| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: trivy | Distribution: SUSE Linux Enterprise 15 SP6 |
| Version: 0.44.1 | Vendor: openSUSE |
| Release: bp156.1.30 | Build date: Wed Mar 20 17:42:18 2024 |
| Group: System/Management | Build host: s390zp24 |
| Size: 274995894 | Source RPM: trivy-0.44.1-bp156.1.30.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/aquasecurity/trivy | |
| Summary: A Simple and Comprehensive Vulnerability Scanner for Containers | |
Trivy (`tri` pronounced like trigger, `vy` pronounced like envy) is a simple and comprehensive vulnerability scanner for containers and other artifacts. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Trivy is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.
Apache-2.0
* Thu Aug 10 2023 dmueller@suse.com
- Update to version 0.44.1:
* fix(report): return severity colors in table format (#4969)
* build: maximize available disk space for release (#4937)
* test(cli): Fix assertion helptext (#4966)
* chore(deps): Bump defsec to v0.91.1 (#4965)
* test: validate CycloneDX with the JSON schema (#4956)
* fix(server): add licenses to the Result message (#4955)
* fix(aws): resolve endpoint if endpoint is passed (#4925)
* fix(sbom): move licenses to `name` field in Cyclonedx format (#4941)
* add only uniq deps in dependsOn (#4943)
* use testify instead of gotest.tools (#4946)
* fix(nodejs): do not detect lock file in node_modules as an app (#4949)
* bump go-dep-parser (#4936)
* chore(deps): bump github.com/openvex/go-vex from 0.2.0 to 0.2.1 (#4914)
* chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#4909)
* chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#4912)
* test(aws): move part of unit tests to integration (#4884)
* docs(cli): update help string for file and dir skipping (#4872)
* chore(deps): bump sigstore/cosign-installer (#4910)
* chore(deps): bump github.com/sosedoff/gitkit from 0.3.0 to 0.4.0 (#4916)
* chore(deps): bump k8s.io/api from 0.27.3 to 0.27.4 (#4918)
* chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (#4919)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#4913)
* chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 (#4915)
* docs: update the discussion template (#4928)
* Thu Aug 03 2023 dmueller@suse.com
- Update to version 0.44.0:
* feat(repo): support local repositories (#4890)
* bump go-dep-parser (#4893)
* fix(misconf): add missing fields to proto (#4861)
* fix: remove trivy-db package replacement (#4877)
* chore(test): bump the integration test timeout to 15m (#4880)
* chore(deps): Update defsec to v0.91.0 (#4886)
* chore: update CODEOWNERS (#4871)
* feat(vuln): support vulnerability status (#4867)
* feat(misconf): Support custom URLs for policy bundle (#4834)
* refactor: replace with sortable packages (#4858)
* docs: correct license scanning sample command (#4855)
* fix(report): close the file (#4842)
* feat(nodejs): add support for include-dev-deps flag for yarn (#4812)
* feat(misconf): Add support for independently enabling libraries (#4070)
* feat(secret): add secret config file for cache calculation (#4837)
* Fix a link in gitlab-ci.md (#4850)
* fix(flag): use globalstar to skip directories (#4854)
* chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849)
* fix(license): using common way for splitting licenses (#4434)
* fix(containerd): Use img platform in exporter instead of strict host platform (#4477)
* remove govulndb (#4783)
* fix(java): inherit licenses from parents (#4817)
* refactor: add allowed values for CLI flags (#4800)
* add example regex to allow rules (#4827)
* feat(misconf): Support custom data for rego policies for cloud (#4745)
* docs: correcting the trivy k8s tutorial (#4815)
* feat(cli): add --tf-exclude-downloaded-modules flag (#4810)
* fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)
* feat(misconf): enable --policy flag to accept directory and files both (#4777)
* feat(python): add license fields (#4722)
* fix: support trivy k8s-version on k8s sub-command (#4786)
* Thu Jul 13 2023 dmueller@suse.com
- Update to version 0.43.1:
* chore(deps): Update defsec to v0.90.3 (#4793)
* chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#4752)
* chore(deps): bump alpine from 3.18.0 to 3.18.2 (#4748)
* chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 (#4758)
* docs(image): fix the comment on the soft/hard link (#4740)
* check Type when filling pkgs in vulns (#4776)
* feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770)
* chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 (#4756)
* fix(rocky): add architectures support for advisories (#4691)
* chore(deps): bump github.com/opencontainers/image-spec (#4751)
* chore(deps): bump github.com/package-url/packageurl-go (#4754)
* chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (#4750)
* chore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 (#4755)
* chore(deps): bump github.com/testcontainers/testcontainers-go (#4759)
* fix: documentation about reseting trivy image (#4733)
* fix(suse): Add openSUSE Leap 15.5 eol date as well (#4744)
* fix: update Amazon Linux 1 EOL (#4761)
- drop eol-dates.patch (all upstream)
* Mon Jul 03 2023 dmueller@suse.com
- Update to version 0.43.0:
* chore(deps): Update defsec to v0.90.1 (#4739)
* feat(nodejs): support yarn workspaces (#4664)
* feat(cli): add include-dev-deps flag (#4700)
* fix(image): pass the secret scanner option to scan the img config (#4735)
* fix: scan job pod it not found on k8s-1.27.x (#4729)
* feat(docker): add support for mTLS authentication when connecting to registry (#4649)
* chore(deps): Update defsec to v0.90.0 (#4723)
* fix: skip scanning the gpg-pubkey package (#4720)
* Fix http registry oci pull (#4701)
* feat(misconf): Support skipping services (#4686)
* docs: fix supported modes for pubspec.lock files (#4713)
* fix(misconf): disable the terraform plan analyzer for other scanners (#4714)
* clarifying a dir path is required for custom policies (#4716)
* chore: update alpine base images (#4715)
* fix last-history-created (#4697)
* feat: kbom and cyclonedx v1.5 spec support (#4708)
* docs: add information about Aqua (#4590)
* fix: k8s escape resource filename on windows os (#4693)
* ci: ignore merge queue branches (#4696)
* chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 (#4695)
* chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 (#4694)
* feat: cyclondx sbom custom property support (#4688)
* ci: do not trigger tests in main (#4692)
* add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690)
* use group field for jar in cyclonedx (#4674)
* feat(java): capture licenses from pom.xml (#4681)
* feat(helm): make sessionAffinity configurable (#4623)
* fix: Show the correct URL of the secret scanning (#4682)
* document expected file pattern definition format (#4654)
* fix: format arg error (#4642)
* feat(k8s): cyclonedx kbom support (#4557)
* fix(nodejs): remove unused fields for the pnpm lockfile (#4630)
* fix(vm): update ext4-filesystem parser for parse multi block extents (#4616)
* ci: update build IDs (#4641)
* fix(debian): update EOL for Debian 12 (#4647)
* chore(deps): bump go-containerregistry (#4639)
* chore: unnecessary use of fmt.Sprintf (S1039) (#4637)
* fix(db): change argument order in Exists query for JavaDB (#4595)
* feat(aws): Add support to see successes in results (#4427)
* chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4613)
* ci: do not trigger tests in main (#4614)
* chore(deps): bump sigstore/cosign-installer (#4609)
* chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 (#4608)
* ci: bypass the required status checks (#4611)
* ci: support merge queue (#3652)
* ci: matrix build for testing (#4587)
* feat: trivy k8s private registry support (#4567)
* docs: add general coverage page (#3859)
* chore: create SECURITY.md (#4601)
* Fri Jun 30 2023 Dirk Müller <dmueller@suse.com>
- add eol-dates.patch to list SLE/Leap 15.5
* Thu Jun 22 2023 Dirk Müller <dmueller@suse.com>
- add NOTICE to doc
* Mon Jun 12 2023 dmueller@suse.com
- Update to version 0.42.1:
* ci: remove 32bit packages (#4585)
* fix(misconf): deduplicate misconf results (#4588)
* fix(vm): support sector size of 4096 (#4564)
* fix(misconf): terraform relative paths (#4571)
* fix(purl): skip unsupported library type (#4577)
* fix(terraform): recursively detect all Root Modules (#4457)
* fix(vm): support post analyzer for vm command (#4544)
* fix(nodejs): change the type of the devDependencies field (#4560)
* fix(sbom): export empty dependencies in CycloneDX (#4568)
* refactor: add composite fs for post-analyzers (#4556)
* chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4554)
* chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#4526)
* chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 (#4528)
* chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 (#4529)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 (#4536)
* chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 (#4549)
* chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#4532)
* chore(deps): bump github.com/testcontainers/testcontainers-go (#4537)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#4530)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4534)
* chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
* chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
* feat: add SBOM analyzer (#4210)
* fix(sbom): update logic for work with files in spdx format (#4513)
* feat: azure workload identity support (#4489)
* feat(ubuntu): add eol date for 18.04 ESM (#4524)
* fix(misconf): Update required extensions for terraformplan (#4523)
* refactor(cyclonedx): add intermediate representation (#4490)
* fix(misconf): Remove debug print while scanning (#4521)
* fix(java): remove duplicates of jar libs (#4515)
* fix(java): fix overwriting project props in pom.xml (#4498)
* docs: Update compilation instructions (#4512)
* fix(nodejs): update logic for parsing pnpm lock files (#4502)
* fix(secret): remove aws-account-id rule (#4494)
* feat(oci): add support for referencing an input image by digest (#4470)
* chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#4338)
* docs: fixed the format (#4503)
* fix(java): add support of * for exclusions for pom.xml files (#4501)
* feat: adding issue template for documentation (#4453)
* docs: switch glad to ghsa for Go (#4493)
* chore(deps): Update defsec to v0.89.0 (#4474)
* feat(misconf): Add terraformplan support (#4342)
* feat(debian): add digests for dpkg (#4445)
* chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#4478)
* feat(k8s): exclude node scanning by node labels (#4459)
* docs: add info about multi-line mode for regexp from custom secret rules (#4159)
* feat(cli): convert JSON reports into a different format (#4452)
* feat(image): add logic to guess base layer for docker-cis scan (#4344)
* fix(cyclonedx): set original names for packages (#4306)
* feat: group subcommands (#4449)
* feat(cli): add retry to cache operations (#4189)
* fix(vuln): report architecture for `apk` packages (#4247)
* refactor: enable cases where return values are not needed in pipeline (#4443)
* fix(image): resolve scan deadlock when error occurs in slow mode (#4336)
