Trivy Versions Save

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

v0.48.1

4 months ago

Changelog

  • ba825b2ae chore(deps): bump trivy-iac to v0.7.1 (#5797)
  • abf227e06 fix(bitnami): use a different comparer for detecting vulnerabilities (#5633)
  • df49ea4a1 refactor(sbom): disable html escaping for CycloneDX (#5764)
  • f25e2df1c refactor(purl): use pub from package-url (#5784)
  • b5e3b77f0 docs(python): add note to using pip freeze for compatible releases (#5760)
  • 6cc00c2f0 fix(report): use OS information for OS packages purl in github template (#5783)
  • c317fe828 fix(report): fix error if miconfigs are empty (#5782)
  • 9b4bcedf0 refactor(vuln): don't remove VendorSeverity in JSON report (#5761)
  • be5a55049 fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767)
  • 01edbda34 docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746)
  • eb9741954 fix(report): update Gitlab template (#5721)
  • be1c55497 feat(secret): add support of GitHub fine-grained tokens (#5740)
  • a5342da06 fix(misconf): add an image misconf to result (#5731)
  • 108a5b05c feat(secret): added support of Docker registry credentials (#5720)
  • 6080e245c chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 (#5717)
  • e27ec3261 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 (#5701)

v0.48.0

5 months ago

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5724

Changelog

  • f2aa9bf3e chore(deps): bump sigstore/cosign-installer from 4a861528be5e691840a69536975ada1d4c30349d to 1fc5bd396d372bee37d608f955b336615edf79c8 (#5696)
  • 6d7e2f811 chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 (#5694)
  • 0ff5f96bb feat: filter k8s core components vuln results (#5713)
  • a54d1e95f feat(vuln): remove duplicates in Fixed Version (#5596)
  • 99c04c438 feat(report): output plugin (#4863)
  • 70078b9c0 chore(deps): bump alpine from 3.18.4 to 3.18.5 (#5700)
  • 49e83a6ad chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#5704)
  • af32cb310 chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 (#5699)
  • 176627192 chore(deps): bump actions/github-script from 6 to 7 (#5697)
  • 7ee854767 chore(deps): bump easimon/maximize-build-space from 8 to 9 (#5695)
  • 654147fc6 docs: typo in modules.md (#5712)
  • 256957523 feat: Add flag to configure node-collector image ref (#5710)
  • c0610097a chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 (#5702)
  • aedbd85d6 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 (#5698)
  • e018b9c42 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 (#5706)
  • b5874e3ad feat(misconf): Add --misconfig-scanners option (#5670)
  • 075d8f628 chore: bump Go to 1.21 (#5662)
  • 16b757d18 feat: Packagesprops support (#5605)
  • 372efc9ec chore(deps): Bump up trivy misconf deps (#5656)
  • edad5f690 docs: update adopters discussion template (#5632)
  • ed9d34030 docs: terraform tutorial links updated to point to correct loc (#5661)
  • 8ff574e3f fix(secret): add sec and space to secret prefix for aws-secret-access-key (#5647)
  • ad977a425 fix(nodejs): support protocols for dependency section in yarn.lock files (#5612)
  • b1dc60b88 fix(secret): exclude upper case before secret for alibaba-access-key-id (#5618)
  • 65351d4f2 docs: Update Arch Linux package URL in installation.md (#5619)
  • c866f1c4e chore: add prefix to image errors (#5601)
  • ed0022b91 docs(vuln): fix link anchor (#5606)
  • 3c8172703 docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608)
  • 214546427 fix: k8s friendly error messages kbom non cluster scans (#5594)
  • 44d0b28ad feat: set InstalledFiles for DEB and RPM packages (#5488)
  • ae4bcf6a0 fix(report): use time.Time for CreatedAt (#5598)
  • b6fafa04a test: retry containerd initialization (#5597)
  • 13362233c feat(misconf): Expose misconf engine debug logs with --debug option (#5550)
  • 71051863c test: mock VM walker (#5589)
  • d9d7f3f19 chore: bump node-collector v0.0.9 (#5591)
  • e3c28f8ee feat(misconf): Add support for --cf-params for CFT (#5507)
  • ac0e32749 feat(flag): replace '--slow' with '--parallel' (#5572)
  • 537206761 fix(report): add escaping for Sarif format (#5568)
  • a3895298d chore: show a deprecation notice for --scanners config (#5587)
  • f4dd062f5 feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)
  • d005f5af2 test: mock RPM DB (#5567)
  • a96ec3557 feat: add aliases to '--scanners' (#5558)
  • 950e431f0 refactor: reintroduce output writer (#5564)
  • 2310f0dd6 chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#5543)
  • 04b93e9fd chore: not load plugins for auto-generating docs (#5569)
  • cccaa15cc chore: sort supported AWS services (#5570)
  • 3891e3d5d fix: no schedule toleration (#5562)
  • 138feb024 fix(cli): set correct scanners for k8s target (#5561)
  • cb241a800 fix(sbom): add FilesAnalyzed and PackageVerificationCode fields for SPDX (#5533)
  • e7f6a5c80 refactor(misconf): Update refactored dependencies (#5245)
  • 2f5afa5f2 feat(secret): add built-in rule for JWT tokens (#5480)
  • 91fc8dac9 fix: trivy k8s parse ecr image with arn (#5537)
  • 05df24477 fix: fail k8s resource scanning (#5529)
  • a1b47441a refactor(misconf): don't remove Highlighted in json format (#5531)
  • 7712f8f21 docs(k8s): fix link in kubernetes.md (#5524)
  • 043fbfcd3 docs(k8s): fix whitespace in list syntax (#5525)

