Update aquasec/trivy Docker tag to v0.44.0 #1494
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aquasec-trivy-0.x
branch
from
690ab8c
to
ca4d85e
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aquasec-trivy-0.x
branch
2 times, most recently
from
c5aeb0e
to
e02b63b
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aquasec-trivy-0.x
branch
from
e02b63b
to
5220fff
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.42.0->0.44.0Release Notes
aquasecurity/trivy (aquasec/trivy)
v0.44.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/4903
Changelog
d19c7d9feat(repo): support local repositories (#4890)3c19761bump go-dep-parser (#4893)e1c2a8cfix(misconf): add missing fields to proto (#4861)8b8e0e8fix: remove trivy-db package replacement (#4877)f9efe44chore(test): bump the integration test timeout to 15m (#4880)7271d68chore(deps): Update defsec to v0.91.0 (#4886)c3bc67cchore: update CODEOWNERS (#4871)232ba82feat(vuln): support vulnerability status (#4867)11618c9feat(misconf): Support custom URLs for policy bundle (#4834)0707569refactor: replace with sortable packages (#4858)fbe1c9edocs: correct license scanning sample command (#4855)20c2246fix(report): close the file (#4842)24a3e54feat(nodejs): add support for include-dev-deps flag for yarn (#4812)a7bd7bbfeat(misconf): Add support for independently enabling libraries (#4070)4aa9ea0feat(secret): add secret config file for cache calculation (#4837)5d349d8Fix a link in gitlab-ci.md (#4850)a61531cfix(flag): use globalstar to skip directories (#4854)78cc209chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849)9399604fix(license): using common way for splitting licenses (#4434)3e2416dfix(containerd): Use img platform in exporter instead of strict host platform (#4477)ce77bb4remove govulndb (#4783)c05caaefix(java): inherit licenses from parents (#4817)aca11b9refactor: add allowed values for CLI flags (#4800)4cecd17add example regex to allow rules (#4827)4bc8d29feat(misconf): Support custom data for rego policies for cloud (#4745)88243a0docs: correcting the trivy k8s tutorial (#4815)3c7d988feat(cli): add --tf-exclude-downloaded-modules flag (#4810)fd0fd10fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)d0d543bfeat(misconf): enable --policy flag to accept directory and files both (#4777)b43a3e6feat(python): add license fields (#4722)aef7b14fix: support trivy k8s-version on k8s sub-command (#4786)v0.43.1Compare Source
Changelog
5d76abachore(deps): Update defsec to v0.90.3 (#4793)fed446cchore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#4752)df62927chore(deps): bump alpine from 3.18.0 to 3.18.2 (#4748)1b9b9a8chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 (#4758)3c16ca8docs(image): fix the comment on the soft/hard link (#4740)e5bee5ccheck Type when filling pkgs in vulns (#4776)4b9f310feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770)8e7fb7cchore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 (#4756)a9badeafix(rocky): add architectures support for advisories (#4691)f8ebcccchore(deps): bump github.com/opencontainers/image-spec (#4751)1c81948chore(deps): bump github.com/package-url/packageurl-go (#4754)497cc10chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (#4750)065f0afchore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 (#4755)e260305chore(deps): bump github.com/testcontainers/testcontainers-go (#4759)0621402fix: documentation about reseting trivy image (#4733)798fdbcfix(suse): Add openSUSE Leap 15.5 eol date as well (#4744)34a8929fix: update Amazon Linux 1 EOL (#4761)v0.43.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/4741
Changelog
6008192chore(deps): Update defsec to v0.90.1 (#4739)73734eafeat(nodejs): support yarn workspaces (#4664)22463abfeat(cli): add include-dev-deps flag (#4700)790c805fix(image): pass the secret scanner option to scan the img config (#4735)86fec9cfix: scan job pod it not found on k8s-1.27.x (#4729)26bc911feat(docker): add support for mTLS authentication when connecting to registry (#4649)d699e8cchore(deps): Update defsec to v0.90.0 (#4723)1777878fix: skip scanning the gpg-pubkey package (#4720)9be0825Fix http registry oci pull (#4701)5d73b47feat(misconf): Support skipping services (#4686)46e784cdocs: fix supported modes for pubspec.lock files (#4713)0f61a84fix(misconf): disable the terraform plan analyzer for other scanners (#4714)8a1aa44clarifying a dir path is required for custom policies (#4716)fbab9eechore: update alpine base images (#4715)f84417bfix last-history-created (#4697)85c681dfeat: kbom and cyclonedx v1.5 spec support (#4708)46748cedocs: add information about Aqua (#4590)c6741bdfix: k8s escape resource filename on windows os (#4693)a21acc7ci: ignore merge queue branches (#4696)32a3a33chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 (#4695)cbb47dcchore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 (#4694)e3d10d2feat: cyclondx sbom custom property support (#4688)e1770e0ci: do not trigger tests in main (#4692)337c0b7add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690)5ccee14use group field for jar in cyclonedx (#4674)96db52cfeat(java): capture licenses from pom.xml (#4681)3e902a5feat(helm): make sessionAffinity configurable (#4623)904f1cffix: Show the correct URL of the secret scanning (#4682)7d48c5ddocument expected file pattern definition format (#4654)dcc73e9fix: format arg error (#4642)35c4262feat(k8s): cyclonedx kbom support (#4557)0e01851fix(nodejs): remove unused fields for the pnpm lockfile (#4630)4d9b444fix(vm): update ext4-filesystem parser for parse multi block extents (#4616)c29197aci: update build IDs (#4641)d7637adfix(debian): update EOL for Debian 12 (#4647)ef39eeechore(deps): bump go-containerregistry (#4639)1ce8bb5chore: unnecessary use of fmt.Sprintf (S1039) (#4637)bc9513ffix(db): change argument order in Exists query for JavaDB (#4595)aecd2f0feat(aws): Add support to see successes in results (#4427)2cbf402chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4613)0099b20ci: do not trigger tests in main (#4614)a597a54chore(deps): bump sigstore/cosign-installer (#4609)b453fbechore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 (#4608)0e876d5ci: bypass the required status checks (#4611)a4f27d2ci: support merge queue (#3652)9e6411eci: matrix build for testing (#4587)ef6538afeat: trivy k8s private registry support (#4567)139f3e1docs: add general coverage page (#3859)479cfddchore: create SECURITY.md (#4601)v0.42.1Compare Source
Changelog
9a279faci: remove 32bit packages (#4585)d52b0b7fix(misconf): deduplicate misconf results (#4588)9b531fafix(vm): support sector size of 4096 (#4564)8ca1bfdfix(misconf): terraform relative paths (#4571)c20d466fix(purl): skip unsupported library type (#4577)52cbe79fix(terraform): recursively detect all Root Modules (#4457)4a5b915fix(vm): support post analyzer for vm command (#4544)56cdc55fix(nodejs): change the type of the devDependencies field (#4560)17d7536fix(sbom): export empty dependencies in CycloneDX (#4568)2796aberefactor: add composite fs for post-analyzers (#4556)22a1573chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4554)4358665chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#4526)5081399chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 (#4528)e1a3812chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 (#4529)283eef6chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 (#4536)bbd7b98chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 (#4549)11c81bfchore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#4532)2d8d63echore(deps): bump github.com/testcontainers/testcontainers-go (#4537)a46839bchore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#4530)19715f5chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4534)Configuration
📅 Schedule: Branch creation - "after 11pm every weekday,before 7am every weekday,every weekend" in timezone Europe/Brussels, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.