trivy

Changelog

• a0047a79 feat(alpine): warn mixing versions (#2000)
• d786655a Update ASFF template (#1914)
• a02cf651 chore(deps): replace containerd/containerd version to fix CVE-2022-23648 (#1994)
• 613e38cc chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)
• 3b6d65be test(go): add integration tests for gomod (#1989)
• 22f5b938 fix(python): fixed panic when scan .egg archive (#1992)
• 485637c2 fix(go): set correct go modules type (#1990)
• 6fdb554a feat(alpine): support apk repositories (#1987)
• d9bddb90 docs: add CBL-Mariner (#1982)
• 1cf1873f docs(go): fix version (#1986)
• d77dbe8a feat(go): support go.mod in Go 1.17+ (#1985)
• 32bd1e48 ci: fix URLs in the PR template (#1972)
• 94a5a180 ci: add semantic pull requests check (#1968)
• 72d94b21 docs(issue): added docs for wrong detection issues (#1961)

Changelog

• b4a7d6a8 docs: move CONTRIBUTING.md to docs (#1971)
• 0127c1d3 refactor(table): use file name instead package path (#1966)
• a92da722 fix(sbom): add --db-repository (#1964)
• b0f3864e feat(table): add PkgPath in table result (#1960)
• 0b1d32c1 fix(pom): merge multiple pom imports in a good manner (#1959)

Changelog

• d4e3df81 fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)
• 7e48cc1f fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
• c9efa8c4 fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)
• 52b71542 feat(jar): allow setting Maven Central URL using environment variable (#1939)
• 21f7a41b chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
• ff2b3d17 chore(chart): remove version comments (#1933)

Changelog

• 9c19298f fix(downloadDB): add flag to server command (#1942)

Changelog

• aa3d6966 fix(misconf): update defsec to resolve panics (#1935)
• 31e76699 chore(deps): bump github.com/docker/docker (#1924)
• 4ca35b26 docs: restructure the documentation (#1887)
• 8da45480 chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)
• 76e9d7eb chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)
• 2b217a3b chore(deps): bump actions/checkout from 2 to 3 (#1916)
• 902aa8ce chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921)
• 60b19e5e chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)
• 58aab679 chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)
• 209b9cc2 chore(deps): bump golang from 1.17 to 1.18.0 (#1915)
• bfb931d4 Add trivy horizontal logo (#1932)
• ae86a5b1 chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)
• 1a23039e chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925)
• 56498ca1 chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)
• 02105678 feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)

Changelog

• 4470a181 docs(filter vulnerabilities): fix link (#1880)
• cb171ead feat(template) Add misconfigurations to gitlab codequality report (#1756)
• 36e24b18 fix(rpc): add PkgPath field to client / server mode (#1643)
• 88311745 fix(vulnerabilities): fixed trivy-db vulns (#1883)
• 9154b819 feat(cache): remove temporary cache after filesystem scanning (#1868)
• f36d9b6f feat(sbom): add a dedicated sbom command (#1799)
• 7a148089 feat(cyclonedx): add vulnerabilities (#1832)
• df80fd31 fix(option): hide false warning about remote options (#1865)
• 88ebc075 chore: bump up Go to 1.18 (#1862)
• d6418cf0 feat(filesystem): scan in client/server mode (#1829)
• 12d0317a refactor(template): remove unused test (#1861)
• c3aca152 fix(cli): json format for trivy version (#1854)
• b2b68951 docs: change URL for tfsec-checks (#1857)

Changelog

• 06659f15 fix(docker): Getting images without a tag (#1852)
• a91cc50d docs(gitlab-ci): Use environment variables TRIVY_CACHE_DIR and TRIVY_NO_PROGRESS (#1801)

