Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
APACHE-2.0 License
Bot releases are visible (Hide)
generic
dir to deb deploy script (#6636)Published by aqua-bot 5 months ago
.version
|.ver
(no prefixes) ldflags for gobinaries
(#6705)gobinaries
(#6710)pip
deps for environment.yml
files (#6675)Published by aqua-bot 6 months ago
Published by aqua-bot 6 months ago
👉 https://github.com/aquasecurity/trivy/discussions/6622
generic
link from trivy-repo
(#6606)--skip-images
scanning flag (#6334)disable-node-collector
flag (#6311)environment.yaml
files (#6569)kinds/namespaces
and include kinds/namespaces
(#6323)Go
cache for reusable-release.yaml
(#6572)--show-suppressed
is available in table (#6571)pom.xml
file snapshot artifacts from remote repositories (#6412)DedicatedMasterEnabled
parsing issue (#6439)Published by aqua-bot 6 months ago
v0.50.3 hads a critical problem, and we deleted it and released v0.50.4.
Published by aqua-bot 6 months ago
pom.xml
file snapshot artifacts from remote repositories (#6412)Published by aqua-bot 7 months ago
Indirect
, Dev
, ExternalReferences
fields for same deps from package-lock.json
files v2 or later (#6356)fs
/repo
modes (#6381)workspaces
from package.json
as an object (#6231)0600
perms for tmp files for post analyzers (#6386)pom.xml
files once (#6312)Packages
in client/server mode (#6366)CreationInfo
to nil when detecting SPDX created using Trivy (#6346).vulnerabilities[].identifiers[].url
when gitlab.tpl
is used (#6348)Published by aqua-bot 7 months ago
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/6340
trivy-db
and trivy-java-db
registries by default (#6219)package.json
(#6268)maven-invoker-plugin
integration tests pom.xml files as Dev
(#6213)Test
job (#6221)source_location
in github
report when scanning an image (#5999)pom.properties
files from jars
(#6164)path
to filter licenses using .trivyignore.yaml
file (#6145)gradle
files (#6083)user
from Config.User
(#6070)Published by aqua-bot 9 months ago
BomRef
when matching PkgIdentifier
(#6025)root-reserve-mb
size for maximize-build-space
(#6064)pnpm-lock.yaml
files (#6034)TestDockerEngine
(#6054)Published by aqua-bot 9 months ago
👉 https://github.com/aquasecurity/trivy/discussions/6033
AWS_REGION
env for secrets in asff
template (#6011)--vex
for all targets (#5992)metadata.tools
struct for CycloneDX (#5981)amzn
in src (#5951)group
field for pom.xml and nodejs files for CycloneDX reports (#5922)jar
files (#5630)AWS Secret Access Key
must include only secrets with aws
text. (#5901)Published by aqua-bot 10 months ago
Published by aqua-bot 10 months ago
Published by aqua-bot 10 months ago
pub
from package-url
(#5784)pip freeze
for compatible releases
(#5760)github
template (#5783)Published by aqua-bot 11 months ago
👉 https://github.com/aquasecurity/trivy/discussions/5724
--misconfig-scanners
option (#5670)sec
and space to secret prefix for aws-secret-access-key
(#5647)alibaba-access-key-id
(#5618)--debug
option (#5550)--cf-params
for CFT (#5507)--scanners config
(#5587)scanners
for k8s
target (#5561)FilesAnalyzed
and PackageVerificationCode
fields for SPDX (#5533)Published by aqua-bot 12 months ago
👉 https://github.com/aquasecurity/trivy/discussions/5520
BlobInfo
message (#5382)relativePath
field points to pom.xml
being scanned (#5470)PyYAML
for gh pages (#5462)--tf-exclude-downloaded-modules
description (#5419)--ignore-policy
in config scans (#5359)Use container image
section (#5425)primaryURL
and source severity
for CycloneDX (#5399)InstalledFiles
field to Package (#4706)Published by aqua-bot about 1 year ago
Published by aqua-bot about 1 year ago
requirements.txt
files (#5375)Metadata
into the k8s resource's scan report (#5322)actions/stale
(#5337)github
format (#5265)Published by aqua-bot about 1 year ago
Published by aqua-bot about 1 year ago
👉 https://github.com/aquasecurity/trivy/discussions/5082
null
value (#5041)1.20
(#5067)Published by aqua-bot about 1 year ago
name
field in Cyclonedx format (#4941)