* docs(misconf): Update docs for kubernetes file patterns (#4435)
* test: k8s integration tests (#4423)
* feat(redhat): add package digest for rpm (#4410)
* feat(misconf): Add `--reset-policy-bundle` for policy bundle (#4167)
* fix: typo (#4431)
* add user instruction to imgconf (#4429)
* fix(k8s): add image sources (#4411)
* docs(scanning): Add versioning banner (#4415)
* feat(cli): add mage command to update golden integration test files (#4380)
* feat: node-collector custom namespace support (#4407)
* chore(deps): bump owenrumney/go-sarif from v2.1.3 to v2.2.0 (#4378)
* refactor(sbom): use multiline json for spdx-json format (#4404)
* fix(ubuntu): add EOL date for Ubuntu 23.04 (#4347)
* refactor: code-optimization (#4214)
* feat(image): Add image-src flag to specify which runtime(s) to use (#4047)
* test: skip wrong update of test golden files (#4379)
* refactor: don't return error for package.json without version/name (#4377)
* docs: cmd error (#4376)
* test(cli): add test for config file and env combination (#2666)
* fix(report): set a correct file location for license scan output (#4326)
* ci: rpm repository for all versions and aarch64 (#4077)
* chore(alpine): Update Alpine to 3.18 (#4351)
* fix(alpine): add EOL date for Alpine 3.18 (#4308)
* chore(deps): bump github.com/docker/distribution (#4337)
* feat: allow root break for mapfs (#4094)
* docs(misconf): Remove examples.md (#4256)
* fix(ubuntu): update eol dates for Ubuntu (#4258)
* feat(alpine): add digests for apk packages (#4168)
* chore: add discussion templates (#4190)
* fix(terraform): Support tfvars (#4123)
* chore: separate docs:generate (#4242)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4246)
* refactor: define vulnerability scanner interfaces (#4117)
* feat: unified k8s scan resources (#4188)
* chore(deps): Update defsec to v0.88.1 (#4178)
* chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2 (#4141)
* chore: trivy bin ignore (#4212)
* feat(image): enforce image platform (#4083)
* chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.1.2 to 2.1.3 (#4143)
* chore(deps): bump github.com/docker/docker (#4144)
* chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.1 to 2.0.2 (#4146)
* chore(deps): bump aquaproj/aqua-installer from 2.0.2 to 2.1.1 (#4140)
* fix(ubuntu): fix version selection logic for ubuntu esm (#4171)
* chore(deps): bump github.com/samber/lo from 1.37.0 to 1.38.1 (#4147)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#4145)
* chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.3 (#4138)
* chore(deps): bump github.com/testcontainers/testcontainers-go (#4150)
* chore: install.sh support for windows (#4155)
* chore(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1 (#4166)
* chore(deps): bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#4149)
* docs: moving skipping files out of others (#4154)
* Thu May 11 2023 Dirk Müller <dmueller@suse.com>
- actually create a PIE binary
* Fri Apr 28 2023 dmueller@suse.com
- Update to version 0.41.0:
* fix(spdx): add workaround for no src packages (#4118)
* test(golang): rename broken go.mod (#4129)
* feat(sbom): add supplier field (#4122)
* test(misconf): skip downloading of policies for tests #4126
* refactor: use debug message for post-analyze errors (#4037)
* feat(sbom): add VEX support (#4053)
* feat(sbom): add primary package purpose field for SPDX (#4119)
* fix(k8s): fix quiet flag (#4120)
* fix(python): parse of pip extras (#4103)
* feat(java): use full path for nested jars (#3992)
* feat(license): add new flag for classifier confidence level (#4073)
* feat: config and fs compliance support (#4097)
* chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#3952)
* feat(spdx): add support for SPDX 2.3 (#4058)
* fix: k8s all-namespaces support (#4096)
* perf(misconf): replace with post-analyzers (#4090)
* fix(helm): update networking API version detection (#4106)
* feat(image): custom docker host option (#3599)
* style: debug flag is incorrect and needs extra - (#4087)
* docs(vuln): Document inline vulnerability filtering comments (#4024)
* feat(fs): customize error callback during fs walk (#4038)
* fix(ubuntu): skip copyright files from subfolders (#4076)
* docs: restructure scanners (#3977)
* fix: fix `file does not exist` error for post-analyzers (#4061)
* Sun Apr 16 2023 dmueller@suse.com
- Update to version 0.40.0:
* feat(flag): Support globstar for `--skip-files` and `--skip-directories` (#4026)
* chore(deps): bump actions/stale from 7 to 8 (#3955)
* fix: return insecure option to download javadb (#4064)
* fix(nodejs): don't stop parsing when unsupported yarn.lock protocols are found (#4052)
* ci: add gpg signing for RPM packages (#4056)
* fix(k8s): current context title (#4055)
* fix(k8s): quit support on k8s progress bar (#4021)
* chore: add a note about Dockerfile.canary (#4050)
* ci: fix path to canary binaries (#4045)
* fix(vuln): report architecture for debian packages (#4032)
* feat: add support for Chainguard's commercial distro (#3641)
* ci: bump goreleaser for Github Action from 1.4.1 to 1.16.2 (#3979)
* fix(vuln): fix error message for remote scanners (#4031)
* feat(report): add image metadata to SARIF (#4020)
* docs: fix broken cache link on Installation page (#3999)
* fix: lock downloading policies and database (#4017)
* fix: avoid concurrent access to the global map (#4014)
* feat(rust): add Cargo.lock v3 support (#4012)
* feat: auth support oci download server subcommand (#4008)
* chore(deps): bump github.com/docker/docker (#4009)
* chore: install.sh support for armv7 (#3985)
* chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#3961)
* Thu Apr 13 2023 dmueller@suse.com
- Update to version 0.39.1:
* fix(rust): fix panic when 'dependencies' field is not used in cargo.toml (#3997)
* fix(sbom): fix infinite loop for cyclonedx (#3998)
* chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.4.0 (#3954)
* fix: use warning for errors from enrichment files for post-analyzers (#3972)
* chore(deps): bump github.com/docker/docker (#3963)
* fix(helm): added annotation to psp configurable from values (#3893)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.1 (#3962)
* fix(secret): update built-in rule `tests` (#3855)
* chore(deps): bump github.com/alicebob/miniredis/v2 from 2.23.0 to 2.30.1 (#3957)
* test: rewrite scripts in Go (#3968)
* docs(cli): Improve glob documentation (#3945)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#3959)
* ci: check CLI references (#3967)
* chore(deps): bump alpine from 3.17.2 to 3.17.3 (#3951)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.212 to 1.44.234 (#3956)
* chore(deps): bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#3958)
* chore(deps): bump actions/setup-go from 3 to 4 (#3953)
* chore(deps): bump actions/cache from 3.2.6 to 3.3.1 (#3950)
* chore(deps): bump github.com/containerd/containerd from 1.6.19 to 1.7.0 (#3965)
* chore(deps): bump github.com/sigstore/rekor from 1.0.1 to 1.1.0 (#3964)
* Mon Apr 03 2023 dmueller@suse.com
- Update to version 0.39.0:
* docs(cli): added makefile and go file to create docs (#3930)
* chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946)
* chore: ignore gpg key (#3943)
* feat(cyclonedx): support dependency graph (#3177)
* chore(deps): Bump defsec to v0.85.0 (#3940)
* feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919)
* feat(server): redis with public TLS certs support (#3783)
* feat(flag): Add glob support to `--skip-dirs` and `--skip-files` (#3866)
* chore: replace make with mage (#3932)
* fix(sbom): add checksum to files (#3888)
* chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928)
* chore: remove unused mount volumes (#3927)
* feat: add auth support for downloading OCI artifacts (#3915)
* refactor(purl): use epoch in qualifier (#3913)
* chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#3727)
* feat(image): add registry options (#3906)
* feat(rust): dependency tree and line numbers support for cargo lock file (#3746)
* chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905)
* feat(php): add support for location, licenses and graph for composer.lock files (#3873)
* chore(deps): updates wazero to 1.0.0 (#3904)
* feat(image): discover SBOM in OCI referrers (#3768)
* docs: change cache-dir key in config file (#3897)
* fix(sbom): use release and epoch for SPDX package version (#3896)
* ci: add gpg signing for RPM packages (#3612)
* docs: Update incorrect comment for skip-update flag (#3878)
* refactor(misconf): simplify policy filesystem (#3875)
* feat(nodejs): parse package.json alongside yarn.lock (#3757)
* fix(spdx): add PkgDownloadLocation field (#3879)
* fix(report): try to guess direct deps for dependency tree (#3852)
* chore(amazon): update EOL (#3876)
* fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877)
* feat(amazon): add al2023 support (#3854)
* chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (#3736)
* docs(misconf): Add information about selectors (#3703)
* docs(cli): update CLI docs with cobra (#3815)
* feat: k8s parallel processing (#3693)
* docs: add DefectDojo in the Security Management section (#3871)
* chore(deps): updates wazero to 1.0.0-rc.2 (#3853)
* refactor: add pipeline (#3868)
* feat(cli): add javadb metadata to version info (#3835)
* chore(deps): Move compliance types to defsec (#3842)
* feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#3849)
* feat: add node toleration option (#3823)
* fix: allow mapfs to open dirs (#3867)
* fix(report): update uri only for os class targets (#3846)
* feat(nodejs): Add v3 npm lock file support (#3826)
* feat(nodejs): parse package.json files alongside package-lock.json (#2916)
* docs(misconf): Fix links to built in policies (#3841)
* Tue Mar 14 2023 dmueller@suse.com
- Update to version 0.38.3:
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
from 1.86.1 to 1.89.1
* fix(java): skip empty files for jar post analyzer
* fix(docker): build healthcheck command for line without
/bin/sh prefix
* refactor(license): use goyacc for license parser (#3824)
* chore(deps): bump github.com/docker/docker from
23.0.0-rc.1+incompatible to 23.0.1+incompatible
* fix: populate timeout context to node-collector
* fix: exclude node collector scanning (#3771)
* fix: display correct flag in error message when skipping
java db update #3808
* fix: disable jar analyzer for scanners other than vuln (#3810)
* fix(sbom): fix incompliant license format for spdx (#3335)
* fix(java): the project props take precedence over the
parent's props (#3320)
* docs: add canary build info to README.md (#3799)
* docs: adding link to gh token generation (#3784)
* docs: changing docs in accordance with #3460 (#3787)
* Wed Mar 08 2023 dmueller@suse.com
- Update to version 0.38.2:
* chore(deps): bump github.com/moby/buildkit from 0.11.0 to 0.11.4 (#3789)
* chore(deps): bump actions/add-to-project from 0.4.0 to 0.4.1 (#3724)
* fix(license): disable jar analyzer for licence scan only (#3780)
* bump trivy-issue-action to v0.0.0; skip `pkg` dir (#3781)
* fix: skip checking dirs for required post-analyzers (#3773)
* docs: add information about plugin format (#3749)
