UNCLASSIFIED - NO CUI

Skip to content

Update aquasec/trivy Docker tag to v0.49.0

This MR contains the following updates:

Package Type Update Change
aquasec/trivy minor 0.48.3 -> 0.49.0
aquasec/trivy ironbank-docker minor 0.48.3 -> 0.49.0
aquasec/trivy stage minor 0.48.3 -> 0.49.0

Release Notes

aquasecurity/trivy (aquasec/trivy)

v0.49.0

Compare Source

Release highlights and summary

👉 https://github.com/aquasecurity/trivy/discussions/6033

Changelog
  • 729a051 fix(java): recursive check all nested depManagements with import scope for pom.xml files (#​5982)
  • 884745b chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#​6029)
  • 59e5433 fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#​5843)
  • 5924c02 feat(rust): Support workspace.members parsing for Cargo.toml analysis (#​5285)
  • 4df9363 docs: add note about Bun (#​6001)
  • 70dd572 fix(report): use AWS_REGION env for secrets in asff template (#​6011)
  • 13f797f fix: check returned error before deferring f.Close() (#​6007)
  • adfde63 feat(misconf): add support of buildkit instructions when building dockerfile from image config (#​5990)
  • e2eb70e feat(vuln): enable --vex for all targets (#​5992)
  • f9da021 docs: update link to data sources (#​6000)
  • b4b90cf feat(java): add support for line numbers for pom.xml files (#​5991)
  • fb36c4e refactor(sbom): use new metadata.tools struct for CycloneDX (#​5981)
  • f6be42b docs: Update troubleshooting guide with image not found error (#​5983)
  • bb6caea style: update band logos (#​5968)
  • 189a46a chore(deps): Update misconfig deps (#​5956)
  • 91a2547 docs: update cosign tutorial and commands, update kyverno policy (#​5929)
  • a96f66f docs: update command to scan go binary (#​5969)
  • 2212d14 fix: handle non-parsable images names (#​5965)
  • 7cad04b chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#​5693)
  • fbc1a83 fix(amazon): save system files for pkgs containing amzn in src (#​5951)
  • 260aa28 fix(alpine): Add EOL support for alpine 3.19. (#​5938)
  • 2c9d7c6 feat: allow end-users to adjust K8S client QPS and burst (#​5910)
  • ffe2ca7 chore(deps): bump go-ebs-file (#​5934)
  • f90d4ee fix(nodejs): find licenses for packages with slash (#​5836)
  • c75143f fix(sbom): use group field for pom.xml and nodejs files for CycloneDX reports (#​5922)
  • a3fac90 fix: ignore no init containers (#​5939)
  • b1b4734 docs: Fix documentation of ecosystem (#​5940)
  • a2b6549 docs(misconf): multiple ignores in comment (#​5926)
  • ae134a9 fix(secret): find aws secrets ending with a comma or dot (#​5921)
  • c8c55fe chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#​5885)
  • 4d2e785 docs: Updated ecosystem docs with reference to new community app (#​5918)
  • 7895657 fix(java): don't remove excluded deps from upper pom's (#​5838)
  • 37e7e3e fix(java): check if a version exists when determining GAV by file name for jar files (#​5630)
  • d0c81e2 feat(vex): add PURL matching for CSAF VEX (#​5890)
  • 958e1f1 fix(secret): AWS Secret Access Key must include only secrets with aws text. (#​5901)
  • 56c4e24 revert(report): don't escape new line characters for sarif format (#​5897)
  • 92d9b3d docs: improve filter by rego (#​5402)
  • a626cdf chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#​5892)
  • 47b6c28 docs: add_scan2html_to_trivy_ecosystem (#​5875)
  • 0ebb6c4 fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#​5888)
  • c47ed0d feat(vex): Add support for CSAF format (#​5535)
  • 2cdd65d chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#​5880)
  • cba67d1 chore(deps): bump actions/setup-go from 4 to 5 (#​5845)
  • d990e70 chore(deps): bump actions/stale from 8 to 9 (#​5846)
  • c72dfbf chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#​5853)
  • 1218984 chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#​5847)
  • 682210a chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#​5854)
  • e1a60cc chore(deps): bump alpine from 3.18.5 to 3.19.0 (#​5849)
  • b508414 chore(deps): bump actions/setup-python from 4 to 5 (#​5848)
  • df3e90a feat(python): parse licenses from dist-info folder (#​4724)
  • fa2e883 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#​5852)
  • 30eff9c feat(nodejs): add yarn alias support (#​5818)
  • 013df4c chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#​5850)
  • b1489f3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#​5856)
  • 7f2e422 chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#​5855)
  • da597c4 refactor: propagate time through context values (#​5858)
  • 1607eee refactor: move PkgRef under PkgIdentifier (#​5831)
  • b3d516e fix(cyclonedx): fix unmarshal for licenses (#​5828)
  • c17b660 chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#​5830)
  • 1f0d629 feat(vuln): include pkg identifier on detected vulnerabilities (#​5439)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports