v1.4.1

Changes

• ROX-20642: replace stackrox.com email with redhat @janisz (#317)
• chore: switch to rhacs-bot@redhat.com @gavin-stackrox (#296)
• chore(CI): change call to gke.sh @gavin-stackrox (#290)
• Create CODEOWNERS @janisz (#283)
• ROX-19985: Test in RH GCP @gavin-stackrox (#279)

🐛 Bug Fixes

• Add information about running on controller @janisz (#278)

⬆️ Dependencies

34 changes

• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 in /stackrox-container-image-scanner @dependabot (#316)
• Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.11 in /stackrox-container-image-scanner @dependabot (#315)
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.3 to 3.2.5 in /stackrox-container-image-scanner @dependabot (#314)
• Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 in /stackrox-container-image-scanner @dependabot (#313)
• Bump commons-validator:commons-validator from 1.7 to 1.8.0 in /stackrox-container-image-scanner @dependabot (#312)
• Bump io.swagger:swagger-annotations from 1.6.11 to 1.6.12 in /stackrox-container-image-scanner @dependabot (#310)
• Bump org.openapitools:openapi-generator-maven-plugin from 7.1.0 to 7.2.0 in /stackrox-container-image-scanner @dependabot (#309)
• Bump org.jetbrains.kotlin:kotlin-stdlib-common from 1.8.10 to 1.9.22 in /stackrox-container-image-scanner @dependabot (#308)
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.3 in /stackrox-container-image-scanner @dependabot (#307)
• Bump org.openapi.generator from 7.1.0 to 7.2.0 in /functionaltest-jenkins-plugin @dependabot (#306)
• Bump org.slf4j:slf4j-api from 2.0.6 to 2.0.9 in /stackrox-container-image-scanner @dependabot (#305)
• Bump com.squareup.okhttp3:logging-interceptor from 4.10.0 to 4.11.0 in /stackrox-container-image-scanner @dependabot (#304)
• Bump com.google.guava:guava from 32.1.3-jre to 33.0.0-jre in /stackrox-container-image-scanner @dependabot (#303)
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.1 to 2.7.10 in /stackrox-container-image-scanner @dependabot (#302)
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.1 to 3.2.3 in /stackrox-container-image-scanner @dependabot (#301)
• Bump org.openapitools:openapi-generator-maven-plugin from 6.4.0 to 7.1.0 in /stackrox-container-image-scanner @dependabot (#295)
• Bump org.openapi.generator from 7.0.1 to 7.1.0 in /functionaltest-jenkins-plugin @dependabot (#293)
• Bump actions/download-artifact from 3 to 4 @dependabot (#299)
• Bump github/codeql-action from 2 to 3 @dependabot (#298)
• Bump actions/setup-java from 3 to 4 @dependabot (#297)
• Bump com.google.guava:guava from 32.1.2-jre to 32.1.3-jre in /stackrox-container-image-scanner @dependabot (#294)
• Bump io.gsonfire:gson-fire from 1.8.5 to 1.9.0 in /stackrox-container-image-scanner @dependabot (#292)
• Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 in /stackrox-container-image-scanner @dependabot (#291)
• Bump io.gsonfire:gson-fire from 1.8.5 to 1.9.0 in /functionaltest-jenkins-plugin @dependabot (#288)
• Bump org.junit:junit-bom from 5.9.3 to 5.10.1 in /stackrox-container-image-scanner @dependabot (#289)
• Bump org.projectlombok:lombok from 1.18.28 to 1.18.30 in /stackrox-container-image-scanner @dependabot (#285)
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0 in /stackrox-container-image-scanner @dependabot (#284)
• Bump docker/setup-buildx-action from 2 to 3 @dependabot (#276)
• Bump org.apache.maven.plugins:maven-surefire-plugin from 2.22.2 to 3.2.1 in /stackrox-container-image-scanner @dependabot (#282)
• Bump org.glassfish.jaxb:jaxb-runtime from 4.0.3 to 4.0.4 in /functionaltest-jenkins-plugin @dependabot (#281)
• Bump com.squareup.okhttp3:okhttp from 4.11.0 to 4.12.0 in /functionaltest-jenkins-plugin @dependabot (#280)
• Bump org.jenkins-ci.plugins:stackrox-container-image-scanner from 1.3.6 to 1.4.0 in /functionaltest-jenkins-plugin @dependabot (#277)
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.0 to 4.0.1 in /functionaltest-jenkins-plugin @dependabot (#275)
• Bump org.openapi.generator from 6.6.0 to 7.0.1 in /functionaltest-jenkins-plugin @dependabot (#271)