Changelog

• 4b8bf874 chore(issue labels): added new labels (#1839)
• 5040caef refactor: clarify db update warning messages (#1808)
• 28cd5a55 chore(ci): change trivy vulnerability scan for every day (#1838)
• b2f554eb feat(helm): make Trivy service name configurable (#1825)
• 7a44a7a3 chore(deps): updated sprig to version v3.2.2. (#1814)
• 18842fbe chore(deps): updated testcontainers-go to version v0.12.0 (#1822)
• 12ca3ca6 docs: add packages.config for .NET (#1823)
• 728a3db6 build: sign container image (#1668)
• 4e7b5ca3 chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.4.0 to 0.5.0 (#1778)
• 0fca2cda docs: fix Installation documentation (#1804)
• e50839bb fix(report): ensure json report got a final new line (#1797)
• f95a0f0d fix(terraform): resolve panics in defsec (#1811)
• e5bf3d1e feat(docker): Label images based on OCI image spec (#1793)
• 2193fb3c fix(helm): indentation for ServiceAccount annotations (#1795)
• bbccb5a6 fix(hcl): fix panic in hcl2json (#1791)
• a625455f chore(helm): remove psp from helm manifest (#1315)
• 7e69f482 build: Replace make protoc with for loop to return an error (#1655)
• f6c986b6 fix: ASFF template to match ASFF schema (#1685)
• aab6f0bf feat(helm): Add support for server token (#1734)

Changelog

eebf9c8f fix(pom): keep an order of dependencies (#1784)
971092b8 chore: bump up Go to 1.17 (#1781)
2f2d8222 chore(deps): bump actions/setup-python from 2 to 3 (#1776)
a2afd6e6 chore(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (#1777)

Docker images

• docker pull aquasec/trivy:0.24.2
• docker pull ghcr.io/aquasecurity/trivy:0.24.2
• docker pull public.ecr.aws/aquasecurity/trivy:0.24.2

Changelog

a423b993 fix(python): correct handling pip package names with a hyphen (#1771)
a069ad78 doc(docker): fix command to run trivy with docker on linux (#1761)
015055e1 feat(helm): Add support for custom labels (#1767)
cbaa3639 chore(helm): bump chart to trivy 0.24.0 (#1762)
bec02f09 docs: remove erroneous command (#1763)

Docker images

• docker pull aquasec/trivy:0.24.1
• docker pull ghcr.io/aquasecurity/trivy:0.24.1
• docker pull public.ecr.aws/aquasecurity/trivy:0.24.1

Changelog

d7f8b92a chore(deps): bump github.com/spf13/afero from 1.6.0 to 1.8.1 (#1708)
59ea0d57 fix(option): warn list-all-pkgs only with the table format (#1755)
c788676f feat(option): warn "--list-all-pkgs" with "--format table" (#1632)
58ade462 feat(report): add support for CycloneDX (#1081)
77cab6e0 chore(deps): update the defsec and tfsec versions (#1747)
2ede15d3 fix(scanner): fix skip of language-specific files when scanning rootf… (#1751)
d266c749 chore(deps): bump github.com/google/wire from 0.4.0 to 0.5.0 (#1712)
4423396b feat(report): considering App.Writer when printing results (#1722)
356ae30c chore(deps): replace satori version and skipping examples folder (#1745)
477dc7d5 build: add s390x container images (#1726)
89b8d7ff feat(template) Add misconfigurations to junit report (#1724)
219b71b4 chore(deps): bump github.com/twitchtv/twirp (#1709)
aa6e1eb6 feat(client): configure TLS InsecureSkipVerify for server connection (#1287)
de6c3cbb fix(rpc): Supports RPC calls for new identifier CustomResource (#1605)
b7d4d1ea chore(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 (#1705)
e6c029d0 chore(deps): bump github.com/caarlos0/env/v6 from 6.0.0 to 6.9.1 (#1707)
ec6cb1a6 feat(helm): Parameterise ServiceAccount annotations (#1677)
7dfc16cf chore(deps): bump github.com/hashicorp/go-getter from 1.5.2 to 1.5.11 (#1710)
42d8fd66 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.3 to 3.0.8 (#1704)
c3ef2035 chore(deps): bump github.com/open-policy-agent/opa from 0.36.1 to 0.37.2 (#1711)
274103e8 chore(dependabot): enable gomod monthly (#1699)
e618d83d fix(gitlab tpl): escape double quote (#1635)
3b0b2ed4 build: Make make protoc be consistent (#1682)
5c8d0983 feat(purl): add generate purl package utilities (#1574)
11f4f811 refactor: move result structs under types (#1696)
6db2092c feat(mariner): add support for CBL-Mariner 2.0 (#1694)
8898bb09 docs(gitlab-ci): fix Script in GitLab CI Example #1688
33d08337 chore: Upgrade helm chart version (#1683)
13874d86 chore(mod): update Go dependencies (#1681)
f26a06b9 docs: fix typos in markdown docs (#1674)
e2821a4f docs: update documentation for image scanning of tar files to use a tag present on Docker Hub (#1671)
ef8a1afc fix(repo): --no-progress suppresses git output (#1669)

