v0.50.0
版本发布时间: 2024-03-19 11:05:48
aquasecurity/trivy最新发布版本:v0.50.4(2024-04-24 20:34:06)
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/6340
Changelog
- 8ec3938e0 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321)
- f6c5d5800 feat(java): add support licenses and graph for gradle lock files (#6140)
- c4022d61b feat(vex): consider root component for relationships (#6313)
- 317792433 fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298)
- dd9620ef3 chore: updates wazero to v1.7.0 (#6301)
- eb3ceb323 feat(sbom): Support license detection for SBOM scan (#6072)
- ab74caa87 refactor(sbom): use intermediate representation for SPDX (#6310)
- 71da44f7e docs(terraform): improve documentation for filtering by inline comments (#6284)
- 102b6df73 fix(terraform): fix policy document retrieval (#6276)
- aa19aaf4e refactor(terraform): remove unused custom error (#6303)
- 8fcef352b refactor(sbom): add intermediate representation for BOM (#6240)
- fb8c516de fix(amazon): check only major version of AL to find advisories (#6295)
- 96bd7ac59 fix(db): use schema version as tag only for
trivy-db
andtrivy-java-db
registries by default (#6219) - 12c5bf080 fix(nodejs): add name validation for package name from
package.json
(#6268) - d6c40ce05 docs: Added install instructions for FreeBSD (#6293)
- 9d2057a7c feat(image): customer podman host or socket option (#6256)
- 2a9d9bd21 chore(deps): bump wazero from 1.2.1 to 1.6.0 (#6290)
- 617c3e31b feat(java): mark dependencies from
maven-invoker-plugin
integration tests pom.xml files asDev
(#6213) - 56cedc0d6 fix(license): reorder logic of how python package licenses are acquired (#6220)
- d7d7265eb test(terraform): skip cached modules (#6281)
- 663991166 feat(secret): Support for detecting Hugging Face Access Tokens (#6236)
- 337cb7535 fix(cloudformation): support of all SSE algorithms for s3 (#6270)
- 9361cdb7e feat(terraform): Terraform Plan snapshot scanning support (#6176)
- ee01e6e2f chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#6249)
- 3d2f583ec fix: typo function name and comment optimization (#6200)
- c4b5ab788 fix(java): don't ignore runtime scope for pom.xml files (#6223)
- 355c1b583 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#6242)
- 7244ece53 chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#6243)
- 5cd056684 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#6251)
- ebb74a5de chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#6253)
- 24a8d6aaa chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#6250)
- 9d0d7ad88 chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#6247)
- e8230e19d chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#6246)
- 04535b554 fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215)
- 939e34e37 chore(deps): Upgrade iac deps (#6255)
- 7cb6c02a4 feat: add info log message about dev deps suppression (#6211)
- c1d26ec33 test(k8s): use test-db for k8s integration tests (#6222)
