivy/commit/df62927e5) chore(deps): bump alpine from 3.18.0 to 3.18.2 ([#4748](https://togithub.com/aquasecurity/trivy/issues/4748)) - [`1b9b9a8`](https://togithub.com/aquasecurity/trivy/commit/1b9b9a84f) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 ([#4758](https://togithub.com/aquasecurity/trivy/issues/4758)) - [`3c16ca8`](https://togithub.com/aquasecurity/trivy/commit/3c16ca821) docs(image): fix the comment on the soft/hard link ([#4740](https://togithub.com/aquasecurity/trivy/issues/4740)) - [`e5bee5c`](https://togithub.com/aquasecurity/trivy/commit/e5bee5ccc) check Type when filling pkgs in vulns ([#4776](https://togithub.com/aquasecurity/trivy/issues/4776)) - [`4b9f310`](https://togithub.com/aquasecurity/trivy/commit/4b9f310b9) feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script ([#4770](https://togithub.com/aquasecurity/trivy/issues/4770)) - [`8e7fb7c`](https://togithub.com/aquasecurity/trivy/commit/8e7fb7cc8) chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 ([#4756](https://togithub.com/aquasecurity/trivy/issues/4756)) - [`a9badea`](https://togithub.com/aquasecurity/trivy/commit/a9badeaba) fix(rocky): add architectures support for advisories ([#4691](https://togithub.com/aquasecurity/trivy/issues/4691)) - [`f8ebccc`](https://togithub.com/aquasecurity/trivy/commit/f8ebccc68) chore(deps): bump github.com/opencontainers/image-spec ([#4751](https://togithub.com/aquasecurity/trivy/issues/4751)) - [`1c81948`](https://togithub.com/aquasecurity/trivy/commit/1c81948e0) chore(deps): bump github.com/package-url/packageurl-go ([#4754](https://togithub.com/aquasecurity/trivy/issues/4754)) - [`497cc10`](https://togithub.com/aquasecurity/trivy/commit/497cc10d8) chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 ([#4750](https://togithub.com/aquasecurity/trivy/issues/4750)) - [`065f0af`](https://togithub.com/aquasecurity/trivy/commit/065f0afa5) chore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 ([#4755](https://togithub.com/aquasecurity/trivy/issues/4755)) - [`e260305`](https://togithub.com/aquasecurity/trivy/commit/e2603056d) chore(deps): bump github.com/testcontainers/testcontainers-go ([#4759](https://togithub.com/aquasecurity/trivy/issues/4759)) - [`0621402`](https://togithub.com/aquasecurity/trivy/commit/0621402bf) fix: documentation about reseting trivy image ([#4733](https://togithub.com/aquasecurity/trivy/issues/4733)) - [`798fdbc`](https://togithub.com/aquasecurity/trivy/commit/798fdbc01) fix(suse): Add openSUSE Leap 15.5 eol date as well ([#4744](https://togithub.com/aquasecurity/trivy/issues/4744)) - [`34a8929`](https://togithub.com/aquasecurity/trivy/commit/34a89293d) fix: update Amazon Linux 1 EOL ([#4761](https://togithub.com/aquasecurity/trivy/issues/4761)) ### [`v0.43.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.43.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.42.1...v0.43.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4741](https://togithub.com/aquasecurity/trivy/discussions/4741) #### Changelog - [`6008192`](https://togithub.com/aquasecurity/trivy/commit/600819248) chore(deps): Update defsec to v0.90.1 ([#4739](https://togithub.com/aquasecurity/trivy/issues/4739)) - [`73734ea`](https://togithub.com/aquasecurity/trivy/commit/73734eab2) feat(nodejs): support yarn workspaces ([#4664](https://togithub.com/aquasecurity/trivy/issues/4664)) - [`22463ab`](https://togithub.com/aquasecurity/trivy/commit/22463abab) feat(cli): add include-dev-deps flag ([#4700](https://togithub.com/aquasecurity/trivy/issues/4700)) - [`790c805`](https://togithub.com/aquasecurity/trivy/commit/790c8054e) fix(image): pass the secret scanner option to scan the img config ([#4735](https://togithub.com/aquasecurity/trivy/issues/4735)) - [`86fec9c`](https://togithub.com/aquasecurity/trivy/commit/86fec9c4a) fix: scan job pod it not found on k8s-1.27.x ([#4729](https://togithub.com/aquasecurity/trivy/issues/4729)) - [`26bc911`](https://togithub.com/aquasecurity/trivy/commit/26bc91160) feat(docker): add support for mTLS authentication when connecting to registry ([#4649](https://togithub.com/aquasecurity/trivy/issues/4649)) - [`d699e8c`](https://togithub.com/aquasecurity/trivy/commit/d699e8c10) chore(deps): Update defsec to v0.90.0 ([#4723](https://togithub.com/aquasecurity/trivy/issues/4723)) - [`1777878`](https://togithub.com/aquasecurity/trivy/commit/1777878e8) fix: skip scanning the gpg-pubkey package ([#4720](https://togithub.com/aquasecurity/trivy/issues/4720)) - [`9be0825`](https://togithub.com/aquasecurity/trivy/commit/9be08253a) Fix http registry oci pull ([#4701](https://togithub.com/aquasecurity/trivy/issues/4701)) - [`5d73b47`](https://togithub.com/aquasecurity/trivy/commit/5d73b47db) feat(misconf): Support skipping services ([#4686](https://togithub.com/aquasecurity/trivy/issues/4686)) - [`46e784c`](https://togithub.com/aquasecurity/trivy/commit/46e784c8a) docs: fix supported modes for pubspec.lock files ([#4713](https://togithub.com/aquasecurity/trivy/issues/4713)) - [`0f61a84`](https://togithub.com/aquasecurity/trivy/commit/0f61a8471) fix(misconf): disable the terraform plan analyzer for other scanners ([#4714](https://togithub.com/aquasecurity/trivy/issues/4714)) - [`8a1aa44`](https://togithub.com/aquasecurity/trivy/commit/8a1aa448a) clarifying a dir path is required for custom policies ([#4716](https://togithub.com/aquasecurity/trivy/issues/4716)) - [`fbab9ee`](https://togithub.com/aquasecurity/trivy/commit/fbab9eea3) chore: update alpine base images ([#4715](https://togithub.com/aquasecurity/trivy/issues/4715)) - [`f84417b`](https://togithub.com/aquasecurity/trivy/commit/f84417bba) fix last-history-created ([#4697](https://togithub.com/aquasecurity/trivy/issues/4697)) - [`85c681d`](https://togithub.com/aquasecurity/trivy/commit/85c681d44) feat: kbom and cyclonedx v1.5 spec support ([#4708](https://togithub.com/aquasecurity/trivy/issues/4708)) - [`46748ce`](https://togithub.com/aquasecurity/trivy/commit/46748ce6e) docs: add information about Aqua ([#4590](https://togithub.com/aquasecurity/trivy/issues/4590)) - [`c6741bd`](https://togithub.com/aquasecurity/trivy/commit/c6741bddf) fix: k8s escape resource filename on windows os ([#4693](https://togithub.com/aquasecurity/trivy/issues/4693)) - [`a21acc7`](https://togithub.com/aquasecurity/trivy/commit/a21acc7e0) ci: ignore merge queue branches ([#4696](https://togithub.com/aquasecurity/trivy/issues/4696)) - [`32a3a33`](https://togithub.com/aquasecurity/trivy/commit/32a3a3311) chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 ([#4695](https://togithub.com/aquasecurity/trivy/issues/4695)) - [`cbb47dc`](https://togithub.com/aquasecurity/trivy/commit/cbb47dc7c) chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 ([#4694](https://togithub.com/aquasecurity/trivy/issues/4694)) - [`e3d10d2`](https://togithub.com/aquasecurity/trivy/commit/e3d10d251) feat: cyclondx sbom custom property support ([#4688](https://togithub.com/aquasecurity/trivy/issues/4688)) - [`e1770e0`](https://togithub.com/aquasecurity/trivy/commit/e1770e046) ci: do not trigger tests in main ([#4692](https://togithub.com/aquasecurity/trivy/issues/4692)) - [`337c0b7`](https://togithub.com/aquasecurity/trivy/commit/337c0b70d) add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date ([#4690](https://togithub.com/aquasecurity/trivy/issues/4690)) - [`5ccee14`](https://togithub.com/aquasecurity/trivy/commit/5ccee1430) use group field for jar in cyclonedx ([#4674](https://togithub.com/aquasecurity/trivy/issues/4674)) - [`96db52c`](https://togithub.com/aquasecurity/trivy/commit/96db52c3f) feat(java): capture licenses from pom.xml ([#4681](https://togithub.com/aquasecurity/trivy/issues/4681)) - [`3e902a5`](https://togithub.com/aquasecurity/trivy/commit/3e902a57a) feat(helm): make sessionAffinity configurable ([#4623](https://togithub.com/aquasecurity/trivy/issues/4623)) - [`904f1cf`](https://togithub.com/aquasecurity/trivy/commit/904f1cf24) fix: Show the correct URL of the secret scanning ([#4682](https://togithub.com/aquasecurity/trivy/issues/4682)) - [`7d48c5d`](https://togithub.com/aquasecurity/trivy/commit/7d48c5d5d) document expected file pattern definition format ([#4654](https://togithub.com/aquasecurity/trivy/issues/4654)) - [`dcc73e9`](https://togithub.com/aquasecurity/trivy/commit/dcc73e964) fix: format arg error ([#4642](https://togithub.com/aquasecurity/trivy/issues/4642)) - [`35c4262`](https://togithub.com/aquasecurity/trivy/commit/35c4262d0) feat(k8s): cyclonedx kbom support ([#4557](https://togithub.com/aquasecurity/trivy/issues/4557)) - [`0e01851`](https://togithub.com/aquasecurity/trivy/commit/0e01851e9) fix(nodejs): remove unused fields for the pnpm lockfile ([#4630](https://togithub.com/aquasecurity/trivy/issues/4630)) - [`4d9b444`](https://togithub.com/aquasecurity/trivy/commit/4d9b44449) fix(vm): update ext4-filesystem parser for parse multi block extents ([#4616](https://togithub.com/aquasecurity/trivy/issues/4616)) - [`c29197a`](https://togithub.com/aquasecurity/trivy/commit/c29197ab7) ci: update build IDs ([#4641](https://togithub.com/aquasecurity/trivy/issues/4641)) - [`d7637ad`](https://togithub.com/aquasecurity/trivy/commit/d7637adc6) fix(debian): update EOL for Debian 12 ([#4647](https://togithub.com/aquasecurity/trivy/issues/4647)) - [`ef39eee`](https://togithub.com/aquasecurity/trivy/commit/ef39eeedf) chore(deps): bump go-containerregistry ([#4639](https://togithub.com/aquasecurity/trivy/issues/4639)) - [`1ce8bb5`](https://togithub.com/aquasecurity/trivy/commit/1ce8bb535) chore: unnecessary use of fmt.Sprintf (S1039) ([#4637](https://togithub.com/aquasecurity/trivy/issues/4637)) - [`bc9513f`](https://togithub.com/aquasecurity/trivy/commit/bc9513fc5) fix(db): change argument order in Exists query for JavaDB ([#4595](https://togithub.com/aquasecurity/trivy/issues/4595)) - [`aecd2f0`](https://togithub.com/aquasecurity/trivy/commit/aecd2f0bf) feat(aws): Add support to see successes in results ([#4427](https://togithub.com/aquasecurity/trivy/issues/4427)) - [`2cbf402`](https://togithub.com/aquasecurity/trivy/commit/2cbf402b6) chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 ([#4613](https://togithub.com/aquasecurity/trivy/issues/4613)) - [`0099b20`](https://togithub.com/aquasecurity/trivy/commit/0099b20e3) ci: do not trigger tests in main ([#4614](https://togithub.com/aquasecurity/trivy/issues/4614)) - [`a597a54`](https://togithub.com/aquasecurity/trivy/commit/a597a54fb) chore(deps): bump sigstore/cosign-installer ([#4609](https://togithub.com/aquasecurity/trivy/issues/4609)) - [`b453fbe`](https://togithub.com/aquasecurity/trivy/commit/b453fbec3) chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 ([#4608](https://togithub.com/aquasecurity/trivy/issues/4608)) - [`0e876d5`](https://togithub.com/aquasecurity/trivy/commit/0e876d5aa) ci: bypass the required status checks ([#4611](https://togithub.com/aquasecurity/trivy/issues/4611)) - [`a4f27d2`](https://togithub.com/aquasecurity/trivy/commit/a4f27d24a) ci: support merge queue ([#3652](https://togithub.com/aquasecurity/trivy/issues/3652)) - [`9e6411e`](https://togithub.com/aquasecurity/trivy/commit/9e6411e9f) ci: matrix build for testing ([#4587](https://togithub.com/aquasecurity/trivy/issues/4587)) - [`ef6538a`](https://togithub.com/aquasecurity/trivy/commit/ef6538a17) feat: trivy k8s private registry support ([#4567](https://togithub.com/aquasecurity/trivy/issues/4567)) - [`139f3e1`](https://togithub.com/aquasecurity/trivy/commit/139f3e1e3) docs: add general coverage page ([#3859](https://togithub.com/aquasecurity/trivy/issues/3859)) - [`479cfdd`](https://togithub.com/aquasecurity/trivy/commit/479cfdd40) chore: create SECURITY.md ([#4601](https://togithub.com/aquasecurity/trivy/issues/4601)) ### [`v0.42.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.42.