trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
APACHE-2.0 License
Bot releases are visible (Hide)
trivy
- v0.34.0
Published by aqua-bot almost 2 years ago
Changelog
- 7912f585 feat(vuln): support dependency graph for RHEL/CentOS (#3094)
- 9468056c feat(vuln): support dependency graph for dpkg and apk (#3093)
- 7cc83cc2 perf(license): enable license classifier only with "--license-full" (#3086)
- 5b975de2 feat(report): add secret scanning to ASFF template (#2860)
- b6cef125 feat: Allow override of containerd namespace (#3060)
- 07651480 fix(vuln): In alpine use Name as SrcName (#3079)
- 9e649b87 fix(secret): Alibaba AccessKey ID (#3083)
trivy
- v0.33.0
Published by aqua-bot about 2 years ago
Changelog
- af89249d refactor(k8s): custom reports (#3076)
- f4e970f3 fix(misconf): Bump in-toto-golang with correct CycloneDX predicate (#3068)
- 8ae46279 feat(image): add support for passing architecture and OS (#3012)
- 0501e703 test: disable containerd integration tests for non-amd64 arch (#3073)
- a377c8d0 feat(server): Add support for client/server mode to rootfs command (#3021)
- 02a73f01 feat(vuln): support non-packaged binaries (#3019)
- 18581f34 feat: compliance reports (#2951)
- 63b8e4d6 fix(flag): disable flag parsing for each plugin command (#3074)
- cbedd712 feat(nodejs): add support dependency location for yarn.lock files (#3016)
- b22e37e0 chore: Switch github.com/liamg dependencies to github.com/aquasecurity (#3069)
- 9b0e9794 feat: add k8s components (#2589)
- 5e25182c fix(secret): update the regex for secrets scanning (#2964)
- 9947e511 chore(deps): bump github.com/samber/lo from 1.27.1 to 1.28.2 (#2979)
- d2a15a73 fix: bump trivy-kubernetes (#3064)
- f2efc9c5 docs: fix missing 'image' subcommand (#3051)
- 34653c71 chore: Patch golang x/text vulnerability (#3046)
- e252ea83 chore: add licensed project logo (#3058)
- 439d2166 feat(ubuntu): set Ubuntu 22.10 EOL (#3054)
- 9f5113a9 refactor(analyzer): use strings.TrimSuffix instead of strings.HasSuffix (#3028)
- c1e24d53 feat(report): Use understandable value for shortDescription in SARIF reports (#3009)
- 212af07e docs(misconf): fix typo (#3043)
- 68f374ac feat: add support for scanning azure ARM (#3011)
- d35c668f feat(report): add location.message to SARIF output (#3002) (#3003)
- 2150ffc7 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.95 to 1.44.109 (#2980)
- ca434f7f feat(nodejs): add dependency line numbers for npm lock files (#2932)
- a8ff5f06 test(fs): add
--skip-files,--skip-dirs(#2984) - 561b2e75 docs: add Woodpecker CI integrations example (#2823)
- 4a3583da chore(deps): bump github.com/sigstore/rekor from 0.12.0 to 0.12.2 (#2981)
- 4be9eebf chore(deps): bump github.com/liamg/memoryfs from 1.4.2 to 1.4.3 (#2976)
- a260d35d chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 (#2975)
- 558189f7 chore(deps): bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 (#2982)
- c2eb6ee3 fix(sbom): ref generation if serialNumber is empty when input is cyclonedx file (#3000)
- 68f79526 fix(java): don't stop parsing jar file when wrong inner jar is found (#2989)
- be78da6c fix(sbom): use nuget purl type for dotnet-core (#2990)
- 92b5a193 perf: retrieve rekor entries in bulk (#2987)
- babd7e75 feat(aws): Custom rego policies for AWS scanning (#2994)
- 8ad9b8a9 docs: jq cli formatting (#2881)
- a78684c3 docs(repo): troubleshooting $TMPDIR customization (#2985)
- 7309ed0a chore(deps): bump actions/cache from 3.0.8 to 3.0.9 (#2969)
- 9515a5ce chore(deps): bump actions/stale from 5 to 6 (#2970)
- 955aff66 chore(deps): bump sigstore/cosign-installer from 2.5.1 to 2.7.0 (#2971)
- db56d238 chore(deps): bump helm/chart-testing-action from 2.3.0 to 2.3.1 (#2972)
- 05a72324 chore(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#2973)
- 2c39d472 chore: run
go fmt(#2897) - 16a7dc10 chore(go): updates wazero to 1.0.0-pre.2 (#2955)
- ce4ba7c9 fix(aws): Less function for slice sorting always returns false #2967
- 4ffe7464 fix(java): fix unmarshal pom exclusions (#2936)
trivy
- v0.32.1
Published by aqua-bot about 2 years ago
Changelog
- 8b1cee84 fix(java): use fields of dependency from dependencyManagement from upper pom.xml to parse deps (#2943)
- f5cbbb3f chore: expat lib and go binary deps vulns (#2940)
- 6882bdf5 wasm: Removes accidentally exported memory (#2950)
- 6ea9a61c fix(sbom): fix package name separation for gradle (#2906)
- 3ee4c96f docs(readme.md): fix broken integrations link (#2931)
- 57459611 fix(image): handle images with single layer in rescan mergedLayers cache (#2927)
- e01253d5 fix(cli): split env values with ',' for slice flags (#2926)
- 0c1a42d4 fix(cli): config/helm: also take into account files with
.yml(#2928) - 237b8dcd fix(flag): add file-patterns flag for config subcommand (#2925)
- 047a0b3d chore(deps): bump github.com/open-policy-agent/opa from 0.43.0 to 0.43.1 (#2902)
trivy
- v0.32.0
Published by aqua-bot about 2 years ago
Changelog
- 585985ed docs: add Rekor SBOM attestation scanning (#2893)
- d30fa00a chore: narrow the owner scope (#2894)
- 38c1513a fix: remove a patch number from the recommendation link (#2891)
- ba29ce64 fix: enable parsing of UUID-only rekor entry ID (#2887)
- 018eda61 docs(sbom): add SPDX scanning (#2885)
- 20f1e599 docs: restructure docs and add tutorials (#2883)
- 192fd78c feat(sbom): scan sbom attestation in the rekor record (#2699)
- 597836c3 feat(k8s): support outdated-api (#2877)
- 6c7bd67c chore(deps): bump github.com/moby/buildkit from 0.10.3 to 0.10.4 (#2815)
- 41270434 fix(c): support revisions in Conan parser (#2878)
- b677d7e2 feat: dynamic links support for scan results (#2838)
- 8e03bbb4 chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 (#2818)
- 27005c7d docs: update archlinux commands (#2876)
- b6e394dc feat(secret): add line from dockerfile where secret was added to secret result (#2780)
- 9f6680a1 feat(sbom): Add unmarshal for spdx (#2868)
- db0aaf18 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#2827)
- bb3220c3 fix: revert asff arn and add documentation (#2852)
- c51f2b82 docs: batch-import-findings limit (#2851)
- 552732b5 chore(deps): bump golang from 1.19.0 to 1.19.1 (#2872)
- 3165c376 feat(sbom): Add marshal for spdx (#2867)
- dac2b4a2 build: checkout before setting up Go (#2873)
- 39f83afe chore: bump Go to 1.19 (#2861)
- 0ce95830 docs: azure doc and trivy (#2869)
- 2f379616 fix: Scan tarr'd dependencies (#2857)
- db14ef3c chore(helm): helm test with ingress (#2630)
- acb65d56 feat(report): add secrets to sarif format (#2820)
- a18cd7c0 chore(deps): bump azure/setup-helm from 1.1 to 3.3 (#2807)
- 2de903ca refactor: add a new interface for initializing analyzers (#2835)
- 63c3b8ed chore(deps): bump github.com/aws/aws-sdk-go from 1.44.77 to 1.44.92 (#2840)
- 6717665a fix: update ProductArn with account id (#2782)
- 41a84967 feat(helm): make cache TTL configurable (#2798)
- 0f1f2c1b build(): Sign releaser artifacts, not only container manifests (#2789)
- b389a6f4 chore: improve doc about azure devops (#2795)
- 9ef9fce5 chore(deps): bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#2804)
- 7b3225d0 chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.16.11 to 1.16.14 (#2828)
- 37733edc chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#2825)
- 44d7e8dd docs: don't push patch versions (#2824)
- 4839075c feat: add support for conan.lock file (#2779)
- 6b4ddaae feat: cache merged layers
- a18f398a chore(deps): bump helm/chart-testing-action from 2.2.1 to 2.3.0 (#2805)
- 4dcce140 chore(deps): bump actions/cache from 3.0.5 to 3.0.8 (#2806)
- db454471 chore(deps): bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 (#2811)
- a246d0f2 chore(deps): bump github.com/aquasecurity/table from 1.7.2 to 1.8.0 (#2810)
- 1800017a chore(deps): bump github.com/samber/lo from 1.27.0 to 1.27.1 (#2808)
- 218e41a4 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.22.0 to 2.23.0 (#2814)
- a000adee feat: add support for gradle.lockfile (#2759)
- 43113bc0 chore(mod): updates wazero to 1.0.0-pre.1 #2791
- 5f0bf144 feat: move file patterns to a global level to be able to use it on any analyzer (#2539)
- 2580ea15 Fix url validaton failures (#2783)
- 2473b2c8 fix(image): add logic to detect empty layers (#2790)
- 9d018d44 feat(rust): add dependency graph from Rust binaries (#2771)
trivy
- v0.31.3
Published by aqua-bot about 2 years ago
Changelog
- db67f16a fix: handle empty OS family (#2768)
- 77616beb fix: fix k8s summary report (#2777)
- fcccfced fix: don't skip packages that don't contain vulns, when using --list-all-pkgs flag (#2767)
- 8bc215cc chore: bump trivy-kubernetes (#2770)
- d8d8e627 fix(secret): Consider secrets in rpc calls (#2753)
- b0e89d4c fix(java): check depManagement from upper pom's (#2747)
- da6f1b6f fix(php): skip
composer.lockinsidevendorfolder (#2718) - 2f2952c6 fix: fix k8s rbac filter (#2765)
- 8bc56bf2 feat(misconf): skipping misconfigurations by AVD ID (#2743)
- 9c1ce5af chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741)
- 3cd10b23 docs: add MacPorts install instructions (#2727)
- f369bd3e docs: typo (#2730)
trivy
- v0.31.2
Published by aqua-bot about 2 years ago
Changelog
- fefe7c4a fix: Correctly handle recoverable AWS scanning errors (#2726)
- 9c92e3d1 docs: Remove reference to SecurityAudit policy for AWS scanning (#2721)
trivy
- v0.31.1
Published by aqua-bot about 2 years ago
Changelog
- d343d13a fix: upgrade defsec to v0.71.7 for elb scan panic (#2720)
trivy
- v0.31.0
Published by aqua-bot about 2 years ago
Changelog
- 917f3888 fix(flag): add error when there are no supported security checks (#2713)
- aef02aa1 fix(vuln): continue scanning when no vuln found in the first application (#2712)
- ed1fa891 revert: add new classes for vulnerabilities (#2701)
- a5d4f7fb feat(secret): detect secrets removed or overwritten in upper layer (#2611)
- ddffb1b4 fix(cli): secret scanning perf link fix (#2607)
- bc85441f chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650)
- b259b25c feat: Add AWS Cloud scanning (#2493)
- f8edda84 docs: specify the type when verifying an attestation (#2697)
- 68794139 docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690)
- babfb174 fix(rpc): scanResponse rpc conversion for custom resources (#2692)
- 517d2e01 feat(rust): Add support for cargo-auditable (#2675)
- 01123854 feat: Support passing value overrides for configuration checks (#2679)
- 317a0266 feat(sbom): add support for scanning a sbom attestation (#2652)
- 390c256c chore(image): skip symlinks and hardlinks from tar scan (#2634)
- 63c33bfa fix(report): Update junit.tpl (#2677)
- de365c8e fix(cyclonedx): add nil check to metadata.component (#2673)
- 50db7da9 docs(secret): fix missing and broken links (#2674)
- e848e6d0 refactor(cyclonedx): implement json.Unmarshaler (#2662)
- df0b5e40 chore(deps): bump github.com/aquasecurity/table from 1.6.0 to 1.7.2 (#2643)
- 006b8a5c chore(deps): bump github.com/Azure/go-autorest/autorest (#2642)
- 8d10de8b feat(kubernetes): add option to specify kubeconfig file path (#2576)
- 169c55c6 docs: follow Debian's "instructions to connect to a third-party repository" (#2511)
- 9b218314 chore(deps): bump github.com/google/licenseclassifier/v2 (#2644)
- 94db37e5 chore(deps): bump github.com/samber/lo from 1.24.0 to 1.27.0 (#2645)
- d9838053 chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#2647)
- d8a95729 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.8 to 3.1.0 (#2646)
- 3ab30509 chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#2641)
- 75984f34 chore(deps): bump actions/cache from 3.0.4 to 3.0.5 (#2640)
- 525c2530 chore(deps): bump alpine from 3.16.0 to 3.16.1 (#2639)
- 5e327e41 chore(deps): bump golang from 1.18.3 to 1.18.4 (#2638)
- 469d771a chore(deps): bump github.com/aws/aws-sdk-go from 1.44.48 to 1.44.66 (#2648)
- 6bc8c87b chore(deps): bump github.com/open-policy-agent/opa from 0.42.0 to 0.43.0 (#2649)
- 6ab832d0 chore(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (#2651)
- 3a10497a feat(alma): set AlmaLinux 9 EOL (#2653)
- 55825d76 fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative dirs (#2636)
- 6bb0e4b0 test(misconf): add tests for misconf handler for dockerfiles (#2621)
- 44d53bed feat(oracle): set Oracle Linux 9 EOL (#2635)
- f396c677 BREAKING: add new classes for vulnerabilities (#2541)
- 3cd88abe fix(secret): add newline escaping for asymmetric private key (#2532)
- ea91fb91 docs: improve formatting (#2572)
- d0ca610a feat(helm): allows users to define an existing secret for tokens (#2587)
- d0ba59a4 docs(mariner): use tdnf in fs usage example (#2616)
- d7742b6c docs: remove unnecessary double quotation marks (#2609)
- 27027cf4 fix: Fix --file-patterns flag (#2625)
- c2a7ad5c feat(report): add support for Cosign vulnerability attestation (#2567)
- dfb86f41 docs(mariner): use v2.0 in examples (#2602)
- 946ce167 feat(report): add secrets template for codequality report (#2461)
trivy
- v0.30.4
Published by aqua-bot over 2 years ago
Changelog
- f9c17bd2 fix: remove the first arg when running as a plugin (#2595)
- cccfade3 fix: k8s controlplaner scanning (#2593)
- 5a655486 fix(vuln): GitLab report template (#2578)
trivy
- v0.30.3
Published by aqua-bot over 2 years ago
Changelog
- fa8a8ba7 fix(server): use a new db worker for hot updates (#2581)
- 769ed554 docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583)
- 5f9a963e docs: split commands to download db for different versions of oras (#2582)
- d93a9978 feat(report): export exitcode for license checks (#2564)
- f9be138a fix: cli can use lowercase for severities (#2565)
- c7f0bc92 fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)
- c2f37318 fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)
- 7b4f2dc7 fix: enable some features of the wasm runtime (#2575)
- 84677903 fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521)
- e1e02d78 docs(sbom): improve sbom attestation documentation (#2566)
trivy
- v0.30.2
Published by aqua-bot over 2 years ago
Changelog
- 80c7b916 fix(report): show the summary without results (#2548)
- 07c3ac4d fix(cli): replace '-' to '_' for env vars (#2561)
trivy
- v0.30.1
Published by aqua-bot over 2 years ago
Changelog
- 9da45f7b chore: remove a test repository (#2551)
- 6138f57b fix(license): lazy loading of classifiers (#2547)
- 2cbe8dfe fix: CVE-2022-1996 in Trivy (#2499)
- e393ce14 docs(sbom): add sbom attestation (#2527)
- ae5a2d06 feat(rocky): set Rocky Linux 9 EOL (#2543)
- f8dd6165 docs: add attributes to the video tag to autoplay demo videos (#2538)
- 63cbbd07 fix: yaml files with non-string chart name (#2534)
- 6d015d32 fix: skip dirs (#2530)
- 30c9f90b feat(repo): add support for branch, commit, & tag (#2494)
- 783e7cfe fix: remove auto configure environment variables via viper (#2526)
trivy
- v0.30.0
Published by aqua-bot over 2 years ago
Changelog
- 45dae7c2 fix: separating multiple licenses from one line in dpkg copyright files (#2508)
- 469028dc fix: change a capital letter for