- 4f70468bd ci: add maximize-build-space for
Test
job (#6221) - 1dfece89d fix(terraform): fix root module search (#6160)
- e1ea02c7b test(parser): squash test data for yarn (#6203)
- 64926d842 fix(terraform): do not re-expand dynamic blocks (#6151)
- eb54bb5da docs: update ecosystem page reporting with db app (#6201)
- dc76c6e4f fix: k8s summary separate infra and user finding results (#6120)
- 1b7e47424 fix: add context to target finding on k8s table view (#6099)
- 876ab84b3 fix: Printf format err (#6198)
- eef7c4fb4 refactor: better integration of the parser into Trivy (#6183)
- 069aae59e chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#6189)
- 4a9ac6d19 feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108)
- 9c5e5a04e fix(vex): CSAF filtering should consider relationships (#5923)
- 388f47669 refactor(report): Replacing
source_location
ingithub
report when scanning an image (#5999) - cd3e4bcac feat(vuln): ignore vulnerabilities by PURL (#6178)
- ce81c0585 feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171)
- cf0f0d00c feat(k8s): rancher rke2 version support (#5988)
- 8a3a113ee docs: update kbom distribution for scanning (#6019)
- 19495ba7c chore: update CODEOWNERS (#6173)
- e787e1af0 fix(swift): try to use branch to resolve version (#6168)
- 327cf8839 fix(terraform): ensure consistent path handling across OS (#6161)
- 82214736a fix(java): add only valid libs from
pom.properties
files fromjars
(#6164) - 7694df11f fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163)
- 74dc5b680 chore(deps): merge go-dep-parser into Trivy (#6094)
- 32a02a95d docs(report): add remark about
path
to filter licenses using.trivyignore.yaml
file (#6145) - fb79ea7c9 docs: update template path for gitlab-ci tutorial (#6144)
- c6844a73f feat(report): support for filtering licenses and secrets via rego policy files (#6004)
- a813506f4 fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113)
- 14adbb446 refactor(deps): Merge defsec into trivy (#6109)
- efe0e0f8f chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#6142)
- 73dde3263 docs: add SecObserve in CI/CD and reporting (#6139)
- aadbad1d7 fix(alpine): exclude empty licenses for apk packages (#6130)
- 14a0981ef docs: add docs tutorial on custom policies with rego (#6104)
- 3ac63887d fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102)
- 3c1601b6c feat(vuln): show suppressed vulnerabilities in table (#6084)
- c107e1af2 docs: rename governance to principles (#6107)
- b26f21717 docs: add governance (#6090)
- 7bd3b630b refactor(deps): Merge trivy-iac into Trivy (#6005)
- 535b5a96d feat(java): add dependency location support for
gradle
files (#6083) - 428420ee8 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#6038)
- 7fec991c5 fix(misconf): get
user
fromConfig.User
(#6070)
1、 bom.json 598.84KB
2、 trivy_0.50.0_checksums.txt 2.17KB
3、 trivy_0.50.0_checksums.txt.pem 3.15KB
4、 trivy_0.50.0_checksums.txt.sig 96B
