Revisions of trivy
Dominique Leuenberger (dimstar_suse)
accepted
request 1079785
from
Dirk Mueller (dirkmueller)
(revision 50)
- Update to version 0.40.0: * feat(flag): Support globstar for `--skip-files` and `--skip-directories` (#4026) * chore(deps): bump actions/stale from 7 to 8 (#3955) * fix: return insecure option to download javadb (#4064) * fix(nodejs): don't stop parsing when unsupported yarn.lock protocols are found (#4052) * ci: add gpg signing for RPM packages (#4056) * fix(k8s): current context title (#4055) * fix(k8s): quit support on k8s progress bar (#4021) * chore: add a note about Dockerfile.canary (#4050) * ci: fix path to canary binaries (#4045) * fix(vuln): report architecture for debian packages (#4032) * feat: add support for Chainguard's commercial distro (#3641) * ci: bump goreleaser for Github Action from 1.4.1 to 1.16.2 (#3979) * fix(vuln): fix error message for remote scanners (#4031) * feat(report): add image metadata to SARIF (#4020) * docs: fix broken cache link on Installation page (#3999) * fix: lock downloading policies and database (#4017) * fix: avoid concurrent access to the global map (#4014) * feat(rust): add Cargo.lock v3 support (#4012) * feat: auth support oci download server subcommand (#4008) * chore(deps): bump github.com/docker/docker (#4009) * chore: install.sh support for armv7 (#3985) * chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#3961) - Update to version 0.39.1: * fix(rust): fix panic when 'dependencies' field is not used in cargo.toml (#3997) * fix(sbom): fix infinite loop for cyclonedx (#3998) * chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.4.0 (#3954) * fix: use warning for errors from enrichment files for post-analyzers (#3972) * chore(deps): bump github.com/docker/docker (#3963)
Dominique Leuenberger (dimstar_suse)
accepted
request 1077009
from
Dirk Mueller (dirkmueller)
(revision 49)
- Update to version 0.39.0: * docs(cli): added makefile and go file to create docs (#3930) * chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946) * chore: ignore gpg key (#3943) * feat(cyclonedx): support dependency graph (#3177) * chore(deps): Bump defsec to v0.85.0 (#3940) * feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919) * feat(server): redis with public TLS certs support (#3783) * feat(flag): Add glob support to `--skip-dirs` and `--skip-files` (#3866) * chore: replace make with mage (#3932) * fix(sbom): add checksum to files (#3888) * chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928) * chore: remove unused mount volumes (#3927) * feat: add auth support for downloading OCI artifacts (#3915) * refactor(purl): use epoch in qualifier (#3913) * chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#3727) * feat(image): add registry options (#3906) * feat(rust): dependency tree and line numbers support for cargo lock file (#3746) * chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905) * feat(php): add support for location, licenses and graph for composer.lock files (#3873) * chore(deps): updates wazero to 1.0.0 (#3904) * feat(image): discover SBOM in OCI referrers (#3768) * docs: change cache-dir key in config file (#3897) * fix(sbom): use release and epoch for SPDX package version (#3896) * ci: add gpg signing for RPM packages (#3612) * docs: Update incorrect comment for skip-update flag (#3878) * refactor(misconf): simplify policy filesystem (#3875) * feat(nodejs): parse package.json alongside yarn.lock (#3757) * fix(spdx): add PkgDownloadLocation field (#3879) * fix(report): try to guess direct deps for dependency tree (#3852)
Dominique Leuenberger (dimstar_suse)
accepted
request 1071463
from
Dirk Mueller (dirkmueller)
(revision 48)