plugin uninstallsubcommand (#2519) - ae9ba340 fix: k8s hide empty report when scanning resource (#2517)
- 783cf6fe refactor: fix comments (#2516)
- 603825a4 fix: scan vendor dir (#2515)
- a3a66df0 feat: Add support for license scanning (#2418)
- bb06f6f8 chore: add owners for secret scanning (#2485)
- 6b501219 fix: remove dependency-tree flag for image subcommand (#2492)
- 57192bd5 fix(k8s): add shorthand for k8s namespace flag (#2495)
- 9f8685c1 docs: add information about using multiple servers to troubleshooting (#2498)
- ed322ac6 ci: add pushing canary build images to registries (#2428)
- 8d4dba02 chore(deps): bump github.com/open-policy-agent/opa from 0.41.0 to 0.42.0 (#2479)
- a6685b1b feat(dotnet): add support for .Net core .deps.json files (#2487)
- 56265a9b feat(amazon): add support for 2022 version (#2429)
- c6f68e36 Type correction bitnami chart (#2415)
- 6ae4b360 chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.1.1 to 2.1.2 (#2449)
- 6def8634 chore(deps): bump github.com/aquasecurity/table from 1.5.1 to 1.6.0 (#2446)
- e98bde33 docs: add config file and update CLI references (#2489)
- 736e3f11 feat: add support for flag groups (#2488)
- 5b7e0a85 refactor: move from urfave/cli to spf13/cobra (#2458)
- 7699153c fix: Fix secrets output not containing file/lines (#2467)
- a70fd758 fix: clear output with modules (#2478)
- e99bf302 chore(deps): bump github.com/mailru/easyjson from 0.7.6 to 0.7.7 (#2448)
- 64854fc8 docs(cbl): distroless 1.0 supported (#2473)
- e77cfd64 fix: Fix example dockerfile rego policy (#2460)
- e778ac3e fix(config): add helm to list of config analyzers (#2457)
- aedcf5b5 feat: k8s resouces scan (#2395)
- 5b821d3b feat(sbom): add cyclonedx sbom scan (#2203)
- f0720f3c chore(deps): bump wazero to latest main (#2436)
- 581fe1ed chore(deps): bump github.com/stretchr/testify from 1.7.3 to 1.8.0 (#2444)
- 7a4e0687 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.21.0 to 2.22.0 (#2445)
- 422b0fc0 chore(deps): bump sigstore/cosign-installer from 2.3.0 to 2.4.1 (#2442)
- 260756d5 chore(deps): bump actions/setup-python from 3 to 4 (#2441)
- 9b220359 chore(deps): bump github.com/Azure/azure-sdk-for-go (#2450)
- c96090ca docs: remove links to removed content (#2431)
- 14be70aa ci: added rpm build for rhel 9 (#2437)
- 71980fec fix(secret): remove space from asymmetric private key (#2434)
- d94df3d9 chore(deps): bump actions/cache from 3.0.2 to 3.0.4 (#2440)
- d2132230 chore(deps): bump helm/kind-action from 1.2.0 to 1.3.0 (#2439)
- 8e0c5373 chore(deps): bump golang from 1.18.2 to 1.18.3 (#2438)
- 005d0243 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.25 to 1.44.46 (#2447)
- 7de7a1f8 test(integration): fix golden files for debian 9 (#2435)
- f6453465 fix(cli): fix version string in docs link when secret scanning is enabled (#2422)
- 16409496 refactor: move CycloneDX marshaling (#2420)
- 6be6f74d docs(nodejs): add docs about pnpm support (#2423)
- ac2fdc87 docs: improve k8s usage documentation (#2425)
- fe2ae8ed feat: Make secrets scanning output consistant (#2410)
- 0ed39fc8 ci: create canary build after main branch changes (#1638)
- 7111301f fix(misconf): skip broken scans (#2396)
- c36a373d feat(nodejs): add pnpm support (#2414)
- e060026e fix: Fix false positive for use of COS images (#2413)
- 8d03e5af eliminate nerdctl dependency (#2412)
- 938c0d18 Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)
- 6e8b50ed fix(go): no cast to lowercase go package names (#2401)
- 4a197efc BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408)
- e2c3bc41 fix(server): hot update the db from custom repository (#2406)
- 57ed5774 feat: added license parser for dpkg (#2381)
- 4656850c chore(helm): bump appVersion to latest release (#2397)
- c537c91d fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400)
- ee58d53f feat: extract stripe publishable and secret keys (#2392)
- 776ef1a3 feat: rbac support k8s sub-command (#2339)
- 6ed789e8 feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390)
- bc27198d docs: Updating README with new CLI command (#2359)
- 4c35084f fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383)
- 394c9481 chore: add integration label and merge security label (#2316)
trivy
- v0.29.2
Published by aqua-bot over 2 years ago
Changelog
- 6b515bc7 chore: skip Visual Studio Code project folder (#2379)
- 25416ae6 fix(helm): handle charts with templated names (#2374)
- 85cca559 docs: redirect operator docs to trivy-operator repo (#2372)
- b944ac62 Merge pull request #2356 from aquasecurity/liamg-merge-fanal-magic-attempt-2
- 9809a07b fix(secret): use secret result when determining Failed status (#2370)
- e9831cec try removing libdb-dev
- 04c01f62 run integration tests in fanal
- 86e19bb6 use same testing images in fanal
- 484ddd89 feat(helm): add support for trivy dbRepository (#2345)
- 9e7404e7 fix: Fix failing test due to deref lint issue
- 85c6529c test: Fix broken test
- 6c983cbf fix: Fix makefile when no previous named ref is visible in a shallow clone
- 1ac4fd8a chore: Fix linting issues in fanal
- 094db23a refactor: Fix fanal import paths and remove dotfiles
- b6f615b5 refactor: Merge fanal into Trivy
- 6765c77c Merge pull request fanal#566 from chen-keinan/chore/bump-fanal-version
- 644ada12 chore: bump defsec version v0.68.1
- a9ddb39d fix(secrets): added allow rule for examples (fanal#565)
- 8d13f3da feat: support rbac scanner and type (fanal#563)
- c0ad4f70 chore(deps): updated go-dep-parser (fanal#556)
- a6f4ab37 chore(deps): bump github.com/Azure/go-autorest/autorest/adal (fanal#543)
- 8ae754a7 Add custom resources in fs scanning and add deregister analyzers (fanal#564)
- decad9b4 Support get local image by containerd (fanal#348)
- 9c531904 chore(deps): update defsec (fanal#558)
- df669592 Bump go-rpmdb (fanal#553)
- 74fcd3f8 feat(mariner): added support for CBL-Mariner Distroless v2.0 (fanal#552)
- d523424f feat(npm): calculate indirect libraries (fanal#557)
- 42267f94 refactor: remove unused field
imageNamefrom integration test (fanal#555) - 1343996f chore(deps): bump github.com/urfave/cli/v2 from 2.6.0 to 2.8.1 (fanal#544)
- 8a877c5b chore(deps): bump github.com/Azure/azure-sdk-for-go (fanal#545)
- 59f1a04b chore(deps): bump github.com/samber/lo from 1.19.0 to 1.21.0 (fanal#546)
- d5a62c9a test: use images in GHCR for integration tests (fanal#554)
- 96ce2db9 refactor: do not import defsec in types package (fanal#537)
- 6c25b832 fix: support for helm chart *.tar.gz (fanal#551)
- 43997f33 feat(types): add Ref to package (fanal#540)
- 64c91249 chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (fanal#541)
- 7baccf20 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.18.0 to 2.21.0 (fanal#547)
- 7dd7e2ba chore(deps): bump github.com/aws/aws-sdk-go from 1.44.5 to 1.44.25 (fanal#548)
- f5e655e2 feat: adding helm support (fanal#534)
- df47d1be refactor(deps): move dependencies to package (fanal#535)
- ef8d7735 fix(secrets): AsymmetricPrivateKeys use only base64 characters (fanal#539)
- 24005c3e chore(deps): bump github.com/testcontainers/testcontainers-go from 0.12.0 to 0.13.0 (fanal#502)
- 193680b1 chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.6.0 (fanal#517)
- 22db37e9 fix(secrets): added leading slash for file paths extracted from image (fanal#525)
- 894fa251 chore(deps): Update defsec to v0.58.2 (fixes false positives in ksv038) (fanal#533)
- 94f999ec perf(misconf): Update defsec to v0.58.1 to optimise result creation for very large files (fanal#532)
