Releases: aquasecurity/trivy
Releases · aquasecurity/trivy
v0.51.0
⚡Release highlights and summary⚡
👉 #6622
Changelog
- 14c1024 refactor: move setting scanners when using compliance reports to flag parsing (#6619)
- 998f750 feat: introduce package UIDs for improved vulnerability mapping (#6583)
- 770b141 perf(misconf): Improve cause performance (#6586)
- 3ccb1a0 docs: trivy-k8s new experiance remove un-used section (#6608)
- 58cfd1b chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible (#6612)
- 715963d docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)
- 37da98d feat(misconf): Use updated terminology for misconfiguration checks (#6476)
- cdee703 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 (#6593)
- 6a2225b docs: use
genericlink fromtrivy-repo(#6606) - a2a02de docs: update trivy k8s with new experience (#6465)
- e739ab8 feat: support
--skip-imagesscanning flag (#6334) - c6d5d85 BREAKING: add support for k8s
disable-node-collectorflag (#6311) - 194a814 chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 (#6601)
- 03830c5 chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 (#6599)
- 8e814fa chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#6597)
- 2dc76ba chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#6588)
- c17176b chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 (#6595)
- bce70af chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 (#6596)
- 4369a19 feat: add ubuntu 23.10 and 24.04 support (#6573)
- 5566548 chore(deps): bump azure/setup-helm from 3.5 to 4 (#6590)
- a8af76a chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#6587)
- c8ed432 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.24.6 to 1.27.4 (#6598)
- 551a46e docs(go): add stdlib (#6580)
- 261649b chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.16 (#6592)
- acfddd4 chore(deps): bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 (#6600)
- 419e3d2 feat(go): parse main mod version from build info settings (#6564)
- f0961d5 feat: respect custom exit code from plugin (#6584)
- a5d485c docs: add asdf and mise installation method (#6063)
- 29b8faf feat(vuln): Handle scanning conan v2.x lockfiles (#6357)
- e3bef02 feat: add support
environment.yamlfiles (#6569) - 916f6c6 fix: close plugin.yaml (#6577)
- 8e6cd0e fix: trivy k8s avoid deleting non-default node collector namespace (#6559)
- 060d0bb BREAKING: support exclude
kinds/namespacesand includekinds/namespaces(#6323) - 2d090ef feat(go): add main module (#6574)
- 6343e4f feat: add relationships (#6563)
- a018ee1 ci: disable
Gocache forreusable-release.yaml(#6572) - 5da053f docs: mention
--show-suppressedis available in table (#6571) - 3d66cb8 chore: fix sqlite to support loong64 (#6511)
- 9aca98c fix(debian): sort dpkg info before parsing due to exclude directories (#6551)
- 7811ad0 docs: update info about config file (#6547)
- fae710d docs: remove RELEASE_VERSION from trivy.repo (#6546)
- d2d4022 fix(sbom): change error to warning for multiple OSes (#6541)
- 164b025 fix(vuln): skip empty versions (#6542)
- 5dd9bd4 feat(c): add license support for conan lock files (#6329)
- 7c2017f fix(terraform): Attribute and fileset fixes (#6544)
- 63c9469 refactor: change warning if no vulnerability details are found (#6230)
- aa822c2 refactor(misconf): improve error handling in the Rego scanner (#6527)
- 30cc88f ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
- e32215c feat(go): parse main module of go binary files (#6530)
- d4da83c chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
- 0d7d97d refactor(misconf): simplify the retrieval of module annotations (#6528)
- 9873cf3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
- 95c8fd9 docs(nodejs): add info about supported versions of pnpm lock files (#6510)
- 12ec0df feat(misconf): loading embedded checks as a fallback (#6502)
- 9b7d713 fix(misconf): Parse JSON k8s manifests properly (#6490)
- 13e72ec refactor: remove parallel walk (#5180)
- a986199 fix: close pom.xml (#6507)
- 46d5aba fix(secret): convert severity for custom rules (#6500)
- 34ab09d fix(java): update logic to detect