- Update to version 0.38.3: * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.86.1 to 1.89.1 (#3827) * fix(java): skip empty files for jar post analyzer (#3832) * fix(docker): build healthcheck command for line without /bin/sh prefix (#3831) * refactor(license): use goyacc for license parser (#3824) * chore(deps): bump github.com/docker/docker from 23.0.0-rc.1+incompatible to 23.0.1+incompatible (#3586) * fix: populate timeout context to node-collector (#3766) * fix: exclude node collector scanning (#3771) * fix: display correct flag in error message when skipping java db update #3808 * fix: disable jar analyzer for scanners other than vuln (#3810) * fix(sbom): fix incompliant license format for spdx (#3335) * fix(java): the project props take precedence over the parent's props (#3320) * docs: add canary build info to README.md (#3799) * docs: adding link to gh token generation (#3784) * docs: changing docs in accordance with #3460 (#3787)
Dominique Leuenberger (dimstar_suse)
accepted
request 1070155
from
Dirk Mueller (dirkmueller)
(revision 47)
- Update to version 0.38.2: * chore(deps): bump github.com/moby/buildkit from 0.11.0 to 0.11.4 (#3789) * chore(deps): bump actions/add-to-project from 0.4.0 to 0.4.1 (#3724) * fix(license): disable jar analyzer for licence scan only (#3780) * bump trivy-issue-action to v0.0.0; skip `pkg` dir (#3781) * fix: skip checking dirs for required post-analyzers (#3773) * docs: add information about plugin format (#3749) * fix(sbom): add trivy version to spdx creators tool field (#3756)
Dominique Leuenberger (dimstar_suse)
accepted
request 1069011
from
Dirk Mueller (dirkmueller)
(revision 46)
- Update to version 0.38.1: * feat(misconf): Add support to show policy bundle version (#3743) * fix(python): fix error with optional dependencies in pyproject.toml (#3741) * chore(deps): bump github.com/aws/aws-sdk-go from 1.44.210 to 1.44.212 (#3740) * add id for package.json files (#3750) * chore(deps): bump github.com/containerd/containerd from 1.6.18 to 1.6.19 (#3738) * chore(deps): bump actions/cache from 3.2.4 to 3.2.6 (#3725) * chore(deps): bump github.com/google/go-containerregistry (#3731) * chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#3732) * chore(deps): bump alpine from 3.17.1 to 3.17.2 (#3723)
Dominique Leuenberger (dimstar_suse)
accepted
request 1068414
from
Dirk Mueller (dirkmueller)
(revision 45)
- Update to version 0.38.0: * fix(cli): pass integer to exit-on-eol (#3716) * feat: add kubernetes pss compliance (#3498) * feat: Adding --module-dir and --enable-modules (#3677) * feat: add special IDs for filtering secrets (#3702) * chore(deps): Update defsec (#3713) * docs(misconf): Add guide on input schema (#3692) * feat(go): support dependency graph and show only direct dependencies in the tree (#3691) * feat: docker multi credential support (#3631) * feat: summarize vulnerabilities in compliance reports (#3651) * feat(python): parse pyproject.toml alongside poetry.lock (#3695) * feat(python): add dependency tree for poetry lock file (#3665) * fix(cyclonedx): incompliant affect ref (#3679) * chore(helm): update skip-db-update environment variable (#3657) * fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675) * fix(sbom): export empty dependencies in CycloneDX (#3664) * docs: java-db air-gap doc tweaks (#3561) * feat(go): license support (#3683) * feat(ruby): add dependency tree/location support for Gemfile.lock (#3669) * fix(k8s): k8s label size (#3678) * fix(cyclondx): fix array empty value, null to [] (#3676) * refactor: rewrite gomod analyzer as post-analyzer (#3674) * feat: config outdated-api result filtered by k8s version (#3578) * fix: Update to Alpine 3.17.2 (#3655) * feat: add support for virtual files (#3654) * feat: add post-analyzers (#3640) * chore(deps): updates wazero to 1.0.0-pre.9 (#3653) * chore(deps): bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#3528) * chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 (#3633) * feat(python): add dependency locations for Pipfile.lock (#3614)