Docker images

• docker pull aquasec/trivy:0.24.0
• docker pull ghcr.io/aquasecurity/trivy:0.24.0
• docker pull public.ecr.aws/aquasecurity/trivy:0.24.0

Changelog

449add24 docs: add ACR navigator (#1651)
cb9afc84 fix: update example Rego files and docs (#1628)
78b2b899 feat(option): show a link to GitHub Discussions for --light deprecation (#1650)
52fd3c2e fix(sarif): fix the warning message (#1647)
8d5882be refactor: migrate to prefixed buckets (#1644)
84dd33f7 feat(mariner): add support for CBL-Mariner (#1640)
9e903a1d docs: commercial use available (#1641)
f4c746a2 feat: support azure acr (#1611)
420f8ab1 feat(os-pkg): add data sources (#1636)
d2827cba feat(redhat): support build info in RHEL (#807)
ce703ce4 fix: change links in pull_request_template to static URLs (#1634)
50bb938a feat(lang-pkg): add data sources (#1625)
a31ddbe9 feat(detector): support custom detector (#1615)
3a4e18ac docs(contribution): change role who should resolve comments (#1618)
8ba68361 docs: add PR template (#1602)
f5c55739 feat(rocky): support Rocky Linux (#1570)
eab2b425 Add the ability to set dockerhub credentials in the helm chart (#1569)
cabd18da feat(cache): redis TLS support (#1297)
02c3c365 feat(java): add support for PAR files (#1599)
4f7b7683 refactor(rust): move rust-advisory-db to OSV (#1591)
d754cb8c feat: log ignored vulnerabilities on debug (#1378)
a936e675 chore(mod): hcl2json deps update (#1585)
af116d3c fix(rpm): do not ignore installed files via third-party rpm (#1594)
b5073600 feat(fs): allow scanning a single file (#1578)
7fcbf44b refactor(python): drop Safety DB (#1580)
478d2799 feat: added insecure tls skip to scan git repo (#1528)
33bd41b4 Supress git clone output (#1590)
39a10089 fix(alma): skip modular package because MODULARITYLABEL is not set (#1588)
37abd612 feat(photon os): added EOL dates check (#1587)
78de33e8 docs: update supported os (#1586)
22054626 BREAKING: remove root command (#1579)
28ddcf1a docs: add Rust to Language-specific Packages Table (#1577)
df134c73 docs: update int doc for gitlab ci (#1575)
8da20c8c BREAKING: migrate the sarif template to Go code (#1437)
714b5ca2 refactor: remove unused field (#1567)
51e152b0 chore(deps): bump helm/chart-testing-action from 2.1.0 to 2.2.0 (#1554)
884daff4 docs: gitlab integration (#1381)
2a8336b9 feat(alma): support AlmaLinux (#1238)
1e171af1 docs: added note about default template path when Trivy installed using rpm (#1551)
e65274e0 BREAKING: Trivy DB from GHCR (#1539)
db35450b feat(cli): Do not set default commands when a plugin is being run (#1549)
24254d19 fix: add fingerprint field to codequality template (#1541)
2ee07456 fix(image): correct handling of uncompressed layers (#1544)
0aef82c5 chore: helm chart app version 0.22.0 (#1535)
8b2a7997 test(integration): use fixtures (#1532)

Docker images

• docker pull aquasec/trivy:0.23.0
• docker pull ghcr.io/aquasecurity/trivy:0.23.0
• docker pull public.ecr.aws/aquasecurity/trivy:0.23.0

Changelog

42f795fa fix(java/pom): ignore unsupported requirements (#1514)
8f737cc6 feat(cli): warning for root command (#1516)
76249bdc BREAKING: disable JAR detection in fs/repo scanning (#1512)
59957d4c feat(scan): support --offline-scan option (#1511)
da8b72d2 fix: improve memory usage (#1509)
b713ad0f feat(java): support pom.xml (#1501)
56115e9d docs: fixing rust link to security advisory (#1504)
7f859afa Add missing IacMetdata (#1505)
628a7964 feat(jar): add file path (#1498)
82fba771 feat(rpm): support NDB (#1497)
d5269da5 feat: added misconfiguration field for html.tpl (#1444)

