v0.51.0

aquasecurity/trivy

版本发布时间: 2024-05-03 20:41:37

aquasecurity/trivy最新发布版本:v0.54.1(2024-08-01 00:45:52)

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6622

Changelog

14c1024b4 refactor: move setting scanners when using compliance reports to flag parsing (#6619)
998f75043 feat: introduce package UIDs for improved vulnerability mapping (#6583)
770b14113 perf(misconf): Improve cause performance (#6586)
3ccb1a0f1 docs: trivy-k8s new experiance remove un-used section (#6608)
58cfd1b07 chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible (#6612)
715963d75 docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)
37da98df4 feat(misconf): Use updated terminology for misconfiguration checks (#6476)
cdee7030a chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 (#6593)
6a2225b42 docs: use generic link from trivy-repo (#6606)
a2a02de7c docs: update trivy k8s with new experience (#6465)
e739ab850 feat: support --skip-images scanning flag (#6334)
c6d5d856c BREAKING: add support for k8s disable-node-collector flag (#6311)
194a81468 chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 (#6601)
03830c50c chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 (#6599)
8e814fa23 chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#6597)
2dc76ba78 chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#6588)
c17176ba9 chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 (#6595)
bce70af36 chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 (#6596)
4369a19af feat: add ubuntu 23.10 and 24.04 support (#6573)
5566548b7 chore(deps): bump azure/setup-helm from 3.5 to 4 (#6590)
a8af76a47 chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#6587)
c8ed432f2 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.24.6 to 1.27.4 (#6598)
551a46efc docs(go): add stdlib (#6580)
261649b11 chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.16 (#6592)
acfddd457 chore(deps): bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 (#6600)
419e3d202 feat(go): parse main mod version from build info settings (#6564)
f0961d54f feat: respect custom exit code from plugin (#6584)
a5d485cf8 docs: add asdf and mise installation method (#6063)
29b8faf5f feat(vuln): Handle scanning conan v2.x lockfiles (#6357)
e3bef0201 feat: add support environment.yaml files (#6569)
916f6c66f fix: close plugin.yaml (#6577)
8e6cd0e91 fix: trivy k8s avoid deleting non-default node collector namespace (#6559)
060d0bb64 BREAKING: support exclude kinds/namespaces and include kinds/namespaces (#6323)
2d090ef2d feat(go): add main module (#6574)
6343e4fc7 feat: add relationships (#6563)
a018ee1f9 ci: disable Go cache for reusable-release.yaml (#6572)
5da053f30 docs: mention --show-suppressed is available in table (#6571)
3d66cb8d8 chore: fix sqlite to support loong64 (#6511)
9aca98cca fix(debian): sort dpkg info before parsing due to exclude directories (#6551)
7811ad0d2 docs: update info about config file (#6547)
fae710db8 docs: remove RELEASE_VERSION from trivy.repo (#6546)
d2d4022ef fix(sbom): change error to warning for multiple OSes (#6541)
164b02541 fix(vuln): skip empty versions (#6542)
5dd9bd470 feat(c): add license support for conan lock files (#6329)
7c2017fa7 fix(terraform): Attribute and fileset fixes (#6544)
63c9469bd refactor: change warning if no vulnerability details are found (#6230)
aa822c260 refactor(misconf): improve error handling in the Rego scanner (#6527)
30cc88fa8 ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
e32215c99 feat(go): parse main module of go binary files (#6530)
d4da83c63 chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
0d7d97d13 refactor(misconf): simplify the retrieval of module annotations (#6528)
9873cf3b9 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
95c8fd912 docs(nodejs): add info about supported versions of pnpm lock files (#6510)
12ec0dfe9 feat(misconf): loading embedded checks as a fallback (#6502)
9b7d7132b fix(misconf): Parse JSON k8s manifests properly (#6490)
13e72eca5 refactor: remove parallel walk (#5180)
a9861994e fix: close pom.xml (#6507)
46d5abad4 fix(secret): convert severity for custom rules (#6500)
34ab09d55 fix(java): update logic to detect pom.xml file snapshot artifacts from remote repositories (#6412)
1ba5b5952 fix: typo (#6283)
4fab0f8b9 docs(k8s,image): fix command-line syntax issues (#6403)
d7709816c chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#6435)
433706820 fix(misconf): avoid panic if the scheme is not valid (#6496)
d82d6cb73 feat(image): goversion as stdlib (#6277)
cfddfb33c fix: add color for error inside of log message (#6493)
dfcb0f90d chore(deps): bump actions/add-to-project from 0.4.1 to 1.0.0 (#6438)
183eaafb4 docs: fix links to OPA docs (#6480)
94d6e8ced refactor: replace zap with slog (#6466)
336c47ecc docs: update links to IaC schemas (#6477)
06b44738e chore: bump Go to 1.22 (#6075)
a51ceddad refactor(terraform): sync funcs with Terraform (#6415)
53517d622 feat(misconf): add helm-api-version and helm-kube-version flag (#6332)
ad544e97c chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.4.0 to 1.5.1 (#6426)
089368d96 chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 (#6452)
116356500 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 (#6430)
637da2b17 chore(deps): bump aquaproj/aqua-installer from 2.2.0 to 3.0.0 (#6437)
13190e92d fix(terraform): eval submodules (#6411)
6bca7c3c7 refactor(terraform): remove unused options (#6446)
8e4279b86 refactor(terraform): remove unused file (#6445)
e98c873ed chore(deps): bump github.com/testcontainers/testcontainers-go to v0.28.0 (#6387)
b1c2eab5a chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.0 to 1.10.0 (#6427)
1c49a16c6 fix(misconf): Escape template value correctly (#6292)
8dd0fcd61 feat(misconf): add support for wildcard ignores (#6414)
74e4c6e01 fix(cloudformation): resolve DedicatedMasterEnabled parsing issue (#6439)
245c12053 refactor(terraform): remove metrics collection (#6444)
86714bf6b feat(cloudformation): add support for logging and endpoint access for EKS (#6440)
a75839212 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.53.1 (#6424)
4d00d8b52 chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.10 (#6428)
3ad2b3e25 chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#6429)
8baccd790 fix(db): check schema version for image name only (#6410)
e75a90f2e chore(deps): bump github.com/google/wire from 0.5.0 to 0.6.0 (#6425)
6625bd32e chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.149.1 to 1.155.1 (#6433)
826fe6073 chore(deps): bump actions/cache from 4.0.0 to 4.0.2 (#6436)
f23ed7759 feat(misconf): Support private registries for misconf check bundle (#6327)
df024e88d feat(cloudformation): inline ignore support for YAML templates (#6358)
29dee3281 feat(terraform): ignore resources by nested attributes (#6302)
1a67472d2 perf(helm): load in-memory files (#6383)
09e37b7c6 feat(aws): apply filter options to result (#6367)
87a9aa60d feat(aws): quiet flag support (#6331)
712dcd300 fix(misconf): clear location URI for SARIF (#6405)
625f22b81 test(cloudformation): add CF tests (#6315)
6a2f6fde4 fix(cloudformation): infer type after resolving a function (#6406)