v0.49.0
版本发布时间: 2024-02-01 17:37:05
aquasecurity/trivy最新发布版本:v0.50.4(2024-04-24 20:34:06)
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/6033
Changelog
- 729a0512a fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)
- 884745b5e chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029)
- 59e54334d fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)
- 5924c021d feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)
- 4df936389 docs: add note about Bun (#6001)
- 70dd572ef fix(report): use
AWS_REGION
env for secrets inasff
template (#6011) - 13f797f88 fix: check returned error before deferring f.Close() (#6007)
- adfde63d0 feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)
- e2eb70ecb feat(vuln): enable
--vex
for all targets (#5992) - f9da02131 docs: update link to data sources (#6000)
- b4b90cfe2 feat(java): add support for line numbers for pom.xml files (#5991)
- fb36c4ed0 refactor(sbom): use new
metadata.tools
struct for CycloneDX (#5981) - f6be42b71 docs: Update troubleshooting guide with image not found error (#5983)
- bb6caea5c style: update band logos (#5968)
- 189a46a01 chore(deps): Update misconfig deps (#5956)
- 91a2547d1 docs: update cosign tutorial and commands, update kyverno policy (#5929)
- a96f66f17 docs: update command to scan go binary (#5969)
- 2212d1443 fix: handle non-parsable images names (#5965)
- 7cad04bdf chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693)
- fbc1a83f3 fix(amazon): save system files for pkgs containing
amzn
in src (#5951) - 260aa281f fix(alpine): Add EOL support for alpine 3.19. (#5938)
- 2c9d7c6b5 feat: allow end-users to adjust K8S client QPS and burst (#5910)
- ffe2ca7cb chore(deps): bump go-ebs-file (#5934)
- f90d4ee43 fix(nodejs): find licenses for packages with slash (#5836)
- c75143f5e fix(sbom): use
group
field for pom.xml and nodejs files for CycloneDX reports (#5922) - a3fac90b4 fix: ignore no init containers (#5939)
- b1b4734f5 docs: Fix documentation of ecosystem (#5940)
- a2b654945 docs(misconf): multiple ignores in comment (#5926)
- ae134a9b3 fix(secret): find aws secrets ending with a comma or dot (#5921)
- c8c55fe21 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885)
- 4d2e785ff docs: ✨ Updated ecosystem docs with reference to new community app (#5918)
- 7895657c8 fix(java): don't remove excluded deps from upper pom's (#5838)
- 37e7e3eab fix(java): check if a version exists when determining GAV by file name for
jar
files (#5630) - d0c81e23c feat(vex): add PURL matching for CSAF VEX (#5890)
- 958e1f11f fix(secret):
AWS Secret Access Key
must include only secrets withaws
text. (#5901) - 56c4e248a revert(report): don't escape new line characters for sarif format (#5897)
- 92d9b3dbb docs: improve filter by rego (#5402)
- a626cdf33 chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)
- 47b6c2817 docs: add_scan2html_to_trivy_ecosystem (#5875)
- 0ebb6c468 fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)
- c47ed0d81 feat(vex): Add support for CSAF format (#5535)
- 2cdd65dd6 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880)
- cba67d1f0 chore(deps): bump actions/setup-go from 4 to 5 (#5845)
- d990e702a chore(deps): bump actions/stale from 8 to 9 (#5846)
- c72dfbfbb chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853)
- 121898423 chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847)
- 682210ac6 chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854)
- e1a60cc88 chore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849)
- b508414ca chore(deps): bump actions/setup-python from 4 to 5 (#5848)
- df3e90af8 feat(python): parse licenses from dist-info folder (#4724)
- fa2e88360 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852)