* fix(sbom): add trivy version to spdx creators tool field (#3756)
* Thu Mar 02 2023 dmueller@suse.com
- Update to version 0.38.1:
* feat(misconf): Add support to show policy bundle version (#3743)
* fix(python): fix error with optional dependencies in pyproject.toml (#3741)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.210 to 1.44.212 (#3740)
* add id for package.json files (#3750)
* chore(deps): bump github.com/containerd/containerd from 1.6.18 to 1.6.19 (#3738)
* chore(deps): bump actions/cache from 3.2.4 to 3.2.6 (#3725)
* chore(deps): bump github.com/google/go-containerregistry (#3731)
* chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#3732)
* chore(deps): bump alpine from 3.17.1 to 3.17.2 (#3723)
* Wed Mar 01 2023 dmueller@suse.com
- Update to version 0.38.0:
* fix(cli): pass integer to exit-on-eol (#3716)
* feat: add kubernetes pss compliance (#3498)
* feat: Adding --module-dir and --enable-modules (#3677)
* feat: add special IDs for filtering secrets (#3702)
* chore(deps): Update defsec (#3713)
* docs(misconf): Add guide on input schema (#3692)
* feat(go): support dependency graph and show only direct dependencies in the tree (#3691)
* feat: docker multi credential support (#3631)
* feat: summarize vulnerabilities in compliance reports (#3651)
* feat(python): parse pyproject.toml alongside poetry.lock (#3695)
* feat(python): add dependency tree for poetry lock file (#3665)
* fix(cyclonedx): incompliant affect ref (#3679)
* chore(helm): update skip-db-update environment variable (#3657)
* fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675)
* fix(sbom): export empty dependencies in CycloneDX (#3664)
* docs: java-db air-gap doc tweaks (#3561)
* feat(go): license support (#3683)
* feat(ruby): add dependency tree/location support for Gemfile.lock (#3669)
* fix(k8s): k8s label size (#3678)
* fix(cyclondx): fix array empty value, null to [] (#3676)
* refactor: rewrite gomod analyzer as post-analyzer (#3674)
* feat: config outdated-api result filtered by k8s version (#3578)
* fix: Update to Alpine 3.17.2 (#3655)
* feat: add support for virtual files (#3654)
* feat: add post-analyzers (#3640)
* chore(deps): updates wazero to 1.0.0-pre.9 (#3653)
* chore(deps): bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#3528)
* chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 (#3633)
* feat(python): add dependency locations for Pipfile.lock (#3614)
* chore(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 (#3648)
* fix(java): fix groupID selection by ArtifactID for jar files. (#3644)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.63.1 to 1.85.0 (#3607)
* fix(aws): Adding a fix for update-cache flag that is not applied on AWS scans. (#3619)
* feat(cli): add command completion (#3061)
* docs(misconf): update dockerfile link (#3627)
* feat(flag): add exit-on-eosl option (#3423)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.2 (#3533)
* fix(cli): make java db repository configurable (#3595)
* chore: bump trivy-kubernetes (#3613)
* Wed Feb 15 2023 dmueller@suse.com
- Update to version 0.37.3 (bsc#1208091, CVE-2023-25165):
* chore(helm): update Trivy from v0.36.1 to v0.37.2 (#3574)
* chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#3536)
* chore(deps): bump golang/x/mod to v0.8.0 (#3606)
* chore(deps): bump golang.org/x/crypto from 0.3.0 to 0.5.0 (#3529)
* chore(deps): bump helm.sh/helm/v3 from 3.10.3 to 3.11.1 (#3580)
* ci: quote pros in c++ for semantic pr (#3605)
* fix(image): check proxy settings from env for remote images (#3604)
* Fri Feb 10 2023 kastl@b1-systems.de
- Update to version 0.37.2:
* BREAKING: use normalized trivy-java-db (#3583)
* fix(image): add timeout for remote images (#3582)
* chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#3532)
* chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0 (#3534)
* fix(misconf): handle dot files better (#3550)
* chore: bump Go to 1.19 (#3551)
* chore(deps): bump alpine from 3.17.0 to 3.17.1 (#3522)
* chore(deps): bump docker/build-push-action from 3 to 4 (#3523)
* chore(deps): bump actions/cache from 3.2.2 to 3.2.4 (#3524)
* chore(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.4.0 (#3525)
* chore(deps): bump aquaproj/aqua-installer from 1.2.0 to 2.0.2 (#3526)
* Wed Feb 01 2023 dmueller@suse.com
- Update to version 0.37.1:
* fix(sbom): download the Java DB when generating SBOM (#3539)
* fix: use cgo free sqlite driver (#3521)
* ci: fix path to dist folder (#3527)
* Wed Feb 01 2023 dmueller@suse.com
- Update to version 0.37.0:
* fix(image): close layers (#3517)
* refactor: db client changed (#3515)
* feat(java): use trivy-java-db to get GAV (#3484)
* docs: add note about the limitation in Rekor (#3494)
* docs: aggregate targets (#3503)
* deps: updates wazero to 1.0.0-pre.8 (#3510)
* docs: add alma 9 and rocky 9 to supported os (#3513)
* chore(deps): bump defsec to v0.82.9 (#3512)
* chore: add missing target labels (#3504)
* docs: add java vulnerability page (#3429)
* feat(image): add support for Docker CIS Benchmark (#3496)
* feat(image): secret scanning on container image config (#3495)
* chore(deps): Upgrade defsec to v0.82.8 (#3488)
* feat(image): scan misconfigurations in image config (#3437)
* chore(helm): update Trivy from v0.30.4 to v0.36.1 (#3489)
* feat(k8s): add node info resource (#3482)
* perf(secret): optimize secret scanning memory usage (#3453)
* feat: support aliases in CLI flag, env and config (#3481)
* fix(k8s): migrate rbac k8s (#3459)
* feat(java): add implementationVendor and specificationVendor fields to detect GroupID from MANIFEST.MF (#3480)
* refactor: rename security-checks to scanners (#3467)
* chore: display the troubleshooting URL for the DB denial error (#3474)
* docs: yaml tabs to spaces, auto create namespace (#3469)
* docs: adding show-and-tell template to GH discussions (#3391)
* fix: Fix a temporary file leak in case of error (#3465)
* fix(test): sort cyclonedx components (#3468)
* docs: fixing spelling mistakes (#3462)
* ci: set paths triggering VM tests in PR (#3438)
* docs: typo in --skip-files (#3454)
* feat(custom-forward): Extended advisory data (#3444)
* docs: fix spelling error (#3436)
* refactor(image): extend image config analyzer (#3434)
* fix(nodejs): add ignore protocols to yarn parser (#3433)
* fix(db): check proxy settings when using insecure flag (#3435)
* feat(misconf): Fetch policies from OCI registry (#3015)
* ci: downgrade Go to 1.18 and use stable and oldstable go versions for unit tests (#3413)
* ci: store URLs to Github Releases in RPM repository (#3414)
* feat(server): add support of `skip-db-update` flag for hot db update (#3416)
* chore(deps): bump github.com/moby/buildkit from v0.10.6 to v0.11.0 (#3411)
* fix(image): handle wrong empty layer detection (#3375)
* test: fix integration tests for spdx and cycloneDX (#3412)
* feat(python): Include Conda packages in SBOMs (#3379)
* feat: add support pubspec.lock files for dart (#3344)
* fix(image): parsePlatform is failing with UNAUTHORIZED error (#3326)
* fix(license): change normalize for GPL-3+-WITH-BISON-EXCEPTION (#3405)
* feat(server): log errors on server side (#3397)
* chore(deps): bump defsec to address helm vulnerabilities (#3399)
* docs: rewrite installation docs and general improvements (#3368)
* chore: update code owners (#3393)
* chore: test docs separately from code (#3392)
* docs: use the formula maintained by Homebrew (#3389)
* docs: add `Security Management` section with SonarQube plugin
* Thu Jan 05 2023 dmueller@suse.com
- Update to version 0.36.1:
* fix(deps): fix errors on yarn.lock files that contain local file reference (#3384)
* feat(flag): early fail when the format is invalid (#3370)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.136 to 1.44.171 (#3366)
* docs(aws): fix broken links (#3374)
* chore(deps): bump actions/stale from 6 to 7 (#3360)
* chore(deps): bump helm/kind-action from 1.4.0 to 1.5.0 (#3359)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.6.0 to 0.7.0 (#2974)
* chore(deps): bump azure/setup-helm from 3.4 to 3.5 (#3358)
* chore(deps): bump github.com/moby/buildkit from 0.10.4 to 0.10.6 (#3173)
* chore(deps): bump goreleaser/goreleaser-action from 3 to 4 (#3357)
* chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.14 (#3367)
* chore(go): updates wazero to v1.0.0-pre.7 (#3355)
* chore(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 (#3362)
* chore(deps): bump actions/cache from 3.0.11 to 3.2.2 (#3356)
* Mon Jan 02 2023 dmueller@suse.com
- Update to version 0.36.0:
* docs: improve compliance docs (#3340)
* feat(deps): add yarn lock dependency tree (#3348)
* fix: compliance change id and title naming (#3349)
* feat: add support for mix.lock files for elixir language (#3328)
* feat: add k8s cis bench (#3315)
* test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322)
* revert: cache merged layers (#3334)
* feat(cyclonedx): add recommendation (#3336)
* feat(ubuntu): added support ubuntu ESM versions (#1893)
* fix: change logic to build relative paths for skip-dirs and skip-files (#3331)
* chore(deps): bump github.com/hashicorp/golang-lru from 0.5.4 to 2.0.1 (#3265)
* feat: Adding support for Windows testing (#3037)
* feat: add support for Alpine 3.17 (#3319)
* docs: change PodFile.lock to Podfile.lock (#3318)
* fix(sbom): support for the detection of old CycloneDX predicate type (#3316)
* feat(secret): Use .trivyignore for filtering secret scanning result (#3312)
* chore(go): remove experimental FS API usage in Wasm (#3299)
* ci: add workflow to add issues to roadmap project (#3292)
* fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275)
* chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#3250)
* feat(sbom): better support for third-party SBOMs (#3262)
* docs: add information about languages with support for dependency locations (#3306)
* feat(vm): add `region` option to vm scan to be able to scan any region's ami and ebs snapshots (#3284)
* chore(deps): bump github.com/Azure/azure-sdk-for-go from 66.0.0+incompatible to 67.1.0+incompatible (#3251)
* fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255)
* docs: remove comparisons (#3289)
* feat: add support for Wolfi Linux (#3215)
* ci: add go.mod to canary workflow (#3288)
* feat(python): skip dev dependencies (#3282)
* chore: update ubuntu version for Github action runnners (#3257)
* fix(go): skip dep without Path for go-binaries (#3254)
* feat(rust): add ID for cargo pgks (#3256)
* chore(deps): bump github.com/samber/lo from 1.33.0 to 1.36.0 (#3263)
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#3253)
* feat: add support for swift cocoapods lock files (#2956)
* fix(sbom): use proper constants (#3286)
* chore(deps): bump golang.org/x/term from 0.1.0 to 0.3.0 (#3278)
* test(vm): import relevant analyzers (#3285)
* feat: support scan remote repository (#3131)
* docs: fix typo in fluxcd (#3268)
* docs: fix broken "ecosystem" link in readme (#3280)
* feat(misconf): Add compliance check support (#3130)
* docs: Adding Concourse resource for trivy (#3224)
* chore(deps): change golang from 1.19.2 to 1.19 (#3249)
* fix(sbom): duplicate dependson (#3261)
