trivy

Changelog

• c06f467e6 chore: downgrade trivy-checks and trivy-aws
• df4f7604a build: use main package instead of main.go (#6766)
• bf7a8ede3 chore(deps): bump the common group across 1 directory with 29 updates (#6756)
• acb22c60a chore(deps): bump the aws group with 8 updates (#6738)
• 9a3510ffd chore(deps): bump the docker group with 2 updates (#6739)
• 7806b37e2 ci: add generic dir to deb deploy script (#6636)

Changelog

• eadc6fb64 fix: node-collector high and critical cves (#6707)
• cc489b1af Merge pull request from GHSA-xcq4-m2r3-cmrj
• 013f71a6a chore: auto-bump golang patch versions (#6711)
• 113a5b216 fix(misconf): don't shift ignore rule related to code (#6708)
• 733e5ac1f fix(go): include only .version|.ver (no prefixes) ldflags for gobinaries (#6705)
• d311e49bc fix(go): add only non-empty root modules for gobinaries (#6710)
• cf1a7bf30 refactor: unify package addition and vulnerability scanning (#6579)
• d465d9d1e fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696)
• 0af225ccf fix(conda): add support pip deps for environment.yml files (#6675)
• 6f64d5518 fix(misconf): skip Rego errors with a nil location (#6666)
• 8c27430a2 fix(misconf): skip Rego errors with a nil location (#6638)
• c2b46d3c2 refactor: unify Library and Package structs (#6633)
• 4368f11e0 fix: use of specified context to obtain cluster name (#6645)
• 5ec62f863 docs: fix usage of image-config-scanners (#6635)

Changelog

• 8016b821a fix(fs): handle default skip dirs properly (#6628)
• 7a25dadb4 fix(misconf): load cached tf modules (#6607)
• 9c794c0ff fix(misconf): do not use semver for parsing tf module versions (#6614)