- 7a844389 chore(deps): Update defsec to v0.58.0 (fanal#530)
- 898aaaa1 Merge pull request fanal#529 from aquasecurity/owenr-remove-highlighting-from-results
- c8682b55 fix: update defsec and fix tests accordingly
- f776a91d chore(deps): update defsec
- 267adde7 fix: remove Highlighted from json output
- 95285015 chore(deps): Update defsec to v0.57.6 (fanal#528)
- 0911eea9 chore(deps): Update defsec to v0.57.5 (remove commercial rego rules) (fanal#527)
- cc5d76b4 chore(deps): bump github.com/Azure/azure-sdk-for-go (fanal#518)
- be3993b6 fix(secrets): skip aws secrets of greater length (fanal#514)
- 3487accd chore(deps): Update defsec to v0.57.3 for improved syntax highlighting (fanal#524)
- c8e07a4b chore(deps): Update defsec to v0.56.2 (fanal#523)
- 4249a1ca Pom modules (fanal#511)
- 52934d23 feat: Add causal code to misconfig results (fanal#522)
- 329f071b chore(deps): Update defsec for 'builtin' namespaced rego policies (fanal#521)
- 154ccc6e chore(deps): Update defsec to v0.55.5 (adds freebsd support) (fanal#520)
- 49cfa08d fix(handler): import go mod handler (fanal#519)
- bcc02182 feat: add post handler (fanal#460)
- 5feabc10 chore(deps): bump github.com/aws/aws-sdk-go from 1.43.31 to 1.44.5 (fanal#512)
- fa03e9e9 chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (fanal#506)
- 6d8ae195 feat(lang): add parent dependencies (fanal#459)
- d137df24 feat(analyzer): more general support for os-release (fanal#470)
- d08f3dfd refactor(secret): allow list match with secret subgroups (fanal#510)
- 346496f9 chore(deps): bump github.com/Azure/go-autorest/autorest (fanal#509)
- 2e870836 chore(deps): bump github.com/samber/lo from 1.15.0 to 1.19.0 (fanal#505)
- 4066b57a chore(deps): bump actions/setup-go from 2 to 3 (fanal#499)
- 1f5b2625 feat(secret): add default secret severity (fanal#497)
- eb0da23d chore(analyzer): added array of config file analyzers (fanal#498)
- 4f9e46c8 chore(deps): update defsec for fix CVE-2022-27191 inside x/crypto (fanal#495)
- 1a6d9cb1 feat(secret): truncate matched line if it is long (fanal#494)
- acaa8dd0 fix(go.mod): fixed panic for gomod without version (fanal#492)
- db6eb9a1 feat(secret): allow rubygems path (fanal#493)
- 1d1f8f91 refactor(secret): split a file including built-in rules (fanal#491)
- 04040b95 feat(secret): add enable-builtin-rules (fanal#488)
- 142d67f2 feat(secret): more builtin aws rules (fanal#489)
- 34de675d feat(redis): support TTL (fanal#480)
- 4dd57321 feat(hook): skip system installed Go binaries (fanal#481)
- 1e788040 fix(hook/gomod): check if gosum is nil (fanal#487)
- ca57d318 fix(secret): take only config file name (fanal#486)
- 03b16ea0 feat(secret): check if the config file exists (fanal#485)
- bec2e29c feat(secret): ignore the secret config file (fanal#484)
- b4ddc80c feat(image): disable secret scanning in base layers (fanal#483)
- 2061873f fix(secret): end line number is the same as start line number (fanal#482)
- 254a96e1 feat: add secret scanning (fanal#431)
- dff5dcea fix(analyzer): ignore permission errors (fanal#477)
- c7e8d201 chore: disable benchmark (fanal#478)
- 471e7cd5 Add Containerfile to requiredFiles (fanal#475)
- 8cd97373 fix(deps): correct margin removal for empty lines inside defsec (fanal#471)
- 67004a2b fix(python): fixed panic when scan .egg archive (fanal#446)
- 528d07ef feat(alpine): add parsing /etc/apk/repositories file to get OS version (fanal#462)
- 065b3014 feat(golang): add support for go.mod (fanal#465)
- 0e28f7cc Merge pull request fanal#463 from aquasecurity/liamg-fix-owens-demo
- 910b8e60 fix: add filename to cf results
- 5f698476 fix(pom): merge multiple pom imports in a good manner (fanal#457)
- 3637c00b chore(deps): bump github.com/docker/docker (fanal#440)
- 8bdd3feb chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (fanal#442)
- 85351adf chore(deps): update BurntSushi/toml for fix runtime error (fanal#454)
- fbf50203 fix(iac): Added missing metadata to resolve Terraform scanning errors (fanal#455)
- 18fde603 feat(jar): allow setting Maven Central URL using environment variable (fanal#448)
- c2f38ee3 chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (fanal#434)
- a545e3af chore(deps): bump github.com/Azure/azure-sdk-for-go (fanal#438)
- c0391779 refactor(golang): use debug/buildinfo (fanal#453)
- 86e72c0a chore(ci): enable gofmt linter (fanal#452)
- 177826a4 chore: bump up Go to 1.18 (fanal#449)
- 133c8389 fix: Update defsec to v0.28.3 to fix panics (fanal#450)
- da3d5882 chore(deps): bump github.com/Azure/go-autorest/autorest (fanal#441)
- 9766c470 chore(deps): bump actions/checkout from 2 to 3 (fanal#432)
- db665721 chore(deps): bump github.com/aws/aws-sdk-go from 1.43.8 to 1.43.31 (fanal#445)
- c3e132ad refactor(cache messages): changed messages about missing Image and Layers in cache (fanal#447)
- b194140c chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (fanal#437)
- d0487913 chore(deps): bump github.com/Azure/azure-sdk-for-go (fanal#409)
- 005fe25c Merge pull request fanal#429 from aquasecurity/owenr-fix-issue-no-filename
- aac7cf57 fix: catch results where the filename is not specified
- fe1f9c91 chore(deps): bump github.com/GoogleCloudPlatform/docker-credential-gcr (fanal#360)
- 9e3709fb feat(cache): add DeleteBlobs to ArtifactCache (fanal#426)
- ee54733e chore(deps): bump github.com/testcontainers/testcontainers-go from 0.11.1 to 0.12.0 (fanal#375)
- e9134339 fix(docker): getting an image by ID or a name with tag (fanal#425)
- 483697b4 feat(walker): export default skip variables (fanal#418)
- dcadfa88 fix(filter-hook): systemfiles filter for custom resources (fanal#419)
- bfd6eef9 Merge pull request fanal#421 from aquasecurity/owenr-defend-npe-issues
- 69be9851 chore: update tfsec and defsec
- 4d625c21 feat(docker): add support for scanning docker image with ImageID (fanal#405)
- 7663c9f9 fix(hcl2json): fix panic in hcl2json (fanal#417)
- c3279fd9 Merge pull request fanal#416 from aquasecurity/dependabot/go_modules/github.com/aquasecurity/tfsec-1.5.0
- 7443cba9 Merge branch 'main' into dependabot/go_modules/github.com/aquasecurity/tfsec-1.5.0
- 49301ccf Merge pull request fanal#415 from aquasecurity/dependabot/go_modules/github.com/aquasecurity/defsec-0.14.0
- 6e222bd8 chore(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (fanal#408)
- 8c522a76 chore(deps): bump github.com/aquasecurity/tfsec from 1.4.1 to 1.5.0
- 7fe75d50 chore(deps): bump github.com/aquasecurity/defsec from 0.12.1 to 0.14.0
- 0e84c4dc fix(pom): keep an order of dependencies (fanal#413)
- 82d9d4b7 chore(deps): bump github.com/aws/aws-sdk-go from 1.42.51 to 1.43.8 (fanal#411)
- 525aadf1 fix(deps): correct handling a package name with a hyphen (fanal#407)
- b72fa66c Merge pull request fanal#406 from aquasecurity/owenr-update-iac-scanning
- f2e05d55 fix(hook): fix skip of language-specific files when scanning rootfs directory (fanal#380)
- 1e9376be chore: update the defsec and tfsec versions
- 0805e866 chore(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 (fanal#404)
- f8eb21d6 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.17.0 to 2.18.0 (fanal#383)
- ed006327 chore(deps): bump github.com/Azure/azure-sdk-for-go (fanal#389)
- 1277e211 chore(deps): bump github.com/Azure/go-autorest/autorest/azure/auth (fanal#386)
- 5c663d38 chore(deps): bump github.com/aws/aws-sdk-go from 1.42.30 to 1.42.51 (fanal#403)
- 411e5b8c chore(deps): bump github.com/open-policy-agent/opa from 0.36.1 to 0.37.2 (fanal#401)
- 32768850 chore(dependabot): set interval to monthly (fanal#399)
