Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
pub
from package-url
(#5784)pip freeze
for compatible releases
(#5760)github
template (#5783)👉 https://github.com/aquasecurity/trivy/discussions/5724
--misconfig-scanners
option (#5670)sec
and space to secret prefix for aws-secret-access-key
(#5647)alibaba-access-key-id
(#5618)--debug
option (#5550)--cf-params
for CFT (#5507)--scanners config
(#5587)scanners
for k8s
target (#5561)FilesAnalyzed
and PackageVerificationCode
fields for SPDX (#5533)👉 https://github.com/aquasecurity/trivy/discussions/5520
BlobInfo
message (#5382)relativePath
field points to pom.xml
being scanned (#5470)PyYAML
for gh pages (#5462)--tf-exclude-downloaded-modules
description (#5419)--ignore-policy
in config scans (#5359)Use container image
section (#5425)primaryURL
and source severity
for CycloneDX (#5399)InstalledFiles
field to Package (#4706)⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/5377
requirements.txt
files (#5375)Metadata
into the k8s resource's scan report (#5322)actions/stale
(#5337)github
format (#5265)👉 https://github.com/aquasecurity/trivy/discussions/5082
null
value (#5041)1.20
(#5067)name
field in Cyclonedx format (#4941)👉 https://github.com/aquasecurity/trivy/discussions/4903