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6622

Changelog

• 14c1024b4 refactor: move setting scanners when using compliance reports to flag parsing (#6619)
• 998f75043 feat: introduce package UIDs for improved vulnerability mapping (#6583)
• 770b14113 perf(misconf): Improve cause performance (#6586)
• 3ccb1a0f1 docs: trivy-k8s new experiance remove un-used section (#6608)
• 58cfd1b07 chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible (#6612)
• 715963d75 docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)
• 37da98df4 feat(misconf): Use updated terminology for misconfiguration checks (#6476)
• cdee7030a chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 (#6593)
• 6a2225b42 docs: use generic link from trivy-repo (#6606)
• a2a02de7c docs: update trivy k8s with new experience (#6465)
• e739ab850 feat: support --skip-images scanning flag (#6334)
• c6d5d856c BREAKING: add support for k8s disable-node-collector flag (#6311)
• 194a81468 chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 (#6601)
• 03830c50c chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 (#6599)
• 8e814fa23 chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#6597)
• 2dc76ba78 chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#6588)
• c17176ba9 chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 (#6595)
• bce70af36 chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 (#6596)
• 4369a19af feat: add ubuntu 23.10 and 24.04 support (#6573)
• 5566548b7 chore(deps): bump azure/setup-helm from 3.5 to 4 (#6590)
• a8af76a47 chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#6587)
• c8ed432f2 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.24.6 to 1.27.4 (#6598)
• 551a46efc docs(go): add stdlib (#6580)
• 261649b11 chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.16 (#6592)
• acfddd457 chore(deps): bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 (#6600)
• 419e3d202 feat(go): parse main mod version from build info settings (#6564)
• f0961d54f feat: respect custom exit code from plugin (#6584)
• a5d485cf8 docs: add asdf and mise installation method (#6063)
• 29b8faf5f feat(vuln): Handle scanning conan v2.x lockfiles (#6357)
• e3bef0201 feat: add support environment.yaml files (#6569)
• 916f6c66f fix: close plugin.yaml (#6577)
• 8e6cd0e91 fix: trivy k8s avoid deleting non-default node collector namespace (#6559)
• 060d0bb64 BREAKING: support exclude kinds/namespaces and include kinds/namespaces (#6323)
• 2d090ef2d feat(go): add main module (#6574)
• 6343e4fc7 feat: add relationships (#6563)
• a018ee1f9 ci: disable Go cache for reusable-release.yaml (#6572)
• 5da053f30 docs: mention --show-suppressed is available in table (#6571)
• 3d66cb8d8 chore: fix sqlite to support loong64 (#6511)
• 9aca98cca fix(debian): sort dpkg info before parsing due to exclude directories (#6551)
• 7811ad0d2 docs: update info about config file (#6547)
• fae710db8 docs: remove RELEASE_VERSION from trivy.repo (#6546)
• d2d4022ef fix(sbom): change error to warning for multiple OSes (#6541)
• 164b02541 fix(vuln): skip empty versions (#6542)
• 5dd9bd470 feat(c): add license support for conan lock files (#6329)
• 7c2017fa7 fix(terraform): Attribute and fileset fixes (#6544)
• 63c9469bd refactor: change warning if no vulnerability details are found (#6230)
• aa822c260 refactor(misconf): improve error handling in the Rego scanner (#6527)
• 30cc88fa8 ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
• e32215c99 feat(go): parse main module of go binary files (#6530)
• d4da83c63 chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
• 0d7d97d13 refactor(misconf): simplify the retrieval of module annotations (#6528)
