Skip to content

@aqua-bot aqua-bot released this Oct 16, 2021

Changelog

bcfa028 chore(release): bump up GoReleaser to v0.182.1 (#1299)
681ab1b fix(yarn): support quoted version (#1298)
46051d5 feat(custom-forward): Forward the extended advisory data (#1247)
d8d692b feat(javascript) : Initialize npm driver for javascript packages (#1289)
cc344df fix(cli): fix incorrect comparision of DB metadata type. (#1286)
0dec17f docs: add footer to readme (#1281)

Docker images

  • docker pull aquasec/trivy:0.20.1
  • docker pull ghcr.io/aquasecurity/trivy:0.20.1
  • docker pull public.ecr.aws/aquasecurity/trivy:0.20.1
Assets 29

@aqua-bot aqua-bot released this Oct 6, 2021

Changelog

f12446d feat(report): add package path (#1274)
1c9ccb5 feat(command): add rootfs command (#1271)
a463e79 fix: update fanal (#1272)
e0ca5ef feat(commands): remove deprecated options (#1270)
1ebb329 Aggregate jar result for table (#1269)
b37f682 BREAKING(report): migrate to new json schema (#1265)
da90510 feat: improve --skip-dirs and --skip-files (#1249)
bd57b4f fix(gobinary): skip large files (#1259)
9027dc3 Disable library analyzer for OS only scan type (#1191)
5750cc2 chore: update trivy version (#1252)
bbcce9f refactor: move from io/ioutil to io and os package (#1245)
6bcb4af fix: brew test command (#1253)
8d13234 fix:added layer info in packages (#1248)
982f35b fix(go/binary): improve debug messages (#1244)
2e170cd Update db.go (#1199)
cc6c67d fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243)
669fd1f feat(debian): support the versions that reached EOL (#1237)
8cd7de2 feat(alpine): support unfixed vulnerabilities (#1235)
3bf3a46 feat(report): add image config (#1231)
8edcc62 feat(nodejs): support package.json (#1225)
31c45ff refactor: use testing DB instead of mock (#1234)
d8cc8b5 feat(ruby): support gemspec (#1224)
dbc7a83 feat(python): add packaging detector and respective hook (#1223)
19c0b70 feat(license): Added support to new License field of go-dep-parser's library (#1167)
9d61777 fix(oracle): handle advisories contain ksplice versions (#1209)
5d57dea fix(docs): remove OSVDB advisories (#1215)
b595559 docs: fix typos in CONTRIBUTING.md (#1181)
b1410b2 Update EOL of Debian 11 (#1180)
0e777d3 fix(plugin): resolve a closure (#1207)
b6d9c30 docs: fix typo (#1206)
5160a2e fix(detector): change an argument for trivy-db getter (#1203)
40ed227 chore(mod): update fanal (#1179)
2a4400c Add license info to package data (#1176)
82eb630 feat(nuget): support packages.config (#1095)
4a8db20 feat(python): add support for requirements.txt (#1169)
8db9b6a GitLab CI integration documentation (#1168)
c159501 chore(gorelease) change goreleaser config to include template examples (#1138)
76e63d1 chore(deps): bump dmnemec/copy_file_to_another_repo_action (#1153)
79b6684 chore(deps): bump actions/stale from 3 to 4 (#1152)
214fe82 feat(report): add end of service life flag to OS metadata (#1142)
c489e31 chore: set up Dependabot for github-actions and docker (#1128)
efd812c docs: fix typo (#1149)
3a920dc docs: add some external links (#1147)
7cb1598 chore (release): add ubuntu esm versions to deploy script (#1151)
6a88002 docs(troubleshooting) add urls which are required to download vuls db (#1137)

Docker images

  • docker pull aquasec/trivy:0.20.0
  • docker pull ghcr.io/aquasecurity/trivy:0.20.0
  • docker pull public.ecr.aws/aquasecurity/trivy:0.20.0
  • docker pull aquasec/trivy:latest
  • docker pull ghcr.io/aquasecurity/trivy:latest
  • docker pull public.ecr.aws/aquasecurity/trivy:latest
Assets 28

@aqua-bot aqua-bot released this Jul 20, 2021

Changelog

f3f3029 Updated the Alpine Image to 3.14 (latest) (#1130)
0e52fde Added EOL for Ubuntu 21.10 (#1131)
9b3fba0 fix(image): disabled scanning of config files within container images (#1133)
1101634 docs: fixed typo (#1124)
499b7a6 update cyclonedx github action to v0.3.0 (#1127)

Docker images

  • docker pull aquasec/trivy:0.19.2
  • docker pull ghcr.io/aquasecurity/trivy:0.19.2
  • docker pull public.ecr.aws/aquasecurity/trivy:0.19.2
  • docker pull aquasec/trivy:latest
  • docker pull ghcr.io/aquasecurity/trivy:latest
  • docker pull public.ecr.aws/aquasecurity/trivy:latest
Assets 29

@aqua-bot aqua-bot released this Jul 12, 2021

Changelog

cea9b0b fix(policy): fix panic on the first run (#1116)

Docker images

  • docker pull aquasec/trivy:0.19.1
  • docker pull ghcr.io/aquasecurity/trivy:0.19.1
  • docker pull public.ecr.aws/aquasecurity/trivy:0.19.1
  • docker pull aquasec/trivy:latest
  • docker pull ghcr.io/aquasecurity/trivy:latest
  • docker pull public.ecr.aws/aquasecurity/trivy:latest
Assets 29

