Update aquasec/trivy Docker tag to v0.49.0

This MR contains the following updates:

Package	Type	Update	Change
aquasec/trivy		minor	0.48.3 -> 0.49.0
aquasec/trivy	ironbank-docker	minor	0.48.3 -> 0.49.0
aquasec/trivy	stage	minor	0.48.3 -> 0.49.0

---

Release Notes

aquasecurity/trivy (aquasec/trivy)

v0.49.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6033

Changelog

• 729a051 fix(java): recursive check all nested depManagements with import scope for pom.xml files (#​5982)
• 884745b chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#​6029)
• 59e5433 fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#​5843)
• 5924c02 feat(rust): Support workspace.members parsing for Cargo.toml analysis (#​5285)
• 4df9363 docs: add note about Bun (#​6001)
• 70dd572 fix(report): use AWS_REGION env for secrets in asff template (#​6011)
• 13f797f fix: check returned error before deferring f.Close() (#​6007)
• adfde63 feat(misconf): add support of buildkit instructions when building dockerfile from image config (#​5990)
• e2eb70e feat(vuln): enable --vex for all targets (#​5992)
• f9da021 docs: update link to data sources (#​6000)
• b4b90cf feat(java): add support for line numbers for pom.xml files (#​5991)
• fb36c4e refactor(sbom): use new metadata.tools struct for CycloneDX (#​5981)
• f6be42b docs: Update troubleshooting guide with image not found error (#​5983)
• bb6caea style: update band logos (#​5968)
• 189a46a chore(deps): Update misconfig deps (#​5956)
• 91a2547 docs: update cosign tutorial and commands, update kyverno policy (#​5929)
• a96f66f docs: update command to scan go binary (#​5969)
• 2212d14 fix: handle non-parsable images names (#​5965)
• 7cad04b chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#​5693)
• fbc1a83 fix(amazon): save system files for pkgs containing amzn in src (#​5951)
• 260aa28 fix(alpine): Add EOL support for alpine 3.19. (#​5938)
• 2c9d7c6 feat: allow end-users to adjust K8S client QPS and burst (#​5910)
• ffe2ca7 chore(deps): bump go-ebs-file (#​5934)
• f90d4ee fix(nodejs): find licenses for packages with slash (#​5836)
• c75143f fix(sbom): use group field for pom.xml and nodejs files for CycloneDX reports (#​5922)
• a3fac90 fix: ignore no init containers (#​5939)
• b1b4734 docs: Fix documentation of ecosystem (#​5940)
• a2b6549 docs(misconf): multiple ignores in comment (#​5926)
• ae134a9 fix(secret): find aws secrets ending with a comma or dot (#​5921)
• c8c55fe chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#​5885)
• 4d2e785 docs: ✨ Updated ecosystem docs with reference to new community app (#​5918)
• 7895657 fix(java): don't remove excluded deps from upper pom's (#​5838)
• 37e7e3e fix(java): check if a version exists when determining GAV by file name for jar files (#​5630)
• d0c81e2 feat(vex): add PURL matching for CSAF VEX (#​5890)
• 958e1f1 fix(secret): AWS Secret Access Key must include only secrets with aws text. (#​5901)
• 56c4e24 revert(report): don't escape new line characters for sarif format (#​5897)
• 92d9b3d docs: improve filter by rego (#​5402)
• a626cdf chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#​5892)
• 47b6c28 docs: add_scan2html_to_trivy_ecosystem (#​5875)
• 0ebb6c4 fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#​5888)
• c47ed0d feat(vex): Add support for CSAF format (#​5535)
• 2cdd65d chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#​5880)
• cba67d1 chore(deps): bump actions/setup-go from 4 to 5 (#​5845)
• d990e70 chore(deps): bump actions/stale from 8 to 9 (#​5846)
• c72dfbf chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#​5853)
• 1218984 chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#​5847)
• 682210a chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#​5854)
• e1a60cc chore(deps): bump alpine from 3.18.5 to 3.19.0 (#​5849)
• b508414 chore(deps): bump actions/setup-python from 4 to 5 (#​5848)
• df3e90a feat(python): parse licenses from dist-info folder (#​4724)
• fa2e883 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#​5852)
• 30eff9c feat(nodejs): add yarn alias support (#​5818)
• 013df4c chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#​5850)
• b1489f3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#​5856)
• 7f2e422 chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#​5855)
• da597c4 refactor: propagate time through context values (#​5858)
• 1607eee refactor: move PkgRef under PkgIdentifier (#​5831)
• b3d516e fix(cyclonedx): fix unmarshal for licenses (#​5828)
• c17b660 chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#​5830)
• 1f0d629 feat(vuln): include pkg identifier on detected vulnerabilities (#​5439)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.