- b9a7fd15 feat(rpm): detect RPM databases in SQLite3 format (fanal#381)
- 98255296 fix(applier): modify apply layer to merge custom resources as well (fanal#369)
- 4310d51b refactor: rename quiet with no progress (fanal#392)
- c04a638d feat(mariner) add CBL-Mariner analyzer (fanal#387)
- ffb5c852 feat(analyzer): support Red Hat build info (fanal#151)
- 533498f4 feat(token): add azure token auth (fanal#371)
- 2768c280 chore: bump Go to 1.17 (fanal#379)
- 4e8832de chore(deps): bump github.com/open-policy-agent/opa from 0.36.0 to 0.36.1 (fanal#378)
- 4b610974 chore(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0 (fanal#376)
- c6daf1a8 chore(deps): bump go.uber.org/zap from 1.19.1 to 1.20.0 (fanal#358)
- d2a4db88 feat(java): add support PAR files (fanal#373)
- abf00556 chore(deps): bump github.com/docker/docker (fanal#363)
- 9806fa6f chore(deps): update hcl2json dependency (fanal#368)
- c4fdc40f fix(rpm): do not ignore installed files via third-party rpm (fanal#367)
- 1bb7e489 Allow to scan a single file (fanal#356)
- d0818558 chore(deps): bump github.com/open-policy-agent/opa from 0.34.0 to 0.36.0 (fanal#362)
- ab0cb4f7 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.16.0 to 2.17.0 (fanal#361)
- 49a72f21 feat: added insecure tls skip to scan repo (fanal#352)
- 0c8521a8 chore(deps): bump github.com/aws/aws-sdk-go from 1.42.0 to 1.42.30 (fanal#365)
- 89fa4a27 feat(analyzer): introduce analyzer group (fanal#340)
- 0d2edbfa fix: crash of handling compressed layers (fanal#354)
- 996961a3 fix(java/pom): ignore unsupported requirements (fanal#351)
- e9251fe0 feat(jar): mark JAR as individual packages (fanal#350)
- 965400a4 feat(java): support offline mode (fanal#349)
- 310dd3f5 fix(analyzer): improve performance (fanal#314)
- 91d4d9e3 feat(java): support pom.xml (fanal#346)
- 88094b11 chore(deps): bump github.com/moby/buildkit from 0.8.1 to 0.9.3 (fanal#347)
- c2872392 feat(jar): add file path (fanal#345)
- 0a173066 Also detect RPM databases in NDB format (fanal#341)
- c506f436 chore(deps): Update tfsec version (fanal#339)
- 7e09a9f8 fix: fixed skipFiles/skipDirs flags for relative path (fanal#342)
- f7333079 chore: removed old
tfsecdependencies. (fanal#337) - bb5abd4c Merge pull request fanal#336 from aquasecurity/owenr-update-tfsec-and-cfsec
- 18d683af Update code scanning dependencies
- 6793d654 fix(hooks): exclude go from filtering (fanal#332)
- 776f0ec1 ci(lint) : setup golangci-lint-action (fanal#256)
- 0523fbc6 allow suppressing the git clone output by setting the quiet option (fanal#335)
- 95afbb1a feat(repo): add authentication to git HTTP operation (fanal#253)
- 7d550ea0 fix(applier): fixed layer applications update (fanal#333)
- 1ac6e8ae chore: update go-dep-parser dependency to fix pip parsing issue (fanal#330)
- b640ef09 chore(dep): bump cfsec version from v0.0.11 to v0.0.12 (fanal#329)
- a688cdf7 feature(iac): Add location and resource to Results (fanal#328)
- 0abfcf53 Merge pull request fanal#327 from aquasecurity/owenr-bump-cfsec-version
- e0dfc37e fix the test for cfsec output
- 3f52e327 chore(deps): Bump cfsec version to get the resource
- 0dbcb834 chore(deps): bump github.com/docker/docker (fanal#315)
- 6ad9b255 chore(deps): bump github.com/aws/aws-sdk-go from 1.41.0 to 1.42.0 (fanal#325)
- 6726d125 Merge pull request fanal#321 from owenrumney/owenr-add-cfsec-support
- 41c0dbb7 Add Cloudformation analyzer
- 0d03242c add support for cfsec
- 8a6775ad fix(daemon): handle nil config (fanal#322)
- 2674ce89 chore(deps): bump github.com/aquasecurity/tfsec from 0.58.11 to 0.58.14 (fanal#307)
- 802cc6fb chore(deps): bump github.com/open-policy-agent/opa from 0.32.0 to 0.34.0 (fanal#319)
- b0de7fc6 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.15.1 to 2.16.0 (fanal#316)
- 223b1fd1 fix(yarn): support quoted version
- 0ad38f33 chore(deps): bump github.com/aws/aws-sdk-go from 1.40.49 to 1.41.0 (fanal#309)
- 894d6589 chore(deps): bump github.com/go-redis/redis/v8 from 8.11.3 to 8.11.4 (fanal#308)
- 7c72035b feat(javascript) : Add JavaScript const to support custom javascript analyser (fanal#304)
- 1829e365 refactor: add ctx object to analyser (fanal#303)
- d974076f refactor(types): merge LibraryInfo into Package (fanal#302)
- 5eb94f78 fix(artifact): remove default disabled analyzers (fanal#300)
- 173b3eb6 fix(config/yaml): support yaml files which incompatible with json spec (fanal#296)
- c80126ab feat(daemon): add more config fields (fanal#299)
- 7e9fd671 feat(applier/docker) aggregate jar result (fanal#298)
- b76899c3 fix(rpm): don't panic when parse source rpm name failed (fanal#297)
- a2b995a6 feat: skip files and dirs (fanal#284)
- 12463ce1 fix(oci): handling of complex image indexes (fanal#262)
- 9b781128 chore(deps): bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 (fanal#289)
- ad721cf1 Chore(dep): update the tfsec version (fanal#291)
- 96f7cc77 fix(go-binary): skip large files (fanal#294)
- 843813c0 feat(analyzer): add group consts (fanal#293)
- 94460305 chore(deps): bump golang.org/x/mod from 0.5.0 to 0.5.1 (fanal#290)
- f7329d0d chore(deps): bump github.com/aws/aws-sdk-go from 1.40.45 to 1.40.49 (fanal#287)
- b04be683 fix(configfile-metadata): Enriched configfile metadata with OS value (fanal#286)
- 791cf73b chore(deps): bump github.com/aws/aws-sdk-go from 1.40.37 to 1.40.45 (fanal#283)
- 92d1b61b fix(go/binary): ignore unrecognized exe error (fanal#282)
- 7f5b5a6a chore(deps): bump go.uber.org/zap from 1.19.0 to 1.19.1 (fanal#272)
- dd49885a fix(go/binary): check file mode (fanal#281)
- eec42da1 feat(analyzer): support AlmaLinux and Rocky Linux (fanal#193)
- 074587e2 fix(image): disable node.js analyzers depending on mode (fanal#279)
- 9a4e3b1f fix(applier): aggregate packages after merging layers (fanal#277)
- f76c8066 fix(filter): handle the leading slash (fanal#276)
- f21e5919 fix(image): do not use pointer for metadata (fanal#273)
- 1dce67f4 feat(image): add image metadata (fanal#227)
- 8020b0fc fix(ruby): add file path (fanal#269)
- fa57fce6 fix(filter): hardcode system files in Distroless (fanal#268)
- 08e9240e feat(python): support egg zip (fanal#267)
- 41c38375 feat(python): support egg format (fanal#266)
- 34c3c460 feat(dpkg): analyze installed files (fanal#265)
- bb20d894 feat(apk): analyze installed files (fanal#264)
- 62ccd794 feat(hook): add system file filter (fanal#263)
- 1c877da6 feat(image): revert size (fanal#261)
- ff9631b9 chore(deps): bump github.com/open-policy-agent/opa from 0.31.0 to 0.32.0 (fanal#260)
- 255bbe14 chore(deps): bump github.com/aws/aws-sdk-go from 1.40.27 to 1.40.37 (fanal#258)
- 6c11c0c5 feat(node): add package.json analyzer (fanal#225)
- 1ac15af6 feat(ruby): added new gemspec analyzer (fanal#226)
- 473fe3a4 feat: add hooks (fanal#254)
- b01a7b72 chore(deps): bump github.com/aws/aws-sdk-go from 1.40.22 to 1.40.27 (fanal#255)
- beaf8935 feat(python): add egg and wheel analyzer (fanal#223)
- 57eafb55 chore(deps): bump golang.org/x/mod from 0.4.2 to 0.5.0 (fanal#252)
- 6434945e chore(deps): bump go.uber.org/zap from 1.17.0 to 1.19.0 (fanal#244)
- fd1fbf9c chore(deps): bump github.com/alicebob/miniredis/v2 from 2.14.1 to 2.15.1 (fanal#246)
- 1352f0e9 chore(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1 (fanal#245)
- 9a5940ce chore(dependabot): change interval to weekly (fanal#251)
- 493a3834 chore(deps): bump github.com/aws/aws-sdk-go from 1.40.20 to 1.40.22 (fanal#250)
