search

nlamirault / dotfiles

My dotfiles
Other
0 stars 0 forks source link

Update dependency trivy to v0.44.0 #91

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Update Change
trivy minor 0.37.3 -> 0.44.0

Release Notes

aquasecurity/trivy (trivy) ### [`v0.44.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.44.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.43.1...v0.44.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4903](https://togithub.com/aquasecurity/trivy/discussions/4903) #### Changelog - [`d19c7d9`](https://togithub.com/aquasecurity/trivy/commit/d19c7d9f2) feat(repo): support local repositories ([#​4890](https://togithub.com/aquasecurity/trivy/issues/4890)) - [`3c19761`](https://togithub.com/aquasecurity/trivy/commit/3c1976187) bump go-dep-parser ([#​4893](https://togithub.com/aquasecurity/trivy/issues/4893)) - [`e1c2a8c`](https://togithub.com/aquasecurity/trivy/commit/e1c2a8c80) fix(misconf): add missing fields to proto ([#​4861](https://togithub.com/aquasecurity/trivy/issues/4861)) - [`8b8e0e8`](https://togithub.com/aquasecurity/trivy/commit/8b8e0e83d) fix: remove trivy-db package replacement ([#​4877](https://togithub.com/aquasecurity/trivy/issues/4877)) - [`f9efe44`](https://togithub.com/aquasecurity/trivy/commit/f9efe44fd) chore(test): bump the integration test timeout to 15m ([#​4880](https://togithub.com/aquasecurity/trivy/issues/4880)) - [`7271d68`](https://togithub.com/aquasecurity/trivy/commit/7271d682f) chore(deps): Update defsec to v0.91.0 ([#​4886](https://togithub.com/aquasecurity/trivy/issues/4886)) - [`c3bc67c`](https://togithub.com/aquasecurity/trivy/commit/c3bc67c89) chore: update CODEOWNERS ([#​4871](https://togithub.com/aquasecurity/trivy/issues/4871)) - [`232ba82`](https://togithub.com/aquasecurity/trivy/commit/232ba823e) feat(vuln): support vulnerability status ([#​4867](https://togithub.com/aquasecurity/trivy/issues/4867)) - [`11618c9`](https://togithub.com/aquasecurity/trivy/commit/11618c940) feat(misconf): Support custom URLs for policy bundle ([#​4834](https://togithub.com/aquasecurity/trivy/issues/4834)) - [`0707569`](https://togithub.com/aquasecurity/trivy/commit/07075696d) refactor: replace with sortable packages ([#​4858](https://togithub.com/aquasecurity/trivy/issues/4858)) - [`fbe1c9e`](https://togithub.com/aquasecurity/trivy/commit/fbe1c9eb1) docs: correct license scanning sample command ([#​4855](https://togithub.com/aquasecurity/trivy/issues/4855)) - [`20c2246`](https://togithub.com/aquasecurity/trivy/commit/20c2246a6) fix(report): close the file ([#​4842](https://togithub.com/aquasecurity/trivy/issues/4842)) - [`24a3e54`](https://togithub.com/aquasecurity/trivy/commit/24a3e547d) feat(nodejs): add support for include-dev-deps flag for yarn ([#​4812](https://togithub.com/aquasecurity/trivy/issues/4812)) - [`a7bd7bb`](https://togithub.com/aquasecurity/trivy/commit/a7bd7bb65) feat(misconf): Add support for independently enabling libraries ([#​4070](https://togithub.com/aquasecurity/trivy/issues/4070)) - [`4aa9ea0`](https://togithub.com/aquasecurity/trivy/commit/4aa9ea096) feat(secret): add secret config file for cache calculation ([#​4837](https://togithub.com/aquasecurity/trivy/issues/4837)) - [`5d349d8`](https://togithub.com/aquasecurity/trivy/commit/5d349d814) Fix a link in gitlab-ci.md ([#​4850](https://togithub.com/aquasecurity/trivy/issues/4850)) - [`a61531c`](https://togithub.com/aquasecurity/trivy/commit/a61531c1f) fix(flag): use globalstar to skip directories ([#​4854](https://togithub.com/aquasecurity/trivy/issues/4854)) - [`78cc209`](https://togithub.com/aquasecurity/trivy/commit/78cc20937) chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible ([#​4849](https://togithub.com/aquasecurity/trivy/issues/4849)) - [`9399604`](https://togithub.com/aquasecurity/trivy/commit/93996041b) fix(license): using common way for splitting licenses ([#​4434](https://togithub.com/aquasecurity/trivy/issues/4434)) - [`3e2416d`](https://togithub.com/aquasecurity/trivy/commit/3e2416d77) fix(containerd): Use img platform in exporter instead of strict host platform ([#​4477](https://togithub.com/aquasecurity/trivy/issues/4477)) - [`ce77bb4`](https://togithub.com/aquasecurity/trivy/commit/ce77bb46c) remove govulndb ([#​4783](https://togithub.com/aquasecurity/trivy/issues/4783)) - [`c05caae`](https://togithub.com/aquasecurity/trivy/commit/c05caae43) fix(java): inherit licenses from parents ([#​4817](https://togithub.com/aquasecurity/trivy/issues/4817)) - [`aca11b9`](https://togithub.com/aquasecurity/trivy/commit/aca11b95d) refactor: add allowed values for CLI flags ([#​4800](https://togithub.com/aquasecurity/trivy/issues/4800)) - [`4cecd17`](https://togithub.com/aquasecurity/trivy/commit/4cecd17ea) add example regex to allow rules ([#​4827](https://togithub.com/aquasecurity/trivy/issues/4827)) - [`4bc8d29`](https://togithub.com/aquasecurity/trivy/commit/4bc8d29c1) feat(misconf): Support custom data for rego policies for cloud ([#​4745](https://togithub.com/aquasecurity/trivy/issues/4745)) - [`88243a0`](https://togithub.com/aquasecurity/trivy/commit/88243a0ad) docs: correcting the trivy k8s tutorial ([#​4815](https://togithub.com/aquasecurity/trivy/issues/4815)) - [`3c7d988`](https://togithub.com/aquasecurity/trivy/commit/3c7d988d7) feat(cli): add --tf-exclude-downloaded-modules flag ([#​4810](https://togithub.com/aquasecurity/trivy/issues/4810)) - [`fd0fd10`](https://togithub.com/aquasecurity/trivy/commit/fd0fd104f) fix(sbom): cyclonedx recommendations should include fixed versions for each package ([#​4794](https://togithub.com/aquasecurity/trivy/issues/4794)) - [`d0d543b`](https://togithub.com/aquasecurity/trivy/commit/d0d543b88) feat(misconf): enable --policy flag to accept directory and files both ([#​4777](https://togithub.com/aquasecurity/trivy/issues/4777)) - [`b43a3e6`](https://togithub.com/aquasecurity/trivy/commit/b43a3e623) feat(python): add license fields ([#​4722](https://togithub.com/aquasecurity/trivy/issues/4722)) - [`aef7b14`](https://togithub.com/aquasecurity/trivy/commit/aef7b148a) fix: support trivy k8s-version on k8s sub-command ([#​4786](https://togithub.com/aquasecurity/trivy/issues/4786)) ### [`v0.43.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.43.