v0.47.0

6 months ago

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5520

Changelog

  • d6df5fbcd docs: add info that license scanning supports file-patterns flag (#5484)
  • 156d4cc60 docs: add Zora integration into Ecosystem session (#5490)
  • 772d1d08f fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)
  • df47073fa ci: use maximize build space for K8s tests (#5387)
  • fed471018 fix: correct error mismatch causing race in fast walks (#5516)
  • 46f1b9e7d docs: k8s vulnerability scanning (#5515)
  • fdb3a15b2 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506)
  • d0d956fdc chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493)
  • 68b0797e5 docs: remove glad for java datasources (#5508)
  • 474167c47 chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475)
  • 7299867c2 chore: remove unused logger attribute in amazon detector (#5476)
  • 8656bd9f7 fix: correct error mismatch causing race in fast walks (#5482)
  • 2e10cd2eb chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502)
  • 13df74652 chore(deps): bump docker/build-push-action from 4 to 5 (#5500)
  • b0141cfba chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491)
  • 520830b51 fix(server): add licenses to BlobInfo message (#5382)
  • 9a6e125c7 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501)
  • 6e5927266 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497)
  • f3de7bc3b feat: scan vulns on k8s core component apps (#5418)
  • e2fb3dd58 fix(java): fix infinite loop when relativePath field points to pom.xml being scanned (#5470)
  • 3e833be7d chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472)
  • ca50b77a3 fix(sbom): save digests for package/application when scanning SBOM files (#5432)
  • 048150d43 docs: fix the broken link (#5454)
  • 013d90199 docs: fix error when installing PyYAML for gh pages (#5462)
  • 26b495954 fix(java): download java-db once (#5442)
  • 57fa701a8 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)
  • 53c9a7d76 docs(misconf): Update --tf-exclude-downloaded-modules description (#5419)
  • 01c98d151 feat(misconf): Support --ignore-policy in config scans (#5359)
  • 05b3c86a1 docs(misconf): fix broken table for Use container image section (#5425)
  • 1a15a3adb feat(dart): add graph support (#5374)
  • f2a12f5f9 refactor: define a new struct for scan targets (#5397)
  • 6040d9f43 fix(sbom): add missed primaryURL and source severity for CycloneDX (#5399)
  • e5317c7bc fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393)
  • 9fba79f0b chore(deps): move to aws-sdk-go-v2 (#5381)
  • 00f2059e5 docs: remove --scanners none (#5384)
  • 57a102231 docs: Update container_image.md #5182 (#5193)
  • 5b2b4ea38 feat(report): Add InstalledFiles field to Package (#4706)

v0.46.1

6 months ago

Changelog

  • 27a3e55e8 fix(java): download java-db once (#5442)
  • d22373265 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)