5、 trivy_0.50.0_FreeBSD-32bit.tar.gz 46.18MB
6、 trivy_0.50.0_FreeBSD-32bit.tar.gz.pem 3.15KB
7、 trivy_0.50.0_FreeBSD-32bit.tar.gz.sig 96B
8、 trivy_0.50.0_FreeBSD-64bit.tar.gz 52.14MB
9、 trivy_0.50.0_FreeBSD-64bit.tar.gz.pem 3.15KB
10、 trivy_0.50.0_FreeBSD-64bit.tar.gz.sig 96B
11、 trivy_0.50.0_Linux-32bit.deb 46.33MB
12、 trivy_0.50.0_Linux-32bit.deb.pem 3.15KB
13、 trivy_0.50.0_Linux-32bit.deb.sig 96B
14、 trivy_0.50.0_Linux-32bit.rpm 48.6MB
15、 trivy_0.50.0_Linux-32bit.rpm.pem 3.15KB
16、 trivy_0.50.0_Linux-32bit.rpm.sig 96B
17、 trivy_0.50.0_Linux-32bit.tar.gz 46.13MB
18、 trivy_0.50.0_Linux-32bit.tar.gz.pem 3.15KB
19、 trivy_0.50.0_Linux-32bit.tar.gz.sig 96B
20、 trivy_0.50.0_Linux-64bit.deb 52.39MB
21、 trivy_0.50.0_Linux-64bit.deb.pem 3.15KB
22、 trivy_0.50.0_Linux-64bit.deb.sig 96B
23、 trivy_0.50.0_Linux-64bit.rpm 55.13MB
24、 trivy_0.50.0_Linux-64bit.rpm.pem 3.15KB
25、 trivy_0.50.0_Linux-64bit.rpm.sig 96B
26、 trivy_0.50.0_Linux-64bit.tar.gz 52.17MB
27、 trivy_0.50.0_Linux-64bit.tar.gz.pem 3.14KB
28、 trivy_0.50.0_Linux-64bit.tar.gz.sig 96B
29、 trivy_0.50.0_Linux-ARM.deb 47.6MB
30、 trivy_0.50.0_Linux-ARM.deb.pem 3.15KB
31、 trivy_0.50.0_Linux-ARM.deb.sig 96B
32、 trivy_0.50.0_Linux-ARM.rpm 49.47MB
33、 trivy_0.50.0_Linux-ARM.rpm.pem 3.14KB
34、 trivy_0.50.0_Linux-ARM.rpm.sig 96B
35、 trivy_0.50.0_Linux-ARM.tar.gz 47.39MB
36、 trivy_0.50.0_Linux-ARM.tar.gz.pem 3.14KB
37、 trivy_0.50.0_Linux-ARM.tar.gz.sig 96B
38、 trivy_0.50.0_Linux-ARM64.deb 47.6MB
39、 trivy_0.50.0_Linux-ARM64.deb.pem 3.14KB
40、 trivy_0.50.0_Linux-ARM64.deb.sig 96B
41、 trivy_0.50.0_Linux-ARM64.rpm 49.44MB
42、 trivy_0.50.0_Linux-ARM64.rpm.pem 3.15KB
43、 trivy_0.50.0_Linux-ARM64.rpm.sig 96B
44、 trivy_0.50.0_Linux-ARM64.tar.gz 47.41MB
45、 trivy_0.50.0_Linux-ARM64.tar.gz.pem 3.15KB
46、 trivy_0.50.0_Linux-ARM64.tar.gz.sig 96B
47、 trivy_0.50.0_Linux-PPC64LE.deb 44.7MB
48、 trivy_0.50.0_Linux-PPC64LE.deb.pem 3.15KB
49、 trivy_0.50.0_Linux-PPC64LE.deb.sig 96B
50、 trivy_0.50.0_Linux-PPC64LE.rpm 46.56MB
51、 trivy_0.50.0_Linux-PPC64LE.rpm.pem 3.14KB
52、 trivy_0.50.0_Linux-PPC64LE.rpm.sig 96B
53、 trivy_0.50.0_Linux-PPC64LE.tar.gz 44.5MB
54、 trivy_0.50.0_Linux-PPC64LE.tar.gz.pem 3.15KB
55、 trivy_0.50.0_Linux-PPC64LE.tar.gz.sig 96B
56、 trivy_0.50.0_Linux-s390x.deb 50.48MB
57、 trivy_0.50.0_Linux-s390x.deb.pem 3.15KB
58、 trivy_0.50.0_Linux-s390x.deb.sig 96B
59、 trivy_0.50.0_Linux-s390x.rpm 53.28MB
60、 trivy_0.50.0_Linux-s390x.rpm.pem 3.15KB
61、 trivy_0.50.0_Linux-s390x.rpm.sig 96B
62、 trivy_0.50.0_Linux-s390x.tar.gz 50.15MB
63、 trivy_0.50.0_Linux-s390x.tar.gz.pem 3.14KB
64、 trivy_0.50.0_Linux-s390x.tar.gz.sig 96B
65、 trivy_0.50.0_macOS-64bit.tar.gz 54.39MB
66、 trivy_0.50.0_macOS-64bit.tar.gz.pem 3.15KB
67、 trivy_0.50.0_macOS-64bit.tar.gz.sig 96B
68、 trivy_0.50.0_macOS-ARM64.tar.gz 52.41MB
69、 trivy_0.50.0_macOS-ARM64.tar.gz.pem 3.15KB
70、 trivy_0.50.0_macOS-ARM64.tar.gz.sig 96B
71、 trivy_0.50.0_windows-64bit.zip 53.43MB
72、 trivy_0.50.0_windows-64bit.zip.pem 3.15KB