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.42.0...v0.42.1) #### Changelog - [`9a279fa`](https://togithub.com/aquasecurity/trivy/commit/9a279fa7b) ci: remove 32bit packages ([#4585](https://togithub.com/aquasecurity/trivy/issues/4585)) - [`d52b0b7`](https://togithub.com/aquasecurity/trivy/commit/d52b0b7bc) fix(misconf): deduplicate misconf results ([#4588](https://togithub.com/aquasecurity/trivy/issues/4588)) - [`9b531fa`](https://togithub.com/aquasecurity/trivy/commit/9b531fa27) fix(vm): support sector size of 4096 ([#4564](https://togithub.com/aquasecurity/trivy/issues/4564)) - [`8ca1bfd`](https://togithub.com/aquasecurity/trivy/commit/8ca1bfdd2) fix(misconf): terraform relative paths ([#4571](https://togithub.com/aquasecurity/trivy/issues/4571)) - [`c20d466`](https://togithub.com/aquasecurity/trivy/commit/c20d46604) fix(purl): skip unsupported library type ([#4577](https://togithub.com/aquasecurity/trivy/issues/4577)) - [`52cbe79`](https://togithub.com/aquasecurity/trivy/commit/52cbe7975) fix(terraform): recursively detect all Root Modules ([#4457](https://togithub.com/aquasecurity/trivy/issues/4457)) - [`4a5b915`](https://togithub.com/aquasecurity/trivy/commit/4a5b91557) fix(vm): support post analyzer for vm command ([#4544](https://togithub.com/aquasecurity/trivy/issues/4544)) - [`56cdc55`](https://togithub.com/aquasecurity/trivy/commit/56cdc55f7) fix(nodejs): change the type of the devDependencies field ([#4560](https://togithub.com/aquasecurity/trivy/issues/4560)) - [`17d7536`](https://togithub.com/aquasecurity/trivy/commit/17d753676) fix(sbom): export empty dependencies in CycloneDX ([#4568](https://togithub.com/aquasecurity/trivy/issues/4568)) - [`2796abe`](https://togithub.com/aquasecurity/trivy/commit/2796abe1e) refactor: add composite fs for post-analyzers ([#4556](https://togithub.com/aquasecurity/trivy/issues/4556)) - [`22a1573`](https://togithub.com/aquasecurity/trivy/commit/22a157380) chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 ([#4554](https://togithub.com/aquasecurity/trivy/issues/4554)) - [`4358665`](https://togithub.com/aquasecurity/trivy/commit/43586659a) chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 ([#4526](https://togithub.com/aquasecurity/trivy/issues/4526)) - [`5081399`](https://togithub.com/aquasecurity/trivy/commit/508139965) chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 ([#4528](https://togithub.com/aquasecurity/trivy/issues/4528)) - [`e1a3812`](https://togithub.com/aquasecurity/trivy/commit/e1a38128a) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 ([#4529](https://togithub.com/aquasecurity/trivy/issues/4529)) - [`283eef6`](https://togithub.com/aquasecurity/trivy/commit/283eef637) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 ([#4536](https://togithub.com/aquasecurity/trivy/issues/4536)) - [`bbd7b98`](https://togithub.com/aquasecurity/trivy/commit/bbd7b9874) chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 ([#4549](https://togithub.com/aquasecurity/trivy/issues/4549)) - [`11c81bf`](https://togithub.com/aquasecurity/trivy/commit/11c81bf2f) chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 ([#4532](https://togithub.com/aquasecurity/trivy/issues/4532)) - [`2d8d63e`](https://togithub.com/aquasecurity/trivy/commit/2d8d63e61) chore(deps): bump github.com/testcontainers/testcontainers-go ([#4537](https://togithub.com/aquasecurity/trivy/issues/4537)) - [`a46839b`](https://togithub.com/aquasecurity/trivy/commit/a46839b1c) chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 ([#4530](https://togithub.com/aquasecurity/trivy/issues/4530)) - [`19715f5`](https://togithub.com/aquasecurity/trivy/commit/19715f5de) chore(deps): bump github.com/aws/aws-sdk-go-v2/config ([#4534](https://togithub.com/aquasecurity/trivy/issues/4534)) ### [`v0.42.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.42.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.41.0...v0.42.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4541](https://togithub.com/aquasecurity/trivy/discussions/4541) #### Changelog - [`854b639`](https://togithub.com/aquasecurity/trivy/commit/854b63940) chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 ([#4533](https://togithub.com/aquasecurity/trivy/issues/4533)) - [`59e1a86`](https://togithub.com/aquasecurity/trivy/commit/59e1a8664) chore(deps): bump alpine from 3.17.3 to 3.18.0 ([#4525](https://togithub.com/aquasecurity/trivy/issues/4525)) - [`9ef0113`](https://togithub.com/aquasecurity/trivy/commit/9ef01133c) feat: add SBOM analyzer ([#4210](https://togithub.com/aquasecurity/trivy/issues/4210)) - [`dadd1e1`](https://togithub.com/aquasecurity/trivy/commit/dadd1e10c) fix(sbom): update logic for work with files in spdx format ([#4513](https://togithub.com/aquasecurity/trivy/issues/4513)) - [`1a65821`](https://togithub.com/aquasecurity/trivy/commit/1a658210a) feat: azure workload identity support ([#4489](https://togithub.com/aquasecurity/trivy/issues/4489)) - [`411862c`](https://togithub.com/aquasecurity/trivy/commit/411862c90) feat(ubuntu): add eol date for 18.04 ESM ([#4524](https://togithub.com/aquasecurity/trivy/issues/4524)) - [`62a1aaf`](https://togithub.com/aquasecurity/trivy/commit/62a1aaf03) fix(misconf): Update required extensions for terraformplan ([#4523](https://togithub.com/aquasecurity/trivy/issues/4523)) - [`48b2e15`](https://togithub.com/aquasecurity/trivy/commit/48b2e15c2) refactor(cyclonedx): add intermediate representation ([#4490](https://togithub.com/aquasecurity/trivy/issues/4490)) - [`c15f269`](https://togithub.com/aquasecurity/trivy/commit/c15f269a9) fix(misconf): Remove debug print while scanning ([#4521](https://togithub.com/aquasecurity/trivy/issues/4521)) - [`b6ee08e`](https://togithub.com/aquasecurity/trivy/commit/b6ee08e55) fix(java): remove duplicates of jar libs ([#4515](https://togithub.com/aquasecurity/trivy/issues/4515)) - [`d474040`](https://togithub.com/aquasecurity/trivy/commit/d4740401a) fix(java): fix overwriting project props in pom.xml ([#4498](https://togithub.com/aquasecurity/trivy/issues/4498)) - [`4cf2f94`](https://togithub.com/aquasecurity/trivy/commit/4cf2f94d0) docs: Update compilation instructions ([#4512](https://togithub.com/aquasecurity/trivy/issues/4512)) - [`18ce1c3`](https://togithub.com/aquasecurity/trivy/commit/18ce1c336) fix(nodejs): update logic for parsing pnpm lock files ([#4502](https://togithub.com/aquasecurity/trivy/issues/4502)) - [`87eed38`](https://togithub.com/aquasecurity/trivy/commit/87eed38c6) fix(secret): remove aws-account-id