pom.xmlfile snapshot artifacts from remote repositories (#6412) - 1ba5b59 fix: typo (#6283)
- 4fab0f8 docs(k8s,image): fix command-line syntax issues (#6403)
- d770981 chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#6435)
- 4337068 fix(misconf): avoid panic if the scheme is not valid (#6496)
- d82d6cb feat(image): goversion as stdlib (#6277)
- cfddfb3 fix: add color for error inside of log message (#6493)
- dfcb0f9 chore(deps): bump actions/add-to-project from 0.4.1 to 1.0.0 (#6438)
- 183eaaf docs: fix links to OPA docs (#6480)
- 94d6e8c refactor: replace zap with slog (#6466)
- 336c47e docs: update links to IaC schemas (#6477)
- 06b4473 chore: bump Go to 1.22 (#6075)
- a51cedd refactor(terraform): sync funcs with Terraform (#6415)
- 53517d6 feat(misconf): add helm-api-version and helm-kube-version flag (#6332)
- ad544e9 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.4.0 to 1.5.1 (#6426)
- 089368d chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 (#6452)
- 1163565 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 (#6430)
- 637da2b chore(deps): bump aquaproj/aqua-installer from 2.2.0 to 3.0.0 (#6437)
- 13190e9 fix(terraform): eval submodules (#6411)
- 6bca7c3 refactor(terraform): remove unused options (#6446)
- 8e4279b refactor(terraform): remove unused file (#6445)
- e98c873 chore(deps): bump github.com/testcontainers/testcontainers-go to v0.28.0 (#6387)
- b1c2eab chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.0 to 1.10.0 (#6427)
- 1c49a16 fix(misconf): Escape template value correctly (#6292)
- 8dd0fcd feat(misconf): add support for wildcard ignores (#6414)
- 74e4c6e fix(cloudformation): resolve
DedicatedMasterEnabledparsing issue (#6439) - 245c120 refactor(terraform): remove metrics collection (#6444)
- 86714bf feat(cloudformation): add support for logging and endpoint access for EKS (#6440)
- a758392 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.53.1 (#6424)
- 4d00d8b chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.10 (#6428)
- 3ad2b3e chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#6429)
- 8baccd7 fix(db): check schema version for image name only (#6410)
- e75a90f chore(deps): bump github.com/google/wire from 0.5.0 to 0.6.0 (#6425)
- 6625bd3 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.149.1 to 1.155.1 (#6433)
- 826fe60 chore(deps): bump actions/cache from 4.0.0 to 4.0.2 (#6436)
- f23ed77 feat(misconf): Support private registries for misconf check bundle (#6327)
- df024e8 feat(cloudformation): inline ignore support for YAML templates (#6358)
- 29dee32 feat(terraform): ignore resources by nested attributes (#6302)
- 1a67472 perf(helm): load in-memory files (#6383)
- 09e37b7 feat(aws): apply filter options to result (#6367)
- 87a9aa6 feat(aws): quiet flag support (#6331)
- 712dcd3 fix(misconf): clear location URI for SARIF (#6405)
- 625f22b test(cloudformation): add CF tests (#6315)
- 6a2f6fd fix(cloudformation): infer type after resolving a function (#6406)
v0.50.4
v0.50.2
Changelog
- 9aa9e17 ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
- 058f483 chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
- 9e3d2c5 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
- 2ad8e33 fix(java): update logic to detect
pom.xmlfile snapshot artifacts from remote repositories (#6412)
v0.50.1
Changelog
- 5f69937 fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399)
- 258d153 fix(nodejs): merge
Indirect,Dev,ExternalReferencesfields for same deps frompackage-lock.jsonfiles v2 or later (#6356) - ade033a docs: add info about support for package license detection in
fs/repomodes (#6381) - f85c9fa fix(nodejs): add support for parsing
workspacesfrompackage.jsonas an object (#6231) - 9d7f5c9 fix: use
0600perms for tmp files for post analyzers (#6386) - f148eb1 fix(helm): scan the subcharts once (#6382)
- 97f95c4 docs(terraform): add file patterns for Terraform Plan (#6393)
- abd62ae fix(terraform): сhecking SSE encryption algorithm validity (#6341)
- 7c409fd fix(java): parse modules from
pom.xmlfiles once (#6312) - 1b68327 chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#6364)
- a2482c1 fix(server): add Locations for
