Features
NuGet Scanner (#686)
Trivy now supports a lock file packages.lock.json
of NuGet.
packages.lock.json
==================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+-------------+------------------+----------+-------------------+----------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-------------+------------------+----------+-------------------+----------------+--------------------------------------+
| MessagePack | CVE-2020-5234 | MEDIUM | 1.9.10 | 2.1.90, 1.9.11 | Untrusted data can lead to DoS |
| | | | | | attack due to hash collisions and... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-5234 |
+-------------+------------------+----------+-------------------+----------------+--------------------------------------+
Thanks to @Johannestegner
Redis support as the cache backend (#770)
For the detail, see here
$ docker run -d --name redis -p 6379:6379 redis:5.0
$ trivy server --cache-backend redis://localhost:6379
$ trivy client alpine:3.11
HTML template (#567)
$ trivy image -f template --template "@contrib/html.tpl" -o report.html alpine:3.12
Thanks to @irrandon
Helm chart (#751, #769)
For the detail, see here
$ cd helm/trivy
$ helm install my-release .
Thanks to @czunker
Fixes
redhat: skip modular packages (#776)
Thanks to @masahiro331
Make the table output less wide. (#763)
alpine:3.10 (alpine 3.10.5)
===========================
Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 0, CRITICAL: 0)
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libcrypto1.1 | CVE-2020-1971 | MEDIUM | 1.1.1g-r0 | 1.1.1i-r0 | openssl: EDIPARTYNAME |
| | | | | | NULL pointer de-reference |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |
+--------------+ + + + + +
| libssl1.1 | | | | | |
| | | | | | |
| | | | | | |
+--------------+------------------+ +-------------------+---------------+---------------------------------------+
| musl | CVE-2020-28928 | | 1.1.22-r3 | 1.1.22-r4 | In musl libc through 1.2.1, |
| | | | | | wcsnrtombs mishandles particular |
| | | | | | combinations of destination buffer... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-28928 |
+--------------+ + + + + +
| musl-utils | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
Changelog
08ca1b0 Feat: NuGet Scanner (#686)
7b86f81 feat(cache): support Redis (#770)
8cd4afe fix(redhat): skip module packages (#776)
b606b62 chore: migrate from master to main (#778)
5c2b14b chore(circleci): remove gofmt (#777)
a19a023 chore(README): remove experimental (#775)
e6cef75 NVD: Add timestamps. (#761)
1371f72 (fix): Make the table output less wide. (#763)
8ecaa2f Add gitHubToken to prevent rate limit problems (#769)
8132174 Add helm chart to install trivy in server mode. (#751)
bcc2850 chore(docs): add nix install (#762)
cb36972 HTML template (#567)
Docker images
docker pull docker.io/aquasec/trivy:0.15.0
docker pull docker.io/aquasec/trivy:latest
docker pull ghcr.io/aquasecurity/trivy:0.15.0
docker pull ghcr.io/aquasecurity/trivy:latest