rule ([#4494](https://togithub.com/aquasecurity/trivy/issues/4494)) - [`b0c591e`](https://togithub.com/aquasecurity/trivy/commit/b0c591ef6) feat(oci): add support for referencing an input image by digest ([#4470](https://togithub.com/aquasecurity/trivy/issues/4470)) - [`b84b5ec`](https://togithub.com/aquasecurity/trivy/commit/b84b5ecfc) chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 ([#4338](https://togithub.com/aquasecurity/trivy/issues/4338)) - [`305255a`](https://togithub.com/aquasecurity/trivy/commit/305255a49) docs: fixed the format ([#4503](https://togithub.com/aquasecurity/trivy/issues/4503)) - [`d586de5`](https://togithub.com/aquasecurity/trivy/commit/d586de585) fix(java): add support of \* for exclusions for pom.xml files ([#4501](https://togithub.com/aquasecurity/trivy/issues/4501)) - [`de6eef3`](https://togithub.com/aquasecurity/trivy/commit/de6eef3b0) feat: adding issue template for documentation ([#4453](https://togithub.com/aquasecurity/trivy/issues/4453)) - [`83a9c4a`](https://togithub.com/aquasecurity/trivy/commit/83a9c4a4c) docs: switch glad to ghsa for Go ([#4493](https://togithub.com/aquasecurity/trivy/issues/4493)) - [`5372722`](https://togithub.com/aquasecurity/trivy/commit/537272257) chore(deps): Update defsec to v0.89.0 ([#4474](https://togithub.com/aquasecurity/trivy/issues/4474)) - [`6fcd153`](https://togithub.com/aquasecurity/trivy/commit/6fcd1538d) feat(misconf): Add terraformplan support ([#4342](https://togithub.com/aquasecurity/trivy/issues/4342)) - [`72e302c`](https://togithub.com/aquasecurity/trivy/commit/72e302cf8) feat(debian): add digests for dpkg ([#4445](https://togithub.com/aquasecurity/trivy/issues/4445)) - [`7e99d08`](https://togithub.com/aquasecurity/trivy/commit/7e99d08a1) chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 ([#4478](https://togithub.com/aquasecurity/trivy/issues/4478)) - [`12a1789`](https://togithub.com/aquasecurity/trivy/commit/12a1789be) feat(k8s): exclude node scanning by node labels ([#4459](https://togithub.com/aquasecurity/trivy/issues/4459)) - [`919e8c9`](https://togithub.com/aquasecurity/trivy/commit/919e8c92b) docs: add info about multi-line mode for regexp from custom secret rules ([#4159](https://togithub.com/aquasecurity/trivy/issues/4159)) - [`50fe43f`](https://togithub.com/aquasecurity/trivy/commit/50fe43f14) feat(cli): convert JSON reports into a different format ([#4452](https://togithub.com/aquasecurity/trivy/issues/4452)) - [`09db1d4`](https://togithub.com/aquasecurity/trivy/commit/09db1d438) feat(image): add logic to guess base layer for docker-cis scan ([#4344](https://togithub.com/aquasecurity/trivy/issues/4344)) - [`3f0721f`](https://togithub.com/aquasecurity/trivy/commit/3f0721ff6) fix(cyclonedx): set original names for packages ([#4306](https://togithub.com/aquasecurity/trivy/issues/4306)) - [`0ef0dad`](https://togithub.com/aquasecurity/trivy/commit/0ef0dadb1) feat: group subcommands ([#4449](https://togithub.com/aquasecurity/trivy/issues/4449)) - [`3a7717f`](https://togithub.com/aquasecurity/trivy/commit/3a7717fde) feat(cli): add retry to cache operations ([#4189](https://togithub.com/aquasecurity/trivy/issues/4189)) - [`63cfb27`](https://togithub.com/aquasecurity/trivy/commit/63cfb2714) fix(vuln): report architecture for `apk` packages ([#4247](https://togithub.com/aquasecurity/trivy/issues/4247)) - [`e136136`](https://togithub.com/aquasecurity/trivy/commit/e1361368a) refactor: enable cases where return values are not needed in pipeline ([#4443](https://togithub.com/aquasecurity/trivy/issues/4443)) - [`29b5f7e`](https://togithub.com/aquasecurity/trivy/commit/29b5f7e8e) fix(image): resolve scan deadlock when error occurs in slow mode ([#4336](https://togithub.com/aquasecurity/trivy/issues/4336)) - [`92ed344`](https://togithub.com/aquasecurity/trivy/commit/92ed344e8) docs(misconf): Update docs for kubernetes file patterns ([#4435](https://togithub.com/aquasecurity/trivy/issues/4435)) - [`16af41b`](https://togithub.com/aquasecurity/trivy/commit/16af41be1) test: k8s integration tests ([#4423](https://togithub.com/aquasecurity/trivy/issues/4423)) - [`cab8569`](https://togithub.com/aquasecurity/trivy/commit/cab8569cd) feat(redhat): add package digest for rpm ([#4410](https://togithub.com/aquasecurity/trivy/issues/4410)) - [`92f9e98`](https://togithub.com/aquasecurity/trivy/commit/92f9e98d0) feat(misconf): Add `--reset-policy-bundle` for policy bundle ([#4167](https://togithub.com/aquasecurity/trivy/issues/4167)) - [`33fb047`](https://togithub.com/aquasecurity/trivy/commit/33fb04763) fix: typo ([#4431](https://togithub.com/aquasecurity/trivy/issues/4431)) - [`8b162f2`](https://togithub.com/aquasecurity/trivy/commit/8b162f287) add user instruction to imgconf ([#4429](https://togithub.com/aquasecurity/trivy/issues/4429)) - [`3b7c919`](https://togithub.com/aquasecurity/trivy/commit/3b7c9198d) fix(k8s): add image sources ([#4411](https://togithub.com/aquasecurity/trivy/issues/4411)) - [`c75d35f`](https://togithub.com/aquasecurity/trivy/commit/c75d35ff6) docs(scanning): Add versioning banner ([#4415](https://togithub.com/aquasecurity/trivy/issues/4415)) - [`d298415`](https://togithub.com/aquasecurity/trivy/commit/d298415c0) feat(cli): add mage command to update golden integration test files ([#4380](https://togithub.com/aquasecurity/trivy/issues/4380)) - [`1a56295`](https://togithub.com/aquasecurity/trivy/commit/1a56295ff) feat: node-collector custom namespace support ([#4407](https://togithub.com/aquasecurity/trivy/issues/4407)) - [`864ad10`](https://togithub.com/aquasecurity/trivy/commit/864ad10a3) chore(deps): bump owenrumney/go-sarif from v2.1.3 to v2.2.0 ([#4378](https://togithub.com/aquasecurity/trivy/issues/4378)) - [`7a20d96`](https://togithub.com/aquasecurity/trivy/commit/7a20d9622) refactor(sbom): use multiline json for spdx-json format ([#4404](https://togithub.com/aquasecurity/trivy/issues/4404)) - [`ea5fd75`](https://togithub.com/aquasecurity/trivy/commit/ea5fd75ff) fix(ubuntu): add EOL date for Ubuntu 23.04 ([#4347](https://togithub.com/aquasecurity/trivy/issues/4347)) - [`56a01ec`](https://togithub.com/aquasecurity/trivy/commit/56a01ec6f) refactor: code-optimization ([#4214](https://togithub.com/aquasecurity/trivy/issues/4214)) - [`6a0e152`](https://togithub.com/aquasecurity/trivy/commit/6a0e15265) feat(image): Add image-src flag to specify which runtime(s) to use ([#4047](https://togithub.com/aquasecurity/trivy/issues/4047)) - [`50c8b41`](https://togithub.com/aquasecurity/trivy/commit/50c8b418a) test: skip wrong update of test golden files ([#4379](https://togithub.com/aquasecurity/trivy/issues/4379)) - [`51ca653`](https://togithub.com/aquasecurity/trivy/commit/51ca6536c) refactor: don't return error for package.json without version/name ([#4377](https://togithub.com/aquasecurity/trivy/issues/4377)) - [`e5e7ebc`](https://togithub.com/aquasecurity/trivy/commit/e5e7ebcda) docs: cmd error ([#4376](https://togithub.com/aquasecurity/trivy/issues/4376)) - [`6ee4960`](https://togithub.com/aquasecurity/trivy/commit/6ee496077) test(cli): add test for config file and env combination ([#2666](https://togithub.com/aquasecurity/trivy/issues/2666)) - [`c067b02`](https://togithub.com/aquasecurity/trivy/commit/c067b026e) fix(report): set a correct file location for license scan output ([#4326](https://togithub.com/aquasecurity/trivy/issues/4326)) - [`ff63748`](https://togithub.com/aquasecurity/trivy/commit/ff6374829) ci: rpm repository for all versions and aarch64 ([#4077](https://togithub.com/aquasecurity/trivy/issues/4077)) - [`0009b02`](https://togithub.com/aquasecurity/trivy/commit/0009b02bb) chore(alpine): Update Alpine to 3.18 ([#4351](https://togithub.com/aquasecurity/trivy/issues/4351)) - [`d61ae8c`](https://togithub.com/aquasecurity/trivy/commit/d61ae8cc7) fix(alpine): add EOL date for Alpine 3.18 ([#4308](https://togithub.com/aquasecurity/trivy/issues/4308)) - [`636ce80`](https://togithub.com/aquasecurity/trivy/commit/636ce808f) chore(deps): bump github.com/docker/distribution ([#4337](https://togithub.com/aquasecurity/trivy/issues/4337)) - [`e859d10`](https://togithub.com/aquasecurity/trivy/commit/e859d10ee) feat: allow root break for mapfs ([#4094](https://togithub.com/aquasecurity/trivy/issues/4094)) - [`a6ef37f`](https://togithub.com/aquasecurity/trivy/commit/a6ef37fa3) docs(misconf): Remove examples.md ([#4256](https://togithub.com/aquasecurity/trivy/issues/4256)) - [`dca8c03`](https://togithub.com/aquasecurity/trivy/commit/dca8c039e) fix(ubuntu): update eol dates for Ubuntu ([#4258](https://togithub.com/aquasecurity/trivy/issues/4258)) - [`b003f58`](https://togithub.com/aquasecurity/trivy/commit/b003f58b2) feat(alpine): add digests for apk packages ([#4168](https://togithub.com/aquasecurity/trivy/issues/4168)) - [`86f0016`](https://togithub.com/aquasecurity/trivy/commit/86f001616) chore: add discussion templates ([#4190](https://togithub.com/aquasecurity/trivy/issues/4190)) - [`2f318ce`](https://togithub.com/aquasecurity/trivy/commit/2f318ce97) fix(terraform): Support tfvars ([#4123](https://togithub.com/aquasecurity/trivy/issues/4123)) - [`ec3906c`](https://togithub.com/aquasecurity/trivy/commit/ec3906c24) chore: separate docs:generate ([#4242](https://togithub.com/aquasecurity/trivy/issues/4242)) - [`37b25d2`](https://togithub.com/aquasecurity/trivy/commit/37b25d28b) chore(deps): bump github.com/aws/aws-sdk-go-v2/config ([#4246](https://togithub.com/aquasecurity/trivy/issues/4246)) - [`45d5edb`](https://togithub.com/aquasecurity/trivy/commit/45d5edb0d) refactor: define vulnerability scanner interfaces ([#4117](https://togithub.com/aquasecurity/trivy/issues/4117)) - [`090a00e`](https://togithub.com/aquasecurity/trivy/commit/090a00e71) feat: unified k8s scan resources ([#4188](https://togithub.com/aquasecurity/trivy/issues/4188)) - [`f2188eb`](https://togithub.com/aquasecurity/trivy/commit/f2188eb56) chore(deps): Update defsec to v0.88.1 ([#4178](https://togithub.com/aquasecurity/trivy/issues/4178)) - [`b79850f`](https://togithub.com/aquasecurity/trivy/commit/b79850f41) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2 ([#4141](https://togithub.com/aquasecurity/trivy/issues/4141)) - [`36acdfa`](https://togithub.com/aquasecurity/trivy/commit/36acdfa8d) chore: trivy bin ignore ([#4212](https://togithub.com/aquasecurity/trivy/issues/4212)) - [`55fb723`](https://togithub.com/aquasecurity/trivy/commit/55fb723a6) feat(image): enforce image platform ([#4083](https://togithub.com/aquasecurity/trivy/issues/4083)) - [`9c87cb2`](https://togithub.com/aquasecurity/trivy/commit/9c87cb271) chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.1.2 to 2.1.3 ([#4143](https://togithub.com/aquasecurity/trivy/issues/4143)) - [`21cf179`](https://togithub.com/aquasecurity/trivy/commit/21cf179f6) chore(deps): bump github.com/docker/docker ([#4144](https://togithub.com/aquasecurity/trivy/issues/4144)) - [`fbf7a77`](https://togithub.com/aquasecurity/trivy/commit/fbf7a77ae) chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.1 to 2.0.2 ([#4146](https://togithub.com/aquasecurity/trivy/issues/4146)) - [`547391c`](https://togithub.com/aquasecurity/trivy/commit/547391c22) chore(deps): bump aquaproj/aqua-installer from 2.0.2 to 2.1.1 ([#4140](https://togithub.com/aquasecurity/trivy/issues/4140)) - [`882bfdd`](https://togithub.com/aquasecurity/trivy/commit/882bfdd78) fix(ubuntu): fix version selection logic for ubuntu esm ([#4171](https://togithub.com/aquasecurity/trivy/issues/4171)) - [`949cd10`](https://togithub.com/aquasecurity/trivy/commit/949cd10c0) chore(deps): bump github.com/samber/lo from 1.37.0 to 1.38.1 ([#4147](https://togithub.com/aquasecurity/trivy/issues/4147)) - [`93bc162`](https://togithub.com/aquasecurity/trivy/commit/93bc162ca) chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 ([#4145](https://togithub.com/aquasecurity/trivy/issues/4145)) - [`57993ef`](https://togithub.com/aquasecurity/trivy/commit/57993ef67) chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.3 ([#4138](https://togithub.com/aquasecurity/trivy/issues/4138)) - [`dc4baeb`](https://togithub.com/aquasecurity/trivy/commit/dc4baeb35) chore(deps): bump github.com/testcontainers/testcontainers-go ([#4150](https://togithub.com/aquasecurity/trivy/issues/4150)) - [`25d0255`](https://togithub.com/aquasecurity/trivy/commit/25d0255dc) chore: install.sh support for windows ([#4155](https://togithub.com/aquasecurity/trivy/issues/4155)) - [`73e5454`](https://togithub.com/aquasecurity/trivy/commit/73e54549f) chore(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1 ([#4166](https://togithub.com/aquasecurity/trivy/issues/4166)) - [`08de7c6`](https://togithub.com/aquasecurity/trivy/commit/08de7c613) chore(deps): bump golang.org/x/crypto from 0.7.0 to 0.8.0 ([#4149](https://togithub.com/aquasecurity/trivy/issues/4149)) - [`ade4730`](https://togithub.com/aquasecurity/trivy/commit/ade4730fa) docs: moving skipping files out of others ([#4154](https://togithub.com/aquasecurity/trivy/issues/4154)) ### [`v0.41.