• 9873cf3b9 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
• 95c8fd912 docs(nodejs): add info about supported versions of pnpm lock files (#6510)
• 12ec0dfe9 feat(misconf): loading embedded checks as a fallback (#6502)
• 9b7d7132b fix(misconf): Parse JSON k8s manifests properly (#6490)
• 13e72eca5 refactor: remove parallel walk (#5180)
• a9861994e fix: close pom.xml (#6507)
• 46d5abad4 fix(secret): convert severity for custom rules (#6500)
• 34ab09d55 fix(java): update logic to detect pom.xml file snapshot artifacts from remote repositories (#6412)
• 1ba5b5952 fix: typo (#6283)
• 4fab0f8b9 docs(k8s,image): fix command-line syntax issues (#6403)
• d7709816c chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#6435)
• 433706820 fix(misconf): avoid panic if the scheme is not valid (#6496)
• d82d6cb73 feat(image): goversion as stdlib (#6277)
• cfddfb33c fix: add color for error inside of log message (#6493)
• dfcb0f90d chore(deps): bump actions/add-to-project from 0.4.1 to 1.0.0 (#6438)
• 183eaafb4 docs: fix links to OPA docs (#6480)
• 94d6e8ced refactor: replace zap with slog (#6466)
• 336c47ecc docs: update links to IaC schemas (#6477)
• 06b44738e chore: bump Go to 1.22 (#6075)
• a51ceddad refactor(terraform): sync funcs with Terraform (#6415)
• 53517d622 feat(misconf): add helm-api-version and helm-kube-version flag (#6332)
• ad544e97c chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.4.0 to 1.5.1 (#6426)
• 089368d96 chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 (#6452)
• 116356500 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 (#6430)
• 637da2b17 chore(deps): bump aquaproj/aqua-installer from 2.2.0 to 3.0.0 (#6437)
• 13190e92d fix(terraform): eval submodules (#6411)
• 6bca7c3c7 refactor(terraform): remove unused options (#6446)
• 8e4279b86 refactor(terraform): remove unused file (#6445)
• e98c873ed chore(deps): bump github.com/testcontainers/testcontainers-go to v0.28.0 (#6387)
• b1c2eab5a chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.0 to 1.10.0 (#6427)
• 1c49a16c6 fix(misconf): Escape template value correctly (#6292)
• 8dd0fcd61 feat(misconf): add support for wildcard ignores (#6414)
• 74e4c6e01 fix(cloudformation): resolve DedicatedMasterEnabled parsing issue (#6439)
• 245c12053 refactor(terraform): remove metrics collection (#6444)
• 86714bf6b feat(cloudformation): add support for logging and endpoint access for EKS (#6440)
• a75839212 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.53.1 (#6424)
• 4d00d8b52 chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.10 (#6428)
• 3ad2b3e25 chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#6429)
• 8baccd790 fix(db): check schema version for image name only (#6410)
• e75a90f2e chore(deps): bump github.com/google/wire from 0.5.0 to 0.6.0 (#6425)
• 6625bd32e chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.149.1 to 1.155.1 (#6433)
• 826fe6073 chore(deps): bump actions/cache from 4.0.0 to 4.0.2 (#6436)
• f23ed7759 feat(misconf): Support private registries for misconf check bundle (#6327)
• df024e88d feat(cloudformation): inline ignore support for YAML templates (#6358)
• 29dee3281 feat(terraform): ignore resources by nested attributes (#6302)
• 1a67472d2 perf(helm): load in-memory files (#6383)
• 09e37b7c6 feat(aws): apply filter options to result (#6367)
• 87a9aa60d feat(aws): quiet flag support (#6331)
• 712dcd300 fix(misconf): clear location URI for SARIF (#6405)
• 625f22b81 test(cloudformation): add CF tests (#6315)
• 6a2f6fde4 fix(cloudformation): infer type after resolving a function (#6406)

Note

v0.50.3 hads a critical problem, and we deleted it and released v0.50.4.

Changelog

• e47fd487c fix(sbom): change error to warning for multiple OSes (#6541)

Changelog

• 9aa9e173b ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
• 058f4839d chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
• 9e3d2c5f9 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
• 2ad8e332e fix(java): update logic to detect pom.xml file snapshot artifacts from remote repositories (#6412)

Changelog

• 5f69937cc fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399)
• 258d15346 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same deps from package-lock.json files v2 or later (#6356)
• ade033a83 docs: add info about support for package license detection in fs/repo modes (#6381)
• f85c9fac6 fix(nodejs): add support for parsing workspaces from package.json as an object (#6231)
• 9d7f5c948 fix: use 0600 perms for tmp files for post analyzers (#6386)
• f148eb10f fix(helm): scan the subcharts once (#6382)
• 97f95c4dd docs(terraform): add file patterns for Terraform Plan (#6393)
• abd62ae74 fix(terraform): сhecking SSE encryption algorithm validity (#6341)
• 7c409fd27 fix(java): parse modules from pom.xml files once (#6312)
• 1b68327b6 chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#6364)
• a2482c14e fix(server): add Locations for Packages in client/server mode (#6366)
• e866bd5b5 fix(sbom): add check for CreationInfo to nil when detecting SPDX created using Trivy (#6346)
• 1870f2846 fix(report): don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (#6348)
• 6c81e5505 chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371)

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6340

Changelog

• 8ec3938e0 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321)
• f6c5d5800 feat(java): add support licenses and graph for gradle lock files (#6140)
• c4022d61b feat(vex): consider root component for relationships (#6313)
• 317792433 fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298)
• dd9620ef3 chore: updates wazero to v1.7.0 (#6301)
• eb3ceb323 feat(sbom): Support license detection for SBOM scan (#6072)
• ab74caa87 refactor(sbom): use intermediate representation for SPDX (#6310)
• 71da44f7e docs(terraform): improve documentation for filtering by inline comments (#6284)
• 102b6df73 fix(terraform): fix policy document retrieval (#6276)
• aa19aaf4e refactor(terraform): remove unused custom error (#6303)
• 8fcef352b refactor(sbom): add intermediate representation for BOM (#6240)
• fb8c516de fix(amazon): check only major version of AL to find advisories (#6295)
• 96bd7ac59 fix(db): use schema version as tag only for trivy-db and trivy-java-db registries by default (#6219)
• 12c5bf080 fix(nodejs): add name validation for package name from package.json (#6268)
• d6c40ce05 docs: Added install instructions for FreeBSD (#6293)
• 9d2057a7c feat(image): customer podman host or socket option (#6256)
• 2a9d9bd21 chore(deps): bump wazero from 1.2.1 to 1.6.0 (#6290)
• 617c3e31b feat(java): mark dependencies from maven-invoker-plugin integration tests pom.xml files as Dev (#6213)
• 56cedc0d6 fix(license): reorder logic of how python package licenses are acquired (#6220)
• d7d7265eb test(terraform): skip cached modules (#6281)
• 663991166 feat(secret): Support for detecting Hugging Face Access Tokens (#6236)
• 337cb7535 fix(cloudformation): support of all SSE algorithms for s3 (#6270)
• 9361cdb7e feat(terraform): Terraform Plan snapshot scanning support (#6176)
• ee01e6e2f chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#6249)
• 3d2f583ec fix: typo function name and comment optimization (#6200)
• c4b5ab788 fix(java): don't ignore runtime scope for pom.xml files (#6223)
• 355c1b583 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#6242)
• 7244ece53 chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#6243)
• 5cd056684 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#6251)
• ebb74a5de chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#6253)
• 24a8d6aaa chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#6250)
• 9d0d7ad88 chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#6247)
• e8230e19d chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#6246)
• 04535b554 fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215)
• 939e34e37 chore(deps): Upgrade iac deps (#6255)
• 7cb6c02a4 feat: add info log message about dev deps suppression (#6211)
• c1d26ec33 test(k8s): use test-db for k8s integration tests (#6222)
• 4f70468bd ci: add maximize-build-space for Test job (#6221)
• 1dfece89d fix(terraform): fix root module search (#6160)
• e1ea02c7b test(parser): squash test data for yarn (#6203)
• 64926d842 fix(terraform): do not re-expand dynamic blocks (#6151)
• eb54bb5da docs: update ecosystem page reporting with db app (#6201)
• dc76c6e4f fix: k8s summary separate infra and user finding results (#6120)
• 1b7e47424 fix: add context to target finding on k8s table view (#6099)
• 876ab84b3 fix: Printf format err (#6198)
• eef7c4fb4 refactor: better integration of the parser into Trivy (#6183)
• 069aae59e chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#6189)
• 4a9ac6d19 feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108)
• 9c5e5a04e fix(vex): CSAF filtering should consider relationships (#5923)
• 388f47669 refactor(report): Replacing source_location in github report when scanning an image (#5999)
• cd3e4bcac feat(vuln): ignore vulnerabilities by PURL (#6178)
• ce81c0585 feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171)
• cf0f0d00c feat(k8s): rancher rke2 version support (#5988)
• 8a3a113ee docs: update kbom distribution for scanning (#6019)
• 19495ba7c chore: update CODEOWNERS (#6173)
• e787e1af0 fix(swift): try to use branch to resolve version (#6168)
• 327cf8839 fix(terraform): ensure consistent path handling across OS (#6161)
• 82214736a fix(java): add only valid libs from pom.properties files from jars (#6164)
• 7694df11f fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163)
• 74dc5b680 chore(deps): merge go-dep-parser into Trivy (#6094)
• 32a02a95d docs(report): add remark about path to filter licenses using .trivyignore.yaml file (#6145)
• fb79ea7c9 docs: update template path for gitlab-ci tutorial (#6144)
• c6844a73f feat(report): support for filtering licenses and secrets via rego policy files (#6004)
• a813506f4 fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113)
• 14adbb446 refactor(deps): Merge defsec into trivy (#6109)
• efe0e0f8f chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#6142)
• 73dde3263 docs: add SecObserve in CI/CD and reporting (#6139)
• aadbad1d7 fix(alpine): exclude empty licenses for apk packages (#6130)
• 14a0981ef docs: add docs tutorial on custom policies with rego (#6104)
• 3ac63887d fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102)
• 3c1601b6c feat(vuln): show suppressed vulnerabilities in table (#6084)
• c107e1af2 docs: rename governance to principles (#6107)
• b26f21717 docs: add governance (#6090)
• 7bd3b630b refactor(deps): Merge trivy-iac into Trivy (#6005)
• 535b5a96d feat(java): add dependency location support for gradle files (#6083)
• 428420ee8 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#6038)
• 7fec991c5 fix(misconf): get user from Config.User (#6070)

