Update aquasec/trivy Docker tag to v0.47.0

[renovate]

This PR contains the following updates:

Package	Update	Change
aquasec/trivy (source)	minor	0.45.1 -> 0.47.0

---

Release Notes

aquasecurity/trivy (aquasec/trivy)

v0.47.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5520

Changelog

• d6df5fb docs: add info that license scanning supports file-patterns flag (#​5484)
• 156d4cc docs: add Zora integration into Ecosystem session (#​5490)
• 772d1d0 fix(sbom): Use UUID as BomRef for packages with empty purl (#​5448)
• df47073 ci: use maximize build space for K8s tests (#​5387)
• fed4710 fix: correct error mismatch causing race in fast walks (#​5516)
• 46f1b9e docs: k8s vulnerability scanning (#​5515)
• fdb3a15 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#​5506)
• d0d956f chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#​5493)
• 68b0797 docs: remove glad for java datasources (#​5508)
• 474167c chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#​5475)
• 7299867 chore: remove unused logger attribute in amazon detector (#​5476)
• 8656bd9 fix: correct error mismatch causing race in fast walks (#​5482)
• 2e10cd2 chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#​5502)
• 13df746 chore(deps): bump docker/build-push-action from 4 to 5 (#​5500)
• b0141cf chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#​5491)
• 520830b fix(server): add licenses to BlobInfo message (#​5382)
• 9a6e125 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#​5501)
• 6e59272 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#​5497)
• f3de7bc feat: scan vulns on k8s core component apps (#​5418)
• e2fb3dd fix(java): fix infinite loop when relativePath field points to pom.xml being scanned (#​5470)
• 3e833be chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#​5472)
• ca50b77 fix(sbom): save digests for package/application when scanning SBOM files (#​5432)
• 048150d docs: fix the broken link (#​5454)
• 013d901 docs: fix error when installing PyYAML for gh pages (#​5462)
• 26b4959 fix(java): download java-db once (#​5442)
• 57fa701 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#​5447)
• 53c9a7d docs(misconf): Update --tf-exclude-downloaded-modules description (#​5419)
• 01c98d1 feat(misconf): Support --ignore-policy in config scans (#​5359)
• 05b3c86 docs(misconf): fix broken table for Use container image section (#​5425)
• 1a15a3a feat(dart): add graph support (#​5374)
• f2a12f5 refactor: define a new struct for scan targets (#​5397)
• 6040d9f fix(sbom): add missed primaryURL and source severity for CycloneDX (#​5399)
• e5317c7 fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#​5393)
• 9fba79f chore(deps): move to aws-sdk-go-v2 (#​5381)
• 00f2059 docs: remove --scanners none (#​5384)
• 57a1022 docs: Update container_image.md #​5182 (#​5193)
• 5b2b4ea feat(report): Add InstalledFiles field to Package (#​4706)

v0.46.1

Compare Source

Changelog

• 27a3e55 fix(java): download java-db once (#​5442)
• d223732 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#​5447)

v0.46.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5377

Changelog

• cbbd1ce feat(k8s): add support for vulnerability detection (#​5268)
• 24a0d92 fix(python): override BOM in requirements.txt files (#​5375)
• 0c3e2f0 docs: add kbom documentation (#​5363)
• 6c12f04 test: use maximize build space for VM tests (#​5362)
• c413422 chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#​5365)
• 20ab703 fix(report): add escaping quotes in misconfig Title for asff template (#​5351)
• 91841f5 ci: add workflow to check Go versions of dependencies (#​5340)
• 57ba05c chore(deps): Upgrade defsec to v0.93.1 (#​5348)
• fef3ed4 chore(deps): bump alpine from 3.18.3 to 3.18.4 (#​5300)
• ced54ac fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#​5342)
• 2798df9 fix: add config files to FS for post-analyzers (#​5333)
• af485b3 fix: fix MIME warnings after updating to Go 1.20 (#​5336)
• 008babf build: fix a compile error with Go 1.21 (#​5339)
• 00d9c46 feat: added Metadata into the k8s resource's scan report (#​5322)
• 03b6787 ci: check only PR's in actions/stale (#​5337)
• e6d5889 chore: update adopters template (#​5330)
• 74dbd8a ci: do not trigger tests on the push event (#​5313)
• 393bfdc fix(sbom): use PURL or Group and Name in case of Java (#​5154)
• 76eb8a5 docs: add buildkite repository to ecosystem page (#​5316)
• 6c74ee1 chore(deps): bump docker/setup-qemu-action from 2 to 3 (#​5290)
• 6119878 chore(deps): bump docker/setup-buildx-action from 2 to 3 (#​5292)
• a346587 chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#​5293)
• 7e613cc chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#​5286)
• f05bc4b chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#​5289)
• 3be5e6b chore: enable go-critic (#​5302)
• f6cd21c chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#​5288)
• f7b9751 chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#​5287)
• 18d1687 close java-db client (#​5273)
• eb60e9f chore(deps): bump docker/login-action from 2 to 3 (#​5291)
• 5a92055 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#​5294)
• 46afe65 chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#​5304)
• 0bf2a11 chore(deps): bump github.com/opencontainers/image-spec (#​5295)
• 23b5fec fix(report): removes git::http from uri in sarif (#​5244)
• 4f1d576 Improve the meaning of sentence (#​5301)
• 6ab2bdf chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#​5297)
• 4217cff chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#​5296)
• 1840584 add app nil check (#​5274)
• c5ae9f2 typo: in secret.md (#​5281)
• 562723f docs: add info about github format (#​5265)
• 3dd5b1e feat(dotnet): add license support for NuGet (#​5217)
• 5c18475 docs: correctly export variables (#​5260)
• 0c08dde chore: Add line numbers for lint output (#​5247)
• 0ccbb4f chore(cli): disable java-db flags in server mode (#​5263)
• 908a491 feat(db): allow passing registry options (#​5226)
• 5b4652d chore(deps): Bump up defsec to v0.93.0 (#​5253)
• faf8d49 refactor(purl): use TypeApk from purl (#​5232)
• 559c0f3 chore: enable more linters (#​5228)
• 2baad46 ci: bump GoReleaser from 1.16.2 to 1.20.0 (#​5236)
• df2bff9 Fix typo on ide.md (#​5239)
• 44656f2 refactor: use defined types (#​5225)
• 37af529 fix(purl): skip local Go packages (#​5190)
• eea3320 docs: update info about license scanning in Yarn projects (#​5207)
• 2e66620 ci: auto apply labels (#​5200)
• 49680dc fix link (#​5203)

---

Configuration

📅 Schedule: Branch creation - "after 11pm every weekday,before 7am every weekday,every weekend" in timezone Europe/Brussels, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.