- 9763688e chore(deps): bump github.com/google/go-containerregistry from 0.1.2 to 0.6.0 (fanal#237)
- d4855d20 refactor: move lang-specific analzyers to lang dirs (fanal#249)
- 62083114 chore(deps): bump github.com/docker/docker (fanal#240)
- 02c4a514 chore(deps): bump github.com/go-redis/redis/v8 from 8.4.0 to 8.11.3 (fanal#238)
- fbce2901 chore(deps): bump github.com/aws/aws-sdk-go from 1.37.0 to 1.40.20 (fanal#239)
- ba0aeedf chore(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6 (fanal#241)
- 3ec380e5 chore(deps): bump github.com/open-policy-agent/opa from 0.25.2 to 0.31.0 (fanal#234)
- 0058bafd chore(deps): bump github.com/sosedoff/gitkit from 0.2.0 to 0.3.0 (fanal#235)
- 940367cf chore(deps): bump actions/setup-go from 1 to 2.1.3 (fanal#231)
- 78845b47 chore(deps): bump actions/checkout from 1 to 2 (fanal#232)
- d55c687c chore(ci) : Setup dependabot and fix security issues (fanal#228)
- e749817e test(nuget): sort libraries for consistency (fanal#230)
- 8eb30c2f Added a nuget config parser for packages.config (fanal#204)
- 0f8ac99d feat(python): add support for requirements.txt (fanal#219)
- 380c05ba feat(apk): capture license information (fanal#217)
- 4ca24d9a feat(rpm): capture license (fanal#218)
- e73d250a Layer size (fanal#210)
- adc7ecc1 feat(data) add eosl flag to OS (fanal#213)
- 81e4ab54 Update tfsec to v0.46.0 (fanal#208)
- 13823326 fix: disabled scanning of config files within containers (fanal#211)
- c8cfd72c feat(policy): add query and traces (fanal#207)
- 0e8ab4f8 feat(config): add external scanner (fanal#206)
- c0e4e47a refactor(config): define hcl2 parser (fanal#205)
- 9bad4c6c refactor(config): replace parsers (fanal#202)
- 8e8274ec feat(terraform): support additional metadata (fanal#201)
- 797fd088 feat(config): add additional fields to metadata (fanal#200)
- 5d54332b fix(policy): support empty string from exception rule (fanal#199)
- a922042d fix(policy/engine): upper severity (fanal#197)
- c3d58323 test(config): add sort test (fanal#196)
- 959c0768 fix(config/json): skip lock files (fanal#195)
- 8172518a fix(terraform): support severity of passed checks (fanal#194)
- 07a11744 fix(analyzer): unique analyzers (fanal#192)
- 3120d6c3 fix(policy/engine): uniq rule names (fanal#191)
- 67b72576 feat(config): support Terraform (fanal#190)
- cb66108f fix(config): change selector type (fanal#189)
- ac56d1c2 feat(artifact): add artifact type (fanal#185)
- 867eee84 fix(dockerfile): rename command to stages (fanal#188)
- 1ab6552f test(dockerfile): add multi-stage build (fanal#187)
- 60c5a04a feat: Support Google artifact registry (fanal#181)
- 2bb882fd feat(image): add uncompressed layer size (fanal#182)
- a0f5bdc8 fix(image): disable go.sum scanning (fanal#179)
- 4a2b1c09 fix(gomod): fix a panic (fanal#178)
- 6fd4c895 feat: support config (fanal#166)
- b2dd367f feat(go): added support of go.sum (fanal#175)
- 7141f20e Skipping directory is file is symlink (fanal#176)
- f6a678c6 fix(fs): skip dir (fanal#173)
- 3cf1f4c9 feat(golang): support binary (fanal#165)
- 27187933 feat(analyzer): limit the number of parallelism (fanal#172)
- 493a70b4 feat(config): support HCL files (fanal#158)
- b64a5262 feat(cache): introduce versioned keys (fanal#160)
- 1a53cbe3 feat(config): support Dockerfiles (fanal#161)
- 34f865d6 feat(config): support JSON files (fanal#159)
- 30fc5b97 feat(config): support TOML files (fanal#157)
- 059deda6 feat(cache): add analyzer versions (fanal#156)
- c813a60b feat(config): support YAML files (fanal#155)
- 907e6be7 feat(analyzer): disable analyzers (fanal#153)
- 4f9e5189 feat(library): support jar/war/ear (fanal#152)
- 4a10108d feat(image): support Podman (fanal#149)
- 3f358815 refactor(analyzer): pass file paths to analyzers (fanal#150)
- bac65cb7 feat(image): support RepoTags and RepoDigests (fanal#148)
- a20d4811 add support modularitylabel for rpm (fanal#147)
- 7da3f7e5 chore: migrate Travis CI to GitHub Actions (fanal#146)
- 42520f3e chore: migrate from master to main (fanal#145)
- b75c6c41 feat(cache): support Redis (fanal#143)
- da40228e fix(rpm): fill source package information (fanal#142)
- 91dc9541 feat: remove CGO (fanal#141)
- e17931c2 fix(main): import nuget (fanal#140)
- 8006d76f Feat: Created analyzer for NuGet lockfiles. (fanal#139)
- fde24872 Close open connections and files (fanal#135)
- b62ebec0 Fix: Support local cache of APK index (fanal#133)
- 66b9842a refactor(image): minor changes (fanal#134)
- fa1f1277 Support for scanning of an OCI image given a tag. (fanal#130)
- 3f64bd6b fix(alpine): add origin package as source package (fanal#131)
- c875ba59 Revert "Added skip_dir in image artifacts scan (fanal#128)" (fanal#129)
- 0bd41753 Added skip_dir in image artifacts scan (fanal#128)
- 80595dc4 Check status for dpkg package (fanal#127)
- ceb4e47e fix(apk): replace go-deb-version with go-apk-version (fanal#118)
- 4025117c Merge pull request fanal#122 from oranmoshai/fix/s3-head
- d56c477e fix(s3/cache): HeadObject bucketName was missing. Add unit testing
- 717f36c8 Fix/s3 cache (fanal#121)
- e8d06ba3 fix(cache/s3): take s3 client and prefix as args (fanal#116)
- 81390970 feat(cache): support options to pass S3 prefix (fanal#115)
- 4c77b764 feat: support local filesystem and remote git repository (fanal#107)
- a1e818ac refactor(cache): replace image and layer with artifact and blob (fanal#108)
- 81526ed0 Add S3 support for layer caching this will allow to save image result… (fanal#106)
- 83ff3fda feat(cache): add close function (fanal#104)
- aa4339ca analyzer: Send back package and apps info for unknown OS if found. (fanal#103)
- b22aebf8 feat(image): support registry token (fanal#102)
- 364cc862 feat(image): support OCI Image Format (fanal#101)
- 05ea7f42 fix: replace containers/image with google/go-containerregistry (fanal#96)
- 8b3289c8 Support settings apkIndexArchiveURL via env FANAL_APK_INDEX_ARCHIVE_URL (fanal#94)
- fc2f5ddb test(integration): add tests with TLS registry (fanal#99)
- 21e1ebf9 fix(bench): measure initializing structs (fanal#98)
- bf63cc7f feat: split ID into Digest and DiffID (fanal#97)
- 5d7149d6 feat(extractor): switch to layer ID of origin layer (fanal#93)
- c63e3aa5 integration: Add dockerless mode tests (fanal#81)
- 3ac50428 Change license to Apache 2.0 (fanal#92)
- 016f45e8 fix: Move check for rpm command to the parsePkgInfo method (fanal#90)
- 45ada28e fix(token): use the credential from enviroment variable (fanal#89)
- b0937b62 Add layer id info (merge to master) (fanal#88)
- bfa6e761 feat(cache): based on JSON (fanal#84)
- f0dc9fa7 Change library parse error log (fanal#85)
- 412209b0 test(bench): exclude master branch in GitHub Actions (fanal#82)
- 3d55fc5e test(integration/bench): wait for an image load and remove images after tests (fanal#86)
- 495332cc refactor: replace genuinetools/reg with containers/image (fanal#70)
- 285e1f1b integration: Fix filenames to not include the
:char (fanal#79) - d3979a0d Perf testing (fanal#72)
- c87f30c2 integration: Fanal as a library for tar mode (fanal#76)
- d3288159 integration: Add a test to use fanal as a library in Docker mode (fanal#66)
- ca5843ce Fix circular dependency for alpine apk index. (fanal#68)
- 1d57f7be Revert PR fanal#51 entirely (fanal#67)
- 68eb4c6c Revert part of fanal#51 (fanal#64)
- eaf9fa5e feat(cache): wrap kv cache (fanal#62)
- 60a75658 add aws session token (fanal#61)
- 78df35b5 Add photon support (fanal#59)
- 162fb42d Merge pull request fanal#57 from aquasecurity/switch-to-raw-encoding
- 7d0165c7 cache: Switch to Raw encoding.