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.43.0...v0.43.1) #### Changelog - [`5d76aba`](https://togithub.com/aquasecurity/trivy/commit/5d76abadc) chore(deps): Update defsec to v0.90.3 ([#​4793](https://togithub.com/aquasecurity/trivy/issues/4793)) - [`fed446c`](https://togithub.com/aquasecurity/trivy/commit/fed446c51) chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 ([#​4752](https://togithub.com/aquasecurity/trivy/issues/4752)) - [`df62927`](https://togithub.com/aquasecurity/trivy/commit/df62927e5) chore(deps): bump alpine from 3.18.0 to 3.18.2 ([#​4748](https://togithub.com/aquasecurity/trivy/issues/4748)) - [`1b9b9a8`](https://togithub.com/aquasecurity/trivy/commit/1b9b9a84f) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 ([#​4758](https://togithub.com/aquasecurity/trivy/issues/4758)) - [`3c16ca8`](https://togithub.com/aquasecurity/trivy/commit/3c16ca821) docs(image): fix the comment on the soft/hard link ([#​4740](https://togithub.com/aquasecurity/trivy/issues/4740)) - [`e5bee5c`](https://togithub.com/aquasecurity/trivy/commit/e5bee5ccc) check Type when filling pkgs in vulns ([#​4776](https://togithub.com/aquasecurity/trivy/issues/4776)) - [`4b9f310`](https://togithub.com/aquasecurity/trivy/commit/4b9f310b9) feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script ([#​4770](https://togithub.com/aquasecurity/trivy/issues/4770)) - [`8e7fb7c`](https://togithub.com/aquasecurity/trivy/commit/8e7fb7cc8) chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 ([#​4756](https://togithub.com/aquasecurity/trivy/issues/4756)) - [`a9badea`](https://togithub.com/aquasecurity/trivy/commit/a9badeaba) fix(rocky): add architectures support for advisories ([#​4691](https://togithub.com/aquasecurity/trivy/issues/4691)) - [`f8ebccc`](https://togithub.com/aquasecurity/trivy/commit/f8ebccc68) chore(deps): bump github.com/opencontainers/image-spec ([#​4751](https://togithub.com/aquasecurity/trivy/issues/4751)) - [`1c81948`](https://togithub.com/aquasecurity/trivy/commit/1c81948e0) chore(deps): bump github.com/package-url/packageurl-go ([#​4754](https://togithub.com/aquasecurity/trivy/issues/4754)) - [`497cc10`](https://togithub.com/aquasecurity/trivy/commit/497cc10d8) chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 ([#​4750](https://togithub.com/aquasecurity/trivy/issues/4750)) - [`065f0af`](https://togithub.com/aquasecurity/trivy/commit/065f0afa5) chore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 ([#​4755](https://togithub.com/aquasecurity/trivy/issues/4755)) - [`e260305`](https://togithub.com/aquasecurity/trivy/commit/e2603056d) chore(deps): bump github.com/testcontainers/testcontainers-go ([#​4759](https://togithub.com/aquasecurity/trivy/issues/4759)) - [`0621402`](https://togithub.com/aquasecurity/trivy/commit/0621402bf) fix: documentation about reseting trivy image ([#​4733](https://togithub.com/aquasecurity/trivy/issues/4733)) - [`798fdbc`](https://togithub.com/aquasecurity/trivy/commit/798fdbc01) fix(suse): Add openSUSE Leap 15.5 eol date as well ([#​4744](https://togithub.com/aquasecurity/trivy/issues/4744)) - [`34a8929`](https://togithub.com/aquasecurity/trivy/commit/34a89293d) fix: update Amazon Linux 1 EOL ([#​4761](https://togithub.com/aquasecurity/trivy/issues/4761)) ### [`v0.43.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.43.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.42.1...v0.43.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4741](https://togithub.com/aquasecurity/trivy/discussions/4741) #### Changelog - [`6008192`](https://togithub.com/aquasecurity/trivy/commit/600819248) chore(deps): Update defsec to v0.90.1 ([#​4739](https://togithub.com/aquasecurity/trivy/issues/4739)) - [`73734ea`](https://togithub.com/aquasecurity/trivy/commit/73734eab2) feat(nodejs): support yarn workspaces ([#​4664](https://togithub.com/aquasecurity/trivy/issues/4664)) - [`22463ab`](https://togithub.com/aquasecurity/trivy/commit/22463abab) feat(cli): add include-dev-deps flag ([#​4700](https://togithub.com/aquasecurity/trivy/issues/4700)) - [`790c805`](https://togithub.com/aquasecurity/trivy/commit/790c8054e) fix(image): pass the secret scanner option to scan the img config ([#​4735](https://togithub.com/aquasecurity/trivy/issues/4735)) - [`86fec9c`](https://togithub.com/aquasecurity/trivy/commit/86fec9c4a) fix: scan job pod it not found on k8s-1.27.x ([#​4729](https://togithub.com/aquasecurity/trivy/issues/4729)) - [`26bc911`](https://togithub.com/aquasecurity/trivy/commit/26bc91160) feat(docker): add support for mTLS authentication when connecting to registry ([#​4649](https://togithub.com/aquasecurity/trivy/issues/4649)) - [`d699e8c`](https://togithub.com/aquasecurity/trivy/commit/d699e8c10) chore(deps): Update defsec to v0.90.0 ([#​4723](https://togithub.com/aquasecurity/trivy/issues/4723)) - [`1777878`](https://togithub.com/aquasecurity/trivy/commit/1777878e8) fix: skip scanning the gpg-pubkey package ([#​4720](https://togithub.com/aquasecurity/trivy/issues/4720)) - [`9be0825`](https://togithub.com/aquasecurity/trivy/commit/9be08253a) Fix http registry oci pull ([#​4701](https://togithub.com/aquasecurity/trivy/issues/4701)) - [`5d73b47`](https://togithub.com/aquasecurity/trivy/commit/5d73b47db) feat(misconf): Support skipping services ([#​4686](https://togithub.com/aquasecurity/trivy/issues/4686)) - [`46e784c`](https://togithub.com/aquasecurity/trivy/commit/46e784c8a) docs: fix supported modes for pubspec.lock files ([#​4713](https://togithub.com/aquasecurity/trivy/issues/4713)) - [`0f61a84`](https://togithub.com/aquasecurity/trivy/commit/0f61a8471) fix(misconf): disable the terraform plan analyzer for other scanners ([#​4714](https://togithub.com/aquasecurity/trivy/issues/4714)) - [`8a1aa44`](https://togithub.com/aquasecurity/trivy/commit/8a1aa448a) clarifying a dir path is required for custom policies ([#​4716](https://togithub.com/aquasecurity/trivy/issues/4716)) - [`fbab9ee`](https://togithub.com/aquasecurity/trivy/commit/fbab9eea3) chore: update alpine base images ([#​4715](https://togithub.com/aquasecurity/trivy/issues/4715)) - [`f84417b`](https://togithub.com/aquasecurity/trivy/commit/f84417bba) fix last-history-created ([#​4697](https://togithub.com/aquasecurity/trivy/issues/4697)) - [`85c681d`](https://togithub.com/aquasecurity/trivy/commit/85c681d44) feat: kbom and cyclonedx v1.5 spec support ([#​4708](https://togithub.com/aquasecurity/trivy/issues/4708)) - [`46748ce`](https://togithub.com/aquasecurity/trivy/commit/46748ce6e) docs: add information about Aqua ([#​4590](https://togithub.com/aquasecurity/trivy/issues/4590)) - [`c6741bd`](https://togithub.com/aquasecurity/trivy/commit/c6741bddf) fix: k8s escape resource filename on windows os ([#​4693](https://togithub.com/aquasecurity/trivy/issues/4693)) - [`a21acc7`](https://togithub.com/aquasecurity/trivy/commit/a21acc7e0) ci: ignore merge queue branches ([#​4696](https://togithub.com/aquasecurity/trivy/issues/4696)) - [`32a3a33`](https://togithub.com/aquasecurity/trivy/commit/32a3a3311) chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 ([#​4695](https://togithub.com/aquasecurity/trivy/issues/4695)) - [`cbb47dc`](https://togithub.com/aquasecurity/trivy/commit/cbb47dc7c) chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 ([#​4694](https://togithub.com/aquasecurity/trivy/issues/4694)) - [`e3d10d2`](https://togithub.com/aquasecurity/trivy/commit/e3d10d251) feat: cyclondx sbom custom property support ([#​4688](https://togithub.com/aquasecurity/trivy/issues/4688)) - [`e1770e0`](https://togithub.com/aquasecurity/trivy/commit/e1770e046) ci: do not trigger tests in main ([#​4692](https://togithub.com/aquasecurity/trivy/issues/4692)) - [`337c0b7`](https://togithub.com/aquasecurity/trivy/commit/337c0b70d) add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date ([#​4690](https://togithub.com/aquasecurity/trivy/issues/4690)) - [`5ccee14`](https://togithub.com/aquasecurity/trivy/commit/5ccee1430) use group field for jar in cyclonedx ([#​4674](https://togithub.com/aquasecurity/trivy/issues/4674)) - [`96db52c`](https://togithub.com/aquasecurity/trivy/commit/96db52c3f) feat(java): capture licenses from pom.xml ([#​4681](https://togithub.com/aquasecurity/trivy/issues/4681)) - [`3e902a5`](https://togithub.com/aquasecurity/trivy/commit/3e902a57a) feat(helm): make sessionAffinity configurable ([#​4623](https://togithub.com/aquasecurity/trivy/issues/4623)) - [`904f1cf`](https://togithub.com/aquasecurity/trivy/commit/904f1cf24) fix: Show the correct URL of the secret scanning ([#​4682](https://togithub.com/aquasecurity/trivy/issues/4682)) - [`7d48c5d`](https://togithub.com/aquasecurity/trivy/commit/7d48c5d5d) document expected file pattern definition format ([#​4654](https://togithub.com/aquasecurity/trivy/issues/4654)) - [`dcc73e9`](https://togithub.com/aquasecurity/trivy/commit/dcc73e964) fix: format arg error ([#​4642](https://togithub.com/aquasecurity/trivy/issues/4642)) - [`35c4262`](https://togithub.com/aquasecurity/trivy/commit/35c4262d0) feat(k8s): cyclonedx kbom support ([#​4557](https://togithub.com/aquasecurity/trivy/issues/4557)) - [`0e01851`](https://togithub.com/aquasecurity/trivy/commit/0e01851e9) fix(nodejs): remove unused fields for the pnpm lockfile ([#​4630](https://togithub.com/aquasecurity/trivy/issues/4630)) - [`4d9b444`](https://togithub.com/aquasecurity/trivy/commit/4d9b44449) fix(vm): update ext4-filesystem parser for parse multi block extents ([#​4616](https://togithub.com/aquasecurity/trivy/issues/4616)) - [`c29197a`](https://togithub.com/aquasecurity/trivy/commit/c29197ab7) ci: update build IDs ([#​4641](https://togithub.com/aquasecurity/trivy/issues/4641)) - [`d7637ad`](https://togithub.com/aquasecurity/trivy/commit/d7637adc6) fix(debian): update EOL for Debian 12 ([#​4647](https://togithub.com/aquasecurity/trivy/issues/4647)) - [`ef39eee`](https://togithub.com/aquasecurity/trivy/commit/ef39eeedf) chore(deps): bump go-containerregistry ([#​4639](https://togithub.com/aquasecurity/trivy/issues/4639)) - [`1ce8bb5`](https://togithub.com/aquasecurity/trivy/commit/1ce8bb535) chore: unnecessary use of fmt.Sprintf (S1039) ([#​4637](https://togithub.com/aquasecurity/trivy/issues/4637)) - [`bc9513f`](https://togithub.com/aquasecurity/trivy/commit/bc9513fc5) fix(db): change argument order in Exists query for JavaDB ([#​4595](https://togithub.com/aquasecurity/trivy/issues/4595)) - [`aecd2f0`](https://togithub.com/aquasecurity/trivy/commit/aecd2f0bf) feat(aws): Add support to see successes in results ([#​4427](https://togithub.com/aquasecurity/trivy/issues/4427)) - [`2cbf402`](https://togithub.com/aquasecurity/trivy/commit/2cbf402b6) chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 ([#​4613](https://togithub.com/aquasecurity/trivy/issues/4613)) - [`0099b20`](https://togithub.com/aquasecurity/trivy/commit/0099b20e3) ci: do not trigger tests in main ([#​4614](https://togithub.com/aquasecurity/trivy/issues/4614)) - [`a597a54`](https://togithub.com/aquasecurity/trivy/commit/a597a54fb) chore(deps): bump sigstore/cosign-installer ([#​4609](https://togithub.com/aquasecurity/trivy/issues/4609)) - [`b453fbe`](https://togithub.com/aquasecurity/trivy/commit/b453fbec3) chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 ([#​4608](https://togithub.com/aquasecurity/trivy/issues/4608)) - [`0e876d5`](https://togithub.com/aquasecurity/trivy/commit/0e876d5aa) ci: bypass the required status checks ([#​4611](https://togithub.com/aquasecurity/trivy/issues/4611)) - [`a4f27d2`](https://togithub.com/aquasecurity/trivy/commit/a4f27d24a) ci: support merge queue ([#​3652](https://togithub.com/aquasecurity/trivy/issues/3652)) - [`9e6411e`](https://togithub.com/aquasecurity/trivy/commit/9e6411e9f) ci: matrix build for testing ([#​4587](https://togithub.com/aquasecurity/trivy/issues/4587)) - [`ef6538a`](https://togithub.com/aquasecurity/trivy/commit/ef6538a17) feat: trivy k8s private registry support ([#​4567](https://togithub.com/aquasecurity/trivy/issues/4567)) - [`139f3e1`](https://togithub.com/aquasecurity/trivy/commit/139f3e1e3) docs: add general coverage page ([#​3859](https://togithub.com/aquasecurity/trivy/issues/3859)) - [`479cfdd`](https://togithub.com/aquasecurity/trivy/commit/479cfdd40) chore: create SECURITY.md ([#​4601](https://togithub.com/aquasecurity/trivy/issues/4601)) ### [`v0.42.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.42.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.42.0...v0.42.1) #### Changelog - [`9a279fa`](https://togithub.com/aquasecurity/trivy/commit/9a279fa7b) ci: remove 32bit packages ([#​4585](https://togithub.com/aquasecurity/trivy/issues/4585)) - [`d52b0b7`](https://togithub.com/aquasecurity/trivy/commit/d52b0b7bc) fix(misconf): deduplicate misconf results ([#​4588](https://togithub.com/aquasecurity/trivy/issues/4588)) - [`9b531fa`](https://togithub.com/aquasecurity/trivy/commit/9b531fa27) fix(vm): support sector size of 4096 ([#​4564](https://togithub.com/aquasecurity/trivy/issues/4564)) - [`8ca1bfd`](https://togithub.com/aquasecurity/trivy/commit/8ca1bfdd2) fix(misconf): terraform relative paths ([#​4571](https://togithub.com/aquasecurity/trivy/issues/4571)) - [`c20d466`](https://togithub.com/aquasecurity/trivy/commit/c20d46604) fix(purl): skip unsupported library type ([#​4577](https://togithub.com/aquasecurity/trivy/issues/4577)) - [`52cbe79`](https://togithub.com/aquasecurity/trivy/commit/52cbe7975) fix(terraform): recursively detect all Root Modules ([#​4457](https://togithub.com/aquasecurity/trivy/issues/4457)) - [`4a5b915`](https://togithub.com/aquasecurity/trivy/commit/4a5b91557) fix(vm): support post analyzer for vm command ([#​4544](https://togithub.com/aquasecurity/trivy/issues/4544)) - [`56cdc55`](https://togithub.com/aquasecurity/trivy/commit/56cdc55f7) fix(nodejs): change the type of the devDependencies field ([#​4560](https://togithub.com/aquasecurity/trivy/issues/4560)) - [`17d7536`](https://togithub.com/aquasecurity/trivy/commit/17d753676) fix(sbom): export empty dependencies in CycloneDX ([#​4568](https://togithub.com/aquasecurity/trivy/issues/4568)) - [`2796abe`](https://togithub.com/aquasecurity/trivy/commit/2796abe1e) refactor: add composite fs for post-analyzers ([#​4556](https://togithub.com/aquasecurity/trivy/issues/4556)) - [`22a1573`](https://togithub.com/aquasecurity/trivy/commit/22a157380) chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 ([#​4554](https://togithub.com/aquasecurity/trivy/issues/4554)) - [`4358665`](https://togithub.com/aquasecurity/trivy/commit/43586659a) chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 ([#​4526](https://togithub.com/aquasecurity/trivy/issues/4526)) - [`5081399`](https://togithub.com/aquasecurity/trivy/commit/508139965) chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 ([#​4528](https://togithub.com/aquasecurity/trivy/issues/4528)) - [`e1a3812`](https://togithub.com/aquasecurity/trivy/commit/e1a38128a) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 ([#​4529](https://togithub.com/aquasecurity/trivy/issues/4529)) - [`283eef6`](https://togithub.com/aquasecurity/trivy/commit/283eef637) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 ([#​4536](https://togithub.com/aquasecurity/trivy/issues/4536)) - [`bbd7b98`](https://togithub.com/aquasecurity/trivy/commit/bbd7b9874) chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 ([#​4549](https://togithub.com/aquasecurity/trivy/issues/4549)) - [`11c81bf`](https://togithub.com/aquasecurity/trivy/commit/11c81bf2f) chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 ([#​4532](https://togithub.com/aquasecurity/trivy/issues/4532)) - [`2d8d63e`](https://togithub.com/aquasecurity/trivy/commit/2d8d63e61) chore(deps): bump github.com/testcontainers/testcontainers-go ([#​4537](https://togithub.com/aquasecurity/trivy/issues/4537)) - [`a46839b`](https://togithub.com/aquasecurity/trivy/commit/a46839b1c) chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 ([#​4530](https://togithub.com/aquasecurity/trivy/issues/4530)) - [`19715f5`](https://togithub.com/aquasecurity/trivy/commit/19715f5de) chore(deps): bump github.com/aws/aws-sdk-go-v2/config ([#​4534](https://togithub.com/aquasecurity/trivy/issues/4534)) ### [`v0.42.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.42.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.41.0...v0.42.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4541](https://togithub.com/aquasecurity/trivy/discussions/4541) #### Changelog - [`854b639`](https://togithub.com/aquasecurity/trivy/commit/854b63940) chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 ([#​4533](https://togithub.com/aquasecurity/trivy/issues/4533)) - [`59e1a86`](https://togithub.com/aquasecurity/trivy/commit/59e1a8664) chore(deps): bump alpine from 3.17.3 to 3.18.0 ([#​4525](https://togithub.com/aquasecurity/trivy/issues/4525)) - [`9ef0113`](https://togithub.com/aquasecurity/trivy/commit/9ef01133c) feat: add SBOM analyzer ([#​4210](https://togithub.com/aquasecurity/trivy/issues/4210)) - [`dadd1e1`](https://togithub.com/aquasecurity/trivy/commit/dadd1e10c) fix(sbom): update logic for work with files in spdx format ([#​4513](https://togithub.com/aquasecurity/trivy/issues/4513)) - [`1a65821`](https://togithub.com/aquasecurity/trivy/commit/1a658210a) feat: azure workload identity support ([#​4489](https://togithub.com/aquasecurity/trivy/issues/4489)) - [`411862c`](https://togithub.com/aquasecurity/trivy/commit/411862c90) feat(ubuntu): add eol date for 18.04 ESM ([#​4524](https://togithub.com/aquasecurity/trivy/issues/4524)) - [`62a1aaf`](https://togithub.com/aquasecurity/trivy/commit/62a1aaf03) fix(misconf): Update required extensions for terraformplan ([#​4523](https://togithub.com/aquasecurity/trivy/issues/4523)) - [`48b2e15`](https://togithub.com/aquasecurity/trivy/commit/48b2e15c2) refactor(cyclonedx): add intermediate representation ([#​4490](https://togithub.com/aquasecurity/trivy/issues/4490)) - [`c15f269`](https://togithub.com/aquasecurity/trivy/commit/c15f269a9) fix(misconf): Remove debug print while scanning ([#​4521](https://togithub.com/aquasecurity/trivy/issues/4521)) - [`b6ee08e`](https://togithub.com/aquasecurity/trivy/commit/b6ee08e55) fix(java): remove duplicates of jar libs ([#​4515](https://togithub.com/aquasecurity/trivy/issues/4515)) - [`d474040`](https://togithub.com/aquasecurity/trivy/commit/d4740401a) fix(java): fix overwriting project props in pom.xml ([#​4498](https://togithub.com/aquasecurity/trivy/issues/4498)) - [`4cf2f94`](https://togithub.com/aquasecurity/trivy/commit/4cf2f94d0) docs: Update compilation instructions ([#​4512](https://togithub.com/aquasecurity/trivy/issues/4512)) - [`18ce1c3`](https://togithub.com/aquasecurity/trivy/commit/18ce1c336) fix(nodejs): update logic for parsing pnpm lock files ([#​4502](https://togithub.com/aquasecurity/trivy/issues/4502)) - [`87eed38`](https://togithub.com/aquasecurity/trivy/commit/87eed38c6) fix(secret): remove aws-account-id rule ([#​4494](https://togithub.com/aquasecurity/trivy/issues/4494)) - [`b0c591e`](https://togithub.com/aquasecurity/trivy/commit/b0c591ef6) feat(oci): add support for referencing an input image by digest ([#​4470](https://togithub.com/aquasecurity/trivy/issues/4470)) - [`b84b5ec`](https://togithub.com/aquasecurity/trivy/commit/b84b5ecfc) chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 ([#​4338](https://togithub.com/aquasecurity/trivy/issues/4338)) - [`305255a`](https://togithub.com/aquasecurity/trivy/commit/305255a49) docs: fixed the format ([#​4503](https://togithub.com/aquasecurity/trivy/issues/4503)) - [`d586de5`](https://togithub.com/aquasecurity/trivy/commit/d586de585) fix(java): add support of \* for exclusions for pom.xml files ([#​4501](https://togithub.com/aquasecurity/trivy/issues/4501)) - [`de6eef3`](https://togithub.com/aquasecurity/trivy/commit/de6eef3b0) feat: adding issue template for documentation ([#​4453](https://togithub.com/aquasecurity/trivy/issues/4453)) - [`83a9c4a`](https://togithub.com/aquasecurity/trivy/commit/83a9c4a4c) docs: switch glad to ghsa for Go ([#​4493](https://togithub.com/aquasecurity/trivy/issues/4493)) - [`5372722`](https://togithub.com/aquasecurity/trivy/commit/537272257) chore(deps): Update defsec to v0.89.0 ([#​4474](https://togithub.com/aquasecurity/trivy/issues/4474)) - [`6fcd153`](https://togithub.com/aquasecurity/trivy/commit/6fcd1538d) feat(misconf): Add terraformplan support ([#​4342](https://togithub.com/aquasecurity/trivy/issues/4342)) - [`72e302c`](https://togithub.com/aquasecurity/trivy/commit/72e302cf8) feat(debian): add digests for dpkg ([#​4445](https://togithub.com/aquasecurity/trivy/issues/4445)) - [`7e99d08`](https://togithub.com/aquasecurity/trivy/commit/7e99d08a1) chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 ([#​4478](https://togithub.com/aquasecurity/trivy/issues/4478)) - [`12a1789`](https://togithub.com/aquasecurity/trivy/commit/12a1789be) feat(k8s): exclude node scanning by node labels ([#​4459](https://togithub.com/aquasecurity/trivy/issues/4459)) - [`919e8c9`](https://togithub.com/aquasecurity/trivy/commit/919e8c92b) docs: add info about multi-line mode for regexp from custom secret rules ([#​4159](https://togithub.com/aquasecurity/trivy/issues/4159)) - [`50fe43f`](https://togithub.com/aquasecurity/trivy/commit/50fe43f14) feat(cli): convert JSON reports into a different format ([#​4452](https://togithub.com/aquasecurity/trivy/issues/4452)) - [`09db1d4`](https://togithub.com/aquasecurity/trivy/commit/09db1d438) feat(image): add logic to guess base layer for docker-cis scan ([#​4344](https://togithub.com/aquasecurity/trivy/issues/4344)) - [`3f0721f`](https://togithub.com/aquasecurity/trivy/commit/3f0721ff6) fix(cyclonedx): set original names