Dominique Leuenberger (dimstar_suse)
accepted
request 1065886
from
Dirk Mueller (dirkmueller)
(revision 44)
- Update to version 0.37.3 (bsc#1208091, CVE-2023-25165): * chore(helm): update Trivy from v0.36.1 to v0.37.2 (#3574) * chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#3536) * chore(deps): bump golang/x/mod to v0.8.0 (#3606) * chore(deps): bump golang.org/x/crypto from 0.3.0 to 0.5.0 (#3529) * chore(deps): bump helm.sh/helm/v3 from 3.10.3 to 3.11.1 (#3580) * ci: quote pros in c++ for semantic pr (#3605) * fix(image): check proxy settings from env for remote images (#3604)
Dominique Leuenberger (dimstar_suse)
accepted
request 1064170
from
Dirk Mueller (dirkmueller)
(revision 43)
Dominique Leuenberger (dimstar_suse)
accepted
request 1062489
from
Dirk Mueller (dirkmueller)
(revision 42)
- Update to version 0.37.1: * fix(sbom): download the Java DB when generating SBOM (#3539) * fix: use cgo free sqlite driver (#3521) * ci: fix path to dist folder (#3527)
Dominique Leuenberger (dimstar_suse)
accepted
request 1062442
from
Dirk Mueller (dirkmueller)
(revision 41)
- Update to version 0.37.0: * fix(image): close layers (#3517) * refactor: db client changed (#3515) * feat(java): use trivy-java-db to get GAV (#3484) * docs: add note about the limitation in Rekor (#3494) * docs: aggregate targets (#3503) * deps: updates wazero to 1.0.0-pre.8 (#3510) * docs: add alma 9 and rocky 9 to supported os (#3513) * chore(deps): bump defsec to v0.82.9 (#3512) * chore: add missing target labels (#3504) * docs: add java vulnerability page (#3429) * feat(image): add support for Docker CIS Benchmark (#3496) * feat(image): secret scanning on container image config (#3495) * chore(deps): Upgrade defsec to v0.82.8 (#3488) * feat(image): scan misconfigurations in image config (#3437) * chore(helm): update Trivy from v0.30.4 to v0.36.1 (#3489) * feat(k8s): add node info resource (#3482) * perf(secret): optimize secret scanning memory usage (#3453) * feat: support aliases in CLI flag, env and config (#3481) * fix(k8s): migrate rbac k8s (#3459) * feat(java): add implementationVendor and specificationVendor fields to detect GroupID from MANIFEST.MF (#3480) * refactor: rename security-checks to scanners (#3467) * chore: display the troubleshooting URL for the DB denial error (#3474) * docs: yaml tabs to spaces, auto create namespace (#3469) * docs: adding show-and-tell template to GH discussions (#3391) * fix: Fix a temporary file leak in case of error (#3465) * fix(test): sort cyclonedx components (#3468) * docs: fixing spelling mistakes (#3462) * ci: set paths triggering VM tests in PR (#3438) * docs: typo in --skip-files (#3454)
Dominique Leuenberger (dimstar_suse)
accepted
request 1056176
from
Dirk Mueller (dirkmueller)
(revision 40)
- Update to version 0.36.1: * fix(deps): fix errors on yarn.lock files that contain local file reference (#3384) * feat(flag): early fail when the format is invalid (#3370) * chore(deps): bump github.com/aws/aws-sdk-go from 1.44.136 to 1.44.171 (#3366) * docs(aws): fix broken links (#3374) * chore(deps): bump actions/stale from 6 to 7 (#3360) * chore(deps): bump helm/kind-action from 1.4.0 to 1.5.0 (#3359) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.6.0 to 0.7.0 (#2974) * chore(deps): bump azure/setup-helm from 3.4 to 3.5 (#3358) * chore(deps): bump github.com/moby/buildkit from 0.10.4 to 0.10.6 (#3173) * chore(deps): bump goreleaser/goreleaser-action from 3 to 4 (#3357) * chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.14 (#3367) * chore(go): updates wazero to v1.0.0-pre.7 (#3355) * chore(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 (#3362) * chore(deps): bump actions/cache from 3.0.11 to 3.2.2 (#3356)
Dominique Leuenberger (dimstar_suse)
accepted
request 1046089
from
Dirk Mueller (dirkmueller)
(revision 39)