Changelog

• 6ccc0a554 fix: check unescaped BomRef when matching PkgIdentifier (#6025)
• 458c5d95e docs: Fix broken link to "pronunciation" (#6057)
• 5c0ff6dad chore(deps): bump actions/upload-artifact from 3 to 4 (#6047)
• e2bd7f75d chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#6042)
• f95fbcb67 chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#6043)
• 7651bf59b ci: reduce root-reserve-mb size for maximize-build-space (#6064)
• fc20dfdd8 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#6041)
• 3bd80e7c2 chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#6039)
• 2900a2117 fix: fix cursor usage in Redis Clear function (#6056)
• 85cb9a763 chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#6037)
• 4e962c02a fix(nodejs): add local packages support for pnpm-lock.yaml files (#6034)
• aa48a7b86 chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#6046)
• 8aabbea2d chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#6044)
• ec02a655a chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#6048)
• 27d35baa4 test: fix flaky TestDockerEngine (#6054)
• c3a66da9c chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#6040)
• 2000fe24c chore(deps): bump easimon/maximize-build-space from 9 to 10 (#6049)
• 2be642154 chore(deps): bump alpine from 3.19.0 to 3.19.1 (#6051)
• 41c0ef642 chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#6028)

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6033

Changelog

• 729a0512a fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)
• 884745b5e chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029)
• 59e54334d fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)
• 5924c021d feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)
• 4df936389 docs: add note about Bun (#6001)
• 70dd572ef fix(report): use AWS_REGION env for secrets in asff template (#6011)
• 13f797f88 fix: check returned error before deferring f.Close() (#6007)
• adfde63d0 feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)
• e2eb70ecb feat(vuln): enable --vex for all targets (#5992)
• f9da02131 docs: update link to data sources (#6000)
• b4b90cfe2 feat(java): add support for line numbers for pom.xml files (#5991)
• fb36c4ed0 refactor(sbom): use new metadata.tools struct for CycloneDX (#5981)
• f6be42b71 docs: Update troubleshooting guide with image not found error (#5983)
• bb6caea5c style: update band logos (#5968)
• 189a46a01 chore(deps): Update misconfig deps (#5956)
• 91a2547d1 docs: update cosign tutorial and commands, update kyverno policy (#5929)
• a96f66f17 docs: update command to scan go binary (#5969)
• 2212d1443 fix: handle non-parsable images names (#5965)
• 7cad04bdf chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693)
• fbc1a83f3 fix(amazon): save system files for pkgs containing amzn in src (#5951)
• 260aa281f fix(alpine): Add EOL support for alpine 3.19. (#5938)
• 2c9d7c6b5 feat: allow end-users to adjust K8S client QPS and burst (#5910)
• ffe2ca7cb chore(deps): bump go-ebs-file (#5934)
• f90d4ee43 fix(nodejs): find licenses for packages with slash (#5836)
• c75143f5e fix(sbom): use group field for pom.xml and nodejs files for CycloneDX reports (#5922)
• a3fac90b4 fix: ignore no init containers (#5939)
• b1b4734f5 docs: Fix documentation of ecosystem (#5940)
• a2b654945 docs(misconf): multiple ignores in comment (#5926)
• ae134a9b3 fix(secret): find aws secrets ending with a comma or dot (#5921)
• c8c55fe21 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885)
• 4d2e785ff docs: ✨ Updated ecosystem docs with reference to new community app (#5918)
• 7895657c8 fix(java): don't remove excluded deps from upper pom's (#5838)
• 37e7e3eab fix(java): check if a version exists when determining GAV by file name for jar files (#5630)
• d0c81e23c feat(vex): add PURL matching for CSAF VEX (#5890)
• 958e1f11f fix(secret): AWS Secret Access Key must include only secrets with aws text. (#5901)
• 56c4e248a revert(report): don't escape new line characters for sarif format (#5897)
• 92d9b3dbb docs: improve filter by rego (#5402)
• a626cdf33 chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)
• 47b6c2817 docs: add_scan2html_to_trivy_ecosystem (#5875)
• 0ebb6c468 fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)
• c47ed0d81 feat(vex): Add support for CSAF format (#5535)
• 2cdd65dd6 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880)
• cba67d1f0 chore(deps): bump actions/setup-go from 4 to 5 (#5845)
• d990e702a chore(deps): bump actions/stale from 8 to 9 (#5846)
• c72dfbfbb chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853)
• 121898423 chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847)
• 682210ac6 chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854)
• e1a60cc88 chore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849)
• b508414ca chore(deps): bump actions/setup-python from 4 to 5 (#5848)
• df3e90af8 feat(python): parse licenses from dist-info folder (#4724)
• fa2e88360 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852)
• 30eff9c83 feat(nodejs): add yarn alias support (#5818)
• 013df4c6b chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850)
• b1489f348 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856)
• 7f2e4223f chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)
• da597c479 refactor: propagate time through context values (#5858)
• 1607eee77 refactor: move PkgRef under PkgIdentifier (#5831)
• b3d516eaf fix(cyclonedx): fix unmarshal for licenses (#5828)
• c17b6603d chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)
• 1f0d6290c feat(vuln): include pkg identifier on detected vulnerabilities (#5439)

Changelog

• eac751339 chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)
• d866b71dd chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)
• 34ba96eb7 chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)

Changelog

• 4cdff0e57 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from v1.116.0 to v1.134.0 (#5822)
• be969d413 chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 (#5809)
• 81748f5ad chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 (#5805)

Changelog

• ba825b2ae chore(deps): bump trivy-iac to v0.7.1 (#5797)
• abf227e06 fix(bitnami): use a different comparer for detecting vulnerabilities (#5633)
• df49ea4a1 refactor(sbom): disable html escaping for CycloneDX (#5764)
• f25e2df1c refactor(purl): use pub from package-url (#5784)
• b5e3b77f0 docs(python): add note to using pip freeze for compatible releases (#5760)
• 6cc00c2f0 fix(report): use OS information for OS packages purl in github template (#5783)
• c317fe828 fix(report): fix error if miconfigs are empty (#5782)
• 9b4bcedf0 refactor(vuln): don't remove VendorSeverity in JSON report (#5761)
• be5a55049 fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767)
• 01edbda34 docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746)
• eb9741954 fix(report): update Gitlab template (#5721)
• be1c55497 feat(secret): add support of GitHub fine-grained tokens (#5740)
• a5342da06 fix(misconf): add an image misconf to result (#5731)
• 108a5b05c feat(secret): added support of Docker registry credentials (#5720)
• 6080e245c chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 (#5717)
• e27ec3261 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 (#5701)