Docker images

• docker pull aquasec/trivy:0.22.0
• docker pull ghcr.io/aquasecurity/trivy:0.22.0
• docker pull public.ecr.aws/aquasecurity/trivy:0.22.0

Changelog

8e57dee8 fix(docs): typo (#1488)
8bfbc84a feat(plugin): Add option to update plugin (#1462)
1e811de2 fix: fixed skipFiles/skipDirs flags for relative path (#1482)
8b5796f7 feat (plugin): add list and info command for plugin (#1452)
a2199bb4 fix: set up a vulnerability severity (#1458)
279e76f7 chore: add arm64 deb package (#1480)
52625908 Link to trivy tutorial on Semaphore (#1449)
c275a841 refactor(helm): externalize env vars to configMap (#1345)

Docker images

• docker pull aquasec/trivy:0.21.3
• docker pull ghcr.io/aquasecurity/trivy:0.21.3
• docker pull public.ecr.aws/aquasecurity/trivy:0.21.3

Changelog

7beed301 docs: provide more information on scanning Google's GCR (#1426)
f50e1f42 docs(misconfiguration): added instruction for misconfiguration detection (#1428)
3ae4de58 Update git-repository.md (#1430)
6e35b8f5 fix(hooks): exclude unrelated lib types from system files filtering (#1431)
beb60b05 chore: run go fmt (#1429)
582e7fd1 fix(sarif): change help field in the sarif template. (#1423)
11bc2901 Update fanal with cfsec version update (#1425)
392f6892 Replace deprecated option in goreleaser (#1406)
101d5760 feat(alpine): support 3.15 (#1422)
bd3ba68c chore: test the helm chart in the PR and used the commit hash (#1414)
3860d6e4 chore(deps): bump alpine from 3.14 to 3.15.0 (#1417)
4f82673a chore(release): add ubuntu older versions to deploy script (#1416)

Docker images

• docker pull aquasec/trivy:0.21.2
• docker pull ghcr.io/aquasecurity/trivy:0.21.2
• docker pull public.ecr.aws/aquasecurity/trivy:0.21.2

Changelog

b9a51de8 chore(mod): tidy (#1415)
7f248341 fix(rpc): fix nil layer transmit (#1410)
af3eaefd Lang advisory order (#1409)
07c9200e chore: add support for s390x arch (#1304)
8bc8a4ad fix(chart): ingress helm manifest-update trivy image (#1323)
9076a49b docs: Add comparison for cfsec (#1388)
bb316d93 remove: delete unused functions in utils package (#1379)

Docker images

• docker pull aquasec/trivy:0.21.1
• docker pull ghcr.io/aquasecurity/trivy:0.21.1
• docker pull public.ecr.aws/aquasecurity/trivy:0.21.1

Changelog

efdb29d fix(sarif): fix validation errors (#1376)
9bcf9e7 docs: add Bitbucket Pipelines (#1374)
3147097 docs: add community integrations (#1361)
33f74b3 Use a stable SARIF identifier (#1230)
5915ffb fix(python): fix parsing of requirements.txt with hash checking mode available in pip since version 8.0
ae4c42b feat(iac): Add line information (#1366)
19747d0 feat(cloudformation): Adding support for cfsec IaC scanning (#1360)
da45061 chore: send debug and info logs to stdout in install.sh, not stderr. (#1264)
cb1a4ed Update containerd to v1.5.7 and docker-cli to v20.10.9 (#1356)
69dae54 chore: update SBOM generation (#1349)

Docker images

• docker pull aquasec/trivy:0.21.0
• docker pull ghcr.io/aquasecurity/trivy:0.21.0
• docker pull public.ecr.aws/aquasecurity/trivy:0.21.0

Changelog

5dc8cfe docs: update builtin.md (#1335)
798b564 chore: fix issues with Homebrew formula (#1329)
21bf5e5 chore: bump GoReleaser to v0.183.0 (#1328)
e0f4ebd docs: update iac.md for a typo (#1326)
23a9a5e docs: typo fix (#1308)
1f5d17f Add new networking API features to Ingress (#1262)

