Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Indirect
, Dev
, ExternalReferences
fields for same deps from package-lock.json
files v2 or later (#6356)fs
/repo
modes (#6381)workspaces
from package.json
as an object (#6231)0600
perms for tmp files for post analyzers (#6386)pom.xml
files once (#6312)Packages
in client/server mode (#6366)CreationInfo
to nil when detecting SPDX created using Trivy (#6346).vulnerabilities[].identifiers[].url
when gitlab.tpl
is used (#6348)⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/6340
trivy-db
and trivy-java-db
registries by default (#6219)package.json
(#6268)maven-invoker-plugin
integration tests pom.xml files as Dev
(#6213)Test
job (#6221)source_location
in github
report when scanning an image (#5999)pom.properties
files from jars
(#6164)path
to filter licenses using .trivyignore.yaml
file (#6145)gradle
files (#6083)user
from Config.User
(#6070)BomRef
when matching PkgIdentifier
(#6025)root-reserve-mb
size for maximize-build-space
(#6064)pnpm-lock.yaml
files (#6034)TestDockerEngine
(#6054)👉 https://github.com/aquasecurity/trivy/discussions/6033
AWS_REGION
env for secrets in asff
template (#6011)--vex
for all targets (#5992)metadata.tools
struct for CycloneDX (#5981)amzn
in src (#5951)group
field for pom.xml and nodejs files for CycloneDX reports (#5922)jar
files (#5630)AWS Secret Access Key
must include only secrets with aws
text. (#5901)pub
from package-url
(#5784)pip freeze
for compatible releases
(#5760)github
template (#5783)👉 https://github.com/aquasecurity/trivy/discussions/5724
--misconfig-scanners
option (#5670)sec
and space to secret prefix for aws-secret-access-key
(#5647)alibaba-access-key-id
(#5618)--debug
option (#5550)--cf-params
for CFT (#5507)--scanners config
(#5587)scanners
for k8s
target (#5561)FilesAnalyzed
and PackageVerificationCode
fields for SPDX (#5533)👉 https://github.com/aquasecurity/trivy/discussions/5520
BlobInfo
message (#5382)relativePath
field points to pom.xml
being scanned (#5470)PyYAML
for gh pages (#5462)--tf-exclude-downloaded-modules
description (#5419)--ignore-policy
in config scans (#5359)Use container image
section (#5425)primaryURL
and source severity
for CycloneDX (#5399)InstalledFiles
field to Package (#4706)