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.41.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.40.0...v0.41.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4135](https://togithub.com/aquasecurity/trivy/discussions/4135) #### Changelog - [`1be1e2e`](https://togithub.com/aquasecurity/trivy/commit/1be1e2e63) fix(spdx): add workaround for no src packages ([#4118](https://togithub.com/aquasecurity/trivy/issues/4118)) - [`45bc9e0`](https://togithub.com/aquasecurity/trivy/commit/45bc9e0de) test(golang): rename broken go.mod ([#4129](https://togithub.com/aquasecurity/trivy/issues/4129)) - [`3334e78`](https://togithub.com/aquasecurity/trivy/commit/3334e78fa) feat(sbom): add supplier field ([#4122](https://togithub.com/aquasecurity/trivy/issues/4122)) - [`27fb1bf`](https://togithub.com/aquasecurity/trivy/commit/27fb1bfde) test(misconf): skip downloading of policies for tests [#4126](https://togithub.com/aquasecurity/trivy/issues/4126) - [`845ae31`](https://togithub.com/aquasecurity/trivy/commit/845ae31e5) refactor: use debug message for post-analyze errors ([#4037](https://togithub.com/aquasecurity/trivy/issues/4037)) - [`11a5b91`](https://togithub.com/aquasecurity/trivy/commit/11a5b91a1) feat(sbom): add VEX support ([#4053](https://togithub.com/aquasecurity/trivy/issues/4053)) - [`5eab464`](https://togithub.com/aquasecurity/trivy/commit/5eab46498) feat(sbom): add primary package purpose field for SPDX ([#4119](https://togithub.com/aquasecurity/trivy/issues/4119)) - [`a00d00e`](https://togithub.com/aquasecurity/trivy/commit/a00d00eb9) fix(k8s): fix quiet flag ([#4120](https://togithub.com/aquasecurity/trivy/issues/4120)) - [`9bc3269`](https://togithub.com/aquasecurity/trivy/commit/9bc326909) fix(python): parse of pip extras ([#4103](https://togithub.com/aquasecurity/trivy/issues/4103)) - [`8559841`](https://togithub.com/aquasecurity/trivy/commit/855984167) feat(java): use full path for nested jars ([#3992](https://togithub.com/aquasecurity/trivy/issues/3992)) - [`0650e0e`](https://togithub.com/aquasecurity/trivy/commit/0650e0e1d) feat(license): add new flag for classifier confidence level ([#4073](https://togithub.com/aquasecurity/trivy/issues/4073)) - [`43b6496`](https://togithub.com/aquasecurity/trivy/commit/43b649627) feat: config and fs compliance support ([#4097](https://togithub.com/aquasecurity/trivy/issues/4097)) - [`9181bc1`](https://togithub.com/aquasecurity/trivy/commit/9181bc1f7) chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 ([#3952](https://togithub.com/aquasecurity/trivy/issues/3952)) - [`48e021e`](https://togithub.com/aquasecurity/trivy/commit/48e021ea6) feat(spdx): add support for SPDX 2.3 ([#4058](https://togithub.com/aquasecurity/trivy/issues/4058)) - [`107752d`](https://togithub.com/aquasecurity/trivy/commit/107752df6) fix: k8s all-namespaces support ([#4096](https://togithub.com/aquasecurity/trivy/issues/4096)) - [`bd0c603`](https://togithub.com/aquasecurity/trivy/commit/bd0c60364) perf(misconf): replace with post-analyzers ([#4090](https://togithub.com/aquasecurity/trivy/issues/4090)) - [`76662d5`](https://togithub.com/aquasecurity/trivy/commit/76662d5dd) fix(helm): update networking API version detection ([#4106](https://togithub.com/aquasecurity/trivy/issues/4106)) - [`be47b68`](https://togithub.com/aquasecurity/trivy/commit/be47b688c) feat(image): custom docker host option ([#3599](https://togithub.com/aquasecurity/trivy/issues/3599)) - [`cc18f92`](https://togithub.com/aquasecurity/trivy/commit/cc18f92cf) style: debug flag is incorrect and needs extra - ([#4087](https://togithub.com/aquasecurity/trivy/issues/4087)) - [`572a619`](https://togithub.com/aquasecurity/trivy/commit/572a6193e) docs(vuln): Document inline vulnerability filtering comments ([#4024](https://togithub.com/aquasecurity/trivy/issues/4024)) - [`914c6f0`](https://togithub.com/aquasecurity/trivy/commit/914c6f092) feat(fs): customize error callback during fs walk ([#4038](https://togithub.com/aquasecurity/trivy/issues/4038)) - [`3f02fee`](https://togithub.com/aquasecurity/trivy/commit/3f02feeff) fix(ubuntu): skip copyright files from subfolders ([#4076](https://togithub.com/aquasecurity/trivy/issues/4076)) - [`57bb77c`](https://togithub.com/aquasecurity/trivy/commit/57bb77c06) docs: restructure scanners ([#3977](https://togithub.com/aquasecurity/trivy/issues/3977)) - [`b19b56c`](https://togithub.com/aquasecurity/trivy/commit/b19b56c34) fix: fix `file does not exist` error for post-analyzers ([#4061](https://togithub.com/aquasecurity/trivy/issues/4061)) ### [`v0.40.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.40.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.39.1...v0.40.