- Update to version 0.36.0: * docs: improve compliance docs (#3340) * feat(deps): add yarn lock dependency tree (#3348) * fix: compliance change id and title naming (#3349) * feat: add support for mix.lock files for elixir language (#3328) * feat: add k8s cis bench (#3315) * test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322) * revert: cache merged layers (#3334) * feat(cyclonedx): add recommendation (#3336) * feat(ubuntu): added support ubuntu ESM versions (#1893) * fix: change logic to build relative paths for skip-dirs and skip-files (#3331) * chore(deps): bump github.com/hashicorp/golang-lru from 0.5.4 to 2.0.1 (#3265) * feat: Adding support for Windows testing (#3037) * feat: add support for Alpine 3.17 (#3319) * docs: change PodFile.lock to Podfile.lock (#3318) * fix(sbom): support for the detection of old CycloneDX predicate type (#3316) * feat(secret): Use .trivyignore for filtering secret scanning result (#3312) * chore(go): remove experimental FS API usage in Wasm (#3299) * ci: add workflow to add issues to roadmap project (#3292) * fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275) * chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#3250) * feat(sbom): better support for third-party SBOMs (#3262) * docs: add information about languages with support for dependency locations (#3306) * feat(vm): add `region` option to vm scan to be able to scan any region's ami and ebs snapshots (#3284) * chore(deps): bump github.com/Azure/azure-sdk-for-go from 66.0.0+incompatible to 67.1.0+incompatible (#3251) * fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255) * docs: remove comparisons (#3289) * feat: add support for Wolfi Linux (#3215) * ci: add go.mod to canary workflow (#3288) * feat(python): skip dev dependencies (#3282)
Dominique Leuenberger (dimstar_suse)
accepted
request 1038587
from
Dirk Mueller (dirkmueller)
(revision 38)
Dominique Leuenberger (dimstar_suse)
accepted
request 1034128
from
Dirk Mueller (dirkmueller)
(revision 37)
Dominique Leuenberger (dimstar_suse)
accepted
request 1031258
from
Dirk Mueller (dirkmueller)
(revision 36)
Richard Brown (RBrownFactory)
accepted
request 1006699
from
Dirk Mueller (dirkmueller)
(revision 35)
- Update to version 0.32.1: * fix(java): use fields of dependency from dependencyManagement from upper pom.xml to parse deps (#2943) * chore: expat lib and go binary deps vulns (#2940) * wasm: Removes accidentally exported memory (#2950) * fix(sbom): fix package name separation for gradle (#2906) * docs(readme.md): fix broken integrations link (#2931) * fix(image): handle images with single layer in rescan mergedLayers cache (#2927) * fix(cli): split env values with ',' for slice flags (#2926) * fix(cli): config/helm: also take into account files with `.yml` (#2928) * fix(flag): add file-patterns flag for config subcommand (#2925) * chore(deps): bump github.com/open-policy-agent/opa from 0.43.0 to 0.43.1 (#2902)
Dominique Leuenberger (dimstar_suse)
accepted
request 1004582
from
Dirk Mueller (dirkmueller)
(revision 34)
- Update to version 0.32.0: * docs: add Rekor SBOM attestation scanning (#2893) * chore: narrow the owner scope (#2894) * fix: remove a patch number from the recommendation link (#2891) * fix: enable parsing of UUID-only rekor entry ID (#2887) * docs(sbom): add SPDX scanning (#2885) * docs: restructure docs and add tutorials (#2883) * feat(sbom): scan sbom attestation in the rekor record (#2699) * feat(k8s): support outdated-api (#2877) * chore(deps): bump github.com/moby/buildkit from 0.10.3 to 0.10.4 (#2815) * fix(c): support revisions in Conan parser (#2878) * feat: dynamic links support for scan results (#2838) * chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 (#2818) * docs: update archlinux commands (#2876) * feat(secret): add line from dockerfile where secret was added to secret result (#2780) * feat(sbom): Add unmarshal for spdx (#2868) * chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#2827) * fix: revert asff arn and add documentation (#2852) * docs: batch-import-findings limit (#2851) * chore(deps): bump golang from 1.19.0 to 1.19.1 (#2872) * feat(sbom): Add marshal for spdx (#2867) * build: checkout before setting up Go (#2873) * chore: bump Go to 1.19 (#2861) * docs: azure doc and trivy (#2869) * fix: Scan tarr'd dependencies (#2857) * chore(helm): helm test with ingress (#2630) * feat(report): add secrets to sarif format (#2820) * chore(deps): bump azure/setup-helm from 1.1 to 3.3 (#2807) * refactor: add a new interface for initializing analyzers (#2835) * chore(deps): bump github.com/aws/aws-sdk-go from 1.44.77 to 1.44.92 (#2840)
Dominique Leuenberger (dimstar_suse)
accepted
request 1001263
from
Dirk Mueller (dirkmueller)
(revision 33)
- Update to version 0.31.3: * fix: handle empty OS family (#2768) * fix: fix k8s summary report (#2777) * fix: don't skip packages that don't contain vulns, when using --list-all-pkgs flag (#2767) * chore: bump trivy-kubernetes (#2770) * fix(secret): Consider secrets in rpc calls (#2753) * fix(java): check depManagement from upper pom's (#2747) * fix(php): skip `composer.lock` inside `vendor` folder (#2718) * fix: fix k8s rbac filter (#2765) * feat(misconf): skipping misconfigurations by AVD ID (#2743) * chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741) * docs: add MacPorts install instructions (#2727) * docs: typo (#2730)
Richard Brown (RBrownFactory)
accepted
request 997437
from
Dirk Mueller (dirkmueller)
(revision 32)
- Update to version 0.31.2: * fix: Correctly handle recoverable AWS scanning errors (#2726) * docs: Remove reference to SecurityAudit policy for AWS scanning (#2721) - Update to version 0.31.1: * fix: upgrade defsec to v0.71.7 for elb scan panic (#2720)
Dominique Leuenberger (dimstar_suse)
accepted
request 997334
from
Dirk Mueller (dirkmueller)
(revision 31)
- Update to version 0.31.0: * fix(flag): add error when there are no supported security checks (#2713) * fix(vuln): continue scanning when no vuln found in the first application (#2712) * revert: add new classes for vulnerabilities (#2701) * feat(secret): detect secrets removed or overwritten in upper layer (#2611) * fix(cli): secret scanning perf link fix (#2607) * chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650) * feat: Add AWS Cloud scanning (#2493) * docs: specify the type when verifying an attestation (#2697) * docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690) * fix(rpc): scanResponse rpc conversion for custom resources (#2692) * feat(rust): Add support for cargo-auditable (#2675) * feat: Support passing value overrides for configuration checks (#2679) * feat(sbom): add support for scanning a sbom attestation (#2652) * chore(image): skip symlinks and hardlinks from tar scan (#2634) * fix(report): Update junit.tpl (#2677) * fix(cyclonedx): add nil check to metadata.component (#2673) * docs(secret): fix missing and broken links (#2674) * refactor(cyclonedx): implement json.Unmarshaler (#2662) * chore(deps): bump github.com/aquasecurity/table from 1.6.0 to 1.7.2 (#2643) * chore(deps): bump github.com/Azure/go-autorest/autorest (#2642) * feat(kubernetes): add option to specify kubeconfig file path (#2576) * docs: follow Debian's "instructions to connect to a third-party repository" (#2511) * chore(deps): bump github.com/google/licenseclassifier/v2 (#2644) * chore(deps): bump github.com/samber/lo from 1.24.0 to 1.27.0 (#2645) * chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#2647) * chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.8 to 3.1.0 (#2646) * chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#2641) * chore(deps): bump actions/cache from 3.0.4 to 3.0.5 (#2640) * chore(deps): bump alpine from 3.16.0 to 3.16.1 (#2639)
Displaying revisions 21 - 40 of 70