* chore(deps): bump alpine from 3.16.2 to 3.17.0 (#3247)
* chore(go): updates wazero to 1.0.0-pre.4 (#3242)
* feat(report): add dependency locations to sarif format (#3210)
* fix(rpm): add rocky to osVendors (#3241)
* docs: fix a typo (#3236)
* feat(dotnet): add dependency parsing for nuget lock files (#3222)
* docs: add pre-commit hook to community tools (#3203)
* feat(helm): pass arbitrary env vars to trivy (#3208)
* Mon Nov 28 2022 kastl@b1-systems.de
- Update to version 0.35.0:
* chore(vm): update xfs filesystem parser for change log (#3230)
* feat: add virtual machine scan command (#2910)
* docs: reorganize index and readme (#3026)
* fix: `slowSizeThreshold` should be less than `defaultSizeThreshold` (#3225)
* feat: Export functions for trivy plugin (#3204)
* feat(image): add support wildcard for platform os (#3196)
* fix: load compliance report from file system (#3161)
* fix(suse): use package name to get advisories (#3199)
* docs(image): space issues during image scan (#3190)
* feat(containerd): scan image by digest (#3075)
* fix(vuln): add package name to title (#3183)
* fix: present control status instead of compliance percentage in compliance report (#3181)
* perf(license): remove go-enry/go-license-detector. (#3187)
* fix: workdir command as empty layer (#3087)
* docs: reorganize ecosystem section (#3025)
* feat(dotnet): add support dependency location for dotnet-core files (#3095)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.114 to 1.44.136 (#3174)
* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.13.0 to 0.15.0 (#3109)
* feat(dotnet): add support dependency location for nuget lock files (#3032)
* chore: update code owners for misconfigurations (#3176)
* feat: add slow mode (#3084)
* docs: fix typo in enable-builin-rules mentions (#3118)
* feat: Add maintainer field to OS packages (#3149)
* docs: fix some typo (#3171)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.17.8 to 1.18.0 (#3175)
* chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#3112)
* docs: fix links on Built-in Policies page (#3124)
* chore(deps): bump github.com/go-openapi/runtime from 0.24.1 to 0.24.2 (#3117)
* chore(deps): bump github.com/samber/lo from 1.28.2 to 1.33.0 (#3116)
* fix: Perform filepath.Clean first and then filepath.ToSlash for skipFile/skipDirs settings (#3144)
* chore: use newline for semantic pr (#3172)
* chore(deps): bump azure/setup-helm from 3.3 to 3.4 (#3107)
* chore(deps): bump sigstore/cosign-installer from 2.7.0 to 2.8.1 (#3106)
* chore(deps): bump amannn/action-semantic-pull-request from 4 to 5 (#3105)
* chore(deps): bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 (#3104)
* fix(spdx): rename describes field in spdx (#3102)
* chore: handle GOPATH with several paths in make file (#3092)
* docs(flag): add "rego" configuration file options (#3165)
* chore(go): updates wazero to 1.0.0-pre.3 (#3090)
* chore(deps): bump actions/cache from 3.0.9 to 3.0.11 (#3108)
* docs(license): fix typo inside quick start (#3134)
* chore: update codeowners for docs (#3135)
* fix(cli): exclude --compliance flag from non supported sub-commands (#3158)
* fix: remove --security-checks none from image help (#3156)
* fix: compliance flag description (#3160)
* docs(k8s): fix a typo (#3163)
* chore(deps): bump golang from 1.19.1 to 1.19.2 (#3103)
* Mon Oct 31 2022 kastl@b1-systems.de
- Update to version 0.34.0:
* feat(vuln): support dependency graph for RHEL/CentOS (#3094)
* feat(vuln): support dependency graph for dpkg and apk (#3093)
* perf(license): enable license classifier only with "--license-full" (#3086)
* feat(report): add secret scanning to ASFF template (#2860)
* feat: Allow override of containerd namespace (#3060)
* fix(vuln): In alpine use Name as SrcName (#3079)
* fix(secret): Alibaba AccessKey ID (#3083)
* Wed Oct 26 2022 kastl@b1-systems.de
- Update to version 0.33.0:
* refactor(k8s): custom reports (#3076)
* fix(misconf): Bump in-toto-golang with correct CycloneDX predicate (#3068)
* feat(image): add support for passing architecture and OS (#3012)
* test: disable containerd integration tests for non-amd64 arch (#3073)
* feat(server): Add support for client/server mode to rootfs command (#3021)
* feat(vuln): support non-packaged binaries (#3019)
* feat: compliance reports (#2951)
* fix(flag): disable flag parsing for each plugin command (#3074)
* feat(nodejs): add support dependency location for yarn.lock files (#3016)
* chore: Switch github.com/liamg dependencies to github.com/aquasecurity (#3069)
* feat: add k8s components (#2589)
* fix(secret): update the regex for secrets scanning (#2964)
* chore(deps): bump github.com/samber/lo from 1.27.1 to 1.28.2 (#2979)
* fix: bump trivy-kubernetes (#3064)
* docs: fix missing 'image' subcommand (#3051)
* chore: Patch golang x/text vulnerability (#3046)
* chore: add licensed project logo (#3058)
* feat(ubuntu): set Ubuntu 22.10 EOL (#3054)
* refactor(analyzer): use strings.TrimSuffix instead of strings.HasSuffix (#3028)
* feat(report): Use understandable value for shortDescription in SARIF reports (#3009)
* docs(misconf): fix typo (#3043)
* feat: add support for scanning azure ARM (#3011)
* feat(report): add location.message to SARIF output (#3002) (#3003)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.95 to 1.44.109 (#2980)
* feat(nodejs): add dependency line numbers for npm lock files (#2932)
* test(fs): add `--skip-files`, `--skip-dirs` (#2984)
* docs: add Woodpecker CI integrations example (#2823)
* chore(deps): bump github.com/sigstore/rekor from 0.12.0 to 0.12.2 (#2981)
* chore(deps): bump github.com/liamg/memoryfs from 1.4.2 to 1.4.3 (#2976)
* chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 (#2975)
* chore(deps): bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 (#2982)
* fix(sbom): ref generation if serialNumber is empty when input is cyclonedx file (#3000)
* fix(java): don't stop parsing jar file when wrong inner jar is found (#2989)
* fix(sbom): use nuget purl type for dotnet-core (#2990)
* perf: retrieve rekor entries in bulk (#2987)
* feat(aws): Custom rego policies for AWS scanning (#2994)
* docs: jq cli formatting (#2881)
* docs(repo): troubleshooting $TMPDIR customization (#2985)
* chore(deps): bump actions/cache from 3.0.8 to 3.0.9 (#2969)
* chore(deps): bump actions/stale from 5 to 6 (#2970)
* chore(deps): bump sigstore/cosign-installer from 2.5.1 to 2.7.0 (#2971)
* chore(deps): bump helm/chart-testing-action from 2.3.0 to 2.3.1 (#2972)
* chore(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#2973)
* chore: run `go fmt` (#2897)
* chore(go): updates wazero to 1.0.0-pre.2 (#2955)
* fix(aws): Less function for slice sorting always returns false #2967
* fix(java): fix unmarshal pom exclusions (#2936)
* Wed Sep 28 2022 dmueller@suse.com
- Update to version 0.32.1:
* fix(java): use fields of dependency from dependencyManagement from upper pom.xml to parse deps (#2943)
* chore: expat lib and go binary deps vulns (#2940)
* wasm: Removes accidentally exported memory (#2950)
* fix(sbom): fix package name separation for gradle (#2906)
* docs(readme.md): fix broken integrations link (#2931)
* fix(image): handle images with single layer in rescan mergedLayers cache (#2927)
* fix(cli): split env values with ',' for slice flags (#2926)
* fix(cli): config/helm: also take into account files with `.yml` (#2928)
* fix(flag): add file-patterns flag for config subcommand (#2925)
* chore(deps): bump github.com/open-policy-agent/opa from 0.43.0 to 0.43.1 (#2902)
* Mon Sep 19 2022 dmueller@suse.com
- Update to version 0.32.0:
* docs: add Rekor SBOM attestation scanning (#2893)
* chore: narrow the owner scope (#2894)
* fix: remove a patch number from the recommendation link (#2891)
* fix: enable parsing of UUID-only rekor entry ID (#2887)
* docs(sbom): add SPDX scanning (#2885)
* docs: restructure docs and add tutorials (#2883)
* feat(sbom): scan sbom attestation in the rekor record (#2699)
* feat(k8s): support outdated-api (#2877)
* chore(deps): bump github.com/moby/buildkit from 0.10.3 to 0.10.4 (#2815)
* fix(c): support revisions in Conan parser (#2878)
* feat: dynamic links support for scan results (#2838)
* chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 (#2818)
* docs: update archlinux commands (#2876)
* feat(secret): add line from dockerfile where secret was added to secret result (#2780)
* feat(sbom): Add unmarshal for spdx (#2868)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#2827)
* fix: revert asff arn and add documentation (#2852)
* docs: batch-import-findings limit (#2851)
* chore(deps): bump golang from 1.19.0 to 1.19.1 (#2872)
* feat(sbom): Add marshal for spdx (#2867)
* build: checkout before setting up Go (#2873)
* chore: bump Go to 1.19 (#2861)
* docs: azure doc and trivy (#2869)
* fix: Scan tarr'd dependencies (#2857)
* chore(helm): helm test with ingress (#2630)
* feat(report): add secrets to sarif format (#2820)
* chore(deps): bump azure/setup-helm from 1.1 to 3.3 (#2807)
* refactor: add a new interface for initializing analyzers (#2835)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.77 to 1.44.92 (#2840)
* fix: update ProductArn with account id (#2782)
* feat(helm): make cache TTL configurable (#2798)
* build(): Sign releaser artifacts, not only container manifests (#2789)
* chore: improve doc about azure devops (#2795)
* chore(deps): bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#2804)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#2825)
* docs: don't push patch versions (#2824)
* feat: add support for conan.lock file (#2779)
* feat: cache merged layers
* chore(deps): bump helm/chart-testing-action from 2.2.1 to 2.3.0 (#2805)
* chore(deps): bump actions/cache from 3.0.5 to 3.0.8 (#2806)
* chore(deps): bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 (#2811)
* chore(deps): bump github.com/aquasecurity/table from 1.7.2 to 1.8.0 (#2810)
* chore(deps): bump github.com/samber/lo from 1.27.0 to 1.27.1 (#2808)
* chore(deps): bump github.com/alicebob/miniredis/v2 from 2.22.0 to 2.23.0 (#2814)
* feat: add support for gradle.lockfile (#2759)
* chore(mod): updates wazero to 1.0.0-pre.1 #2791
* feat: move file patterns to a global level to be able to use it on any analyzer (#2539)
* Fix url validaton failures (#2783)
* fix(image): add logic to detect empty layers (#2790)
* feat(rust): add dependency graph from Rust binaries (#2771)
* Mon Sep 05 2022 dmueller@suse.com
- Update to version 0.31.3:
* fix: handle empty OS family (#2768)
* fix: fix k8s summary report (#2777)
* fix: don't skip packages that don't contain vulns, when using --list-all-pkgs flag (#2767)
* chore: bump trivy-kubernetes (#2770)
* fix(secret): Consider secrets in rpc calls (#2753)
* fix(java): check depManagement from upper pom's (#2747)
* fix(php): skip `composer.lock` inside `vendor` folder (#2718)
* fix: fix k8s rbac filter (#2765)
* feat(misconf): skipping misconfigurations by AVD ID (#2743)
* chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741)
* docs: add MacPorts install instructions (#2727)
* docs: typo (#2730)
* Tue Aug 16 2022 dmueller@suse.com
- Update to version 0.31.2:
* fix: Correctly handle recoverable AWS scanning errors (#2726)
