Update aquasec/trivy Docker tag to v0.39.0

This MR contains the following updates:

Package	Type	Update	Change
aquasec/trivy	ironbank-docker	minor	0.38.3 -> 0.39.0
aquasec/trivy		minor	0.38.3 -> 0.39.0
aquasec/trivy	stage	minor	0.38.3 -> 0.39.0

---

Release Notes

aquasecurity/trivy

v0.39.0

Compare Source

Changelog

• ed59096 docs(cli): added makefile and go file to create docs (#​3930)
• a2f39a3 chore: Revert "ci: add gpg signing for RPM packages (#​3612)" (#​3946)
• 5a10631 chore: ignore gpg key (#​3943)
• 4072115 feat(cyclonedx): support dependency graph (#​3177)
• 7cad265 chore(deps): Bump defsec to v0.85.0 (#​3940)
• f8b5733 feat(rust): remove dev deps and find direct deps for Cargo.lock (#​3919)
• 10796a2 feat(server): redis with public TLS certs support (#​3783)
• abff139 feat(flag): Add glob support to --skip-dirs and --skip-files (#​3866)
• b40f60c chore: replace make with mage (#​3932)
• 67236f6 fix(sbom): add checksum to files (#​3888)
• 00de24b chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#​3928)
• 5976d1f chore: remove unused mount volumes (#​3927)
• f14bed4 feat: add auth support for downloading OCI artifacts (#​3915)
• 1ee0518 refactor(purl): use epoch in qualifier (#​3913)
• 0000252 chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#​3727)
• ca0d972 feat(image): add registry options (#​3906)
• 0336555 feat(rust): dependency tree and line numbers support for cargo lock file (#​3746)
• dd9cd95 chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#​3905)
• edb0682 feat(php): add support for location, licenses and graph for composer.lock files (#​3873)
• c02b15b chore(deps): updates wazero to 1.0.0 (#​3904)
• 63ef760 feat(image): discover SBOM in OCI referrers (#​3768)
• 3fa703c docs: change cache-dir key in config file (#​3897)
• 4d78747 fix(sbom): use release and epoch for SPDX package version (#​3896)
• 67572df ci: add gpg signing for RPM packages (#​3612)
• e76d5ff docs: Update incorrect comment for skip-update flag (#​3878)
• 011ea60 refactor(misconf): simplify policy filesystem (#​3875)
• 6445309 feat(nodejs): parse package.json alongside yarn.lock (#​3757)
• 6e9c2c3 fix(spdx): add PkgDownloadLocation field (#​3879)
• 18eeea2 fix(report): try to guess direct deps for dependency tree (#​3852)
• 02b6914 chore(amazon): update EOL (#​3876)
• 79096e1 fix(nodejs): improvement logic for package-lock.json v2-v3 (#​3877)
• fc2e80c feat(amazon): add al2023 support (#​3854)
• 5f8d69d chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (#​3736)
• 7916aaf docs(misconf): Add information about selectors (#​3703)
• 1b1ed39 docs(cli): update CLI docs with cobra (#​3815)
• 234a360 feat: k8s parallel processing (#​3693)
• b864b3b docs: add DefectDojo in the Security Management section (#​3871)
• ad34c98 chore(deps): updates wazero to 1.0.0-rc.2 (#​3853)
• 7148de3 refactor: add pipeline (#​3868)
• 927acf9 feat(cli): add javadb metadata to version info (#​3835)
• 33074cf chore(deps): Move compliance types to defsec (#​3842)
• ba9b041 feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#​3849)
• a754a04 feat: add node toleration option (#​3823)
• 9e4b57f fix: allow mapfs to open dirs (#​3867)
• 09fd299 fix(report): update uri only for os class targets (#​3846)
• 09e1302 feat(nodejs): Add v3 npm lock file support (#​3826)
• 52cbfeb feat(nodejs): parse package.json files alongside package-lock.json (#​2916)
• d6a2d63 docs(misconf): Fix links to built in policies (#​3841)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.