Packagesin client/server mode (#6366) - e866bd5 fix(sbom): add check for
CreationInfoto nil when detecting SPDX created using Trivy (#6346) - 1870f28 fix(report): don't include empty strings in
.vulnerabilities[].identifiers[].urlwhengitlab.tplis used (#6348) - 6c81e55 chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371)
v0.50.0
⚡Release highlights and summary⚡
👉 #6340
Changelog
- 8ec3938 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321)
- f6c5d58 feat(java): add support licenses and graph for gradle lock files (#6140)
- c4022d6 feat(vex): consider root component for relationships (#6313)
- 3177924 fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298)
- dd9620e chore: updates wazero to v1.7.0 (#6301)
- eb3ceb3 feat(sbom): Support license detection for SBOM scan (#6072)
- ab74caa refactor(sbom): use intermediate representation for SPDX (#6310)
- 71da44f docs(terraform): improve documentation for filtering by inline comments (#6284)
- 102b6df fix(terraform): fix policy document retrieval (#6276)
- aa19aaf refactor(terraform): remove unused custom error (#6303)
- 8fcef35 refactor(sbom): add intermediate representation for BOM (#6240)
- fb8c516 fix(amazon): check only major version of AL to find advisories (#6295)
- 96bd7ac fix(db): use schema version as tag only for
trivy-dbandtrivy-java-dbregistries by default (#6219) - 12c5bf0 fix(nodejs): add name validation for package name from
package.json(#6268) - d6c40ce docs: Added install instructions for FreeBSD (#6293)
- 9d2057a feat(image): customer podman host or socket option (#6256)
- 2a9d9bd chore(deps): bump wazero from 1.2.1 to 1.6.0 (#6290)
- 617c3e3 feat(java): mark dependencies from
maven-invoker-pluginintegration tests pom.xml files asDev(#6213) - 56cedc0 fix(license): reorder logic of how python package licenses are acquired (#6220)
- d7d7265 test(terraform): skip cached modules (#6281)
- 6639911 feat(secret): Support for detecting Hugging Face Access Tokens (#6236)
- 337cb75 fix(cloudformation): support of all SSE algorithms for s3 (#6270)
- 9361cdb feat(terraform): Terraform Plan snapshot scanning support (#6176)
- ee01e6e chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#6249)
- 3d2f583 fix: typo function name and comment optimization (#6200)
- c4b5ab7 fix(java): don't ignore runtime scope for pom.xml files (#6223)
- 355c1b5 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#6242)
- 7244ece chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#6243)
- 5cd0566 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#6251)
- ebb74a5 chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#6253)
- 24a8d6a chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#6250)
- 9d0d7ad chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#6247)
- e8230e1 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#6246)
- 04535b5 fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215)
- 939e34e chore(deps): Upgrade iac deps (#6255)
- 7cb6c02 feat: add info log message about dev deps suppression (#6211)
- c1d26ec test(k8s): use test-db for k8s integration tests (#6222)
- 4f70468 ci: add maximize-build-space for
Testjob (#6221) - 1dfece8 fix(terraform): fix root module search (#6160)
- e1ea02c test(parser): squash test data for yarn (#6203)
- 64926d8 fix(terraform): do not re-expand dynamic blocks (#6151)
- eb54bb5 docs: update ecosystem page reporting with db app (#6201)
- dc76c6e fix: k8s summary separate infra and user finding results (#6120)
- 1b7e474 fix: add context to target finding on k8s table view (#6099)
- 876ab84 fix: Printf format err (#6198)
- eef7c4f refactor: better integration of the parser into Trivy (#6183)
- 069aae5 chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#6189)
- 4a9ac6d feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108)
- 9c5e5a0 fix(vex): CSAF filtering should consider relationships (#5923)
- 388f476 refactor(report): Replacing
source_locationingithubreport when scanning an image (#5999) - cd3e4bc feat(vuln): ignore vulnerabilities by PURL (#6178)
- ce81c05 feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171)
- cf0f0d0 feat(k8s): rancher rke2 version support (#5988)