* docs: Remove reference to SecurityAudit policy for AWS scanning (#2721)
* Tue Aug 16 2022 dmueller@suse.com
- Update to version 0.31.1:
* fix: upgrade defsec to v0.71.7 for elb scan panic (#2720)
* Tue Aug 16 2022 dmueller@suse.com
- Update to version 0.31.0:
* fix(flag): add error when there are no supported security checks (#2713)
* fix(vuln): continue scanning when no vuln found in the first application (#2712)
* revert: add new classes for vulnerabilities (#2701)
* feat(secret): detect secrets removed or overwritten in upper layer (#2611)
* fix(cli): secret scanning perf link fix (#2607)
* chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650)
* feat: Add AWS Cloud scanning (#2493)
* docs: specify the type when verifying an attestation (#2697)
* docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690)
* fix(rpc): scanResponse rpc conversion for custom resources (#2692)
* feat(rust): Add support for cargo-auditable (#2675)
* feat: Support passing value overrides for configuration checks (#2679)
* feat(sbom): add support for scanning a sbom attestation (#2652)
* chore(image): skip symlinks and hardlinks from tar scan (#2634)
* fix(report): Update junit.tpl (#2677)
* fix(cyclonedx): add nil check to metadata.component (#2673)
* docs(secret): fix missing and broken links (#2674)
* refactor(cyclonedx): implement json.Unmarshaler (#2662)
* chore(deps): bump github.com/aquasecurity/table from 1.6.0 to 1.7.2 (#2643)
* chore(deps): bump github.com/Azure/go-autorest/autorest (#2642)
* feat(kubernetes): add option to specify kubeconfig file path (#2576)
* docs: follow Debian's "instructions to connect to a third-party repository" (#2511)
* chore(deps): bump github.com/google/licenseclassifier/v2 (#2644)
* chore(deps): bump github.com/samber/lo from 1.24.0 to 1.27.0 (#2645)
* chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#2647)
* chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.8 to 3.1.0 (#2646)
* chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#2641)
* chore(deps): bump actions/cache from 3.0.4 to 3.0.5 (#2640)
* chore(deps): bump alpine from 3.16.0 to 3.16.1 (#2639)
* chore(deps): bump golang from 1.18.3 to 1.18.4 (#2638)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.48 to 1.44.66 (#2648)
* chore(deps): bump github.com/open-policy-agent/opa from 0.42.0 to 0.43.0 (#2649)
* chore(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (#2651)
* feat(alma): set AlmaLinux 9 EOL (#2653)
* fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative dirs (#2636)
* test(misconf): add tests for misconf handler for dockerfiles (#2621)
* feat(oracle): set Oracle Linux 9 EOL (#2635)
* BREAKING: add new classes for vulnerabilities (#2541)
* fix(secret): add newline escaping for asymmetric private key (#2532)
* docs: improve formatting (#2572)
* feat(helm): allows users to define an existing secret for tokens (#2587)
* docs(mariner): use tdnf in fs usage example (#2616)
* docs: remove unnecessary double quotation marks (#2609)
* fix: Fix --file-patterns flag (#2625)
* feat(report): add support for Cosign vulnerability attestation (#2567)
* docs(mariner): use v2.0 in examples (#2602)
* feat(report): add secrets template for codequality report (#2461)
* Wed Jul 27 2022 kastl@b1-systems.de
- Update to version 0.30.4:
* fix: remove the first arg when running as a plugin (#2595)
* fix: k8s controlplaner scanning (#2593)
* fix(vuln): GitLab report template (#2578)
* Tue Jul 26 2022 kastl@b1-systems.de
- Update to version 0.30.3:
* fix(server): use a new db worker for hot updates (#2581)
* docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583)
* docs: split commands to download db for different versions of oras (#2582)
* feat(report): export exitcode for license checks (#2564)
* fix: cli can use lowercase for severities (#2565)
* fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)
* fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)
* fix: enable some features of the wasm runtime (#2575)
* fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521)
* docs(sbom): improve sbom attestation documentation (#2566)
* Thu Jul 21 2022 kastl@b1-systems.de
- Update to version 0.30.2:
* fix(report): show the summary without results (#2548)
* fix(cli): replace '-' to '_' for env vars (#2561)
* Wed Jul 20 2022 kastl@b1-systems.de
- Update to version 0.30.1:
* chore: remove a test repository (#2551)
* fix(license): lazy loading of classifiers (#2547)
* fix: CVE-2022-1996 in Trivy (#2499)
* docs(sbom): add sbom attestation (#2527)
* feat(rocky): set Rocky Linux 9 EOL (#2543)
* docs: add attributes to the video tag to autoplay demo videos (#2538)
* fix: yaml files with non-string chart name (#2534)
* fix: skip dirs (#2530)
* feat(repo): add support for branch, commit, & tag (#2494)
* fix: remove auto configure environment variables via viper (#2526)
* Sat Jul 16 2022 kastl@b1-systems.de
- Update to version 0.30.0:
* fix: separating multiple licenses from one line in dpkg copyright files (#2508)
* fix: change a capital letter for `plugin uninstall` subcommand (#2519)
* fix: k8s hide empty report when scanning resource (#2517)
* refactor: fix comments (#2516)
* fix: scan vendor dir (#2515)
* feat: Add support for license scanning (#2418)
* chore: add owners for secret scanning (#2485)
* fix: remove dependency-tree flag for image subcommand (#2492)
* fix(k8s): add shorthand for k8s namespace flag (#2495)
* docs: add information about using multiple servers to troubleshooting (#2498)
* ci: add pushing canary build images to registries (#2428)
* chore(deps): bump github.com/open-policy-agent/opa from 0.41.0 to 0.42.0 (#2479)
* feat(dotnet): add support for .Net core .deps.json files (#2487)
* feat(amazon): add support for 2022 version (#2429)
* Type correction bitnami chart (#2415)
* chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.1.1 to 2.1.2 (#2449)
* chore(deps): bump github.com/aquasecurity/table from 1.5.1 to 1.6.0 (#2446)
* docs: add config file and update CLI references (#2489)
* feat: add support for flag groups (#2488)
* refactor: move from urfave/cli to spf13/cobra (#2458)
* fix: Fix secrets output not containing file/lines (#2467)
* fix: clear output with modules (#2478)
* chore(deps): bump github.com/mailru/easyjson from 0.7.6 to 0.7.7 (#2448)
* docs(cbl): distroless 1.0 supported (#2473)
* fix: Fix example dockerfile rego policy (#2460)
* fix(config): add helm to list of config analyzers (#2457)
* feat: k8s resouces scan (#2395)
* feat(sbom): add cyclonedx sbom scan (#2203)
* chore(deps): bump wazero to latest main (#2436)
* chore(deps): bump github.com/stretchr/testify from 1.7.3 to 1.8.0 (#2444)
* chore(deps): bump github.com/alicebob/miniredis/v2 from 2.21.0 to 2.22.0 (#2445)
* chore(deps): bump sigstore/cosign-installer from 2.3.0 to 2.4.1 (#2442)
* chore(deps): bump actions/setup-python from 3 to 4 (#2441)
* chore(deps): bump github.com/Azure/azure-sdk-for-go (#2450)
* docs: remove links to removed content (#2431)
* ci: added rpm build for rhel 9 (#2437)
* fix(secret): remove space from asymmetric private key (#2434)
* chore(deps): bump actions/cache from 3.0.2 to 3.0.4 (#2440)
* chore(deps): bump helm/kind-action from 1.2.0 to 1.3.0 (#2439)
* chore(deps): bump golang from 1.18.2 to 1.18.3 (#2438)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.25 to 1.44.46 (#2447)
* test(integration): fix golden files for debian 9 (#2435)
* fix(cli): fix version string in docs link when secret scanning is enabled (#2422)
* refactor: move CycloneDX marshaling (#2420)
* docs(nodejs): add docs about pnpm support (#2423)
* docs: improve k8s usage documentation (#2425)
* feat: Make secrets scanning output consistant (#2410)
* ci: create canary build after main branch changes (#1638)
* fix(misconf): skip broken scans (#2396)
* feat(nodejs): add pnpm support (#2414)
* fix: Fix false positive for use of COS images (#2413)
* eliminate nerdctl dependency (#2412)
* Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)
* fix(go): no cast to lowercase go package names (#2401)
* BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408)
* fix(server): hot update the db from custom repository (#2406)
* feat: added license parser for dpkg (#2381)
* chore(helm): bump appVersion to latest release (#2397)
* fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400)
* feat: extract stripe publishable and secret keys (#2392)
* feat: rbac support k8s sub-command (#2339)
* feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390)
* docs: Updating README with new CLI command (#2359)
* fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383)
* chore: add integration label and merge security label (#2316)
* Fri Jul 08 2022 dmueller@suse.com
- Update to version 0.29.2:
* chore: skip Visual Studio Code project folder (#2379)
* fix(helm): handle charts with templated names (#2374)
* docs: redirect operator docs to trivy-operator repo (#2372)
* fix(secret): use secret result when determining Failed status (#2370)
* try removing libdb-dev
* run integration tests in fanal
* use same testing images in fanal
* feat(helm): add support for trivy dbRepository (#2345)
* fix: Fix failing test due to deref lint issue
* test: Fix broken test
* fix: Fix makefile when no previous named ref is visible in a shallow clone
* chore: Fix linting issues in fanal
* refactor: Fix fanal import paths and remove dotfiles
* chore: bump defsec version v0.68.1
* Wed Jun 22 2022 kastl@b1-systems.de
- Update to version 0.29.1:
* fix(report): add required fields to the SARIF template (#2341)
* chore: fix spelling errors (#2352)
* Omit Remediation if PrimaryURL is empty (#2006)
* docs(repo): Link to installation documentation in readme shows 404 (#2348)
* feat(alma): support for scanning of modular packages for AlmaLinux (#2347)
* Wed Jun 22 2022 kastl@b1-systems.de
- Update to version 0.29.0:
* fix(lang): fix dependency graph in client server mode (#2336)
* feat: allow expiration date for .trivyignore entries (#2332)
* feat(lang): add dependency origin graph (#1970)
* docs: update nix installation info (#2331)
* feat: add rbac scanning support (#2328)
* refactor: move WordPress module to another repository (#2329)
* ci: add support for ppc64le (#2281)
* feat: add support for WASM modules (#2195)
* feat(secret): show recommendation for slow scanning (#2051)
* fix(flag): remove --clear-cache flag client mode (#2301)
* fix(java): added check for looping for variable evaluation in pom file (#2322)
* BREAKING(k8s): change CLI API (#2186)
* feat(alpine): add Alpine Linux 3.16 (#2319)
* docs: bump trivy-operator to v0.0.7 (#2320)
* ci: add `go mod tidy` check (#2314)
* chore: run `go mod tidy` (#2313)
* fix: do not exit if one resource is not found (#2311)
* feat(cli): use stderr for all log messages (resolve #381) (#2289)
* test: replace deprecated subcommand client in integration tests (#2308)
* feat: add support for containerd (#2305)
* fix(kubernetes): Support floats in manifest yaml (#2297)
* docs(kubernetes): dead links (#2307)
* chore: add license label (#2304)
* feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)