for packages ([#​4306](https://togithub.com/aquasecurity/trivy/issues/4306)) - [`0ef0dad`](https://togithub.com/aquasecurity/trivy/commit/0ef0dadb1) feat: group subcommands ([#​4449](https://togithub.com/aquasecurity/trivy/issues/4449)) - [`3a7717f`](https://togithub.com/aquasecurity/trivy/commit/3a7717fde) feat(cli): add retry to cache operations ([#​4189](https://togithub.com/aquasecurity/trivy/issues/4189)) - [`63cfb27`](https://togithub.com/aquasecurity/trivy/commit/63cfb2714) fix(vuln): report architecture for `apk` packages ([#​4247](https://togithub.com/aquasecurity/trivy/issues/4247)) - [`e136136`](https://togithub.com/aquasecurity/trivy/commit/e1361368a) refactor: enable cases where return values are not needed in pipeline ([#​4443](https://togithub.com/aquasecurity/trivy/issues/4443)) - [`29b5f7e`](https://togithub.com/aquasecurity/trivy/commit/29b5f7e8e) fix(image): resolve scan deadlock when error occurs in slow mode ([#​4336](https://togithub.com/aquasecurity/trivy/issues/4336)) - [`92ed344`](https://togithub.com/aquasecurity/trivy/commit/92ed344e8) docs(misconf): Update docs for kubernetes file patterns ([#​4435](https://togithub.com/aquasecurity/trivy/issues/4435)) - [`16af41b`](https://togithub.com/aquasecurity/trivy/commit/16af41be1) test: k8s integration tests ([#​4423](https://togithub.com/aquasecurity/trivy/issues/4423)) - [`cab8569`](https://togithub.com/aquasecurity/trivy/commit/cab8569cd) feat(redhat): add package digest for rpm ([#​4410](https://togithub.com/aquasecurity/trivy/issues/4410)) - [`92f9e98`](https://togithub.com/aquasecurity/trivy/commit/92f9e98d0) feat(misconf): Add `--reset-policy-bundle` for policy bundle ([#​4167](https://togithub.com/aquasecurity/trivy/issues/4167)) - [`33fb047`](https://togithub.com/aquasecurity/trivy/commit/33fb04763) fix: typo ([#​4431](https://togithub.com/aquasecurity/trivy/issues/4431)) - [`8b162f2`](https://togithub.com/aquasecurity/trivy/commit/8b162f287) add user instruction to imgconf ([#​4429](https://togithub.com/aquasecurity/trivy/issues/4429)) - [`3b7c919`](https://togithub.com/aquasecurity/trivy/commit/3b7c9198d) fix(k8s): add image sources ([#​4411](https://togithub.com/aquasecurity/trivy/issues/4411)) - [`c75d35f`](https://togithub.com/aquasecurity/trivy/commit/c75d35ff6) docs(scanning): Add versioning banner ([#​4415](https://togithub.com/aquasecurity/trivy/issues/4415)) - [`d298415`](https://togithub.com/aquasecurity/trivy/commit/d298415c0) feat(cli): add mage command to update golden integration test files ([#​4380](https://togithub.com/aquasecurity/trivy/issues/4380)) - [`1a56295`](https://togithub.com/aquasecurity/trivy/commit/1a56295ff) feat: node-collector custom namespace support ([#​4407](https://togithub.com/aquasecurity/trivy/issues/4407)) - [`864ad10`](https://togithub.com/aquasecurity/trivy/commit/864ad10a3) chore(deps): bump owenrumney/go-sarif from v2.1.3 to v2.2.0 ([#​4378](https://togithub.com/aquasecurity/trivy/issues/4378)) - [`7a20d96`](https://togithub.com/aquasecurity/trivy/commit/7a20d9622) refactor(sbom): use multiline json for spdx-json format ([#​4404](https://togithub.com/aquasecurity/trivy/issues/4404)) - [`ea5fd75`](https://togithub.com/aquasecurity/trivy/commit/ea5fd75ff) fix(ubuntu): add EOL date for Ubuntu 23.04 ([#​4347](https://togithub.com/aquasecurity/trivy/issues/4347)) - [`56a01ec`](https://togithub.com/aquasecurity/trivy/commit/56a01ec6f) refactor: code-optimization ([#​4214](https://togithub.com/aquasecurity/trivy/issues/4214)) - [`6a0e152`](https://togithub.com/aquasecurity/trivy/commit/6a0e15265) feat(image): Add image-src flag to specify which runtime(s) to use ([#​4047](https://togithub.com/aquasecurity/trivy/issues/4047)) - [`50c8b41`](https://togithub.com/aquasecurity/trivy/commit/50c8b418a) test: skip wrong update of test golden files ([#​4379](https://togithub.com/aquasecurity/trivy/issues/4379)) - [`51ca653`](https://togithub.com/aquasecurity/trivy/commit/51ca6536c) refactor: don't return error for package.json without version/name ([#​4377](https://togithub.com/aquasecurity/trivy/issues/4377)) - [`e5e7ebc`](https://togithub.com/aquasecurity/trivy/commit/e5e7ebcda) docs: cmd error ([#​4376](https://togithub.com/aquasecurity/trivy/issues/4376)) - [`6ee4960`](https://togithub.com/aquasecurity/trivy/commit/6ee496077) test(cli): add test for config file and env combination ([#​2666](https://togithub.com/aquasecurity/trivy/issues/2666)) - [`c067b02`](https://togithub.com/aquasecurity/trivy/commit/c067b026e) fix(report): set a correct file location for license scan output ([#​4326](https://togithub.com/aquasecurity/trivy/issues/4326)) - [`ff63748`](https://togithub.com/aquasecurity/trivy/commit/ff6374829) ci: rpm repository for all versions and aarch64 ([#​4077](https://togithub.com/aquasecurity/trivy/issues/4077)) - [`0009b02`](https://togithub.com/aquasecurity/trivy/commit/0009b02bb) chore(alpine): Update Alpine to 3.18 ([#​4351](https://togithub.com/aquasecurity/trivy/issues/4351)) - [`d61ae8c`](https://togithub.com/aquasecurity/trivy/commit/d61ae8cc7) fix(alpine): add EOL date for Alpine 3.18 ([#​4308](https://togithub.com/aquasecurity/trivy/issues/4308)) - [`636ce80`](https://togithub.com/aquasecurity/trivy/commit/636ce808f) chore(deps): bump github.com/docker/distribution ([#​4337](https://togithub.com/aquasecurity/trivy/issues/4337)) - [`e859d10`](https://togithub.com/aquasecurity/trivy/commit/e859d10ee) feat: allow root break for mapfs ([#​4094](https://togithub.com/aquasecurity/trivy/issues/4094)) - [`a6ef37f`](https://togithub.com/aquasecurity/trivy/commit/a6ef37fa3) docs(misconf): Remove examples.md ([#​4256](https://togithub.com/aquasecurity/trivy/issues/4256)) - [`dca8c03`](https://togithub.com/aquasecurity/trivy/commit/dca8c039e) fix(ubuntu): update eol dates for Ubuntu ([#​4258](https://togithub.com/aquasecurity/trivy/issues/4258)) - [`b003f58`](https://togithub.com/aquasecurity/trivy/commit/b003f58b2) feat(alpine): add digests for apk packages ([#​4168](https://togithub.com/aquasecurity/trivy/issues/4168)) - [`86f0016`](https://togithub.com/aquasecurity/trivy/commit/86f001616) chore: add discussion templates ([#​4190](https://togithub.com/aquasecurity/trivy/issues/4190)) - [`2f318ce`](https://togithub.com/aquasecurity/trivy/commit/2f318ce97) fix(terraform): Support tfvars ([#​4123](https://togithub.com/aquasecurity/trivy/issues/4123)) - [`ec3906c`](https://togithub.com/aquasecurity/trivy/commit/ec3906c24) chore: separate docs:generate ([#​4242](https://togithub.com/aquasecurity/trivy/issues/4242)) - [`37b25d2`](https://togithub.com/aquasecurity/trivy/commit/37b25d28b) chore(deps): bump github.com/aws/aws-sdk-go-v2/config ([#​4246](https://togithub.com/aquasecurity/trivy/issues/4246)) - [`45d5edb`](https://togithub.com/aquasecurity/trivy/commit/45d5edb0d) refactor: define vulnerability scanner interfaces ([#​4117](https://togithub.com/aquasecurity/trivy/issues/4117)) - [`090a00e`](https://togithub.com/aquasecurity/trivy/commit/090a00e71) feat: unified k8s scan resources ([#​4188](https://togithub.com/aquasecurity/trivy/issues/4188)) - [`f2188eb`](https://togithub.com/aquasecurity/trivy/commit/f2188eb56) chore(deps): Update defsec to v0.88.1 ([#​4178](https://togithub.com/aquasecurity/trivy/issues/4178)) - [`b79850f`](https://togithub.com/aquasecurity/trivy/commit/b79850f41) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2 ([#​4141](https://togithub.com/aquasecurity/trivy/issues/4141)) - [`36acdfa`](https://togithub.com/aquasecurity/trivy/commit/36acdfa8d) chore: trivy bin ignore ([#​4212](https://togithub.com/aquasecurity/trivy/issues/4212)) - [`55fb723`](https://togithub.com/aquasecurity/trivy/commit/55fb723a6) feat(image): enforce image platform ([#​4083](https://togithub.com/aquasecurity/trivy/issues/4083)) - [`9c87cb2`](https://togithub.com/aquasecurity/trivy/commit/9c87cb271) chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.1.2 to 2.1.3 ([#​4143](https://togithub.com/aquasecurity/trivy/issues/4143)) - [`21cf179`](https://togithub.com/aquasecurity/trivy/commit/21cf179f6) chore(deps): bump github.com/docker/docker ([#​4144](https://togithub.com/aquasecurity/trivy/issues/4144)) - [`fbf7a77`](https://togithub.com/aquasecurity/trivy/commit/fbf7a77ae) chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.1 to 2.0.2 ([#​4146](https://togithub.com/aquasecurity/trivy/issues/4146)) - [`547391c`](https://togithub.com/aquasecurity/trivy/commit/547391c22) chore(deps): bump aquaproj/aqua-installer from 2.0.2 to 2.1.1 ([#​4140](https://togithub.com/aquasecurity/trivy/issues/4140)) - [`882bfdd`](https://togithub.com/aquasecurity/trivy/commit/882bfdd78) fix(ubuntu): fix version selection logic for ubuntu esm ([#​4171](https://togithub.com/aquasecurity/trivy/issues/4171)) - [`949cd10`](https://togithub.com/aquasecurity/trivy/commit/949cd10c0) chore(deps): bump github.com/samber/lo from 1.37.0 to 1.38.1 ([#​4147](https://togithub.com/aquasecurity/trivy/issues/4147)) - [`93bc162`](https://togithub.com/aquasecurity/trivy/commit/93bc162ca) chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 ([#​4145](https://togithub.com/aquasecurity/trivy/issues/4145)) - [`57993ef`](https://togithub.com/aquasecurity/trivy/commit/57993ef67) chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.3 ([#​4138](https://togithub.com/aquasecurity/trivy/issues/4138)) - [`dc4baeb`](https://togithub.com/aquasecurity/trivy/commit/dc4baeb35) chore(deps): bump github.com/testcontainers/testcontainers-go ([#​4150](https://togithub.com/aquasecurity/trivy/issues/4150)) - [`25d0255`](https://togithub.com/aquasecurity/trivy/commit/25d0255dc) chore: install.sh support for windows ([#​4155](https://togithub.com/aquasecurity/trivy/issues/4155)) - [`73e5454`](https://togithub.com/aquasecurity/trivy/commit/73e54549f) chore(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1 ([#​4166](https://togithub.com/aquasecurity/trivy/issues/4166)) - [`08de7c6`](https://togithub.com/aquasecurity/trivy/commit/08de7c613) chore(deps): bump golang.org/x/crypto from 0.7.0 to 0.8.0 ([#​4149](https://togithub.com/aquasecurity/trivy/issues/4149)) - [`ade4730`](https://togithub.com/aquasecurity/trivy/commit/ade4730fa) docs: moving skipping files out of others ([#​4154](https://togithub.com/aquasecurity/trivy/issues/4154)) ### [`v0.41.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.41.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.40.0...v0.41.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4135](https://togithub.com/aquasecurity/trivy/discussions/4135) #### Changelog - [`1be1e2e`](https://togithub.com/aquasecurity/trivy/commit/1be1e2e63) fix(spdx): add workaround for no src packages ([#​4118](https://togithub.com/aquasecurity/trivy/issues/4118)) - [`45bc9e0`](https://togithub.com/aquasecurity/trivy/commit/45bc9e0de) test(golang): rename broken go.mod ([#​4129](https://togithub.com/aquasecurity/trivy/issues/4129)) - [`3334e78`](https://togithub.com/aquasecurity/trivy/commit/3334e78fa) feat(sbom): add supplier field ([#​4122](https://togithub.com/aquasecurity/trivy/issues/4122)) - [`27fb1bf`](https://togithub.com/aquasecurity/trivy/commit/27fb1bfde) test(misconf): skip downloading of policies for tests [#​4126](https://togithub.com/aquasecurity/trivy/issues/4126) - [`845ae31`](https://togithub.com/aquasecurity/trivy/commit/845ae31e5) refactor: use debug message for post-analyze errors ([#​4037](https://togithub.com/aquasecurity/trivy/issues/4037)) - [`11a5b91`](https://togithub.com/aquasecurity/trivy/commit/11a5b91a1) feat(sbom): add VEX support ([#​4053](https://togithub.com/aquasecurity/trivy/issues/4053)) - [`5eab464`](https://togithub.com/aquasecurity/trivy/commit/5eab46498) feat(sbom): add primary package purpose field for SPDX ([#​4119](https://togithub.com/aquasecurity/trivy/issues/4119)) - [`a00d00e`](https://togithub.com/aquasecurity/trivy/commit/a00d00eb9) fix(k8s): fix quiet flag ([#​4120](https://togithub.com/aquasecurity/trivy/issues/4120)) - [`9bc3269`](https://togithub.com/aquasecurity/trivy/commit/9bc326909) fix(python): parse of pip extras ([#​4103](https://togithub.com/aquasecurity/trivy/issues/4103)) - [`8559841`](https://togithub.com/aquasecurity/trivy/commit/855984167) feat(java): use full path for nested jars ([#​3992](https://togithub.com/aquasecurity/trivy/issues/3992)) - [`0650e0e`](https://togithub.com/aquasecurity/trivy/commit/0650e0e1d) feat(license): add new flag for classifier confidence level ([#​4073](https://togithub.com/aquasecurity/trivy/issues/4073)) - [`43b6496`](https://togithub.com/aquasecurity/trivy/commit/43b649627) feat: config and fs compliance support ([#​4097](https://togithub.com/aquasecurity/trivy/issues/4097)) - [`9181bc1`](https://togithub.com/aquasecurity/trivy/commit/9181bc1f7) chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 ([#​3952](https://togithub.com/aquasecurity/trivy/issues/3952)) - [`48e021e`](https://togithub.com/aquasecurity/trivy/commit/48e021ea6) feat(spdx): add support for SPDX 2.3 ([#​4058](https://togithub.com/aquasecurity/trivy/issues/4058)) - [`107752d`](https://togithub.com/aquasecurity/trivy/commit/107752df6) fix: k8s all-namespaces support ([#​4096](https://togithub.com/aquasecurity/trivy/issues/4096)) - [`bd0c603`](https://togithub.com/aquasecurity/trivy/commit/bd0c60364) perf(misconf): replace with post-analyzers ([#​4090](https://togithub.com/aquasecurity/trivy/issues/4090)) - [`76662d5`](https://togithub.com/aquasecurity/trivy/commit/76662d5dd) fix(helm): update networking API version detection ([#​4106](https://togithub.com/aquasecurity/trivy/issues/4106)) - [`be47b68`](https://togithub.com/aquasecurity/trivy/commit/be47b688c) feat(image): custom docker host option ([#​3599](https://togithub.com/aquasecurity/trivy/issues/3599)) - [`cc18f92`](https://togithub.com/aquasecurity/trivy/commit/cc18f92cf) style: debug flag is incorrect and needs extra - ([#​4087](https://togithub.com/aquasecurity/trivy/issues/4087)) - [`572a619`](https://togithub.com/aquasecurity/trivy/commit/572a6193e) docs(vuln): Document inline vulnerability filtering comments ([#​4024](https://togithub.com/aquasecurity/trivy/issues/4024)) - [`914c6f0`](https://togithub.com/aquasecurity/trivy/commit/914c6f092) feat(fs): customize error callback during fs walk ([#​4038](https://togithub.com/aquasecurity/trivy/issues/4038)) - [`3f02fee`](https://togithub.com/aquasecurity/trivy/commit/3f02feeff) fix(ubuntu): skip copyright files from subfolders ([#​4076](https://togithub.com/aquasecurity/trivy/issues/4076)) - [`57bb77c`](https://togithub.com/aquasecurity/trivy/commit/57bb77c06) docs: restructure scanners ([#​3977](https://togithub.com/aquasecurity/trivy/issues/3977)) - [`b19b56c`](https://togithub.com/aquasecurity/trivy/commit/b19b56c34) fix: fix `file does not exist` error for post-analyzers ([#​4061](https://togithub.com/aquasecurity/trivy/issues/4061)) ### [`v0.40.