@aqua-bot aqua-bot released this Jul 12, 2021

Changelog

dea3428 docs(misconf): add comparison with Conftest and tfsec (#1111)
47d600a feat(report): add schema version (#1110)
eae4baf fix(scan): change unknown os from info to debug (#1109)
9e08bd4 docs: add misconfiguration (#1101)
d9883e4 fix(config): rename include-successes with include-non-failures (#1107)
e6f7e55 feat(config): support --trace (#1106)
4b84e79 fix(policy): reduce the Internet access (#1105)
05ae22a chore: bump golangci-lint to v1.41.1 (#1104)
a0e5c3a feat: support config scanning (#931)
712f9eb feat(report): add artifact metadata (#1079)
803b2f9 Generate SBOM (#1076)
92f980f fix(db): multiple prefixed data sources (#1070)
52e98f1 Add EOL date for Alpine 3.14 (#1072)
6cd9a32 suse: mark sle 15.3 as maintained, add opensuse 15.3 (#1059)
03a7366 docs: improve data sources (#1069)
a29d6d8 chore(label): add kind/security-advisory (#1068)
2a08969 fix(asff): replace slice with substr (#1058)
3a94b73 fix(helm-chart): parametrized ingress host path (#1049)
41d000c feat: support Google Artifact Repository (#1055)
78da283 Update ASFF template to use label for severity (#1047)
e362843 BREAKING: migrate to a new JSON schema (#782)
097b8d4 docs: Fix link to AWS Security Hub template (#1046)
3b6122f refactor(server): support gzip (#1045)
f75a369 chore(rpc): update protoc and twirp (#1044)
e4c32cd Added support for list all packages flag in client (#1032)
fb19abd chore: chart with 0.18.3 (#1033)
d2afc20 feat: add gitlab codequality template (#895)
43ff5f9 feat(plugin): add aqua plugin (#1029)
5e6a50b fix(go): if patchedVersion is empty mark it as vulnerable (#1030)
23b9533 docs(ubuntu): fix supported versions (#1028)
d1f8cfc Support Ubuntu 21.04 (#1027)
aa2336b chore: remove codecov (#1016)
e646172 fix typo on github-actions.md (#1022)

Docker images

  • docker pull aquasec/trivy:0.19.0
  • docker pull ghcr.io/aquasecurity/trivy:0.19.0
  • docker pull public.ecr.aws/aquasecurity/trivy:0.19.0
  • docker pull aquasec/trivy:latest
  • docker pull ghcr.io/aquasecurity/trivy:latest
  • docker pull public.ecr.aws/aquasecurity/trivy:latest
Assets 29

@aqua-bot aqua-bot released this May 24, 2021

Changelog

85e45ca chore(ci): change to more granular tokens (#1014)
9fa512a chore(ci): add Go scanning and update dependencies (#1001)
349371b docs: Add HIGH severity to Trivy command in GitLab CI example to match comment (#1013)

Docker images

  • docker pull aquasec/trivy:0.18.3
  • docker pull ghcr.io/aquasecurity/trivy:0.18.3
  • docker pull public.ecr.aws/aquasecurity/trivy:0.18.3
  • docker pull aquasec/trivy:latest
  • docker pull ghcr.io/aquasecurity/trivy:latest
  • docker pull public.ecr.aws/aquasecurity/trivy:latest
Assets 28

@aqua-bot aqua-bot released this May 20, 2021

Changelog

4446961 fix(image): disable go.sum scanning (#1007)
04473ad fix(gomod): handle go.sum with an empty line (#1006)
1b66b77 feat: prepare for config scanning (#1005)
8fc6ea6 Clarify that dev dependencies are excluded (#986)

Docker images

  • docker pull aquasec/trivy:0.18.2
  • docker pull ghcr.io/aquasecurity/trivy:0.18.2
  • docker pull public.ecr.aws/aquasecurity/trivy:0.18.2
  • docker pull aquasec/trivy:latest
  • docker pull ghcr.io/aquasecurity/trivy:latest
  • docker pull public.ecr.aws/aquasecurity/trivy:latest
Assets 28

@aqua-bot aqua-bot released this May 13, 2021

Changelog

eaf2da2 Include target value in Sarif template ruleID (#991)
083c157 chore(mkdocs): allow workflow_dispatch (#989)

Docker images

  • docker pull aquasec/trivy:0.18.1
  • docker pull ghcr.io/aquasecurity/trivy:0.18.1
  • docker pull public.ecr.aws/aquasecurity/trivy:0.18.1
  • docker pull aquasec/trivy:latest
  • docker pull ghcr.io/aquasecurity/trivy:latest
  • docker pull public.ecr.aws/aquasecurity/trivy:latest
Assets 28

@aqua-bot aqua-bot released this May 12, 2021

Release Note

#990

Changelog

e26e39a fix(vuln) unique vulnerabilities from different data sources (#984)
04e7cca feat(go): added support of gomod analyzer (#978)

Docker images

  • docker pull aquasec/trivy:0.18.0
  • docker pull ghcr.io/aquasecurity/trivy:0.18.0
  • docker pull public.ecr.aws/aquasecurity/trivy:0.18.0
  • docker pull aquasec/trivy:latest
  • docker pull ghcr.io/aquasecurity/trivy:latest
  • docker pull public.ecr.aws/aquasecurity/trivy:latest
Assets 28

@aqua-bot aqua-bot released this May 1, 2021

Changelog

415e1d8 fix: scan only regular files (#976)
3bb8852 docs: mention upx binaries (#974)
c0fddd9 chore: upgrade alpine to fix git and libcurl vulnerabilities in trivy docker image scan (#971)

Docker images

  • docker pull aquasec/trivy:0.17.2
  • docker pull ghcr.io/aquasecurity/trivy:0.17.2
  • docker pull public.ecr.aws/aquasecurity/trivy:0.17.2
  • docker pull aquasec/trivy:latest
  • docker pull ghcr.io/aquasecurity/trivy:latest
  • docker pull public.ecr.aws/aquasecurity/trivy:latest
Assets 28