aquasecurity/trivy v0.48.0

on GitHub

⚡Release highlights and summary⚡

👉 #5724

Changelog

• f2aa9bf chore(deps): bump sigstore/cosign-installer from 4a861528be5e691840a69536975ada1d4c30349d to 1fc5bd396d372bee37d608f955b336615edf79c8 (#5696)
• 6d7e2f8 chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 (#5694)
• 0ff5f96 feat: filter k8s core components vuln results (#5713)
• a54d1e9 feat(vuln): remove duplicates in Fixed Version (#5596)
• 99c04c4 feat(report): output plugin (#4863)
• 70078b9 chore(deps): bump alpine from 3.18.4 to 3.18.5 (#5700)
• 49e83a6 chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#5704)
• af32cb3 chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 (#5699)
• 1766271 chore(deps): bump actions/github-script from 6 to 7 (#5697)
• 7ee8547 chore(deps): bump easimon/maximize-build-space from 8 to 9 (#5695)
• 654147f docs: typo in modules.md (#5712)
• 2569575 feat: Add flag to configure node-collector image ref (#5710)
• c061009 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 (#5702)
• aedbd85 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 (#5698)
• e018b9c chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 (#5706)
• b5874e3 feat(misconf): Add --misconfig-scanners option (#5670)
• 075d8f6 chore: bump Go to 1.21 (#5662)
• 16b757d feat: Packagesprops support (#5605)
• 372efc9 chore(deps): Bump up trivy misconf deps (#5656)
• edad5f6 docs: update adopters discussion template (#5632)
• ed9d340 docs: terraform tutorial links updated to point to correct loc (#5661)
• 8ff574e fix(secret): add sec and space to secret prefix for aws-secret-access-key (#5647)
• ad977a4 fix(nodejs): support protocols for dependency section in yarn.lock files (#5612)
• b1dc60b fix(secret): exclude upper case before secret for alibaba-access-key-id (#5618)
• 65351d4 docs: Update Arch Linux package URL in installation.md (#5619)
• c866f1c chore: add prefix to image errors (#5601)
• ed0022b docs(vuln): fix link anchor (#5606)
• 3c81727 docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608)
• 2145464 fix: k8s friendly error messages kbom non cluster scans (#5594)
• 44d0b28 feat: set InstalledFiles for DEB and RPM packages (#5488)
• ae4bcf6 fix(report): use time.Time for CreatedAt (#5598)
• b6fafa0 test: retry containerd initialization (#5597)
• 1336223 feat(misconf): Expose misconf engine debug logs with --debug option (#5550)
• 7105186 test: mock VM walker (#5589)
• d9d7f3f chore: bump node-collector v0.0.9 (#5591)
• e3c28f8 feat(misconf): Add support for --cf-params for CFT (#5507)
• ac0e327 feat(flag): replace '--slow' with '--parallel' (#5572)
• 5372067 fix(report): add escaping for Sarif format (#5568)
• a389529 chore: show a deprecation notice for --scanners config (#5587)
• f4dd062 feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)
• d005f5a test: mock RPM DB (#5567)
• a96ec35 feat: add aliases to '--scanners' (#5558)
• 950e431 refactor: reintroduce output writer (#5564)
• 2310f0d chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#5543)
• 04b93e9 chore: not load plugins for auto-generating docs (#5569)
• cccaa15 chore: sort supported AWS services (#5570)
• 3891e3d fix: no schedule toleration (#5562)
• 138feb0 fix(cli): set correct scanners for k8s target (#5561)
• cb241a8 fix(sbom): add FilesAnalyzed and PackageVerificationCode fields for SPDX (#5533)
• e7f6a5c refactor(misconf): Update refactored dependencies (#5245)
• 2f5afa5 feat(secret): add built-in rule for JWT tokens (#5480)
• 91fc8da fix: trivy k8s parse ecr image with arn (#5537)
• 05df244 fix: fail k8s resource scanning (#5529)
• a1b4744 refactor(misconf): don't remove Highlighted in json format (#5531)
• 7712f8f docs(k8s): fix link in kubernetes.md (#5524)
• 043fbfc docs(k8s): fix whitespace in list syntax (#5525)