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.40.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.39.1...v0.40.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/4074](https://togithub.com/aquasecurity/trivy/discussions/4074) #### Changelog - [`b43b19b`](https://togithub.com/aquasecurity/trivy/commit/b43b19ba5) feat(flag): Support globstar for `--skip-files` and `--skip-directories` ([#​4026](https://togithub.com/aquasecurity/trivy/issues/4026)) - [`1480500`](https://togithub.com/aquasecurity/trivy/commit/14805002d) chore(deps): bump actions/stale from 7 to 8 ([#​3955](https://togithub.com/aquasecurity/trivy/issues/3955)) - [`83bb97a`](https://togithub.com/aquasecurity/trivy/commit/83bb97ab1) fix: return insecure option to download javadb ([#​4064](https://togithub.com/aquasecurity/trivy/issues/4064)) - [`79a1ba3`](https://togithub.com/aquasecurity/trivy/commit/79a1ba32d) fix(nodejs): don't stop parsing when unsupported yarn.lock protocols are found ([#​4052](https://togithub.com/aquasecurity/trivy/issues/4052)) - [`ff1c43a`](https://togithub.com/aquasecurity/trivy/commit/ff1c43a79) ci: add gpg signing for RPM packages ([#​4056](https://togithub.com/aquasecurity/trivy/issues/4056)) - [`b608b11`](https://togithub.com/aquasecurity/trivy/commit/b608b116c) fix(k8s): current context title ([#​4055](https://togithub.com/aquasecurity/trivy/issues/4055)) - [`2c3b60f`](https://togithub.com/aquasecurity/trivy/commit/2c3b60f4c) fix(k8s): quit support on k8s progress bar ([#​4021](https://togithub.com/aquasecurity/trivy/issues/4021)) - [`a6b8642`](https://togithub.com/aquasecurity/trivy/commit/a6b864213) chore: add a note about Dockerfile.canary ([#​4050](https://togithub.com/aquasecurity/trivy/issues/4050)) - [`90b8066`](https://togithub.com/aquasecurity/trivy/commit/90b80662c) ci: fix path to canary binaries ([#​4045](https://togithub.com/aquasecurity/trivy/issues/4045)) - [`dcefc6b`](https://togithub.com/aquasecurity/trivy/commit/dcefc6bf3) fix(vuln): report architecture for debian packages ([#​4032](https://togithub.com/aquasecurity/trivy/issues/4032)) - [`601e25f`](https://togithub.com/aquasecurity/trivy/commit/601e25fb2) feat: add support for Chainguard's commercial distro ([#​3641](https://togithub.com/aquasecurity/trivy/issues/3641)) - [`0bebec1`](https://togithub.com/aquasecurity/trivy/commit/0bebec19f) ci: bump goreleaser for Github Action from 1.4.1 to 1.16.2 ([#​3979](https://togithub.com/aquasecurity/trivy/issues/3979)) - [`707ea94`](https://togithub.com/aquasecurity/trivy/commit/707ea9423) fix(vuln): fix error message for remote scanners ([#​4031](https://togithub.com/aquasecurity/trivy/issues/4031)) - [`8e1fe76`](https://togithub.com/aquasecurity/trivy/commit/8e1fe769e) feat(report): add image metadata to SARIF ([#​4020](https://togithub.com/aquasecurity/trivy/issues/4020)) - [`4b36e97`](https://togithub.com/aquasecurity/trivy/commit/4b36e97dc) docs: fix broken cache link on Installation page ([#​3999](https://togithub.com/aquasecurity/trivy/issues/3999)) - [`f0df725`](https://togithub.com/aquasecurity/trivy/commit/f0df725c5) fix: lock downloading policies and database ([#​4017](https://togithub.com/aquasecurity/trivy/issues/4017)) - [`009675c`](https://togithub.com/aquasecurity/trivy/commit/009675c82) fix: avoid concurrent access to the global map ([#​4014](https://togithub.com/aquasecurity/trivy/issues/4014)) - [`3ed86aa`](https://togithub.com/aquasecurity/trivy/commit/3ed86aa3d) feat(rust): add Cargo.lock v3 support ([#​4012](https://togithub.com/aquasecurity/trivy/issues/4012)) - [`f31dea4`](https://togithub.com/aquasecurity/trivy/commit/f31dea4bd) feat: auth support oci download server subcommand ([#​4008](https://togithub.com/aquasecurity/trivy/issues/4008)) - [`d37c50a`](https://togithub.com/aquasecurity/trivy/commit/d37c50a2b) chore(deps): bump github.com/docker/docker ([#​4009](https://togithub.com/aquasecurity/trivy/issues/4009)) - [`693d205`](https://togithub.com/aquasecurity/trivy/commit/693d20516) chore: install.sh support for armv7 ([#​3985](https://togithub.com/aquasecurity/trivy/issues/3985)) - [`65d89b9`](https://togithub.com/aquasecurity/trivy/commit/65d89b99d) chore(deps): bump github.com/Azure/go-autorest/autorest/adal ([#​3961](https://togithub.com/aquasecurity/trivy/issues/3961)) ### [`v0.39.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.39.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.39.0...v0.39.1) #### Changelog - [`a119ef8`](https://togithub.com/aquasecurity/trivy/commit/a119ef86e) fix(rust): fix panic when 'dependencies' field is not used in cargo.toml ([#​3997](https://togithub.com/aquasecurity/trivy/issues/3997)) - [`c8283ce`](https://togithub.com/aquasecurity/trivy/commit/c8283cebd) fix(sbom): fix infinite loop for cyclonedx ([#​3998](https://togithub.com/aquasecurity/trivy/issues/3998)) - [`6c8b042`](https://togithub.com/aquasecurity/trivy/commit/6c8b04254) chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.4.0 ([#​3954](https://togithub.com/aquasecurity/trivy/issues/3954)) - [`c42f360`](https://togithub.com/aquasecurity/trivy/commit/c42f360f5) fix: use warning for errors from enrichment files for post-analyzers ([#​3972](https://togithub.com/aquasecurity/trivy/issues/3972)) - [`20c21ca`](https://togithub.com/aquasecurity/trivy/commit/20c21cacc) chore(deps): bump github.com/docker/docker ([#​3963](https://togithub.com/aquasecurity/trivy/issues/3963)) - [`54388ff`](https://togithub.com/aquasecurity/trivy/commit/54388ffd1) fix(helm): added annotation to psp configurable from values ([#​3893](https://togithub.com/aquasecurity/trivy/issues/3893)) - [`99a2519`](https://togithub.com/aquasecurity/trivy/commit/99a251981) chore(deps): bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.1 ([#​3962](https://togithub.com/aquasecurity/trivy/issues/3962)) - [`d113b93`](https://togithub.com/aquasecurity/trivy/commit/d113b9313) fix(secret): update built-in rule `tests` ([#​3855](https://togithub.com/aquasecurity/trivy/issues/3855)) - [`5ab6d25`](https://togithub.com/aquasecurity/trivy/commit/5ab6d2588) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.23.0 