- 8a3a113 docs: update kbom distribution for scanning (#6019)
- 19495ba chore: update CODEOWNERS (#6173)
- e787e1a fix(swift): try to use branch to resolve version (#6168)
- 327cf88 fix(terraform): ensure consistent path handling across OS (#6161)
- 8221473 fix(java): add only valid libs from
pom.propertiesfiles fromjars(#6164) - 7694df1 fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163)
- 74dc5b6 chore(deps): merge go-dep-parser into Trivy (#6094)
- 32a02a9 docs(report): add remark about
pathto filter licenses using.trivyignore.yamlfile (#6145) - fb79ea7 docs: update template path for gitlab-ci tutorial (#6144)
- c6844a7 feat(report): support for filtering licenses and secrets via rego policy files (#6004)
- a813506 fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113)
- 14adbb4 refactor(deps): Merge defsec into trivy (#6109)
- efe0e0f chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#6142)
- 73dde32 docs: add SecObserve in CI/CD and reporting (#6139)
- aadbad1 fix(alpine): exclude empty licenses for apk packages (#6130)
- 14a0981 docs: add docs tutorial on custom policies with rego (#6104)
- 3ac6388 fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102)
- 3c1601b feat(vuln): show suppressed vulnerabilities in table (#6084)
- c107e1a docs: rename governance to principles (#6107)
- b26f217 docs: add governance (#6090)
- 7bd3b63 refactor(deps): Merge trivy-iac into Trivy (#6005)
- 535b5a9 feat(java): add dependency location support for
gradlefiles (#6083) - 428420e chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#6038)
- 7fec991 fix(misconf): get
userfromConfig.User(#6070)
v0.49.1
Changelog
- 6ccc0a5 fix: check unescaped
BomRefwhen matchingPkgIdentifier(#6025) - 458c5d9 docs: Fix broken link to "pronunciation" (#6057)
- 5c0ff6d chore(deps): bump actions/upload-artifact from 3 to 4 (#6047)
- e2bd7f7 chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#6042)
- f95fbcb chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#6043)
- 7651bf5 ci: reduce
root-reserve-mbsize formaximize-build-space(#6064) - fc20dfd chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#6041)
- 3bd80e7 chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#6039)
- 2900a21 fix: fix cursor usage in Redis Clear function (#6056)
- 85cb9a7 chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#6037)
- 4e962c0 fix(nodejs): add local packages support for
pnpm-lock.yamlfiles (#6034) - aa48a7b chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#6046)
- 8aabbea chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#6044)
- ec02a65 chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#6048)
- 27d35ba test: fix flaky
TestDockerEngine(#6054) - c3a66da chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#6040)
- 2000fe2 chore(deps): bump easimon/maximize-build-space from 9 to 10 (#6049)
- 2be6421 chore(deps): bump alpine from 3.19.0 to 3.19.1 (#6051)
- 41c0ef6 chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#6028)
v0.49.0
⚡Release highlights and summary⚡
👉 #6033
Changelog
- 729a051 fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)
- 884745b chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029)
- 59e5433 fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)
- 5924c02 feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)
- 4df9363 docs: add note about Bun (#6001)
- 70dd572 fix(report): use
AWS_REGIONenv for secrets inasfftemplate (#6011) - 13f797f fix: check returned error before deferring f.Close() (#6007)
- adfde63 feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)
- e2eb70e feat(vuln): enable
--vexfor all targets (#5992) - f9da021 docs: update link to data sources (#6000)
- b4b90cf feat(java): add support for line numbers for pom.xml files (#5991)
- fb36c4e refactor(sbom): use new
metadata.toolsstruct for CycloneDX (#5981) - f6be42b docs: Update troubleshooting guide with image not found error (#5983)
- bb6caea style: update band logos (#5968)
- 189a46a chore(deps): Update misconfig deps (#5956)
- 91a2547 docs: update cosign tutorial and commands, update kyverno policy (#5929)
- a96f66f docs: update command to scan go binary (#5969)
