Update module github.com/aquasecurity/trivy to v0.48.0 - autoclosed #43
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/github.com-aquasecurity-trivy-0.x
branch
from
514a6eb to
b8f463c
Compare
renovate
bot
force-pushed
the
renovate/github.com-aquasecurity-trivy-0.x
branch
from
b8f463c to
9dd9328
Compare
renovate
bot
changed the title
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.43.0->v0.48.0Release Notes
aquasecurity/trivy (github.com/aquasecurity/trivy)
v0.48.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/5724
Changelog
f2aa9bfchore(deps): bump sigstore/cosign-installer from4a86152to1fc5bd3(#5696)6d7e2f8chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 (#5694)0ff5f96feat: filter k8s core components vuln results (#5713)a54d1e9feat(vuln): remove duplicates in Fixed Version (#5596)99c04c4feat(report): output plugin (#4863)70078b9chore(deps): bump alpine from 3.18.4 to 3.18.5 (#5700)49e83a6chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#5704)af32cb3chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 (#5699)1766271chore(deps): bump actions/github-script from 6 to 7 (#5697)7ee8547chore(deps): bump easimon/maximize-build-space from 8 to 9 (#5695)654147fdocs: typo in modules.md (#5712)2569575feat: Add flag to configure node-collector image ref (#5710)c061009chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 (#5702)aedbd85chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 (#5698)e018b9cchore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 (#5706)b5874e3feat(misconf): Add--misconfig-scannersoption (#5670)075d8f6chore: bump Go to 1.21 (#5662)16b757dfeat: Packagesprops support (#5605)372efc9chore(deps): Bump up trivy misconf deps (#5656)edad5f6docs: update adopters discussion template (#5632)ed9d340docs: terraform tutorial links updated to point to correct loc (#5661)8ff574efix(secret): addsecand space to secret prefix foraws-secret-access-key(#5647)ad977a4fix(nodejs): support protocols for dependency section in yarn.lock files (#5612)b1dc60bfix(secret): exclude upper case before secret foralibaba-access-key-id(#5618)65351d4docs: Update Arch Linux package URL in installation.md (#5619)c866f1cchore: add prefix to image errors (#5601)ed0022bdocs(vuln): fix link anchor (#5606)3c81727docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608)2145464fix: k8s friendly error messages kbom non cluster scans (#5594)44d0b28feat: set InstalledFiles for DEB and RPM packages (#5488)ae4bcf6fix(report): use time.Time for CreatedAt (#5598)b6fafa0test: retry containerd initialization (#5597)1336223feat(misconf): Expose misconf engine debug logs with--debugoption (#5550)7105186test: mock VM walker (#5589)d9d7f3fchore: bump node-collector v0.0.9 (#5591)e3c28f8feat(misconf): Add support for--cf-paramsfor CFT (#5507)ac0e327feat(flag): replace '--slow' with '--parallel' (#5572)5372067fix(report): add escaping for Sarif format (#5568)a389529chore: show a deprecation notice for--scanners config(#5587)f4dd062feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)d005f5atest: mock RPM DB (#5567)a96ec35feat: add aliases to '--scanners' (#5558)950e431refactor: reintroduce output writer (#5564)2310f0dchore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#5543)04b93e9chore: not load plugins for auto-generating docs (#5569)cccaa15chore: sort supported AWS services (#5570)3891e3dfix: no schedule toleration (#5562)138feb0fix(cli): set correctscannersfork8starget (#5561)cb241a8fix(sbom): addFilesAnalyzedandPackageVerificationCodefields for SPDX (#5533)e7f6a5crefactor(misconf): Update refactored dependencies (#5245)2f5afa5feat(secret): add built-in rule for JWT tokens (#5480)91fc8dafix: trivy k8s parse ecr image with arn (#5537)05df244fix: fail k8s resource scanning (#5529)a1b4744refactor(misconf): don't remove Highlighted in json format (#5531)7712f8fdocs(k8s): fix link in kubernetes.md (#5524)043fbfcdocs(k8s): fix whitespace in list syntax (#5525)v0.47.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/5520
Changelog