to 2.30.1 ([#​3957](https://togithub.com/aquasecurity/trivy/issues/3957)) - [`0767cb8`](https://togithub.com/aquasecurity/trivy/commit/0767cb844) test: rewrite scripts in Go ([#​3968](https://togithub.com/aquasecurity/trivy/issues/3968)) - [`428ee19`](https://togithub.com/aquasecurity/trivy/commit/428ee19ca) docs(cli): Improve glob documentation ([#​3945](https://togithub.com/aquasecurity/trivy/issues/3945)) - [`3e00dc3`](https://togithub.com/aquasecurity/trivy/commit/3e00dc346) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts ([#​3959](https://togithub.com/aquasecurity/trivy/issues/3959)) - [`cf2f0b2`](https://togithub.com/aquasecurity/trivy/commit/cf2f0b2d1) ci: check CLI references ([#​3967](https://togithub.com/aquasecurity/trivy/issues/3967)) - [`70f507e`](https://togithub.com/aquasecurity/trivy/commit/70f507e1a) chore(deps): bump alpine from 3.17.2 to 3.17.3 ([#​3951](https://togithub.com/aquasecurity/trivy/issues/3951)) - [`befabc6`](https://togithub.com/aquasecurity/trivy/commit/befabc6b9) chore(deps): bump github.com/aws/aws-sdk-go from 1.44.212 to 1.44.234 ([#​3956](https://togithub.com/aquasecurity/trivy/issues/3956)) - [`ee69abb`](https://togithub.com/aquasecurity/trivy/commit/ee69abb78) chore(deps): bump github.com/moby/buildkit from 0.11.4 to 0.11.5 ([#​3958](https://togithub.com/aquasecurity/trivy/issues/3958)) - [`8901f7b`](https://togithub.com/aquasecurity/trivy/commit/8901f7be6) chore(deps): bump actions/setup-go from 3 to 4 ([#​3953](https://togithub.com/aquasecurity/trivy/issues/3953)) - [`4e6bbbc`](https://togithub.com/aquasecurity/trivy/commit/4e6bbbc8c) chore(deps): bump actions/cache from 3.2.6 to 3.3.1 ([#​3950](https://togithub.com/aquasecurity/trivy/issues/3950)) - [`d70f346`](https://togithub.com/aquasecurity/trivy/commit/d70f346f5) chore(deps): bump github.com/containerd/containerd from 1.6.19 to 1.7.0 ([#​3965](https://togithub.com/aquasecurity/trivy/issues/3965)) - [`3efb2fd`](https://togithub.com/aquasecurity/trivy/commit/3efb2fded) chore(deps): bump github.com/sigstore/rekor from 1.0.1 to 1.1.0 ([#​3964](https://togithub.com/aquasecurity/trivy/issues/3964)) ### [`v0.39.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.39.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.38.3...v0.39.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/3949](https://togithub.com/aquasecurity/trivy/discussions/3949) #### Changelog - [`ed59096`](https://togithub.com/aquasecurity/trivy/commit/ed590966a) docs(cli): added makefile and go file to create docs ([#​3930](https://togithub.com/aquasecurity/trivy/issues/3930)) - [`a2f39a3`](https://togithub.com/aquasecurity/trivy/commit/a2f39a34c) chore: Revert "ci: add gpg signing for RPM packages ([#​3612](https://togithub.com/aquasecurity/trivy/issues/3612))" ([#​3946](https://togithub.com/aquasecurity/trivy/issues/3946)) - [`5a10631`](https://togithub.com/aquasecurity/trivy/commit/5a1063102) chore: ignore gpg key ([#​3943](https://togithub.com/aquasecurity/trivy/issues/3943)) - [`4072115`](https://togithub.com/aquasecurity/trivy/commit/4072115e5) feat(cyclonedx): support dependency graph ([#​3177](https://togithub.com/aquasecurity/trivy/issues/3177)) - [`7cad265`](https://togithub.com/aquasecurity/trivy/commit/7cad265b7) chore(deps): Bump defsec to v0.85.0 ([#​3940](https://togithub.com/aquasecurity/trivy/issues/3940)) - [`f8b5733`](https://togithub.com/aquasecurity/trivy/commit/f8b573311) feat(rust): remove dev deps and find direct deps for Cargo.lock ([#​3919](https://togithub.com/aquasecurity/trivy/issues/3919)) - [`10796a2`](https://togithub.com/aquasecurity/trivy/commit/10796a291) feat(server): redis with public TLS certs support ([#​3783](https://togithub.com/aquasecurity/trivy/issues/3783)) - [`abff139`](https://togithub.com/aquasecurity/trivy/commit/abff1398c) feat(flag): Add glob support to `--skip-dirs` and `--skip-files` ([#​3866](https://togithub.com/aquasecurity/trivy/issues/3866)) - [`b40f60c`](https://togithub.com/aquasecurity/trivy/commit/b40f60c40) chore: replace make with mage ([#​3932](https://togithub.com/aquasecurity/trivy/issues/3932)) - [`67236f6`](https://togithub.com/aquasecurity/trivy/commit/67236f6aa) fix(sbom): add checksum to files ([#​3888](https://togithub.com/aquasecurity/trivy/issues/3888)) - [`00de24b`](https://togithub.com/aquasecurity/trivy/commit/00de24b16) chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 ([#​3928](https://togithub.com/aquasecurity/trivy/issues/3928)) - [`5976d1f`](https://togithub.com/aquasecurity/trivy/commit/5976d1fa0) chore: remove unused mount volumes ([#​3927](https://togithub.com/aquasecurity/trivy/issues/3927)) - [`f14bed4`](https://togithub.com/aquasecurity/trivy/commit/f14bed453) feat: add auth support for downloading OCI artifacts ([#​3915](https://togithub.com/aquasecurity/trivy/issues/3915)) - [`1ee0518`](https://togithub.com/aquasecurity/trivy/commit/1ee05189f) refactor(purl): use epoch in qualifier ([#​3913](https://togithub.com/aquasecurity/trivy/issues/3913)) - [`0000252`](https://togithub.com/aquasecurity/trivy/commit/0000252ce) chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 ([#​3727](https://togithub.com/aquasecurity/trivy/issues/3727)) - [`ca0d972`](https://togithub.com/aquasecurity/trivy/commit/ca0d972cd) feat(image): add registry options ([#​3906](https://togithub.com/aquasecurity/trivy/issues/3906)) - [`0336555`](https://togithub.com/aquasecurity/trivy/commit/033655577) feat(rust): dependency tree and line numbers support for cargo lock file ([#​3746](https://togithub.com/aquasecurity/trivy/issues/3746)) - [`dd9cd95`](https://togithub.com/aquasecurity/trivy/commit/dd9cd9528) chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 ([#​3905](https://togithub.com/aquasecurity/trivy/issues/3905)) - [`edb0682`](https://togithub.com/aquasecurity/trivy/commit/edb06826b) feat(php): add support for location, licenses and graph for composer.lock files ([#​3873](https://togithub.com/aquasecurity/trivy/issues/3873)) - [`c02b15b`](https://togithub.com/aquasecurity/trivy/commit/c02b15b37) chore(deps): updates wazero to 1.0.0 ([#​3904](https://togithub.com/aquasecurity/trivy/issues/3904)) - [`63ef760`](https://togithub.com/aquasecurity/trivy/commit/63ef760c6) feat(image): discover SBOM in OCI referrers ([#​3768](https://togithub.com/aquasecurity/trivy/issues/3768)) - [`3fa703c`](https://togithub.com/aquasecurity/trivy/commit/3fa703c03) docs: change cache-dir key in config file ([#​3897](https://togithub.com/aquasecurity/trivy/issues/3897)) - [`4d78747`](https://togithub.com/aquasecurity/trivy/commit/4d78747c4) fix(sbom): use release and epoch for SPDX package version ([#​3896](https://togithub.com/aquasecurity/trivy/issues/3896)) - [`67572df`](https://togithub.com/aquasecurity/trivy/commit/67572dff6) ci: add gpg signing for RPM packages ([#​3612](https://togithub.com/aquasecurity/trivy/issues/3612)) - [`e76d5ff`]

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.