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5724

Changelog

• f2aa9bf3e chore(deps): bump sigstore/cosign-installer from 4a861528be5e691840a69536975ada1d4c30349d to 1fc5bd396d372bee37d608f955b336615edf79c8 (#5696)
• 6d7e2f811 chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 (#5694)
• 0ff5f96bb feat: filter k8s core components vuln results (#5713)
• a54d1e95f feat(vuln): remove duplicates in Fixed Version (#5596)
• 99c04c438 feat(report): output plugin (#4863)
• 70078b9c0 chore(deps): bump alpine from 3.18.4 to 3.18.5 (#5700)
• 49e83a6ad chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#5704)
• af32cb310 chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 (#5699)
• 176627192 chore(deps): bump actions/github-script from 6 to 7 (#5697)
• 7ee854767 chore(deps): bump easimon/maximize-build-space from 8 to 9 (#5695)
• 654147fc6 docs: typo in modules.md (#5712)
• 256957523 feat: Add flag to configure node-collector image ref (#5710)
• c0610097a chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 (#5702)
• aedbd85d6 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 (#5698)
• e018b9c42 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 (#5706)
• b5874e3ad feat(misconf): Add --misconfig-scanners option (#5670)
• 075d8f628 chore: bump Go to 1.21 (#5662)
• 16b757d18 feat: Packagesprops support (#5605)
• 372efc9ec chore(deps): Bump up trivy misconf deps (#5656)
• edad5f690 docs: update adopters discussion template (#5632)
• ed9d34030 docs: terraform tutorial links updated to point to correct loc (#5661)
• 8ff574e3f fix(secret): add sec and space to secret prefix for aws-secret-access-key (#5647)
• ad977a425 fix(nodejs): support protocols for dependency section in yarn.lock files (#5612)
• b1dc60b88 fix(secret): exclude upper case before secret for alibaba-access-key-id (#5618)
• 65351d4f2 docs: Update Arch Linux package URL in installation.md (#5619)
• c866f1c4e chore: add prefix to image errors (#5601)
• ed0022b91 docs(vuln): fix link anchor (#5606)
• 3c8172703 docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608)
• 214546427 fix: k8s friendly error messages kbom non cluster scans (#5594)
• 44d0b28ad feat: set InstalledFiles for DEB and RPM packages (#5488)
• ae4bcf6a0 fix(report): use time.Time for CreatedAt (#5598)
• b6fafa04a test: retry containerd initialization (#5597)
• 13362233c feat(misconf): Expose misconf engine debug logs with --debug option (#5550)
• 71051863c test: mock VM walker (#5589)
• d9d7f3f19 chore: bump node-collector v0.0.9 (#5591)
• e3c28f8ee feat(misconf): Add support for --cf-params for CFT (#5507)
• ac0e32749 feat(flag): replace '--slow' with '--parallel' (#5572)
• 537206761 fix(report): add escaping for Sarif format (#5568)
• a3895298d chore: show a deprecation notice for --scanners config (#5587)
• f4dd062f5 feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)
• d005f5af2 test: mock RPM DB (#5567)
• a96ec3557 feat: add aliases to '--scanners' (#5558)
• 950e431f0 refactor: reintroduce output writer (#5564)
• 2310f0dd6 chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#5543)
• 04b93e9fd chore: not load plugins for auto-generating docs (#5569)
• cccaa15cc chore: sort supported AWS services (#5570)
• 3891e3d5d fix: no schedule toleration (#5562)
• 138feb024 fix(cli): set correct scanners for k8s target (#5561)
• cb241a800 fix(sbom): add FilesAnalyzed and PackageVerificationCode fields for SPDX (#5533)
• e7f6a5c80 refactor(misconf): Update refactored dependencies (#5245)
• 2f5afa5f2 feat(secret): add built-in rule for JWT tokens (#5480)
• 91fc8dac9 fix: trivy k8s parse ecr image with arn (#5537)
• 05df24477 fix: fail k8s resource scanning (#5529)
• a1b47441a refactor(misconf): don't remove Highlighted in json format (#5531)
• 7712f8f21 docs(k8s): fix link in kubernetes.md (#5524)
• 043fbfcd3 docs(k8s): fix whitespace in list syntax (#5525)

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5520

Changelog

• d6df5fbcd docs: add info that license scanning supports file-patterns flag (#5484)
• 156d4cc60 docs: add Zora integration into Ecosystem session (#5490)
• 772d1d08f fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)
• df47073fa ci: use maximize build space for K8s tests (#5387)
• fed471018 fix: correct error mismatch causing race in fast walks (#5516)
• 46f1b9e7d docs: k8s vulnerability scanning (#5515)
• fdb3a15b2 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506)
• d0d956fdc chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493)
• 68b0797e5 docs: remove glad for java datasources (#5508)
• 474167c47 chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475)
• 7299867c2 chore: remove unused logger attribute in amazon detector (#5476)
• 8656bd9f7 fix: correct error mismatch causing race in fast walks (#5482)
• 2e10cd2eb chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502)
• 13df74652 chore(deps): bump docker/build-push-action from 4 to 5 (#5500)
• b0141cfba chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491)
• 520830b51 fix(server): add licenses to BlobInfo message (#5382)
• 9a6e125c7 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501)
• 6e5927266 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497)
• f3de7bc3b feat: scan vulns on k8s core component apps (#5418)
• e2fb3dd58 fix(java): fix infinite loop when relativePath field points to pom.xml being scanned (#5470)
• 3e833be7d chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472)
• ca50b77a3 fix(sbom): save digests for package/application when scanning SBOM files (#5432)
• 048150d43 docs: fix the broken link (#5454)
• 013d90199 docs: fix error when installing PyYAML for gh pages (#5462)
• 26b495954 fix(java): download java-db once (#5442)
• 57fa701a8 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)
• 53c9a7d76 docs(misconf): Update --tf-exclude-downloaded-modules description (#5419)
• 01c98d151 feat(misconf): Support --ignore-policy in config scans (#5359)
• 05b3c86a1 docs(misconf): fix broken table for Use container image section (#5425)
• 1a15a3adb feat(dart): add graph support (#5374)
• f2a12f5f9 refactor: define a new struct for scan targets (#5397)
• 6040d9f43 fix(sbom): add missed primaryURL and source severity for CycloneDX (#5399)
• e5317c7bc fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393)
• 9fba79f0b chore(deps): move to aws-sdk-go-v2 (#5381)
• 00f2059e5 docs: remove --scanners none (#5384)
• 57a102231 docs: Update container_image.md #5182 (#5193)
• 5b2b4ea38 feat(report): Add InstalledFiles field to Package (#4706)

