Update aquasec/trivy Docker tag to v0.50.0
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
aquasec/trivy | minor |
0.49.1 -> 0.50.0
|
|
aquasec/trivy | ironbank-docker | minor |
0.49.1 -> 0.50.0
|
aquasec/trivy | stage | minor |
0.49.1 -> 0.50.0
|
Release Notes
aquasecurity/trivy (aquasec/trivy)
v0.50.0
Changelog
-
8ec3938
chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321) -
f6c5d58
feat(java): add support licenses and graph for gradle lock files (#6140) -
c4022d6
feat(vex): consider root component for relationships (#6313) -
3177924
fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298) -
dd9620e
chore: updates wazero to v1.7.0 (#6301) -
eb3ceb3
feat(sbom): Support license detection for SBOM scan (#6072) -
ab74caa
refactor(sbom): use intermediate representation for SPDX (#6310) -
71da44f
docs(terraform): improve documentation for filtering by inline comments (#6284) -
102b6df
fix(terraform): fix policy document retrieval (#6276) -
aa19aaf
refactor(terraform): remove unused custom error (#6303) -
8fcef35
refactor(sbom): add intermediate representation for BOM (#6240) -
fb8c516
fix(amazon): check only major version of AL to find advisories (#6295) -
96bd7ac
fix(db): use schema version as tag only fortrivy-db
andtrivy-java-db
registries by default (#6219) -
12c5bf0
fix(nodejs): add name validation for package name frompackage.json
(#6268) -
d6c40ce
docs: Added install instructions for FreeBSD (#6293) -
9d2057a
feat(image): customer podman host or socket option (#6256) -
2a9d9bd
chore(deps): bump wazero from 1.2.1 to 1.6.0 (#6290) -
617c3e3
feat(java): mark dependencies frommaven-invoker-plugin
integration tests pom.xml files asDev
(#6213) -
56cedc0
fix(license): reorder logic of how python package licenses are acquired (#6220) -
d7d7265
test(terraform): skip cached modules (#6281) -
6639911
feat(secret): Support for detecting Hugging Face Access Tokens (#6236) -
337cb75
fix(cloudformation): support of all SSE algorithms for s3 (#6270) -
9361cdb
feat(terraform): Terraform Plan snapshot scanning support (#6176) -
ee01e6e
chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#6249) -
3d2f583
fix: typo function name and comment optimization (#6200) -
c4b5ab7
fix(java): don't ignore runtime scope for pom.xml files (#6223) -
355c1b5
chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#6242) -
7244ece
chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#6243) -
5cd0566
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#6251) -
ebb74a5
chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#6253) -
24a8d6a
chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#6250) -
9d0d7ad
chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#6247) -
e8230e1
chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#6246) -
04535b5
fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215) -
939e34e
chore(deps): Upgrade iac deps (#6255) -
7cb6c02
feat: add info log message about dev deps suppression (#6211) -
c1d26ec
test(k8s): use test-db for k8s integration tests (#6222) -
4f70468
ci: add maximize-build-space forTest
job (#6221) -
1dfece8
fix(terraform): fix root module search (#6160) -
e1ea02c
test(parser): squash test data for yarn (#6203) -
64926d8
fix(terraform): do not re-expand dynamic blocks (#6151) -
eb54bb5
docs: update ecosystem page reporting with db app (#6201) -
dc76c6e
fix: k8s summary separate infra and user finding results (#6120) -
1b7e474
fix: add context to target finding on k8s table view (#6099) -
876ab84
fix: Printf format err (#6198) -
eef7c4f
refactor: better integration of the parser into Trivy (#6183) -
069aae5
chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#6189) -
4a9ac6d
feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108) -
9c5e5a0
fix(vex): CSAF filtering should consider relationships (#5923) -
388f476
refactor(report): Replacingsource_location
ingithub
report when scanning an image (#5999) -
cd3e4bc
feat(vuln): ignore vulnerabilities by PURL (#6178) -
ce81c05
feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171) -
cf0f0d0
feat(k8s): rancher rke2 version support (#5988) -
8a3a113
docs: update kbom distribution for scanning (#6019) -
19495ba
chore: update CODEOWNERS (#6173) -
e787e1a
fix(swift): try to use branch to resolve version (#6168) -
327cf88
fix(terraform): ensure consistent path handling across OS (#6161) -
8221473
fix(java): add only valid libs frompom.properties
files fromjars
(#6164) -
7694df1
fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) -
74dc5b6
chore(deps): merge go-dep-parser into Trivy (#6094) -
32a02a9
docs(report): add remark aboutpath
to filter licenses using.trivyignore.yaml
file (#6145) -
fb79ea7
docs: update template path for gitlab-ci tutorial (#6144) -
c6844a7
feat(report): support for filtering licenses and secrets via rego policy files (#6004) -
a813506
fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113) -
14adbb4
refactor(deps): Merge defsec into trivy (#6109) -
efe0e0f
chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#6142) -
73dde32
docs: add SecObserve in CI/CD and reporting (#6139) -
aadbad1
fix(alpine): exclude empty licenses for apk packages (#6130) -
14a0981
docs: add docs tutorial on custom policies with rego (#6104) -
3ac6388
fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102) -
3c1601b
feat(vuln): show suppressed vulnerabilities in table (#6084) -
c107e1a
docs: rename governance to principles (#6107) -
b26f217
docs: add governance (#6090) -
7bd3b63
refactor(deps): Merge trivy-iac into Trivy (#6005) -
535b5a9
feat(java): add dependency location support forgradle
files (#6083) -
428420e
chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#6038) -
7fec991
fix(misconf): getuser
fromConfig.User
(#6070)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.