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4074](https://togithub.com/aquasecurity/trivy/discussions/4074) #### Changelog - [`b43b19b`](https://togithub.com/aquasecurity/trivy/commit/b43b19ba5) feat(flag): Support globstar for `--skip-files` and `--skip-directories` ([#4026](https://togithub.com/aquasecurity/trivy/issues/4026)) - [`1480500`](https://togithub.com/aquasecurity/trivy/commit/14805002d) chore(deps): bump actions/stale from 7 to 8 ([#3955](https://togithub.com/aquasecurity/trivy/issues/3955)) - [`83bb97a`](https://togithub.com/aquasecurity/trivy/commit/83bb97ab1) fix: return insecure option to download javadb ([#4064](https://togithub.com/aquasecurity/trivy/issues/4064)) - [`79a1ba3`](https://togithub.com/aquasecurity/trivy/commit/79a1ba32d) fix(nodejs): don't stop parsing when unsupported yarn.lock protocols are found ([#4052](https://togithub.com/aquasecurity/trivy/issues/4052)) - [`ff1c43a`](https://togithub.com/aquasecurity/trivy/commit/ff1c43a79) ci: add gpg signing for RPM packages ([#4056](https://togithub.com/aquasecurity/trivy/issues/4056)) - [`b608b11`](https://togithub.com/aquasecurity/trivy/commit/b608b116c) fix(k8s): current context title ([#4055](https://togithub.com/aquasecurity/trivy/issues/4055)) - [`2c3b60f`](https://togithub.com/aquasecurity/trivy/commit/2c3b60f4c) fix(k8s): quit support on k8s progress bar ([#4021](https://togithub.com/aquasecurity/trivy/issues/4021)) - [`a6b8642`](https://togithub.com/aquasecurity/trivy/commit/a6b864213) chore: add a note about Dockerfile.canary ([#4050](https://togithub.com/aquasecurity/trivy/issues/4050)) - [`90b8066`](https://togithub.com/aquasecurity/trivy/commit/90b80662c) ci: fix path to canary binaries ([#4045](https://togithub.com/aquasecurity/trivy/issues/4045)) - [`dcefc6b`](https://togithub.com/aquasecurity/trivy/commit/dcefc6bf3) fix(vuln): report architecture for debian packages ([#4032](https://togithub.com/aquasecurity/trivy/issues/4032)) - [`601e25f`](https://togithub.com/aquasecurity/trivy/commit/601e25fb2) feat: add support for Chainguard's commercial distro ([#3641](https://togithub.com/aquasecurity/trivy/issues/3641)) - [`0bebec1`](https://togithub.com/aquasecurity/trivy/commit/0bebec19f) ci: bump goreleaser for Github Action from 1.4.1 to 1.16.2 ([#3979](https://togithub.com/aquasecurity/trivy/issues/3979)) - [`707ea94`](https://togithub.com/aquasecurity/trivy/commit/707ea9423) fix(vuln): fix error message for remote scanners ([#4031](https://togithub.com/aquasecurity/trivy/issues/4031)) - [`8e1fe76`](https://togithub.com/aquasecurity/trivy/commit/8e1fe769e) feat(report): add image metadata to SARIF ([#4020](https://togithub.com/aquasecurity/trivy/issues/4020)) - [`4b36e97`](https://togithub.com/aquasecurity/trivy/commit/4b36e97dc) docs: fix broken cache link on Installation page ([#3999](https://togithub.com/aquasecurity/trivy/issues/3999)) - [`f0df725`](https://togithub.com/aquasecurity/trivy/commit/f0df725c5) fix: lock downloading policies and database ([#4017](https://togithub.com/aquasecurity/trivy/issues/4017)) - [`009675c`](https://togithub.com/aquasecurity/trivy/commit/009675c82) fix: avoid concurrent access to the global map ([#4014](https://togithub.com/aquasecurity/trivy/issues/4014)) - [`3ed86aa`](https://togithub.com/aquasecurity/trivy/commit/3ed86aa3d) feat(rust): add Cargo.lock v3 support ([#4012](https://togithub.com/aquasecurity/trivy/issues/4012)) - [`f31dea4`](https://togithub.com/aquasecurity/trivy/commit/f31dea4bd) feat: auth support oci download server subcommand ([#4008](https://togithub.com/aquasecurity/trivy/issues/4008)) - [`d37c50a`](https://togithub.com/aquasecurity/trivy/commit/d37c50a2b) chore(deps): bump github.com/docker/docker ([#4009](https://togithub.com/aquasecurity/trivy/issues/4009)) - [`693d205`](https://togithub.com/aquasecurity/trivy/commit/693d20516) chore: install.sh support for armv7 ([#3985](https://togithub.com/aquasecurity/trivy/issues/3985)) - [`65d89b9`](https://togithub.com/aquasecurity/trivy/commit/65d89b99d) chore(deps): bump github.com/Azure/go-autorest/autorest/adal ([#3961](https://togithub.com/aquasecurity/trivy/issues/3961)) ### [`v0.39.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.39.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.39.0...v0.39.1) #### Changelog - [`a119ef8`](https://togithub.com/aquasecurity/trivy/commit/a119ef86e) fix(rust): fix panic when 'dependencies' field is not used in cargo.toml ([#3997](https://togithub.com/aquasecurity/trivy/issues/3997)) - [`c8283ce`](https://togithub.com/aquasecurity/trivy/commit/c8283cebd) fix(sbom): fix infinite loop for cyclonedx ([#3998](https://togithub.com/aquasecurity/trivy/issues/3998)) - [`6c8b042`](https://togithub.com/aquasecurity/trivy/commit/6c8b04254) chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.4.0 ([#3954](https://togithub.com/aquasecurity/trivy/issues/3954)) - [`c42f360`](https://togithub.com/aquasecurity/trivy/commit/c42f360f5) fix: use warning for errors from enrichment files for post-analyzers ([#3972](https://togithub.com/aquasecurity/trivy/issues/3972)) - [`20c21ca`](https://togithub.com/aquasecurity/trivy/commit/20c21cacc) chore(deps): bump github.com/docker/docker ([#3963](https://togithub.com/aquasecurity/trivy/issues/3963)) - [`54388ff`](https://togithub.com/aquasecurity/trivy/commit/54388ffd1) fix(helm): added annotation to psp configurable from values ([#3893](https://togithub.com/aquasecurity/trivy/issues/3893)) - [`99a2519`](https://togithub.com/aquasecurity/trivy/commit/99a251981) chore(deps): bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.1 ([#3962](https://togithub.com/aquasecurity/trivy/issues/3962)) - [`d113b93`](https://togithub.com/aquasecurity/trivy/commit/d113b9313) fix(secret): update built-in rule `tests` ([#3855](https://togithub.com/aquasecurity/trivy/issues/3855)) - [`5ab6d25`](https://togithub.com/aquasecurity/trivy/commit/5ab6d2588) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.23.0 to 2.30.1 ([#3957](https://togithub.com/aquasecurity/trivy/issues/3957)) - [`0767cb8`](https://togithub.com/aquasecurity/trivy/commit/0767cb844) test: rewrite scripts in Go ([#3968](https://togithub.com/aquasecurity/trivy/issues/3968)) - [`428ee19`](https://togithub.com/aquasecurity/trivy/commit/428ee19ca) docs(cli): Improve glob documentation ([#3945](https://togithub.com/aquasecurity/trivy/issues/3945)) - [`3e00dc3`](https://togithub.com/aquasecurity/trivy/commit/3e00dc346) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts ([#3959](https://togithub.com/aquasecurity/trivy/issues/3959)) - [`cf2f0b2`](https://togithub.com/aquasecurity/trivy/commit/cf2f0b2d1) ci: check CLI references ([#3967](https://togithub.com/aquasecurity/trivy/issues/3967)) - [`70f507e`](https://togithub.com/aquasecurity/trivy/commit/70f507e1a) chore(deps): bump alpine from 3.17.2 to 3.17.3 ([#3951](https://togithub.com/aquasecurity/trivy/issues/3951)) - [`befabc6`](https://togithub.com/aquasecurity/trivy/commit/befabc6b9) chore(deps): bump github.com/aws/aws-sdk-go from 1.44.212 to 1.44.234 ([#3956](https://togithub.com/aquasecurity/trivy/issues/3956)) - [`ee69abb`](https://togithub.com/aquasecurity/trivy/commit/ee69abb78) chore(deps): bump github.com/moby/buildkit from 0.11.4 to 0.11.5 ([#3958](https://togithub.com/aquasecurity/trivy/issues/3958)) - [`8901f7b`](https://togithub.com/aquasecurity/trivy/commit/8901f7be6) chore(deps): bump actions/setup-go from 3 to 4 ([#3953](https://togithub.com/aquasecurity/trivy/issues/3953)) - [`4e6bbbc`](https://togithub.com/aquasecurity/trivy/commit/4e6bbbc8c) chore(deps): bump actions/cache from 3.2.6 to 3.3.1 ([#3950](https://togithub.com/aquasecurity/trivy/issues/3950)) - [`d70f346`](https://togithub.com/aquasecurity/trivy/commit/d70f346f5) chore(deps): bump github.com/containerd/containerd from 1.6.19 to 1.7.0 ([#3965](https://togithub.com/aquasecurity/trivy/issues/3965)) - [`3efb2fd`](https://togithub.com/aquasecurity/trivy/commit/3efb2fded) chore(deps): bump github.com/sigstore/rekor from 1.0.1 to 1.1.0 ([#3964](https://togithub.com/aquasecurity/trivy/issues/3964)) ### [`v0.39.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.39.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.38.3...v0.39.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/3949](https://togithub.com/aquasecurity/trivy/discussions/3949) #### Changelog - [`ed59096`](https://togithub.com/aquasecurity/trivy/commit/ed590966a) docs(cli): added makefile and go file to create docs ([#3930](https://togithub.com/aquasecurity/trivy/issues/3930)) - [`a2f39a3`](https://togithub.com/aquasecurity/trivy/commit/a2f39a34c) chore: Revert "ci: add gpg signing for RPM packages ([#3612](https://togithub.com/aquasecurity/trivy/issues/3612))" ([#3946](https://togithub.com/aquasecurity/trivy/issues/3946)) - [`5a10631`](https://togithub.com/aquasecurity/trivy/commit/5a1063102) chore: ignore gpg key ([#3943](https://togithub.com/aquasecurity/trivy/issues/3943)) - [`4072115`](https://togithub.com/aquasecurity/trivy/commit/4072115e5) feat(cyclonedx): support dependency graph ([#3177](https://togithub.com/aquasecurity/trivy/issues/3177)) - [`7cad265`](https://togithub.com/aquasecurity/trivy/commit/7cad265b7) chore(deps): Bump defsec to v0.85.0 ([#3940](https://togithub.com/aquasecurity/trivy/issues/3940)) - [`f8b5733`](https://togithub.com/aquasecurity/trivy/commit/f8b573311) feat(rust): remove dev deps and find direct deps for Cargo.lock ([#3919](https://togithub.com/aquasecurity/trivy/issues/3919)) - [`10796a2`](https://togithub.com/aquasecurity/trivy/commit/10796a291) feat(server): redis with public TLS certs support ([#3783](https://togithub.com/aquasecurity/trivy/issues/3783)) - [`abff139`](https://togithub.com/aquasecurity/trivy/commit/abff1398c) feat(flag): Add glob support to `--skip-dirs` and `--skip-files` ([#3866](https://togithub.com/aquasecurity/trivy/issues/3866)) - [`b40f60c`](https://togithub.com/aquasecurity/trivy/commit/b40f60c40) chore: replace make with mage ([#3932](https://togithub.com/aquasecurity/trivy/issues/3932)) - [`67236f6`](https://togithub.com/aquasecurity/trivy/commit/67236f6aa) fix(sbom): add checksum to files ([#3888](https://togithub.com/aquasecurity/trivy/issues/3888)) - [`00de24b`](https://togithub.com/aquasecurity/trivy/commit/00de24b16) chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 ([#3928](https://togithub.com/aquasecurity/trivy/issues/3928)) - [`5976d1f`](https://togithub.com/aquasecurity/trivy/commit/5976d1fa0) chore: remove unused mount volumes ([#3927](https://togithub.com/aquasecurity/trivy/issues/3927)) - [`f14bed4`](https://togithub.com/aquasecurity/trivy/commit/f14bed453) feat: add auth support for downloading OCI artifacts ([#3915](https://togithub.com/aquasecurity/trivy/issues/3915)) - [`1ee0518`](https://togithub.com/aquasecurity/trivy/commit/1ee05189f) refactor(purl): use epoch in qualifier ([#3913](https://togithub.com/aquasecurity/trivy/issues/3913)) - [`0000252`](https://togithub.com/aquasecurity/trivy/commit/0000252ce) chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 ([#3727](https://togithub.com/aquasecurity/trivy/issues/3727)) - [`ca0d972`](https://togithub.com/aquasecurity/trivy/commit/ca0d972cd) feat(image): add registry options ([#3906](https://togithub.com/aquasecurity/trivy/issues/3906)) - [`0336555`](https://togithub.com/aquasecurity/trivy/commit/033655577) feat(rust): dependency tree and line numbers support for cargo lock file ([#3746](https://togithub.com/aquasecurity/trivy/issues/3746)) - [`dd9cd95`](https://togithub.com/aquasecurity/trivy/commit/dd9cd9528) chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 ([#3905](https://togithub.com/aquasecurity/trivy/issues/3905)) - [`edb0682`](https://togithub.com/aquasecurity/trivy/commit/edb06826b) feat(php): add support for location, licenses and graph for composer.lock files ([#3873](https://togithub.com/aquasecurity/trivy/issues/3873)) - [`c02b15b`](https://togithub.com/aquasecurity/trivy/commit/c02b15b37) chore(deps): updates wazero to 1.0.0 ([#3904](https://togithub.com/aquasecurity/trivy/issues/3904)) - [`63ef760`](https://togithub.com/aquasecurity/trivy/commit/63ef760c6) feat(image): discover SBOM in OCI referrers ([#3768](https://togithub.com/aquasecurity/trivy/issues/3768)) - [`3fa703c`](https://togithub.com/aquasecurity/trivy/commit/3fa703c03) docs: change cache-dir key in config file ([#3897](https://togithub.com/aquasecurity/trivy/issues/3897)) - [`4d78747`](https://togithub.com/aquasecurity/trivy/commit/4d78747c4) fix(sbom): use release and epoch for SPDX package version ([#3896](https://togithub.com/aquasecurity/trivy/issues/3896)) - [`67572df`](https://togithub.com/aquasecurity/trivy/commit/67572dff6) ci: add gpg signing for RPM packages ([#3612](https://togithub.com/aquasecurity/trivy/issues/3612)) - [`e76d5ff`]Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.