* feat(helm): add pod annotations (#2272)
* refactor: do not import defsec in fanal types package (#2292)
* feat(report): Add misconfiguration support to ASFF report template (#2285)
* test: use images in GHCR (#2275)
* feat(helm): support pod annotations (#2265)
* feat(misconf): Helm chart scanning (#2269)
* docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267)
* fix: mask redis credentials when logging (#2264)
* refactor: extract commands Runner interface (#2147)
* chore(deps): bump alpine from 3.15.4 to 3.16.0 (#2234)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.2 to 0.6.0 (#2245)
* docs: update operator release (#2263)
* chore(deps): bump github.com/urfave/cli/v2 from 2.6.0 to 2.8.1 (#2243)
* feat(redhat): added architecture check (#2172)
* docs: updating links in the docs to work again (#2256)
* docs: fix readme (#2251)
* fix: fixed incorrect CycloneDX output format (#2255)
* chore(deps): bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.3 (#2241)
* chore(deps): bump github.com/samber/lo from 1.19.0 to 1.21.0 (#2242)
* chore(deps): bump goreleaser/goreleaser-action from 2 to 3 (#2240)
* chore(deps): bump docker/setup-buildx-action from 1 to 2 (#2238)
* chore(deps): bump docker/setup-qemu-action from 1 to 2 (#2236)
* chore(deps): bump golang from 1.18.1 to 1.18.2 (#2235)
* chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#2237)
* chore(deps): bump docker/login-action from 1 to 2 (#2239)
* chore(deps): bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#2246)
* refactor(deps): move dependencies to package (#2189)
* fix(report): change github format version to required (#2229)
* docs: update readme (#2110)
* docs: added information about choosing advisory database (#2212)
* chore: update trivy-kubernetes (#2224)
* docs: clarifying parts of the k8s docs and updating links (#2222)
* fix(k8s): timeout error logging (#2179)
* chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)
* feat(k8s): add --context flag (#2171)
* fix(k8s): properly instantiate TableWriter (#2175)
* test: fixed integration tests after updating testcontainers to v0.13.0 (#2208)
* chore: update labels (#2197)
* fix(report): fixed panic if all misconf reports were removed in filter (#2188)
* feat(k8s): scan secrets (#2178)
* feat(report): GitHub Dependency Snapshots support (#1522)
* feat(db): added insecure skip tls verify to download trivy db (#2140)
* fix(redhat): always use vulns with fixed version if there is one (#2165)
* chore(redhat): Add support for Red Hat UBI 9. (#2183)
* fix(k8s): update trivy-kubernetes (#2163)
* fix misconfig start line for code quality tpl (#2181)
* fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)
* docs(vuln): Include GitLab 15.0 integration (#2153)
* docs: fix the operator version (#2167)
* fix(k8s): summary report when when only vulns exit (#2146)
* chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156)
* perf(misconf): Improve performance when scanning very large files (#2152)
* docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150)
* chore(deps): Update fanal (for less verbose code in misconf results) (#2151)
* docs: fixed installation instruction for rhel/centos (#2143)
* Mon May 23 2022 dmueller@suse.com
- Update to version 0.28.0 (bsc#1199760, CVE-2022-28946):
* fix: remove Highlighted from json output (#2131)
* fix: remove trivy-kubernetes replace (#2132)
* docs: Add Operator docs under Kubernetes section (#2111)
* fix(k8s): security-checks panic (#2127)
* ci: added k8s scope (#2130)
* docs: Update misconfig output in examples (#2128)
* fix(misconf): Fix coloured output in Goland terminal (#2126)
* docs(secret): Fix default value of --security-checks in docs (#2107)
* refactor(report): move colorize function from trivy-db (#2122)
* feat: k8s resource scanning (#2118)
* chore: add CODEOWNERS (#2121)
* feat(image): add `--server` option for remote scans (#1871)
* refactor: k8s (#2116)
* refactor: export useful APIs (#2108)
* docs: fix k8s doc (#2114)
* feat(kubernetes): Add report flag for summary (#2112)
* fix: Remove problematic advanced rego policies (#2113)
* feat(misconf): Add special output format for misconfigurations (#2100)
* feat: add k8s subcommand (#2065)
* chore: fix make lint version (#2102)
* fix(java): handle relative pom modules (#2101)
* fix(misconf): Add missing links for non-rego misconfig results (#2094)
* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
* chore(deps): bump trivy-issue-action to v0.0.4 (#2091)
* chore(deps): bump github.com/twitchtv/twirp (#2077)
* chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074)
* chore(os): updated fanal version and alpine distroless test (#2086)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075)
* chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076)
* feat(report): add support for SPDX (#2059)
* chore(deps): bump actions/setup-go from 2 to 3 (#2073)
* chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071)
* chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069)
* chore(deps): bump actions/stale from 4 to 5 (#2070)
* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072)
* chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#2079)
* chore: app version 0.27.0 (#2046)
* fix(misconf): added to skip conf files if their scanning is not enabled (#2066)
* docs(secret) fix rule path in docs (#2061)
* docs: change from go.sum to go.mod (#2056)
* Wed Apr 27 2022 kastl@b1-systems.de
- Update to version 0.27.1:
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (#1926)
* refactor(fs): scanner options (#2050)
* feat(secret): truncate long line (#2052)
* docs: fix a broken bullets (#2042)
* feat(ubuntu): add 22.04 approx eol date (#2044)
* docs: update installation.md (#2027)
* docs: add Containerfile (#2032)
* Tue Apr 26 2022 kastl@b1-systems.de
- Update to version 0.27.0:
* fix(go): fixed panic to scan gomod without version (#2038)
* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
* feat(secret): support enable rules (#2035)
* chore: app version 26.0 (#2030)
* docs(secret): add a demo movie (#2031)
* feat: support cache TTL in Redis (#2021)
* fix(go): skip system installed binaries (#2028)
* fix(go): check if go.sum is nil (#2029)
* feat: add secret scanning (#1901)
* chore: gh publish only with push the tag release (#2025)
* fix(fs): ignore permission errors (#2022)
* test(mod): using correct module inside test go.mod (#2020)
* feat(server): re-add proxy support for client/server communications (#1995)
* fix(report): truncate a description before escaping in ASFF template (#2004)
* fix(cloudformation): correct margin removal for empty lines (#2002)
* fix(template): correct check of old sarif template files (#2003)
* Sat Apr 16 2022 kastl@b1-systems.de
- Update to version 0.26.0:
* feat(alpine): warn mixing versions (#2000)
* Update ASFF template (#1914)
* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)
* chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)
* test(go): add integration tests for gomod (#1989)
* fix(python): fixed panic when scan .egg archive (#1992)
* fix(go): set correct go modules type (#1990)
* feat(alpine): support apk repositories (#1987)
* docs: add CBL-Mariner (#1982)
* docs(go): fix version (#1986)
* feat(go): support go.mod in Go 1.17+ (#1985)
* ci: fix URLs in the PR template (#1972)
* ci: add semantic pull requests check (#1968)
* docs(issue): added docs for wrong detection issues (#1961)
* Thu Apr 14 2022 kastl@b1-systems.de
- Update to version 0.25.4:
* docs: move CONTRIBUTING.md to docs (#1971)
* refactor(table): use file name instead package path (#1966)
* fix(sbom): add --db-repository (#1964)
* feat(table): add PkgPath in table result (#1960)
* fix(pom): merge multiple pom imports in a good manner (#1959)
* Wed Apr 06 2022 kastl@b1-systems.de
- Update to version 0.25.3:
* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)
* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)
* feat(jar): allow setting Maven Central URL using environment variable (#1939)
* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
* chore(chart): remove version comments (#1933)
* Wed Apr 06 2022 kastl@b1-systems.de
- Update to version 0.25.2:
* fix(downloadDB): add flag to server command (#1942)
* Tue Apr 05 2022 kastl@b1-systems.de
- Update to version 0.25.1:
* fix(misconf): update defsec to resolve panics (#1935)
* chore(deps): bump github.com/docker/docker (#1924)
* docs: restructure the documentation (#1887)
* chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)
* chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)
* chore(deps): bump actions/checkout from 2 to 3 (#1916)
* chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921)
* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)
* chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)
* chore(deps): bump golang from 1.17 to 1.18.0 (#1915)
* Add trivy horizontal logo (#1932)
* chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)
* chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925)
* chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)
* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)
* Fri Apr 01 2022 Johannes Kastl <kastl@b1-systems.de>
- Buildrequire go1.18 as upstream says in go.mod
* Fri Apr 01 2022 kastl@b1-systems.de
- Update to version 0.25.0:
* docs(filter vulnerabilities): fix link (#1880)
* feat(template) Add misconfigurations to gitlab codequality report (#1756)
* fix(rpc): add PkgPath field to client / server mode (#1643)
* fix(vulnerabilities): fixed trivy-db vulns (#1883)
* feat(cache): remove temporary cache after filesystem scanning (#1868)
* feat(sbom): add a dedicated sbom command (#1799)
* feat(cyclonedx): add vulnerabilities (#1832)
* fix(option): hide false warning about remote options (#1865)
* chore: bump up Go to 1.18 (#1862)
* feat(filesystem): scan in client/server mode (#1829)
* refactor(template): remove unused test (#1861)
* fix(cli): json format for trivy version (#1854)
* docs: change URL for tfsec-checks (#1857)
* Tue Mar 22 2022 Dirk Müller <dmueller@suse.com>
- tie to go.17 as 1.18 became available
* Fri Mar 18 2022 kastl@b1-systems.de
- Update to version 0.24.4:
* fix(docker): Getting images without a tag (#1852)
* docs(gitlab-ci): Use environment variables TRIVY_CACHE_DIR and TRIVY_NO_PROGRESS (#1801)
* Thu Mar 17 2022 Johannes Kastl <kastl@b1-systems.de>
- BuildRequire go1.17
* Wed Mar 16 2022 kastl@b1-systems.de
- Update to version 0.24.3:
* chore(issue labels): added new labels (#1839)
* refactor: clarify db update warning messages (#1808)
* chore(ci): change trivy vulnerability scan for every day (#1838)
* feat(helm): make Trivy service name configurable (#1825)
* chore(deps): updated sprig to version v3.2.2. (#1814)
* chore(deps): updated testcontainers-go to version v0.12.0 (#1822)
* docs: add packages.config for .NET (#1823)
* build: sign container image (#1668)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.4.0 to 0.5.0 (#1778)
* docs: fix Installation documentation (#1804)
* fix(report): ensure json report got a final new line (#1797)
* fix(terraform): resolve panics in defsec (#1811)