- 2212d14 fix: handle non-parsable images names (#5965)
- 7cad04b chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693)
- fbc1a83 fix(amazon): save system files for pkgs containing
amznin src (#5951) - 260aa28 fix(alpine): Add EOL support for alpine 3.19. (#5938)
- 2c9d7c6 feat: allow end-users to adjust K8S client QPS and burst (#5910)
- ffe2ca7 chore(deps): bump go-ebs-file (#5934)
- f90d4ee fix(nodejs): find licenses for packages with slash (#5836)
- c75143f fix(sbom): use
groupfield for pom.xml and nodejs files for CycloneDX reports (#5922) - a3fac90 fix: ignore no init containers (#5939)
- b1b4734 docs: Fix documentation of ecosystem (#5940)
- a2b6549 docs(misconf): multiple ignores in comment (#5926)
- ae134a9 fix(secret): find aws secrets ending with a comma or dot (#5921)
- c8c55fe chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885)
- 4d2e785 docs: ✨ Updated ecosystem docs with reference to new community app (#5918)
- 7895657 fix(java): don't remove excluded deps from upper pom's (#5838)
- 37e7e3e fix(java): check if a version exists when determining GAV by file name for
jarfiles (#5630) - d0c81e2 feat(vex): add PURL matching for CSAF VEX (#5890)
- 958e1f1 fix(secret):
AWS Secret Access Keymust include only secrets withawstext. (#5901) - 56c4e24 revert(report): don't escape new line characters for sarif format (#5897)
- 92d9b3d docs: improve filter by rego (#5402)
- a626cdf chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)
- 47b6c28 docs: add_scan2html_to_trivy_ecosystem (#5875)
- 0ebb6c4 fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)
- c47ed0d feat(vex): Add support for CSAF format (#5535)
- 2cdd65d chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880)
- cba67d1 chore(deps): bump actions/setup-go from 4 to 5 (#5845)
- d990e70 chore(deps): bump actions/stale from 8 to 9 (#5846)
- c72dfbf chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853)
- 1218984 chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847)
- 682210a chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854)
- e1a60cc chore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849)
- b508414 chore(deps): bump actions/setup-python from 4 to 5 (#5848)
- df3e90a feat(python): parse licenses from dist-info folder (#4724)
- fa2e883 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852)
- 30eff9c feat(nodejs): add yarn alias support (#5818)
- 013df4c chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850)
- b1489f3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856)
- 7f2e422 chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)
- da597c4 refactor: propagate time through context values (#5858)
- 1607eee refactor: move PkgRef under PkgIdentifier (#5831)
- b3d516e fix(cyclonedx): fix unmarshal for licenses (#5828)
- c17b660 chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)
- 1f0d629 feat(vuln): include pkg identifier on detected vulnerabilities (#5439)
v0.48.3
v0.48.2
v0.48.1
Changelog
- ba825b2 chore(deps): bump trivy-iac to v0.7.1 (#5797)
- abf227e fix(bitnami): use a different comparer for detecting vulnerabilities (#5633)
- df49ea4 refactor(sbom): disable html escaping for CycloneDX (#5764)
- f25e2df refactor(purl): use
pubfrompackage-url(#5784) - b5e3b77 docs(python): add note to using
pip freezeforcompatible releases(#5760) - 6cc00c2 fix(report): use OS information for OS packages purl in
githubtemplate (#5783) - c317fe8 fix(report): fix error if miconfigs are empty (#5782)
- 9b4bced refactor(vuln): don't remove VendorSeverity in JSON report (#5761)
- be5a550 fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767)
- 01edbda docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746)
- eb97419 fix(report): update Gitlab template (#5721)
- be1c554 feat(secret): add support of GitHub fine-grained tokens (#5740)
- a5342da fix(misconf): add an image misconf to result (#5731)
- 108a5b0 feat(secret): added support of Docker registry credentials (#5720)
- 6080e24 chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 (#5717)
- e27ec32 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 (#5701)