d6df5fbdocs: add info that license scanning supports file-patterns flag (#5484)156d4ccdocs: add Zora integration into Ecosystem session (#5490)772d1d0fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)df47073ci: use maximize build space for K8s tests (#5387)fed4710fix: correct error mismatch causing race in fast walks (#5516)46f1b9edocs: k8s vulnerability scanning (#5515)fdb3a15chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506)d0d956fchore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493)68b0797docs: remove glad for java datasources (#5508)474167cchore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475)7299867chore: remove unused logger attribute in amazon detector (#5476)8656bd9fix: correct error mismatch causing race in fast walks (#5482)2e10cd2chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502)13df746chore(deps): bump docker/build-push-action from 4 to 5 (#5500)b0141cfchore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491)520830bfix(server): add licenses toBlobInfomessage (#5382)9a6e125chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501)6e59272chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497)f3de7bcfeat: scan vulns on k8s core component apps (#5418)e2fb3ddfix(java): fix infinite loop whenrelativePathfield points topom.xmlbeing scanned (#5470)3e833bechore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472)ca50b77fix(sbom): save digests for package/application when scanning SBOM files (#5432)048150ddocs: fix the broken link (#5454)013d901docs: fix error when installingPyYAMLfor gh pages (#5462)26b4959fix(java): download java-db once (#5442)57fa701chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)53c9a7ddocs(misconf): Update--tf-exclude-downloaded-modulesdescription (#5419)01c98d1feat(misconf): Support--ignore-policyin config scans (#5359)05b3c86docs(misconf): fix broken table forUse container imagesection (#5425)1a15a3afeat(dart): add graph support (#5374)f2a12f5refactor: define a new struct for scan targets (#5397)6040d9ffix(sbom): add missedprimaryURLandsource severityfor CycloneDX (#5399)e5317c7fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393)9fba79fchore(deps): move to aws-sdk-go-v2 (#5381)00f2059docs: remove --scanners none (#5384)57a1022docs: Update container_image.md #5182 (#5193)5b2b4eafeat(report): AddInstalledFilesfield to Package (#4706)v0.46.1Compare Source
Changelog
27a3e55fix(java): download java-db once (#5442)d223732chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)v0.46.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/5377
Changelog
cbbd1cefeat(k8s): add support for vulnerability detection (#5268)24a0d92fix(python): override BOM inrequirements.txtfiles (#5375)0c3e2f0docs: add kbom documentation (#5363)6c12f04test: use maximize build space for VM tests (#5362)c413422chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)20ab703fix(report): add escaping quotes in misconfig Title for asff template (#5351)91841f5ci: add workflow to check Go versions of dependencies (#5340)57ba05cchore(deps): Upgrade defsec to v0.93.1 (#5348)fef3ed4chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)ced54acfix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)2798df9fix: add config files to FS for post-analyzers (#5333)af485b3fix: fix MIME warnings after updating to Go 1.20 (#5336)008babfbuild: fix a compile error with Go 1.21 (#5339)00d9c46feat: addedMetadatainto the k8s resource's scan report (#5322)03b6787ci: check only PR's inactions/stale(#5337)e6d5889chore: update adopters template (#5330)74dbd8aci: do not trigger tests on the push event (#5313)393bfdcfix(sbom): use PURL or Group and Name in case of Java (#5154)76eb8a5docs: add buildkite repository to ecosystem page (#5316)6c74ee1chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)6119878chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)a346587chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)7e613ccchore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)f05bc4bchore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)3be5e6bchore: enable go-critic (#5302)f6cd21cchore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)f7b9751chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)18d1687close java-db client (#5273)eb60e9fchore(deps): bump docker/login-action from 2 to 3 (#5291)5a92055chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)46afe65chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)0bf2a11chore(deps): bump github.com/opencontainers/image-spec (#5295)23b5fecfix(report): removes git::http from uri in sarif (#5244)4f1d576Improve the meaning of sentence (#5301)6ab2bdfchore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)4217cffchore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)1840584add app nil check (#5274)c5ae9f2typo: in secret.md (#5281)562723fdocs: add info aboutgithubformat (#5265)3dd5b1efeat(dotnet): add license support for NuGet (#5217)5c18475docs: correctly export variables (#5260)0c08ddechore: Add line numbers for lint output (#5247)0ccbb4fchore(cli): disable java-db flags in server mode (#5263)908a491feat(db): allow passing registry options (#5226)5b4652dchore(deps): Bump up defsec to v0.93.0 (#5253)faf8d49refactor(purl): use TypeApk from purl (#5232)559c0f3chore: enable more linters (#5228)2baad46ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236)df2bff9Fix typo on ide.md (#5239)44656f2refactor: use defined types (#5225)37af529fix(purl): skip local Go packages (#5190)eea3320docs: update info about license scanning in Yarn projects (#5207)2e66620ci: auto apply labels (#5200)49680dcfix link (#5203)v0.45.1Compare Source
Changelog
daae882fix(purl): handle rust types (#5186)81240cfchore: auto-close issues (#5177)bd0accdchore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)ecee794fix(k8s): kbom support addons labels (#5178)9ebc25dtest: validate SPDX with the JSON schema (#5124)9a49a37chore: bump trivy-kubernetes-latest (#5161)ad1dc63docs: add 'Signature Verification' guide (#4731)7c68d4adocs: add image-scanner-with-trivy for ecosystem (#5159)ed49609fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)1953972chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)c751601Update filtering.md (#5131)ccc6d7cchore(deps): bump sigstore/cosign-installer (#5104)48cbf45chore(deps): bump github.com/cyphar/filepath-securejoin (#5143)a9c2c74chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103)120ac68chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105)41eaa78chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126)932f927chaging adopters discussion tempalte (#5091)db31333chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092)8c0b7d6chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094)c61c664chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095)a99944cchore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097)9fc844echore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098)c504f8bchore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106)v0.45.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/5082
Changelog
cdab67edocs: add Bitnami (#5078)7acc5e8feat(docker): add support for scanning Bitnami components (#5062)9628b1cfeat: add support for .trivyignore.yaml (#5070)4547e27fix(terraform): improve detection of terraform files (#4984)0c8919efeat: filter artifacts on --exclude-owned flag (#5059)c04f234fix(sbom): cyclonedx advisory should omitnullvalue (#5041)f811ed2build: maximize build space for build tests (#5072)69ea5bffeat: improve kbom component name (#5058)3715dcbfix(pom): add licenses for pom artifacts (#5071)07f7e98chore(deps): Update defsec to v0.92.0 (#5068)d4ca3ccchore: bump Go to1.20(#5067)49fdd58feat: PURL matching with qualifiers in OpenVEX (#5061)4401998feat(java): add graph support for pom.xml (#4902)9c211d0feat(swift): add vulns for cocoapods (#5037)422fa41fix: support image pull secret for additional workloads (#5052)8e93386fix: #5033 Superfluous double quote in html.tpl (#5036)9345a98docs(repo): update trivy repo usage and example (#5049)5d8da70perf: Optimize Dockerfile for reduced layers and size (#5038)1be9da7feat: scan K8s Resources Kind with --all-namespaces (#5043)0e17d0bfix: vulnerability typo (#5044)d70fab2docs: adding a terraform tutorial to the docs (#3708)2fa264afeat(report): add licenses to sarif format (#4866)07ddf47feat(misconf): show the resource name in the report (#4806)9de3606chore: update alpine base images (#5015)ef70d20feat: add Package.resolved swift files support (#4932)ec5d8befeat(nodejs): parse licenses in yarn projects (#4652)3114c87fix: k8s private registries support (#5021)6d79f55bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)9ace591feat(vuln): support last_affected field from osv (#4944)d442176feat(server): add version endpoint (#4869)63cd41dfeat: k8s private registries support (#4987)cb16e23fix(server): add indirect prop to package (#4974)a4e981bdocs: add coverage (#4954)6f03c79feat(c): add location for lock file dependencies. (#4994)c748705docs: adding blog post on ec2 (#4813)4e1316crevert 32bit bins (#4977)fc959fcchore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917)v0.44.1Compare Source
Changelog
f105279fix(report): return severity colors in table format (#4969)bc2b0cabuild: maximize available disk space for release (#4937)9493c6ftest(cli): Fix assertion helptext (#4966)b0359dechore(deps): Bump defsec to v0.91.1 (#4965)d3a34e4test: validate CycloneDX with the JSON schema (#4956)798ef1bfix(server): add licenses to the Result message (#4955)e8cf281fix(aws): resolve endpoint if endpoint is passed (#4925)f18b0dbfix(sbom): move licenses tonamefield in Cyclonedx format (#4941)a796701add only uniq deps in dependsOn (#4943)b544e0duse testify instead of gotest.tools (#4946)067a0fcfix(nodejs): do not detect lock file in node_modules as an app (#4949)e6d7705bump go-dep-parser (#4936)c584dc1chore(deps): bump github.com/openvex/go-vex from 0.2.0 to 0.2.1 (#4914)358d56bchore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#4909)17f3ea9chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#4912)39ccbf7test(aws): move part of unit tests to integration (#4884)6d3ae3bdocs(cli): update help string for file and dir skipping (#4872)7d7a1efchore(deps): bump sigstore/cosign-installer (#4910)fc74950chore(deps): bump github.com/sosedoff/gitkit from 0.3.0 to 0.4.0 (#4916)b2a68bcchore(deps): bump k8s.io/api from 0.27.3 to 0.27.4 (#4918)e5c0c15chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (#4919)da37803chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#4913)9744e64chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 (#4915)99eebc6docs: update the discussion template (#4928)v0.44.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/4903
Changelog
d19c7d9feat(repo): support local repositories (#4890)3c19761bump go-dep-parser (#4893)e1c2a8cfix(misconf): add missing fields to proto (#4861)8b8e0e8fix: remove trivy-db package replacement (#4877)f9efe44chore(test): bump the integration test timeout to 15m (#4880)7271d68chore(deps): Update defsec to v0.91.0 (#4886)c3bc67cchore: update CODEOWNERS (#4871)232ba82feat(vuln): support vulnerability status (#4867)11618c9feat(misconf): Support custom URLs for policy bundle (#4834)0707569refactor: replace with sortable packages (#4858)fbe1c9edocs: correct license scanning sample command (#4855)20c2246fix(report): close the file (#4842)24a3e54feat(nodejs): add support for include-dev-deps flag for yarn (#4812)a7bd7bbfeat(misconf): Add support for independently enabling libraries (#4070)4aa9ea0feat(secret): add secret config file for cache calculation (#4837)5d349d8Fix a link in gitlab-ci.md (#4850)a61531cfix(flag): use globalstar to skip directories (#4854)78cc209chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849)9399604fix(license): using common way for splitting licenses (#4434)3e2416dfix(containerd): Use img platform in exporter instead of strict host platform (#4477)ce77bb4remove govulndb (#4783)c05caaefix(java): inherit licenses from parents (#4817)aca11b9refactor: add allowed values for CLI flags (#4800)4cecd17add example regex to allow rules (#4827)4bc8d29feat(misconf): Support custom data for rego policies for cloud (#4745)88243a0docs: correcting the trivy k8s tutorial (#4815)3c7d988feat(cli): add --tf-exclude-downloaded-modules flag (#4810)fd0fd10fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)d0d543bfeat(misconf): enable --policy flag to accept directory and files both (#4777)b43a3e6feat(python): add license fields (#4722)aef7b14fix: support trivy k8s-version on k8s sub-command (#4786)v0.43.1Compare Source
Changelog
5d76abachore(deps): Update defsec to v0.90.3 (#4793)fed446cchore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#4752)df62927chore(deps): bump alpine from 3.18.0 to 3.18.2 (#4748)1b9b9a8chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 (#4758)3c16ca8docs(image): fix the comment on the soft/hard link (#4740)e5bee5ccheck Type when filling pkgs in vulns (#4776)4b9f310feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770)8e7fb7cchore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 (#4756)a9badeafix(rocky): add architectures support for advisories (#4691)f8ebcccchore(deps): bump github.com/opencontainers/image-spec (#4751)1c81948chore(deps): bump github.com/package-url/packageurl-go (#4754)497cc10chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (#4750)065f0afchore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 (#4755)e260305chore(deps): bump github.com/testcontainers/testcontainers-go (#4759)0621402fix: documentation about reseting trivy image (#4733)798fdbcfix(suse): Add openSUSE Leap 15.5 eol date as well (#4744)34a8929fix: update Amazon Linux 1 EOL (#4761)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.