* feat(docker): Label images based on OCI image spec (#1793)
* fix(helm): indentation for ServiceAccount annotations (#1795)
* fix(hcl): fix panic in hcl2json (#1791)
* chore(helm): remove psp from helm manifest (#1315)
* build: Replace `make protoc` with `for loop` to return an error (#1655)
* fix: ASFF template to match ASFF schema (#1685)
* feat(helm): Add support for server token (#1734)
* Thu Mar 03 2022 kastl@b1-systems.de
- Update to version 0.24.2:
* fix(pom): keep an order of dependencies (#1784)
* chore: bump up Go to 1.17 (#1781)
* chore(deps): bump actions/setup-python from 2 to 3 (#1776)
* chore(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (#1777)
* Sun Feb 27 2022 kastl@b1-systems.de
- Update to version 0.24.1:
* fix(python): correct handling pip package names with a hyphen (#1771)
* doc(docker): fix command to run trivy with docker on linux (#1761)
* feat(helm): Add support for custom labels (#1767)
* chore(helm): bump chart to trivy 0.24.0 (#1762)
* docs: remove erroneous command (#1763)
* Wed Feb 23 2022 kastl@b1-systems.de
- Update to version 0.24.0:
* chore(deps): bump github.com/spf13/afero from 1.6.0 to 1.8.1 (#1708)
* fix(option): warn list-all-pkgs only with the table format (#1755)
* feat(option): warn "--list-all-pkgs" with "--format table" (#1632)
* feat(report): add support for CycloneDX (#1081)
* chore(deps): update the defsec and tfsec versions (#1747)
* fix(scanner): fix skip of language-specific files when scanning rootf… (#1751)
* chore(deps): bump github.com/google/wire from 0.4.0 to 0.5.0 (#1712)
* feat(report): considering App.Writer when printing results (#1722)
* chore(deps): replace `satori` version and skipping examples folder (#1745)
* build: add s390x container images (#1726)
* feat(template) Add misconfigurations to junit report (#1724)
* chore(deps): bump github.com/twitchtv/twirp (#1709)
* feat(client): configure TLS InsecureSkipVerify for server connection (#1287)
* fix(rpc): Supports RPC calls for new identifier CustomResource (#1605)
* chore(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 (#1705)
* chore(deps): bump github.com/caarlos0/env/v6 from 6.0.0 to 6.9.1 (#1707)
* feat(helm): Parameterise ServiceAccount annotations (#1677)
* chore(deps): bump github.com/hashicorp/go-getter from 1.5.2 to 1.5.11 (#1710)
* chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.3 to 3.0.8 (#1704)
* chore(deps): bump github.com/open-policy-agent/opa from 0.36.1 to 0.37.2 (#1711)
* chore(dependabot): enable gomod monthly (#1699)
* fix(gitlab tpl): escape double quote (#1635)
* build: Make `make protoc` be consistent (#1682)
* feat(purl): add generate purl package utilities (#1574)
* refactor: move result structs under types (#1696)
* feat(mariner): add support for CBL-Mariner 2.0 (#1694)
* docs(gitlab-ci): fix Script in GitLab CI Example #1688
* chore: Upgrade helm chart version (#1683)
* chore(mod): update Go dependencies (#1681)
* docs: fix typos in markdown docs (#1674)
* docs: update documentation for image scanning of tar files to use a tag present on Docker Hub (#1671)
* fix(repo): --no-progress suppresses git output (#1669)
* Tue Feb 01 2022 kastl@b1-systems.de
- Update to version 0.23.0:
* docs: add ACR navigator (#1651)
* fix: update example Rego files and docs (#1628)
* feat(option): show a link to GitHub Discussions for --light deprecation (#1650)
* fix(sarif): fix the warning message (#1647)
* refactor: migrate to prefixed buckets (#1644)
* feat(mariner): add support for CBL-Mariner (#1640)
* docs: commercial use available (#1641)
* feat: support azure acr (#1611)
* feat(os-pkg): add data sources (#1636)
* feat(redhat): support build info in RHEL (#807)
* fix: change links in pull_request_template to static URLs (#1634)
* feat(lang-pkg): add data sources (#1625)
* feat(detector): support custom detector (#1615)
* docs(contribution): change role who should resolve comments (#1618)
* docs: add PR template (#1602)
* feat(rocky): support Rocky Linux (#1570)
* Add the ability to set dockerhub credentials in the helm chart (#1569)
* feat(cache): redis TLS support (#1297)
* feat(java): add support for PAR files (#1599)
* refactor(rust): move rust-advisory-db to OSV (#1591)
* feat: log ignored vulnerabilities on debug (#1378)
* chore(mod): hcl2json deps update (#1585)
* fix(rpm): do not ignore installed files via third-party rpm (#1594)
* feat(fs): allow scanning a single file (#1578)
* refactor(python): drop Safety DB (#1580)
* feat: added insecure tls skip to scan git repo (#1528)
* Supress git clone output (#1590)
* fix(alma): skip modular package because MODULARITYLABEL is not set (#1588)
* feat(photon os): added EOL dates check (#1587)
* docs: update supported os (#1586)
* BREAKING: remove root command (#1579)
* docs: add Rust to Language-specific Packages Table (#1577)
* docs: update int doc for gitlab ci (#1575)
* BREAKING: migrate the sarif template to Go code (#1437)
* refactor: remove unused field (#1567)
* chore(deps): bump helm/chart-testing-action from 2.1.0 to 2.2.0 (#1554)
* docs: gitlab integration (#1381)
* feat(alma): support AlmaLinux (#1238)
* docs: added note about default template path when Trivy installed using rpm (#1551)
* BREAKING: Trivy DB from GHCR (#1539)
* feat(cli): Do not set default commands when a plugin is being run (#1549)
* fix: add fingerprint field to codequality template (#1541)
* fix(image): correct handling of uncompressed layers (#1544)
* chore: helm chart app version 0.22.0 (#1535)
* test(integration): use fixtures (#1532)
* Tue Dec 28 2021 dmueller@suse.com
- Update to version 0.22.0 (jsc#SLE-18339):
* fix(java/pom): ignore unsupported requirements (#1514)
* feat(cli): warning for root command (#1516)
* BREAKING: disable JAR detection in fs/repo scanning (#1512)
* feat(scan): support --offline-scan option (#1511)
* fix: improve memory usage (#1509)
* feat(java): support pom.xml (#1501)
* docs: fixing rust link to security advisory (#1504)
* Add missing IacMetdata (#1505)
* feat(jar): add file path (#1498)
* feat(rpm): support NDB (#1497)
* feat: added misconfiguration field for html.tpl (#1444)
* Tue Dec 21 2021 dmueller@suse.com
- Update to version 0.21.3:
* fix(docs): typo (#1488)
* feat(plugin): Add option to update plugin (#1462)
* fix: fixed skipFiles/skipDirs flags for relative path (#1482)
* feat (plugin): add list and info command for plugin (#1452)
* fix: set up a vulnerability severity (#1458)
* chore: add arm64 deb package (#1480)
* Link to trivy tutorial on Semaphore (#1449)
* refactor(helm): externalize env vars to configMap (#1345)
* docs: provide more information on scanning Google's GCR (#1426)
* docs(misconfiguration): added instruction for misconfiguration detection (#1428)
* Update git-repository.md (#1430)
* fix(hooks): exclude unrelated lib types from system files filtering (#1431)
* chore: run `go fmt` (#1429)
* fix(sarif): change `help` field in the sarif template. (#1423)
* Update fanal with cfsec version update (#1425)
* Replace deprecated option in goreleaser (#1406)
* feat(alpine): support 3.15 (#1422)
* chore: test the helm chart in the PR and used the commit hash (#1414)
* chore(deps): bump alpine from 3.14 to 3.15.0 (#1417)
* chore(release): add ubuntu older versions to deploy script (#1416)
* Sun Dec 05 2021 dmueller@suse.com
- Update to version 0.21.1:
* chore(mod): tidy (#1415)
* fix(rpc): fix nil layer transmit (#1410)
* Lang advisory order (#1409)
* chore: add support for s390x arch (#1304)
* fix(chart): ingress helm manifest-update trivy image (#1323)
* docs: Add comparison for cfsec (#1388)
* remove: delete unused functions in utils package (#1379)
* fix(sarif): fix validation errors (#1376)
* docs: add Bitbucket Pipelines (#1374)
* docs: add community integrations (#1361)
* Use a stable SARIF identifier (#1230)
* fix(python): fix parsing of requirements.txt with hash checking mode available in pip since version 8.0
* feat(iac): Add line information (#1366)
* feat(cloudformation): Adding support for cfsec IaC scanning (#1360)
* chore: send debug and info logs to stdout in install.sh, not stderr. (#1264)
* Update containerd to v1.5.7 and docker-cli to v20.10.9 (#1356)
* chore: update SBOM generation (#1349)
* Wed Nov 10 2021 dmueller@suse.com
- Update to version 0.20.2:
* docs: update builtin.md (#1335)
* chore: fix issues with Homebrew formula (#1329)
* chore: bump GoReleaser to v0.183.0 (#1328)
* docs: update iac.md for a typo (#1326)
* docs: typo fix (#1308)
* Add new networking API features to Ingress (#1262)
* chore(release): bump up GoReleaser to v0.182.1 (#1299)
* fix(yarn): support quoted version (#1298)
* feat(custom-forward): Forward the extended advisory data (#1247)
* feat(javascript) : Initialize npm driver for javascript packages (#1289)
* fix(cli): fix incorrect comparision of DB metadata type. (#1286)
* docs: add footer to readme (#1281)
* feat(report): add package path (#1274)
* feat(command): add rootfs command (#1271)
* fix: update fanal (#1272)
* feat(commands): remove deprecated options (#1270)
* Aggregate jar result for table (#1269)
* BREAKING(report): migrate to new json schema (#1265)
* feat: improve --skip-dirs and --skip-files (#1249)
* fix(gobinary): skip large files (#1259)
* Disable library analyzer for OS only scan type (#1191)
* chore: update trivy version (#1252)
* refactor: move from io/ioutil to io and os package (#1245)
* fix: brew test command (#1253)
* fix:added layer info in packages (#1248)
* fix(go/binary): improve debug messages (#1244)
* Update db.go (#1199)
* fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243)
* feat(debian): support the versions that reached EOL (#1237)
* feat(alpine): support unfixed vulnerabilities (#1235)
* feat(report): add image config (#1231)
* feat(nodejs): support package.json (#1225)
* refactor: use testing DB instead of mock (#1234)
* feat(ruby): support gemspec (#1224)
* feat(python): add packaging detector and respective hook (#1223)
* feat(license): Added support to new License field of go-dep-parser's library (#1167)
* fix(oracle): handle advisories contain ksplice versions (#1209)
* fix(docs): remove OSVDB advisories (#1215)
* docs: fix typos in CONTRIBUTING.md (#1181)
* Update EOL of Debian 11 (#1180)
* fix(plugin): resolve a closure (#1207)
* docs: fix typo (#1206)
* fix(detector): change an argument for trivy-db getter (#1203)
* chore(mod): update fanal (#1179)
* Add license info to package data (#1176)
* feat(nuget): support packages.config (#1095)
* feat(python): add support for requirements.txt (#1169)
* GitLab CI integration documentation (#1168)
* chore(gorelease) change goreleaser config to include template examples (#1138)
* chore(deps): bump dmnemec/copy_file_to_another_repo_action (#1153)
* chore(deps): bump actions/stale from 3 to 4 (#1152)
* feat(report): add end of service life flag to OS metadata (#1142)
* chore: set up Dependabot for github-actions and docker (#1128)
* docs: fix typo (#1149)
* docs: add some external links (#1147)
* chore (release): add ubuntu esm versions to deploy script (#1151)
* docs(troubleshooting) add urls which are required to download vuls db (#1137)