v0.46.0

7 months ago

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5377

Changelog

  • cbbd1ce1f feat(k8s): add support for vulnerability detection (#5268)
  • 24a0d9214 fix(python): override BOM in requirements.txt files (#5375)
  • 0c3e2f08b docs: add kbom documentation (#5363)
  • 6c12f0428 test: use maximize build space for VM tests (#5362)
  • c4134224a chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
  • 20ab7033b fix(report): add escaping quotes in misconfig Title for asff template (#5351)
  • 91841f59b ci: add workflow to check Go versions of dependencies (#5340)
  • 57ba05c76 chore(deps): Upgrade defsec to v0.93.1 (#5348)
  • fef3ed435 chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)
  • ced54aced fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)
  • 2798df916 fix: add config files to FS for post-analyzers (#5333)
  • af485b33f fix: fix MIME warnings after updating to Go 1.20 (#5336)
  • 008babfb8 build: fix a compile error with Go 1.21 (#5339)
  • 00d9c4666 feat: added Metadata into the k8s resource's scan report (#5322)
  • 03b6787c4 ci: check only PR's in actions/stale (#5337)
  • e6d5889ed chore: update adopters template (#5330)
  • 74dbd8a1f ci: do not trigger tests on the push event (#5313)
  • 393bfdc1a fix(sbom): use PURL or Group and Name in case of Java (#5154)
  • 76eb8a57b docs: add buildkite repository to ecosystem page (#5316)
  • 6c74ee11f chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)
  • 6119878de chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)
  • a346587b8 chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)
  • 7e613cc5f chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)
  • f05bc4be4 chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)
  • 3be5e6b24 chore: enable go-critic (#5302)
  • f6cd21c87 chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)
  • f7b975187 chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)
  • 18d168769 close java-db client (#5273)
  • eb60e9f3c chore(deps): bump docker/login-action from 2 to 3 (#5291)
  • 5a92055e1 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)
  • 46afe65ee chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)
  • 0bf2a11a2 chore(deps): bump github.com/opencontainers/image-spec (#5295)
  • 23b5fece0 fix(report): removes git::http from uri in sarif (#5244)
  • 4f1d576e5 Improve the meaning of sentence (#5301)
  • 6ab2bdfa7 chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)
  • 4217cffb5 chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)
  • 184058470 add app nil check (#5274)
  • c5ae9f265 typo: in secret.md (#5281)
  • 562723f0a docs: add info about github format (#5265)
  • 3dd5b1e94 feat(dotnet): add license support for NuGet (#5217)
  • 5c18475f3 docs: correctly export variables (#5260)
  • 0c08dde01 chore: Add line numbers for lint output (#5247)
  • 0ccbb4f7f chore(cli): disable java-db flags in server mode (#5263)
  • 908a4914c feat(db): allow passing registry options (#5226)
  • 5b4652d79 chore(deps): Bump up defsec to v0.93.0 (#5253)
  • faf8d49c4 refactor(purl): use TypeApk from purl (#5232)
  • 559c0f30b chore: enable more linters (#5228)
  • 2baad4618 ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236)
  • df2bff9f5 Fix typo on ide.md (#5239)
  • 44656f285 refactor: use defined types (#5225)
  • 37af52994 fix(purl): skip local Go packages (#5190)
  • eea3320d8 docs: update info about license scanning in Yarn projects (#5207)
  • 2e6662060 ci: auto apply labels (#5200)
  • 49680dc88 fix link (#5203)

v0.45.1

8 months ago

Changelog

  • daae88287 fix(purl): handle rust types (#5186)
  • 81240cf08 chore: auto-close issues (#5177)
  • bd0accd8a chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)
  • ecee79403 fix(k8s): kbom support addons labels (#5178)
  • 9ebc25d88 test: validate SPDX with the JSON schema (#5124)
  • 9a49a3773 chore: bump trivy-kubernetes-latest (#5161)
  • ad1dc6327 docs: add 'Signature Verification' guide (#4731)
  • 7c68d4a7e docs: add image-scanner-with-trivy for ecosystem (#5159)
  • ed49609a7 fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)
  • 19539722e chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)
  • c7516011b Update filtering.md (#5131)
  • ccc6d7cb2 chore(deps): bump sigstore/cosign-installer (#5104)
  • 48cbf4553 chore(deps): bump github.com/cyphar/filepath-securejoin (#5143)
  • a9c2c74c5 chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103)
  • 120ac68b5 chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105)
  • 41eaa78ae chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126)
  • 932f92755 chaging adopters discussion tempalte (#5091)
  • db3133346 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092)
  • 8c0b7d619 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094)
  • c61c664c3 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095)
  • a99944c1c chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097)
  • 9fc844ecf chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098)
  • c504f8be4 chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106)