Full Changelog: 1.4.0...1.4.1

v1.4.0

Changes

🚀 Features

• ROX-19158: Add cluster param to scan requests @dcaravel (#268)

🐛 Bug Fixes

• JENKINS-71169: fix severity/fixable order in CSV report @janisz (#269)

🧰 Maintenance

• chore(repo): add PR template @dhaus67 (#273)
• fix(ci): fix E2E tests @dhaus67 (#272)

⬆️ Dependencies

• Bump docker/build-push-action from 4 to 5 @dependabot (#267)
• Bump com.google.guava:guava from 31.1-jre to 32.1.2-jre in /stackrox-container-image-scanner @dependabot (#263)
• Bump com.github.tomakehurst:wiremock-jre8-standalone from 2.35.0 to 2.35.1 in /stackrox-container-image-scanner @dependabot (#266)
• Bump actions/checkout from 3 to 4 @dependabot (#265)
• Bump org.jenkins-ci.plugins:stackrox-container-image-scanner from 1.3.5 to 1.3.6 in /functionaltest-jenkins-plugin @dependabot (#262)

Full Changelog: 1.3.6...1.4.0

v1.3.6

🐛 Bug Fixes

• ROX-16728: On validation show concrete error @janisz (#259)
• ROX-5273: Always generate artifacts even if not issues found @janisz (#244)
• Do not fail on unknown fields in JSON response. @janisz (#233)

🧰 Maintenance

• Change variable name @janisz (#248)
• Skip code scan on pulls and e2e on external contributions @janisz (#241)
• Change dependabot to daily updates with limit @janisz (#239)
• Reuse generated code in E2E @janisz (#237)
• integrate codeql with tests @janisz (#240)
• Remove custom proxy @janisz (#235)
• Migrate from dockerhub to quay @janisz (#236)
• Auto-merge dependabots PRs @janisz (#238)
• ROX-11371: Run E2E tests @janisz (#234)

⬆️ Dependencies

16 changes

• Bump org.glassfish.jaxb:jaxb-runtime from 4.0.2 to 4.0.3 in /functionaltest-jenkins-plugin @dependabot (#258)
• Bump gson from 2.9.1 to 2.10.1 in /stackrox-container-image-scanner @dependabot (#255)
• Bump okhttp from 4.10.0 to 4.11.0 in /stackrox-container-image-scanner @dependabot (#254)
• Bump lombok from 1.18.26 to 1.18.28 in /stackrox-container-image-scanner @dependabot (#253)
• Bump junit-bom from 5.9.2 to 5.9.3 in /stackrox-container-image-scanner @dependabot (#252)
• Bump commons-csv from 1.9.0 to 1.10.0 in /stackrox-container-image-scanner @dependabot (#251)
• Bump swagger-annotations from 1.6.9 to 1.6.11 in /stackrox-container-image-scanner @dependabot (#249)
• Bump com.squareup.okhttp3:okhttp from 4.10.0 to 4.11.0 in /functionaltest-jenkins-plugin @dependabot (#250)
• Bump httpclient from 4.5.13 to 4.5.14 in /stackrox-container-image-scanner @dependabot (#246)
• Bump org.openapi.generator from 6.2.0 to 6.6.0 in /functionaltest-jenkins-plugin @dependabot (#247)
• Bump org.glassfish.jaxb:jaxb-runtime from 4.0.0 to 4.0.2 in /functionaltest-jenkins-plugin @dependabot (#223)
• Bump jackson-databind-nullable from 0.2.4 to 0.2.6 in /stackrox-container-image-scanner @dependabot (#224)
• Bump wiremock-jre8-standalone from 2.34.0 to 2.35.0 in /stackrox-container-image-scanner @dependabot (#225)
• Bump lombok from 1.18.24 to 1.18.26 in /stackrox-container-image-scanner @dependabot (#226)
• Bump maven-compiler-plugin from 3.10.1 to 3.11.0 in /stackrox-container-image-scanner @dependabot (#227)
• Bump maven-javadoc-plugin from 3.4.1 to 3.5.0 in /stackrox-container-image-scanner @dependabot (#228)