Changelog

• 27a3e55e8 fix(java): download java-db once (#5442)
• d22373265 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)

Changelog

• cbbd1ce1f feat(k8s): add support for vulnerability detection (#5268)
• 24a0d9214 fix(python): override BOM in requirements.txt files (#5375)
• 0c3e2f08b docs: add kbom documentation (#5363)
• 6c12f0428 test: use maximize build space for VM tests (#5362)
• c4134224a chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
• 20ab7033b fix(report): add escaping quotes in misconfig Title for asff template (#5351)
• 91841f59b ci: add workflow to check Go versions of dependencies (#5340)
• 57ba05c76 chore(deps): Upgrade defsec to v0.93.1 (#5348)
• fef3ed435 chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)
• ced54aced fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)
• 2798df916 fix: add config files to FS for post-analyzers (#5333)
• af485b33f fix: fix MIME warnings after updating to Go 1.20 (#5336)
• 008babfb8 build: fix a compile error with Go 1.21 (#5339)
• 00d9c4666 feat: added Metadata into the k8s resource's scan report (#5322)
• 03b6787c4 ci: check only PR's in actions/stale (#5337)
• e6d5889ed chore: update adopters template (#5330)
• 74dbd8a1f ci: do not trigger tests on the push event (#5313)
• 393bfdc1a fix(sbom): use PURL or Group and Name in case of Java (#5154)
• 76eb8a57b docs: add buildkite repository to ecosystem page (#5316)
• 6c74ee11f chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)
• 6119878de chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)
• a346587b8 chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)
• 7e613cc5f chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)
• f05bc4be4 chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)
• 3be5e6b24 chore: enable go-critic (#5302)
• f6cd21c87 chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)
• f7b975187 chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)
• 18d168769 close java-db client (#5273)
• eb60e9f3c chore(deps): bump docker/login-action from 2 to 3 (#5291)
• 5a92055e1 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)
• 46afe65ee chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)
• 0bf2a11a2 chore(deps): bump github.com/opencontainers/image-spec (#5295)
• 23b5fece0 fix(report): removes git::http from uri in sarif (#5244)
• 4f1d576e5 Improve the meaning of sentence (#5301)
• 6ab2bdfa7 chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)
• 4217cffb5 chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)
• 184058470 add app nil check (#5274)
• c5ae9f265 typo: in secret.md (#5281)
• 562723f0a docs: add info about github format (#5265)
• 3dd5b1e94 feat(dotnet): add license support for NuGet (#5217)
• 5c18475f3 docs: correctly export variables (#5260)
• 0c08dde01 chore: Add line numbers for lint output (#5247)
• 0ccbb4f7f chore(cli): disable java-db flags in server mode (#5263)
• 908a4914c feat(db): allow passing registry options (#5226)
• 5b4652d79 chore(deps): Bump up defsec to v0.93.0 (#5253)
• faf8d49c4 refactor(purl): use TypeApk from purl (#5232)
• 559c0f30b chore: enable more linters (#5228)
• 2baad4618 ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236)
• df2bff9f5 Fix typo on ide.md (#5239)
• 44656f285 refactor: use defined types (#5225)
• 37af52994 fix(purl): skip local Go packages (#5190)
• eea3320d8 docs: update info about license scanning in Yarn projects (#5207)
• 2e6662060 ci: auto apply labels (#5200)
• 49680dc88 fix link (#5203)

Changelog

• daae88287 fix(purl): handle rust types (#5186)
• 81240cf08 chore: auto-close issues (#5177)
• bd0accd8a chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)
• ecee79403 fix(k8s): kbom support addons labels (#5178)
• 9ebc25d88 test: validate SPDX with the JSON schema (#5124)
• 9a49a3773 chore: bump trivy-kubernetes-latest (#5161)
• ad1dc6327 docs: add 'Signature Verification' guide (#4731)
• 7c68d4a7e docs: add image-scanner-with-trivy for ecosystem (#5159)
• ed49609a7 fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)
• 19539722e chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)
• c7516011b Update filtering.md (#5131)
• ccc6d7cb2 chore(deps): bump sigstore/cosign-installer (#5104)
• 48cbf4553 chore(deps): bump github.com/cyphar/filepath-securejoin (#5143)
• a9c2c74c5 chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103)
• 120ac68b5 chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105)
• 41eaa78ae chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126)
• 932f92755 chaging adopters discussion tempalte (#5091)
• db3133346 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092)
• 8c0b7d619 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094)
• c61c664c3 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095)
• a99944c1c chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097)
• 9fc844ecf chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098)
• c504f8be4 chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106)