Docker images

• docker pull aquasec/trivy:0.20.2
• docker pull ghcr.io/aquasecurity/trivy:0.20.2
• docker pull public.ecr.aws/aquasecurity/trivy:0.20.2

Changelog

bcfa028 chore(release): bump up GoReleaser to v0.182.1 (#1299)
681ab1b fix(yarn): support quoted version (#1298)
46051d5 feat(custom-forward): Forward the extended advisory data (#1247)
d8d692b feat(javascript) : Initialize npm driver for javascript packages (#1289)
cc344df fix(cli): fix incorrect comparision of DB metadata type. (#1286)
0dec17f docs: add footer to readme (#1281)

Docker images

• docker pull aquasec/trivy:0.20.1
• docker pull ghcr.io/aquasecurity/trivy:0.20.1
• docker pull public.ecr.aws/aquasecurity/trivy:0.20.1

Changelog

f12446d feat(report): add package path (#1274)
1c9ccb5 feat(command): add rootfs command (#1271)
a463e79 fix: update fanal (#1272)
e0ca5ef feat(commands): remove deprecated options (#1270)
1ebb329 Aggregate jar result for table (#1269)
b37f682 BREAKING(report): migrate to new json schema (#1265)
da90510 feat: improve --skip-dirs and --skip-files (#1249)
bd57b4f fix(gobinary): skip large files (#1259)
9027dc3 Disable library analyzer for OS only scan type (#1191)
5750cc2 chore: update trivy version (#1252)
bbcce9f refactor: move from io/ioutil to io and os package (#1245)
6bcb4af fix: brew test command (#1253)
8d13234 fix:added layer info in packages (#1248)
982f35b fix(go/binary): improve debug messages (#1244)
2e170cd Update db.go (#1199)
cc6c67d fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243)
669fd1f feat(debian): support the versions that reached EOL (#1237)
8cd7de2 feat(alpine): support unfixed vulnerabilities (#1235)
3bf3a46 feat(report): add image config (#1231)
8edcc62 feat(nodejs): support package.json (#1225)
31c45ff refactor: use testing DB instead of mock (#1234)
d8cc8b5 feat(ruby): support gemspec (#1224)
dbc7a83 feat(python): add packaging detector and respective hook (#1223)
19c0b70 feat(license): Added support to new License field of go-dep-parser's library (#1167)
9d61777 fix(oracle): handle advisories contain ksplice versions (#1209)
5d57dea fix(docs): remove OSVDB advisories (#1215)
b595559 docs: fix typos in CONTRIBUTING.md (#1181)
b1410b2 Update EOL of Debian 11 (#1180)
0e777d3 fix(plugin): resolve a closure (#1207)
b6d9c30 docs: fix typo (#1206)
5160a2e fix(detector): change an argument for trivy-db getter (#1203)
40ed227 chore(mod): update fanal (#1179)
2a4400c Add license info to package data (#1176)
82eb630 feat(nuget): support packages.config (#1095)
4a8db20 feat(python): add support for requirements.txt (#1169)
8db9b6a GitLab CI integration documentation (#1168)
c159501 chore(gorelease) change goreleaser config to include template examples (#1138)
76e63d1 chore(deps): bump dmnemec/copy_file_to_another_repo_action (#1153)
79b6684 chore(deps): bump actions/stale from 3 to 4 (#1152)
214fe82 feat(report): add end of service life flag to OS metadata (#1142)
c489e31 chore: set up Dependabot for github-actions and docker (#1128)
efd812c docs: fix typo (#1149)
3a920dc docs: add some external links (#1147)
7cb1598 chore (release): add ubuntu esm versions to deploy script (#1151)
6a88002 docs(troubleshooting) add urls which are required to download vuls db (#1137)

Docker images

• docker pull aquasec/trivy:0.20.0
• docker pull ghcr.io/aquasecurity/trivy:0.20.0
• docker pull public.ecr.aws/aquasecurity/trivy:0.20.0
• docker pull aquasec/trivy:latest
• docker pull ghcr.io/aquasecurity/trivy:latest
• docker pull public.ecr.aws/aquasecurity/trivy:latest