Full Changelog: 1.3.5...1.3.6

v1.3.5

Changes

🐛 Bug Fixes

• Update schema to include names in image added in 3.74 @janisz (#231)

Full Changelog: 1.3.4...1.3.5

v1.3.4

Changes

• Change developer name to Red Hat @janisz (#218)
• Run unit tests on PRs @janisz (#219)

🚀 Features

• Add SBOM to release page @janisz (#192)

🧰 Maintenance

• Typo sbom → bom @janisz (#202)
• Fix release workflow @janisz (#201)

⬆️ Dependencies

9 changes

• Bump jackson-databind-nullable from 0.2.3 to 0.2.4 in /stackrox-container-image-scanner @dependabot (#204)
• Bump swagger-annotations from 1.6.6 to 1.6.9 in /stackrox-container-image-scanner @dependabot (#208)
• Bump slf4j-api from 2.0.1 to 2.0.6 in /stackrox-container-image-scanner @dependabot (#214)
• Bump junit-bom from 5.8.2 to 5.9.2 in /stackrox-container-image-scanner @dependabot (#216)
• Bump kotlin-stdlib-common from 1.7.0 to 1.8.10 in /stackrox-container-image-scanner @dependabot (#220)
• Bump com.google.code.gson:gson from 2.9.0 to 2.10.1 in /functionaltest-jenkins-plugin @dependabot (#215)
• Bump org.openapi.generator from 6.1.0 to 6.2.0 in /functionaltest-jenkins-plugin @dependabot (#196)
• Bump openapi-generator-maven-plugin from 6.1.0 to 6.2.0 in /stackrox-container-image-scanner @dependabot (#200)
• Bump actions/checkout from 2 to 3 @dependabot (#191)

Full Changelog: 1.3.3...1.3.4

1.3.3

Changes

• Update README with link to plugin usage information @janisz (#159)

🚀 Features

• Bump openapi-generator-maven-plugin from 5.4.0 to 6.1.0 in /stackrox-container-image-scanner @dependabot (#165)

🐛 Bug Fixes

• Fix github workflow @janisz (#182)
• Fix tests by using pinned jenkins image @janisz (#176)

🧰 Maintenance

• Use @roxbot PAT to interact with repo @janisz (#190)
• Configure releaser @janisz (#186)
• Configure @dependabot for gh actions @janisz (#185)
• Use git over https in pom.xml @janisz (#184)
• Release from Github @janisz (#183)
• Create codeql-analysis.yml @janisz (#181)
• Use maven wrapper @janisz (#171)

