aquasecurity/trivy v0.31.0

on GitHub

Changelog

• 917f388 fix(flag): add error when there are no supported security checks (#2713)
• aef02aa fix(vuln): continue scanning when no vuln found in the first application (#2712)
• ed1fa89 revert: add new classes for vulnerabilities (#2701)
• a5d4f7f feat(secret): detect secrets removed or overwritten in upper layer (#2611)
• ddffb1b fix(cli): secret scanning perf link fix (#2607)
• bc85441 chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650)
• b259b25 feat: Add AWS Cloud scanning (#2493)
• f8edda8 docs: specify the type when verifying an attestation (#2697)
• 6879413 docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690)
• babfb17 fix(rpc): scanResponse rpc conversion for custom resources (#2692)
• 517d2e0 feat(rust): Add support for cargo-auditable (#2675)
• 0112385 feat: Support passing value overrides for configuration checks (#2679)
• 317a026 feat(sbom): add support for scanning a sbom attestation (#2652)
• 390c256 chore(image): skip symlinks and hardlinks from tar scan (#2634)
• 63c33bf fix(report): Update junit.tpl (#2677)
• de365c8 fix(cyclonedx): add nil check to metadata.component (#2673)
• 50db7da docs(secret): fix missing and broken links (#2674)
• e848e6d refactor(cyclonedx): implement json.Unmarshaler (#2662)
• df0b5e4 chore(deps): bump github.com/aquasecurity/table from 1.6.0 to 1.7.2 (#2643)
• 006b8a5 chore(deps): bump github.com/Azure/go-autorest/autorest (#2642)
• 8d10de8 feat(kubernetes): add option to specify kubeconfig file path (#2576)
• 169c55c docs: follow Debian's "instructions to connect to a third-party repository" (#2511)
• 9b21831 chore(deps): bump github.com/google/licenseclassifier/v2 (#2644)
• 94db37e chore(deps): bump github.com/samber/lo from 1.24.0 to 1.27.0 (#2645)
• d983805 chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#2647)
• d8a9572 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.8 to 3.1.0 (#2646)
• 3ab3050 chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#2641)
• 75984f3 chore(deps): bump actions/cache from 3.0.4 to 3.0.5 (#2640)
• 525c253 chore(deps): bump alpine from 3.16.0 to 3.16.1 (#2639)
• 5e327e4 chore(deps): bump golang from 1.18.3 to 1.18.4 (#2638)
• 469d771 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.48 to 1.44.66 (#2648)
• 6bc8c87 chore(deps): bump github.com/open-policy-agent/opa from 0.42.0 to 0.43.0 (#2649)
• 6ab832d chore(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (#2651)
• 3a10497 feat(alma): set AlmaLinux 9 EOL (#2653)
• 55825d7 fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative dirs (#2636)
• 6bb0e4b test(misconf): add tests for misconf handler for dockerfiles (#2621)
• 44d53be feat(oracle): set Oracle Linux 9 EOL (#2635)
• f396c67 BREAKING: add new classes for vulnerabilities (#2541)
• 3cd88ab fix(secret): add newline escaping for asymmetric private key (#2532)
• ea91fb9 docs: improve formatting (#2572)
• d0ca610 feat(helm): allows users to define an existing secret for tokens (#2587)
• d0ba59a docs(mariner): use tdnf in fs usage example (#2616)
• d7742b6 docs: remove unnecessary double quotation marks (#2609)
• 27027cf fix: Fix --file-patterns flag (#2625)
• c2a7ad5 feat(report): add support for Cosign vulnerability attestation (#2567)
• dfb86f4 docs(mariner): use v2.0 in examples (#2602)
• 946ce16 feat(report): add secrets template for codequality report (#2461)