* Updated the Alpine Image to 3.14 (latest) (#1130)
* Added EOL for Ubuntu 21.10 (#1131)
* fix(image): disabled scanning of config files within container images (#1133)
* docs: fixed typo (#1124)
* update cyclonedx github action to v0.3.0 (#1127)
* fix(policy): fix panic on the first run (#1116)
* docs(misconf): add comparison with Conftest and tfsec (#1111)
* feat(report): add schema version (#1110)
* fix(scan): change unknown os from info to debug (#1109)
* docs: add misconfiguration (#1101)
* fix(config): rename include-successes with include-non-failures (#1107)
* feat(config): support --trace (#1106)
* fix(policy): reduce the Internet access (#1105)
* chore: bump golangci-lint to v1.41.1 (#1104)
* feat: support config scanning (#931)
* feat(report): add artifact metadata (#1079)
* Generate SBOM (#1076)
* fix(db): multiple prefixed data sources (#1070)
* Add EOL date for Alpine 3.14 (#1072)
* suse: mark sle 15.3 as maintained, add opensuse 15.3 (#1059)
* docs: improve data sources (#1069)
* chore(label): add kind/security-advisory (#1068)
* fix(asff): replace slice with substr (#1058)
* fix(helm-chart): parametrized ingress host path (#1049)
* feat: support Google Artifact Repository (#1055)
* Update ASFF template to use label for severity (#1047)
* BREAKING: migrate to a new JSON schema (#782)
* docs: Fix link to AWS Security Hub template (#1046)
* refactor(server): support gzip (#1045)
* chore(rpc): update protoc and twirp (#1044)
* Added support for list all packages flag in client (#1032)
* chore: chart with 0.18.3 (#1033)
* feat: add gitlab codequality template (#895)
* feat(plugin): add aqua plugin (#1029)
* fix(go): if patchedVersion is empty mark it as vulnerable (#1030)
* docs(ubuntu): fix supported versions (#1028)
* Support Ubuntu 21.04 (#1027)
* chore: remove codecov (#1016)
* fix typo on github-actions.md (#1022)
- drop 0001-suse-mark-sle-15.3-as-maintained-add-opensuse-15.3.patch (upstream)
* Thu Jun 10 2021 Dirk Müller <dmueller@suse.com>
- add 0001-suse-mark-sle-15.3-as-maintained-add-opensuse-15.3.patch
* Thu Jun 10 2021 Dirk Müller <dmueller@suse.com>
- strip binaries
* Mon Jun 07 2021 dmueller@suse.com
- Update to version 0.18.3:
* chore(ci): change to more granular tokens (#1014)
* chore(ci): add Go scanning and update dependencies (#1001)
* docs: Add HIGH severity to Trivy command in GitLab CI example to match comment (#1013)
* fix(image): disable go.sum scanning (#1007)
* fix(gomod): handle go.sum with an empty line (#1006)
* feat: prepare for config scanning (#1005)
* Clarify that dev dependencies are excluded (#986)
* Include target value in Sarif template ruleID (#991)
* chore(mkdocs): allow workflow_dispatch (#989)
* fix(vuln) unique vulnerabilities from different data sources (#984)
* feat(go): added support of gomod analyzer (#978)
* Mon May 03 2021 dmueller@suse.com
- Update to version 0.17.2:
* Upgrade fanal dependency (#976)
* docs: mention upx binaries (#974)
* Upgrade alpine to fix git and libcurl vulnerabilities in trivy docker image scan (#971)
* fix(fs): skip dirs (#969)
* chore(ci): replace GITHUB_TOKEN with ORG_GITHUB_TOKEN (#965)
* chore(ci): clone trivy-repo after releasing binaries (#963)
* docs: add golang support (#962)
* fix(table): skip zero vulnerabilities on java (#961)
* chore(ci): create a release discussion (#959)
* feat(go): support binary scan (#948)
* feat(java): support GitLab Advisory Database (#917)
* feat: show help message when the context's deadline passes (#955)
* chore(mkdocs): replace github token (#954)
* Update SARIF report template (#935)
* Update install docs to make commands consistent (#933)
* Docker multi-platform image build with `buildx`, using Goreleaser (#915)
* Fix JUnit template for AWS CodeBuild compatibility (#904)
* break(cli): use StringSliceFlag for skip-dirs/files (#916)
* docs: add white logo (#914)
* add package name in ruleID (#913)
* feat: gh-action for stale issues (#908)
* chore(triage): add lifecycle/active label (#909)
* feat: publish helm repository (#888)
* Fix Documentation Typo (#901)
* docs: migrate README to MkDocs (#884)
* refactor(internal): export internal packages (#887)
* feat: support plugins (#878)
* chore(ci): deploy dev docs only for the main branch (#882)
* add MkDocs implementation (#870)
* docs(README): update ubuntu versions (#877)
* support Ubuntu 20.10 (#876)
* feat(cache): introduce versioned cache (#865)
* chore: bump up Go to 1.16 (#861)
* fix: allow the latest tag (#864)
* feat: disable analyzers (#846)
* chore(ci): push the official image to public ECR (#855)
* chore(ci): migrate CircleCI to GitHub Actions (#850)
* adds example with multistage build (#853)
* remove SARIF helpUri if empty (#841) (#845)
* Add Sprig to Template Engine (#832)
* Fix "GitLab CI using Trivy container" usage example (fixes #843) (#844)
* feat(java): support jar/war/ear (#837)
* fix(app): increase the default value of timeout (#842)
* Update README.md (#838)
* Fix compatibility for Jenkins xunit plugin (#820)
* README: add Gitlab job that uses a container with trivy (#823)
* feat: support Podman (#825)
* fix(eol): update EOL dates (#824)
* fix(python): follow PEP 440 (#816)
* Support alpine 3.13 (#819)
* Changed the output string to "Using your github token". (#814)
* Align comment with code (#812)
* Parse redis backend url (#804)
* Update README.md (#810)
* Added nodeSelector, affinity and tolerations to helm chart (#803)
* Fix readme typo in policy flag (#805)
* Fix errors in SARIF format (#801)
* Fix env variable for github token (#796)
* fix(vulnerability): set unknown severity for empty values (#793)
* Remove global flags from filesystem command (#772)
* Add imagePullSecrets to helm Chart (#789)
* Add redis cache backend configuration options (#784)
* Update README.md (#735)
* feat(redhat): support modular packages (#790)
* Fix formatting of log message (#785)
* chore(ci): migrate unit tests to GitHub Actions (#779)
* shifted: brews.github to brews.tap (#780)
* Fri Jan 08 2021 rbrown@suse.com
- Update to version 0.15.0:
* Feat: NuGet Scanner (#686)
* feat(cache): support Redis (#770)
* fix(redhat): skip module packages (#776)
* chore: migrate from master to main (#778)
* chore(circleci): remove gofmt (#777)
* chore(README): remove experimental (#775)
* NVD: Add timestamps. (#761)
* (fix): Make the table output less wide. (#763)
* Add gitHubToken to prevent rate limit problems (#769)
* Add helm chart to install trivy in server mode. (#751)
* chore(docs): add nix install (#762)
* HTML template (#567)
* feat: remove rpm dependency (#753)
* fix(vulnerability): make an empty severity UNKNOWN (#759)
* chore(README): add TRIVY_INSECURE (#760)
* feat(vulnerability): add primary URLs (#752)
* Thu Nov 26 2020 dmueller@suse.com
- Update to version 0.13.0:
* fix(oracle): handle ksplice advisories (#745)
* fix: version comparison (#740)
* updated Readme.md (#737)
* Add suse sles 15.2 to the EOL list as well (#734)
* Update README.md (#731)
* Warn when a user attempts to use trivy without a detectable lockfile (#729)
* Add back support for FreeBSD & OpenBSD (#728)
* Add support for ppc64le architecture (#724)
* Skip packages from unsupported repository (remi) (#695)
* Skip downloading DB if a remote DB is not updated (#717)
* Sunsetting VendorVectors (#718)
* Add GitHub Container Registry to README (#712)
* update BUG_REPORT.md using H2 instead of bold formatting (#714)
* fix(ci/deb): do not remove old packages for EOL versions (#706)
* Add linter check support (#679)
* Optimize images (#696)
* Update triage.md (#701)
- remove 0001-Add-suse-sles-15.2-to-the-EOL-list-as-well.patch (merged)
* Fri Oct 30 2020 Dirk Mueller <dmueller@suse.com>
- add 0001-Add-suse-sles-15.2-to-the-EOL-list-as-well.patch
* Wed Oct 28 2020 Dirk Mueller <dmueller@suse.com>
- revert _service and build changes in last update to use
the proper macros
- set VERSION parameter properly (jsc#CAPS-105)
- remove update-end-of-life-dates.patch
* Thu Oct 22 2020 Stefan Nica <snica@suse.com>
- Require golang >= 1.15 to fix EINTR read issues (jsc#CAPS-170)
* Thu Oct 22 2020 Dirk Mueller <dmueller@suse.com>
- add update-end-of-life-dates.patch
* Tue Oct 20 2020 msabate@suse.com
- Update to version 0.12.0:
* ci(circle): update remote docker version (#683)
* suse: update end of life dates for SLES service packs (#676)
* update readme for parallel run issue (#660)
* fix link for Clear images section in README (#659)
* add link to Gitlab CI pipeline in README (#658)
* test: add tests for mux (#645)
* chore: bump up Go to 1.15 (#646)
* Add contrib/ to the release chain for Docker (#638)
* Add health check endpoint to trivy server (#644)
* fix(cli): show help for subcommands (#629)
* Tue Sep 08 2020 jsuchome@suse.com
- Update to version 0.9.2:
* Fixing `Error retrieving template from path` when --format is not template but template is provided (#556)
* Adding contrib/junit.tpl to docker image (#554)
* db: Update trivy-db to include CVSS score info (#530)
* docs: fix markdown (#553)
* Added function to escape string in failure message title and descriptions (#551)
* Added JUNIT support (#541)
* chore(docs): mention air-gapped environment (#544)
* chore(README): add programming languages (#543)
* fix(log): write error messages to stderr (#538)
* Use StoreMetadata from trivy-db (#509)
* docs: add more CI options to README (#535)
* chore(Dockerfile): bump up alpine to 3.12 (#528)
* fix(alpine): replace go-deb-version with go-apk-version (#520)
* fix: MissingBlobs is implemented different in FS and S3 the method log… (#522)
* Wed Aug 19 2020 dmueller@suse.com
- Update to version 0.9.1:
* fix(alpine): support 3.12 (#517)
* chore(README): prepare for v0.9.0 (#507)
* fix(config): transpose arguments (#516)
* Tue Jul 28 2020 jsuchome@suse.com
- Update to version 0.9.0:
* fix(app): add ArgsUsage (#508)
* feat: support repository and filesystem scan (#503)
* Add GHSA support (#467)
* refactor: define common options and embed them into the option for subcommand (#502)
* Add image subcommand (#493)
* fix: remove help template (#500)
* vulnerability: Add CVSS Vectors to JSON output. (#484)
* feat: support registry token (#482)
* chore: bump up urfave/cli to v2 (#499)
* chore(doc): update README (#490)
* chore(ci): move integration tests to GitHub Actions (#485)
* feat: support OCI Image Format (#475)
* chore(github): fix issue templates (#483)
* contrib/gitlab.tpl: Add new id field (#468)
* chore(docs): add triage.md (#473)
* fix: handle a scratch/busybox/DockerSlim image gracefully (#476)
* rpc: Fix output to use templates when in client server mode. (#469)
* Override with Vendor score if exists (#433)
* docs: Update installation docs for pointing to Trivy Releases. (#463)
* Fri Jul 24 2020 jsuchome@suse.com
- enabled changesgenerate option to automatically generate changes
* Thu Jul 16 2020 jsuchome@suse.com
- initial release of 0.6.0 version, supported by Harbor 2.0
/usr/bin/trivy /usr/share/doc/packages/trivy /usr/share/doc/packages/trivy/NOTICE /usr/share/doc/packages/trivy/README.md /usr/share/licenses/trivy /usr/share/licenses/trivy/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Apr 3 23:58:30 2024