- 7ef1e5f9 Cache: Save only required files (fanal#51)
- 94f9cf49 Add suse linux enterprise server support (fanal#55)
- bed0a0eb Add openSUSE Tumbleweed support
- 0c254184 Fix comment
- 306c551f Add suse
- 9c6b9a69 analyzer: Add tests for AnalyzeFile
- 2cb920d5 Using bufio reader for Stdin, otherwise the first 3 bytes are consumed and file gets "corrupted" (stdin is not seekable?)
- 9bf16ae1 Revert "change mod genuinetools/reg to vanilla (fanal#50)" (fanal#53)
- 3867fc71 cmd: Rebase on master and add SkipPing=true
- 3348a066 analyzer_test: Remove un-needed assertions
- 030687c9 analyzer: Rename struct
- a2736492 docker_test: Fix import order
- e6a79f7b docker: Accept interfaces, return structs
- 2c08d9d3 cmd: Fix import lines
- 673fc374 analyzer_test: Reduce cruft.
- 511e061c docker_test: Add a sample testdir.tar.gz
- 55e97e97 docker: Fix signature for downloadConfigFile()
- aac55275 docker: Fix getValidManifest() signature
- 9aea551d analyzer: Remove cruft.
- 72334df0 docker: extract downloadConfigFile
- 72e5ec70 docker: Extract extractLayerFiles
- 971269ba docker: Extract extractLayerWorker()
- 98341f1e docker_test: refactor getValidManifest
- 1e66346f docker_test: Add sad paths for Extract()
- e41cf574 docker_test: Add a happy path for Extract()
- 3813f904 gitignore: update gitignore
- 24c612e1 cache: Define an interface for cache, remove global state
- d993110d analyzer_test: Fix tests by fighting with global state
- e4b1b647 docker: Inject docker client
- a1ea9aee main: Update example of how to use fanal
- 3aca6b2d analyzer: Add another happy path with no docker and/or image
- a183360e analyzer_test: switch to table driven
- 7eb94404 analzyer_test: Add stronger assertions for extractFromFile
- 985442dc analyzer_test: Adding seams for testability
- 95e89a42 change mod genuinetools/reg to vanilla (fanal#50)
- 728ba00b fix docker reg with option SkipPing (fanal#48)
- 177a2b0a Add cache tests (fanal#46)
- f9907823 Update LICENSE (fanal#45)
- cf9d00df feat(library): ignore files under vendor dir (fanal#44)
- 9e8f0bb4 feat(image): support tar.gz image (fanal#40)
- 83f0e2b0 added markup and reference for code snippet in README (fanal#41)
- b318dec1 extractor/docker/docker.go: add parsing for tar.gz layers (fanal#26)
- 3841cf6d Check whether rpm is installed (fanal#39)
- cdeb41a5 Fix wrong break (fanal#38)
- 4a9f3d9a Bug fix: wrap nil err (fanal#37)
- d5d27292 Add error wrap (fanal#35)
- a5ed21ec Update Go to 1.13 (fanal#36)
- afcb7097 extract all files in target require filedirs (fanal#29)
- c9f8a854 Change error log (fanal#32)
- f9a8f804 skip scan composer.lock in vendor dir (fanal#34)
- a8380ab5 Transfer repositoriy (fanal#27)
- 430740f5 change reg version (fanal#25)
- cef12efc Improves package analysis errors usability (fanal#24)
- 3a38594c to be able add required files (fanal#22)
- 6c02a382 add Arch for amazon linux scan (fanal#21)
- 4e0c7fc2 Add poetry parser (fanal#19)
- dd938fd6 update go-dep-parser for yarn bugfix (fanal#18)
- e41f1802 Use go-deb-version for version validation (fanal#17)
- b7debf7f add yarn.lock parser (fanal#16)
- ce1f557c Include source package in the package struct (fanal#15)
- 9fa86c55 Replace slash with underscore (fanal#14)
- 89f6348b Analyze origin (fanal#13)
- faed25bf Analyze command (fanal#12)
- 856dd3a4 Add cargo analyzer (fanal#11)
- cb5b791d GetToken only run extractor/docker (fanal#10)
- 1211b105 add ecr test
- e9e2777c add gcr test
- 123ee182 fix reviewed point
- 224069af refact import cycle in docker package
- 5e96fa6a create types package
- d773f56a change var name : GCRCredPath -> GcpCredPath
- 48a3ac53 fix typo
- 1d2fe13f delete dockerhub register analyzer
- c8127c45 GetToken only run extractor/docker
- 2c3bf38c Cache the saved image (fanal#9)
- 1778abe4 Clear cache (fanal#8)
- c0563f81 Use local images when docker daemon exists (fanal#7)
- 028073bd merge ubuntu analyzer into debianbase analyzer (fanal#6)
- 8394568a Merge pull request fanal#5 from knqyf263/initial
- 1b5c3365 Revert "Initial commit (fanal#1)" (fanal#4)
- 808a6459 Initial commit (fanal#1)
- 05821edb Add rpm analyzer without rpm command
- e55ec73a Support library
- fefe8796 Merge pull request fanal#2 from knqyf263/add_analyzer
- bd57e642 update comment
- 66aac5d6 Add rpm
- f071cecd add soft link file path
- 6a2ca8f7 check OS
- 5529c839 ignore vendor
- 022b9485 continue package if no files found
- f9970158 update alpine os analyzer
- 76333a38 use no auth docker token
- ed8de8b1 fetch gcr container from credential
- e72e8693 Merge remote-tracking branch 'origin/initial' into add_analyzer
- f06501ea fix tmp : fix gcr bug on reg package
- e996e011 Add test
- f6fe06fd add tmp gcr
- 984ce9bd add rpm analyzer
- c7cf493e fix for merge
- 9916efbf Merge branch 'initial' into add_analyzer
- 0954e0f4 fix test
- c7208b3e Support private registry and use cache
- 262fee41 Pull image
- 9f32fd05 Update README
- 8065c4bf Analyze docker image
- 64d449ee add dpkg analyzer
- 68cb8ceb add apk analyzer
- ec2b20dc update
- 552c4de1 Initial commit
- 7b3bf986 Initial commit
trivy
- v0.29.1
Published by aqua-bot over 2 years ago
Changelog
- 6ce9404c fix(report): add required fields to the SARIF template (#2341)
- d6d0a60d chore: fix spelling errors (#2352)
- 6f103526 Omit Remediation if PrimaryURL is empty (#2006)
- 396e404e docs(repo): Link to installation documentation in readme shows 404 (#2348)
- 79e941df feat(alma): support for scanning of modular packages for AlmaLinux (#2347)
trivy
- v0.29.0
Published by aqua-bot over 2 years ago
Changelog
- cb76acbd fix(lang): fix dependency graph in client server mode (#2336)
- 3d2fc788 feat: allow expiration date for .trivyignore entries (#2332)
- 3e3c1195 feat(lang): add dependency origin graph (#1970)
- 685a92e0 docs: update nix installation info (#2331)
- 1e0b03d4 feat: add rbac scanning support (#2328)
- c9f9a9c9 refactor: move WordPress module to another repository (#2329)
- bcc231d3 ci: add support for ppc64le (#2281)
- 7cecade3 feat: add support for WASM modules (#2195)
- a02c06ba feat(secret): show recommendation for slow scanning (#2051)
- e8588123 fix(flag): remove --clear-cache flag client mode (#2301)
- 276daae6 fix(java): added check for looping for variable evaluation in pom file (#2322)
- 546e7bd6 BREAKING(k8s): change CLI API (#2186)
- b69c4de7 feat(alpine): add Alpine Linux 3.16 (#2319)
- 33b8521a docs: bump trivy-operator to v0.0.7 (#2320)
- 313ade33 ci: add
go mod tidycheck (#2314) - b331e771 chore: run
go mod tidy(#2313) - bfe5c6f1 fix: do not exit if one resource is not found (#2311)
- 363a3e40 feat(cli): use stderr for all log messages (resolve #381) (#2289)
- b213956c test: replace deprecated subcommand client in integration tests (#2308)
- efbc968c feat: add support for containerd (#2305)
- 9a601d49 fix(kubernetes): Support floats in manifest yaml (#2297)
- a589353b docs(kubernetes): dead links (#2307)
- f38f8d66 chore: add license label (#2304)
- 2b1de932 feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)
- 5423196f feat(helm): add pod annotations (#2272)
- 6fb47709 refactor: do not import defsec in fanal types package (#2292)
- 4d382a03 feat(report): Add misconfiguration support to ASFF report template (#2285)
- f1c6af31 test: use images in GHCR (#2275)
- 0977dfcd feat(helm): support pod annotations (#2265)
- 6b2cd7e8 feat(misconf): Helm chart scanning (#2269)
- 39127684 docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267)
- a17c3eec fix: mask redis credentials when logging (#2264)