- 30eff9c83 feat(nodejs): add yarn alias support (#5818)
- 013df4c6b chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850)
- b1489f348 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856)
- 7f2e4223f chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)
- da597c479 refactor: propagate time through context values (#5858)
- 1607eee77 refactor: move PkgRef under PkgIdentifier (#5831)
- b3d516eaf fix(cyclonedx): fix unmarshal for licenses (#5828)
- c17b6603d chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)
- 1f0d6290c feat(vuln): include pkg identifier on detected vulnerabilities (#5439)
1、 bom.json 578.19KB
2、 trivy_0.49.0_checksums.txt 2.17KB
3、 trivy_0.49.0_checksums.txt.pem 3.14KB
4、 trivy_0.49.0_checksums.txt.sig 96B
5、 trivy_0.49.0_FreeBSD-32bit.tar.gz 46.58MB
6、 trivy_0.49.0_FreeBSD-32bit.tar.gz.pem 3.15KB
7、 trivy_0.49.0_FreeBSD-32bit.tar.gz.sig 96B
8、 trivy_0.49.0_FreeBSD-64bit.tar.gz 52.32MB
9、 trivy_0.49.0_FreeBSD-64bit.tar.gz.pem 3.15KB
10、 trivy_0.49.0_FreeBSD-64bit.tar.gz.sig 96B
11、 trivy_0.49.0_Linux-32bit.deb 46.68MB
12、 trivy_0.49.0_Linux-32bit.deb.pem 3.15KB
13、 trivy_0.49.0_Linux-32bit.deb.sig 96B
14、 trivy_0.49.0_Linux-32bit.rpm 48.98MB
15、 trivy_0.49.0_Linux-32bit.rpm.pem 3.15KB
16、 trivy_0.49.0_Linux-32bit.rpm.sig 96B
17、 trivy_0.49.0_Linux-32bit.tar.gz 46.49MB
18、 trivy_0.49.0_Linux-32bit.tar.gz.pem 3.15KB
19、 trivy_0.49.0_Linux-32bit.tar.gz.sig 96B
20、 trivy_0.49.0_Linux-64bit.deb 52.57MB
21、 trivy_0.49.0_Linux-64bit.deb.pem 3.15KB
22、 trivy_0.49.0_Linux-64bit.deb.sig 96B
23、 trivy_0.49.0_Linux-64bit.rpm 55.29MB
24、 trivy_0.49.0_Linux-64bit.rpm.pem 3.14KB
25、 trivy_0.49.0_Linux-64bit.rpm.sig 96B
26、 trivy_0.49.0_Linux-64bit.tar.gz 52.35MB
27、 trivy_0.49.0_Linux-64bit.tar.gz.pem 3.15KB
28、 trivy_0.49.0_Linux-64bit.tar.gz.sig 96B
29、 trivy_0.49.0_Linux-ARM.deb 48.01MB
30、 trivy_0.49.0_Linux-ARM.deb.pem 3.15KB
31、 trivy_0.49.0_Linux-ARM.deb.sig 96B
32、 trivy_0.49.0_Linux-ARM.rpm 49.88MB
33、 trivy_0.49.0_Linux-ARM.rpm.pem 3.15KB
34、 trivy_0.49.0_Linux-ARM.rpm.sig 96B
35、 trivy_0.49.0_Linux-ARM.tar.gz 47.79MB
36、 trivy_0.49.0_Linux-ARM.tar.gz.pem 3.15KB
37、 trivy_0.49.0_Linux-ARM.tar.gz.sig 96B
38、 trivy_0.49.0_Linux-ARM64.deb 47.8MB
39、 trivy_0.49.0_Linux-ARM64.deb.pem 3.15KB
40、 trivy_0.49.0_Linux-ARM64.deb.sig 96B
41、 trivy_0.49.0_Linux-ARM64.rpm 49.67MB
42、 trivy_0.49.0_Linux-ARM64.rpm.pem 3.15KB
43、 trivy_0.49.0_Linux-ARM64.rpm.sig 96B
44、 trivy_0.49.0_Linux-ARM64.tar.gz 47.61MB
45、 trivy_0.49.0_Linux-ARM64.tar.gz.pem 3.14KB
46、 trivy_0.49.0_Linux-ARM64.tar.gz.sig 96B
47、 trivy_0.49.0_Linux-PPC64LE.deb 45.09MB
48、 trivy_0.49.0_Linux-PPC64LE.deb.pem 3.15KB
49、 trivy_0.49.0_Linux-PPC64LE.deb.sig 96B
50、 trivy_0.49.0_Linux-PPC64LE.rpm 46.92MB
51、 trivy_0.49.0_Linux-PPC64LE.rpm.pem 3.15KB
52、 trivy_0.49.0_Linux-PPC64LE.rpm.sig 96B
53、 trivy_0.49.0_Linux-PPC64LE.tar.gz 44.88MB
54、 trivy_0.49.0_Linux-PPC64LE.tar.gz.pem 3.15KB
55、 trivy_0.49.0_Linux-PPC64LE.tar.gz.sig 96B
56、 trivy_0.49.0_Linux-s390x.deb 50.88MB
57、 trivy_0.49.0_Linux-s390x.deb.pem 3.15KB
58、 trivy_0.49.0_Linux-s390x.deb.sig 96B
59、 trivy_0.49.0_Linux-s390x.rpm 53.72MB
60、 trivy_0.49.0_Linux-s390x.rpm.pem 3.14KB
61、 trivy_0.49.0_Linux-s390x.rpm.sig 96B
62、 trivy_0.49.0_Linux-s390x.tar.gz 50.56MB
63、 trivy_0.49.0_Linux-s390x.tar.gz.pem 3.15KB
64、 trivy_0.49.0_Linux-s390x.tar.gz.sig 96B
65、 trivy_0.49.0_macOS-64bit.tar.gz 54.59MB
66、 trivy_0.49.0_macOS-64bit.tar.gz.pem 3.15KB
67、 trivy_0.49.0_macOS-64bit.tar.gz.sig 96B
68、 trivy_0.49.0_macOS-ARM64.tar.gz 52.65MB
69、 trivy_0.49.0_macOS-ARM64.tar.gz.pem 3.15KB
70、 trivy_0.49.0_macOS-ARM64.tar.gz.sig 96B
71、 trivy_0.49.0_windows-64bit.zip 53.61MB
72、 trivy_0.49.0_windows-64bit.zip.pem 3.14KB