v0.45.0

8 months ago

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5082

Changelog

  • cdab67e7f docs: add Bitnami (#5078)
  • 7acc5e831 feat(docker): add support for scanning Bitnami components (#5062)
  • 9628b1cbf feat: add support for .trivyignore.yaml (#5070)
  • 4547e2766 fix(terraform): improve detection of terraform files (#4984)
  • 0c8919e1e feat: filter artifacts on --exclude-owned flag (#5059)
  • c04f234fa fix(sbom): cyclonedx advisory should omit null value (#5041)
  • f811ed2d4 build: maximize build space for build tests (#5072)
  • 69ea5bf70 feat: improve kbom component name (#5058)
  • 3715dcb3f fix(pom): add licenses for pom artifacts (#5071)
  • 07f7e9853 chore(deps): Update defsec to v0.92.0 (#5068)
  • d4ca3cce2 chore: bump Go to 1.20 (#5067)
  • 49fdd584b feat: PURL matching with qualifiers in OpenVEX (#5061)
  • 4401998ec feat(java): add graph support for pom.xml (#4902)
  • 9c211d005 feat(swift): add vulns for cocoapods (#5037)
  • 422fa414e fix: support image pull secret for additional workloads (#5052)
  • 8e933860a fix: #5033 Superfluous double quote in html.tpl (#5036)
  • 9345a98ed docs(repo): update trivy repo usage and example (#5049)
  • 5d8da70c6 perf: Optimize Dockerfile for reduced layers and size (#5038)
  • 1be9da7aa feat: scan K8s Resources Kind with --all-namespaces (#5043)
  • 0e17d0bef fix: vulnerability typo (#5044)
  • d70fab231 docs: adding a terraform tutorial to the docs (#3708)
  • 2fa264ac1 feat(report): add licenses to sarif format (#4866)
  • 07ddf4790 feat(misconf): show the resource name in the report (#4806)
  • 9de360623 chore: update alpine base images (#5015)
  • ef70d2076 feat: add Package.resolved swift files support (#4932)
  • ec5d8bec0 feat(nodejs): parse licenses in yarn projects (#4652)
  • 3114c87e6 fix: k8s private registries support (#5021)
  • 6d79f55db bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)
  • 9ace59106 feat(vuln): support last_affected field from osv (#4944)
  • d44217640 feat(server): add version endpoint (#4869)
  • 63cd41d20 feat: k8s private registries support (#4987)
  • cb16e23f1 fix(server): add indirect prop to package (#4974)
  • a4e981b4e docs: add coverage (#4954)
  • 6f03c7940 feat(c): add location for lock file dependencies. (#4994)
  • c74870500 docs: adding blog post on ec2 (#4813)
  • 4e1316c37 revert 32bit bins (#4977)
  • fc959fc57 chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917)

v0.44.1

9 months ago

Changelog

  • f10527998 fix(report): return severity colors in table format (#4969)
  • bc2b0ca6c build: maximize available disk space for release (#4937)
  • 9493c6f08 test(cli): Fix assertion helptext (#4966)
  • b0359de66 chore(deps): Bump defsec to v0.91.1 (#4965)
  • d3a34e409 test: validate CycloneDX with the JSON schema (#4956)
  • 798ef1b64 fix(server): add licenses to the Result message (#4955)
  • e8cf28147 fix(aws): resolve endpoint if endpoint is passed (#4925)
  • f18b0db58 fix(sbom): move licenses to name field in Cyclonedx format (#4941)
  • a79670156 add only uniq deps in dependsOn (#4943)
  • b544e0dea use testify instead of gotest.tools (#4946)
  • 067a0fcb9 fix(nodejs): do not detect lock file in node_modules as an app (#4949)
  • e6d7705a5 bump go-dep-parser (#4936)
  • c584dc176 chore(deps): bump github.com/openvex/go-vex from 0.2.0 to 0.2.1 (#4914)
  • 358d56b6b chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#4909)
  • 17f3ea918 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#4912)
  • 39ccbf7b5 test(aws): move part of unit tests to integration (#4884)
  • 6d3ae3bcf docs(cli): update help string for file and dir skipping (#4872)
  • 7d7a1ef54 chore(deps): bump sigstore/cosign-installer (#4910)
  • fc7495017 chore(deps): bump github.com/sosedoff/gitkit from 0.3.0 to 0.4.0 (#4916)
  • b2a68bc06 chore(deps): bump k8s.io/api from 0.27.3 to 0.27.4 (#4918)
  • e5c0c15b6 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (#4919)
  • da37803d5 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#4913)
  • 9744e6498 chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 (#4915)
  • 99eebc670 docs: update the discussion template (#4928)