- d8b59efe refactor: extract commands Runner interface (#2147)
- 60a81fcb chore(deps): bump alpine from 3.15.4 to 3.16.0 (#2234)
- c73650d9 chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.2 to 0.6.0 (#2245)
- 6cfdffda docs: update operator release (#2263)
- 510ce1a7 chore(deps): bump github.com/urfave/cli/v2 from 2.6.0 to 2.8.1 (#2243)
- 92c0452b feat(redhat): added architecture check (#2172)
- 1eb73f3f docs: updating links in the docs to work again (#2256)
- 270dc734 docs: fix readme (#2251)
- a6ff0d12 fix: fixed incorrect CycloneDX output format (#2255)
- 67d94774 chore(deps): bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.3 (#2241)
- 3e6dc377 chore(deps): bump github.com/samber/lo from 1.19.0 to 1.21.0 (#2242)
- 2dc5c915 chore(deps): bump goreleaser/goreleaser-action from 2 to 3 (#2240)
- 6daf62eb chore(deps): bump docker/setup-buildx-action from 1 to 2 (#2238)
- f9ee4943 chore(deps): bump docker/setup-qemu-action from 1 to 2 (#2236)
- c3e227b6 chore(deps): bump golang from 1.18.1 to 1.18.2 (#2235)
- ca390411 chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#2237)
- c6763616 chore(deps): bump docker/login-action from 1 to 2 (#2239)
- 126fe0ab chore(deps): bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#2246)
- f7d02538 refactor(deps): move dependencies to package (#2189)
- f982167c fix(report): change github format version to required (#2229)
- d3a73e4d docs: update readme (#2110)
- 5d5b93ed docs: added information about choosing advisory database (#2212)
- 36498501 chore: update trivy-kubernetes (#2224)
- 3c0e3547 docs: clarifying parts of the k8s docs and updating links (#2222)
- af5882bc fix(k8s): timeout error logging (#2179)
- 3d292134 chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)
- e18f38af feat(k8s): add --context flag (#2171)
- 0e937b53 fix(k8s): properly instantiate TableWriter (#2175)
- 911c5e97 test: fixed integration tests after updating testcontainers to v0.13.0 (#2208)
- 6fd1887e chore: update labels (#2197)
- 4059e94a fix(report): fixed panic if all misconf reports were removed in filter (#2188)
- 84af32a7 feat(k8s): scan secrets (#2178)
- 4ab696ea feat(report): GitHub Dependency Snapshots support (#1522)
- b7ec6425 feat(db): added insecure skip tls verify to download trivy db (#2140)
- 1e1ccbec fix(redhat): always use vulns with fixed version if there is one (#2165)
- 4ceae2a0 chore(redhat): Add support for Red Hat UBI 9. (#2183)
- 4e7e8426 fix(k8s): update trivy-kubernetes (#2163)
- 089d34e8 fix misconfig start line for code quality tpl (#2181)
- bfb0f2a1 fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)
trivy
- v0.28.1
Published by aqua-bot over 2 years ago
Changelog
- f1924312 docs(vuln): Include GitLab 15.0 integration (#2153)
- 4c6a866c docs: fix the operator version (#2167)
- 3ecc65d6 fix(k8s): summary report when when only vulns exit (#2146)
- 6b95d385 chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156)
- f6cfcaf1 perf(misconf): Improve performance when scanning very large files (#2152)
- 4b4a0c95 docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150)
- 6d79fcac chore(deps): Update fanal (for less verbose code in misconf results) (#2151)
- f8951f38 docs: fixed installation instruction for rhel/centos (#2143)
trivy
- v0.28.0
Published by aqua-bot over 2 years ago
Changelog
- afe32928 fix: remove Highlighted from json output (#2131)
- 3d23ad84 fix: remove trivy-kubernetes replace (#2132)
- 9822b408 docs: Add Operator docs under Kubernetes section (#2111)
- bb6ff851 fix(k8s): security-checks panic (#2127)
- 3bed96f0 ci: added k8s scope (#2130)
- 4a7544ca docs: Update misconfig output in examples (#2128)
- b7fc3dfc fix(misconf): Fix coloured output in Goland terminal (#2126)
- 89893a73 docs(secret): Fix default value of --security-checks in docs (#2107)
- dbba0bf1 refactor(report): move colorize function from trivy-db (#2122)
- 3ef450d9 feat: k8s resource scanning (#2118)
- f4ec4e74 chore: add CODEOWNERS (#2121)
- 96a5cb10 feat(image): add
--serveroption for remote scans (#1871) - 023e09e3 refactor: k8s (#2116)
- b3759f54 refactor: export useful APIs (#2108)
- dbf4b2de docs: fix k8s doc (#2114)
- 2ae8faa7 feat(kubernetes): Add report flag for summary (#2112)
- 5f004f03 fix: Remove problematic advanced rego policies (#2113)
- 3679bc35 feat(misconf): Add special output format for misconfigurations (#2100)
- 029dd76c feat: add k8s subcommand (#2065)
- a39133a1 chore: fix make lint version (#2102)
- 995024f1 fix(java): handle relative pom modules (#2101)
- c9f9a346 fix(misconf): Add missing links for non-rego misconfig results (#2094)
- 5a58e414 feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
- fbb83c42 chore(deps): bump trivy-issue-action to v0.0.4 (#2091)
- 8a4b49ca chore(deps): bump github.com/twitchtv/twirp (#2077)
- 7ba773f2 chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074)
- bd94618b chore(os): updated fanal version and alpine distroless test (#2086)
- fa5dcaf8 chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075)
- 2c577163 chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076)
- 6601d295 feat(report): add support for SPDX (#2059)
- 6e2453c2 chore(deps): bump actions/setup-go from 2 to 3 (#2073)
- 7c94df53 chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071)
- 8c33bae5 chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069)
- 2cdacc15 chore(deps): bump actions/stale from 4 to 5 (#2070)
- 9acb240f chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072)
- 4b193b47 chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#2079)
- 79d1a016 chore: app version 0.27.0 (#2046)
- c1b4b5be fix(misconf): added to skip conf files if their scanning is not enabled (#2066)
- bbe490b1 docs(secret) fix rule path in docs (#2061)
- 78286aaf docs: change from go.sum to go.mod (#2056)
trivy
- v0.27.1
Published by aqua-bot over 2 years ago
Changelog
- 55f29b8f chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (#1926)
- b6baa65f refactor(fs): scanner options (#2050)
- 4b8e0ec2 feat(secret): truncate long line (#2052)
- cf78a436 docs: fix a broken bullets (#2042)
- f8c2ced3 feat(ubuntu): add 22.04 approx eol date (#2044)
- 84c19942 docs: update installation.md (#2027)
- bdf55e16 docs: add Containerfile (#2032)
trivy
- v0.27.0
Published by aqua-bot over 2 years ago
Changelog
- 9fd86da3 fix(go): fixed panic to scan gomod without version (#2038)
- fbc9030d docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
- e2a31abd feat(secret): support enable rules (#2035)
- 708a7a71 chore: app version 26.0 (#2030)
- e000329e docs(secret): add a demo movie (#2031)
- e1273346 feat: support cache TTL in Redis (#2021)
- 3870515a fix(go): skip system installed binaries (#2028)
- 4e6389af fix(go): check if go.sum is nil (#2029)
- 5f047f97 feat: add secret scanning (#1901)
- 07005864 chore: gh publish only with push the tag release (#2025)
- 1f393c12 fix(fs): ignore permission errors (#2022)
- 110c5340 test(mod): using correct module inside test go.mod (#2020)
- 525e2685 feat(server): re-add proxy support for client/server communications (#1995)
- 9898ac92 fix(report): truncate a description before escaping in ASFF template (#2004)
- 453a1edf fix(cloudformation): correct margin removal for empty lines (#2002)
- 407f3b66 fix(template): correct check of old sarif template files (#2003)
Package Rankings
Top 8.76% on Formulae.brew.sh
Top 4.17% on Alpine-edge
Top 0.47% on Proxy.golang.org
Badges
Extracted from project README
