chore: bump github.com/aquasecurity/trivy from 0.44.1 to 0.45.0

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.44.1 to 0.45.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.45.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#5082

Changelog

• cdab67e7f docs: add Bitnami (#5078)
• 7acc5e831 feat(docker): add support for scanning Bitnami components (#5062)
• 9628b1cbf feat: add support for .trivyignore.yaml (#5070)
• 4547e2766 fix(terraform): improve detection of terraform files (#4984)
• 0c8919e1e feat: filter artifacts on --exclude-owned flag (#5059)
• c04f234fa fix(sbom): cyclonedx advisory should omit null value (#5041)
• f811ed2d4 build: maximize build space for build tests (#5072)
• 69ea5bf70 feat: improve kbom component name (#5058)
• 3715dcb3f fix(pom): add licenses for pom artifacts (#5071)
• 07f7e9853 chore(deps): Update defsec to v0.92.0 (#5068)
• d4ca3cce2 chore: bump Go to 1.20 (#5067)
• 49fdd584b feat: PURL matching with qualifiers in OpenVEX (#5061)
• 4401998ec feat(java): add graph support for pom.xml (#4902)
• 9c211d005 feat(swift): add vulns for cocoapods (#5037)
• 422fa414e fix: support image pull secret for additional workloads (#5052)
• 8e933860a fix: #5033 Superfluous double quote in html.tpl (#5036)
• 9345a98ed docs(repo): update trivy repo usage and example (#5049)
• 5d8da70c6 perf: Optimize Dockerfile for reduced layers and size (#5038)
• 1be9da7aa feat: scan K8s Resources Kind with --all-namespaces (#5043)
• 0e17d0bef fix: vulnerability typo (#5044)
• d70fab231 docs: adding a terraform tutorial to the docs (#3708)
• 2fa264ac1 feat(report): add licenses to sarif format (#4866)
• 07ddf4790 feat(misconf): show the resource name in the report (#4806)
• 9de360623 chore: update alpine base images (#5015)
• ef70d2076 feat: add Package.resolved swift files support (#4932)
• ec5d8bec0 feat(nodejs): parse licenses in yarn projects (#4652)
• 3114c87e6 fix: k8s private registries support (#5021)
• 6d79f55db bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)
• 9ace59106 feat(vuln): support last_affected field from osv (#4944)
• d44217640 feat(server): add version endpoint (#4869)
• 63cd41d20 feat: k8s private registries support (#4987)
• cb16e23f1 fix(server): add indirect prop to package (#4974)
• a4e981b4e docs: add coverage (#4954)
• 6f03c7940 feat(c): add location for lock file dependencies. (#4994)
• c74870500 docs: adding blog post on ec2 (#4813)
• 4e1316c37 revert 32bit bins (#4977)
• fc959fc57 chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917)

Commits

• cdab67e docs: add Bitnami (#5078)
• 7acc5e8 feat(docker): add support for scanning Bitnami components (#5062)
• 9628b1c feat: add support for .trivyignore.yaml (#5070)
• 4547e27 fix(terraform): improve detection of terraform files (#4984)
• 0c8919e feat: filter artifacts on --exclude-owned flag (#5059)
• c04f234 fix(sbom): cyclonedx advisory should omit null value (#5041)
• f811ed2 build: maximize build space for build tests (#5072)
• 69ea5bf feat: improve kbom component name (#5058)
• 3715dcb fix(pom): add licenses for pom artifacts (#5071)
• 07f7e98 chore(deps): Update defsec to v0.92.0 (#5068)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (9632d7d) 31.80% compared to head (73bbcf8) 31.80%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #280   +/-   ##
=======================================
  Coverage   31.80%   31.80%           
=======================================
  Files          18       18           
  Lines        1597     1597           
=======================================
  Hits          508      508           
  Misses       1061     1061           
  Partials       28       28           

☔ View full report in Codecov by Sentry.

📢 Have feedback on the report? Share it here.