v0.44.0

9 months ago

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/4903

Changelog

  • d19c7d9f2 feat(repo): support local repositories (#4890)
  • 3c1976187 bump go-dep-parser (#4893)
  • e1c2a8c80 fix(misconf): add missing fields to proto (#4861)
  • 8b8e0e83d fix: remove trivy-db package replacement (#4877)
  • f9efe44fd chore(test): bump the integration test timeout to 15m (#4880)
  • 7271d682f chore(deps): Update defsec to v0.91.0 (#4886)
  • c3bc67c89 chore: update CODEOWNERS (#4871)
  • 232ba823e feat(vuln): support vulnerability status (#4867)
  • 11618c940 feat(misconf): Support custom URLs for policy bundle (#4834)
  • 07075696d refactor: replace with sortable packages (#4858)
  • fbe1c9eb1 docs: correct license scanning sample command (#4855)
  • 20c2246a6 fix(report): close the file (#4842)
  • 24a3e547d feat(nodejs): add support for include-dev-deps flag for yarn (#4812)
  • a7bd7bb65 feat(misconf): Add support for independently enabling libraries (#4070)
  • 4aa9ea096 feat(secret): add secret config file for cache calculation (#4837)
  • 5d349d814 Fix a link in gitlab-ci.md (#4850)
  • a61531c1f fix(flag): use globalstar to skip directories (#4854)
  • 78cc20937 chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849)
  • 93996041b fix(license): using common way for splitting licenses (#4434)
  • 3e2416d77 fix(containerd): Use img platform in exporter instead of strict host platform (#4477)
  • ce77bb46c remove govulndb (#4783)
  • c05caae43 fix(java): inherit licenses from parents (#4817)
  • aca11b95d refactor: add allowed values for CLI flags (#4800)
  • 4cecd17ea add example regex to allow rules (#4827)
  • 4bc8d29c1 feat(misconf): Support custom data for rego policies for cloud (#4745)
  • 88243a0ad docs: correcting the trivy k8s tutorial (#4815)
  • 3c7d988d7 feat(cli): add --tf-exclude-downloaded-modules flag (#4810)
  • fd0fd104f fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)
  • d0d543b88 feat(misconf): enable --policy flag to accept directory and files both (#4777)
  • b43a3e623 feat(python): add license fields (#4722)
  • aef7b148a fix: support trivy k8s-version on k8s sub-command (#4786)

v0.43.1

10 months ago

Changelog

  • 5d76abadc chore(deps): Update defsec to v0.90.3 (#4793)
  • fed446c51 chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#4752)
  • df62927e5 chore(deps): bump alpine from 3.18.0 to 3.18.2 (#4748)
  • 1b9b9a84f chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 (#4758)
  • 3c16ca821 docs(image): fix the comment on the soft/hard link (#4740)
  • e5bee5ccc check Type when filling pkgs in vulns (#4776)
  • 4b9f310b9 feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770)
  • 8e7fb7cc8 chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 (#4756)
  • a9badeaba fix(rocky): add architectures support for advisories (#4691)
  • f8ebccc68 chore(deps): bump github.com/opencontainers/image-spec (#4751)
  • 1c81948e0 chore(deps): bump github.com/package-url/packageurl-go (#4754)
  • 497cc10d8 chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (#4750)
  • 065f0afa5 chore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 (#4755)
  • e2603056d chore(deps): bump github.com/testcontainers/testcontainers-go (#4759)
  • 0621402bf fix: documentation about reseting trivy image (#4733)
  • 798fdbc01 fix(suse): Add openSUSE Leap 15.5 eol date as well (#4744)
  • 34a89293d fix: update Amazon Linux 1 EOL (#4761)