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/5082

Changelog

• cdab67e7f docs: add Bitnami (#5078)
• 7acc5e831 feat(docker): add support for scanning Bitnami components (#5062)
• 9628b1cbf feat: add support for .trivyignore.yaml (#5070)
• 4547e2766 fix(terraform): improve detection of terraform files (#4984)
• 0c8919e1e feat: filter artifacts on --exclude-owned flag (#5059)
• c04f234fa fix(sbom): cyclonedx advisory should omit null value (#5041)
• f811ed2d4 build: maximize build space for build tests (#5072)
• 69ea5bf70 feat: improve kbom component name (#5058)
• 3715dcb3f fix(pom): add licenses for pom artifacts (#5071)
• 07f7e9853 chore(deps): Update defsec to v0.92.0 (#5068)
• d4ca3cce2 chore: bump Go to 1.20 (#5067)
• 49fdd584b feat: PURL matching with qualifiers in OpenVEX (#5061)
• 4401998ec feat(java): add graph support for pom.xml (#4902)
• 9c211d005 feat(swift): add vulns for cocoapods (#5037)
• 422fa414e fix: support image pull secret for additional workloads (#5052)
• 8e933860a fix: #5033 Superfluous double quote in html.tpl (#5036)
• 9345a98ed docs(repo): update trivy repo usage and example (#5049)
• 5d8da70c6 perf: Optimize Dockerfile for reduced layers and size (#5038)
• 1be9da7aa feat: scan K8s Resources Kind with --all-namespaces (#5043)
• 0e17d0bef fix: vulnerability typo (#5044)
• d70fab231 docs: adding a terraform tutorial to the docs (#3708)
• 2fa264ac1 feat(report): add licenses to sarif format (#4866)
• 07ddf4790 feat(misconf): show the resource name in the report (#4806)
• 9de360623 chore: update alpine base images (#5015)
• ef70d2076 feat: add Package.resolved swift files support (#4932)
• ec5d8bec0 feat(nodejs): parse licenses in yarn projects (#4652)
• 3114c87e6 fix: k8s private registries support (#5021)
• 6d79f55db bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)
• 9ace59106 feat(vuln): support last_affected field from osv (#4944)
• d44217640 feat(server): add version endpoint (#4869)
• 63cd41d20 feat: k8s private registries support (#4987)
• cb16e23f1 fix(server): add indirect prop to package (#4974)
• a4e981b4e docs: add coverage (#4954)
• 6f03c7940 feat(c): add location for lock file dependencies. (#4994)
• c74870500 docs: adding blog post on ec2 (#4813)
• 4e1316c37 revert 32bit bins (#4977)
• fc959fc57 chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917)

Changelog

• f10527998 fix(report): return severity colors in table format (#4969)
• bc2b0ca6c build: maximize available disk space for release (#4937)
• 9493c6f08 test(cli): Fix assertion helptext (#4966)
• b0359de66 chore(deps): Bump defsec to v0.91.1 (#4965)
• d3a34e409 test: validate CycloneDX with the JSON schema (#4956)
• 798ef1b64 fix(server): add licenses to the Result message (#4955)
• e8cf28147 fix(aws): resolve endpoint if endpoint is passed (#4925)
• f18b0db58 fix(sbom): move licenses to name field in Cyclonedx format (#4941)
• a79670156 add only uniq deps in dependsOn (#4943)
• b544e0dea use testify instead of gotest.tools (#4946)
• 067a0fcb9 fix(nodejs): do not detect lock file in node_modules as an app (#4949)
• e6d7705a5 bump go-dep-parser (#4936)
• c584dc176 chore(deps): bump github.com/openvex/go-vex from 0.2.0 to 0.2.1 (#4914)
• 358d56b6b chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#4909)
• 17f3ea918 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#4912)
• 39ccbf7b5 test(aws): move part of unit tests to integration (#4884)
• 6d3ae3bcf docs(cli): update help string for file and dir skipping (#4872)
• 7d7a1ef54 chore(deps): bump sigstore/cosign-installer (#4910)
• fc7495017 chore(deps): bump github.com/sosedoff/gitkit from 0.3.0 to 0.4.0 (#4916)
• b2a68bc06 chore(deps): bump k8s.io/api from 0.27.3 to 0.27.4 (#4918)
• e5c0c15b6 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (#4919)
• da37803d5 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#4913)
• 9744e6498 chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 (#4915)
• 99eebc670 docs: update the discussion template (#4928)