Changelog
- 4813cf5 docs: improve compliance docs (#3340)
- 025e509 feat(deps): add yarn lock dependency tree (#3348)
- 4d59a1e fix: compliance change id and title naming (#3349)
- eaa5bcf feat: add support for mix.lock files for elixir language (#3328)
- a888440 feat: add k8s cis bench (#3315)
- 62b369e test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322)
- c110c4e revert: cache merged layers (#3334)
- bc759ef feat(cyclonedx): add recommendation (#3336)
- fe3831e feat(ubuntu): added support ubuntu ESM versions (#1893)
- b0cebec fix: change logic to build relative paths for skip-dirs and skip-files (#3331)
- a66d3fe chore(deps): bump github.com/hashicorp/golang-lru from 0.5.4 to 2.0.1 (#3265)
- 5190f95 feat: Adding support for Windows testing (#3037)
- b00f3c6 feat: add support for Alpine 3.17 (#3319)
- a70f885 docs: change PodFile.lock to Podfile.lock (#3318)
- 1ec1fe6 fix(sbom): support for the detection of old CycloneDX predicate type (#3316)
- 68eda79 feat(secret): Use .trivyignore for filtering secret scanning result (#3312)
- b95d435 chore(go): remove experimental FS API usage in Wasm (#3299)
- ac6b7c3 ci: add workflow to add issues to roadmap project (#3292)
- cfabdf9 fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275)
- 56e3d8d chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#3250)
- bbccb44 feat(sbom): better support for third-party SBOMs (#3262)
- e879b06 docs: add information about languages with support for dependency locations (#3306)
- e92266f feat(vm): add
region
option to vm scan to be able to scan any region's ami and ebs snapshots (#3284) - 01c7fb1 chore(deps): bump github.com/Azure/azure-sdk-for-go from 66.0.0+incompatible to 67.1.0+incompatible (#3251)
- 23d0613 fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255)
- 407c240 docs: remove comparisons (#3289)
- 93c5d2d feat: add support for Wolfi Linux (#3215)
- 2809794 ci: add go.mod to canary workflow (#3288)
- 08b55c3 feat(python): skip dev dependencies (#3282)
- 52300e6 chore: update ubuntu version for Github action runnners (#3257)
- a7ac6ac fix(go): skip dep without Path for go-binaries (#3254)
- 4436a20 feat(rust): add ID for cargo pgks (#3256)
- 34d505a chore(deps): bump github.com/samber/lo from 1.33.0 to 1.36.0 (#3263)
- ea95602 chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#3253)
- aea298b feat: add support for swift cocoapods lock files (#2956)
- c67fe17 fix(sbom): use proper constants (#3286)
- f907255 chore(deps): bump golang.org/x/term from 0.1.0 to 0.3.0 (#3278)
- 8f95743 test(vm): import relevant analyzers (#3285)
- 8744534 feat: support scan remote repository (#3131)
- c278d86 docs: fix typo in fluxcd (#3268)
- fa2281f docs: fix broken "ecosystem" link in readme (#3280)
- a3eece4 feat(misconf): Add compliance check support (#3130)
- 7a6cf5a docs: Adding Concourse resource for trivy (#3224)
- dd26bd2 chore(deps): change golang from 1.19.2 to 1.19 (#3249)
- cbba6d1 fix(sbom): duplicate dependson (#3261)
- fa2e3ac chore(deps): bump alpine from 3.16.2 to 3.17.0 (#3247)
- 5c43475 chore(go): updates wazero to 1.0.0-pre.4 (#3242)
- d29b0ed feat(report): add dependency locations to sarif format (#3210)
- 967e32f fix(rpm): add rocky to osVendors (#3241)
- 9477416 docs: fix a typo (#3236)
- 97ce61e feat(dotnet): add dependency parsing for nuget lock files (#3222)
- 17e13c4 docs: add pre-commit hook to community tools (#3203)
- b1a2c4e feat(helm): pass arbitrary env vars to trivy (#3208)