⬆️ Dependencies

15 changes

• Bump wiremock-jre8-standalone from 2.33.2 to 2.34.0 in /stackrox-container-image-scanner @dependabot (#187)
• Bump actions/setup-java from 2 to 3 @dependabot (#188)
• Bump slf4j-api from 2.0.0 to 2.0.1 in /stackrox-container-image-scanner @dependabot (#189)
• Bump org.openapi.generator from 5.4.0 to 6.1.0 in /functionaltest-jenkins-plugin @dependabot (#175)
• Bump javaee-api from 7.0 to 8.0.1 in /stackrox-container-image-scanner @dependabot (#179)
• Bump maven-javadoc-plugin from 3.4.0 to 3.4.1 in /stackrox-container-image-scanner @dependabot (#174)
• Bump jackson-databind-nullable from 0.2.2 to 0.2.3 in /functionaltest-jenkins-plugin @dependabot (#172)
• Bump jackson-databind-nullable from 0.2.2 to 0.2.3 in /stackrox-container-image-scanner @dependabot (#164)
• Bump openapi-generator-maven-plugin from 5.4.0 to 6.1.0 in /stackrox-container-image-scanner @dependabot (#165)
• Bump slf4j-api from 1.7.36 to 2.0.0 in /stackrox-container-image-scanner @dependabot (#173)
• Bump jakarta.annotation-api from 2.1.0 to 2.1.1 in /functionaltest-jenkins-plugin @dependabot (#163)
• Bump jaxb-runtime from 3.0.2 to 4.0.0 in /functionaltest-jenkins-plugin @dependabot (#162)
• Bump logging-interceptor from 4.9.3 to 4.10.0 in /functionaltest-jenkins-plugin @dependabot (#161)
• Bump okhttp from 4.9.3 to 4.10.0 in /functionaltest-jenkins-plugin @dependabot (#160)
• Bump gson from 2.9.0 to 2.9.1 in /stackrox-container-image-scanner @dependabot (#169)

Full Changelog: stackrox-container-image-scanner-1.3.2...1.3.3

1.3.2

What's Changed

Bug Fixes

• ROX-11356: Update API spec to latest version (3.70.0). by @dhaus67 in #152

Dependencies

• Bump maven-compiler-plugin from 3.10.0 to 3.10.1 in /stackrox-container-image-scanner by @dependabot in #143
• Bump jakarta.annotation-api from 2.0.0 to 2.1.0 in /functionaltest-jenkins-plugin by @dependabot in #144
• Bump swagger-annotations from 1.6.5 to 1.6.6 in /functionaltest-jenkins-plugin by @dependabot in #145
• Bump jakarta.xml.bind-api from 3.0.1 to 4.0.0 in /functionaltest-jenkins-plugin by @dependabot in #146
• Bump maven-javadoc-plugin from 3.3.2 to 3.4.0 in /stackrox-container-image-scanner by @dependabot in #149
• Bump swagger-annotations from 1.6.4 to 1.6.6 in /stackrox-container-image-scanner by @dependabot in #147
• Bump kotlin-stdlib-common from 1.6.10 to 1.7.0 in /stackrox-container-image-scanner by @dependabot in #155
• Bump lombok from 1.18.22 to 1.18.24 in /stackrox-container-image-scanner by @dependabot in #157
• Bump wiremock-jre8 from 2.31.0 to 2.33.2 in /stackrox-container-image-scanner by @dependabot in #148
• Bump okhttp from 4.9.3 to 4.10.0 in /stackrox-container-image-scanner by @dependabot in #156

New Contributors

• @dhaus67 made their first contribution in #152

Full Changelog: stackrox-container-image-scanner-1.3.1...stackrox-container-image-scanner-1.3.2

1.3.1

Bugfix

• Add previously removed (#82) CVSS Score and Fixable status (#142)

1.3.0

• Fixed an issue with overriding reports for multiple plugin invocation
• Display all violations
• Make policy violations CSV look like in roxctl
• Make CVEs CSV look like in roxctl
• Allow passing image names directly in plugin configuration (not with file)
• Use generated API clients
• Update dependencies

Version 1.2.4

• Fixed an issue with the exception handling causing the input config params to not be honored correctly while marking
  the build step as pass/fail