Skip to content

v0.0.1-rf.1

Latest

Choose a tag to compare

@github-actions github-actions released this 04 Jul 09:34

Changelog

  • 6b04d3b chore(ci): remove aquasec-only workflows (canary, release-please)
  • 00003c3 Remove Auto Ready For Review file
  • 65a935a Test Fix
  • e0ae6da Packaging for Trivy Prod
  • 1a285f5 Merge branch 'main' into feat/add-rapidfort-scanner
  • c0654e1 fix(spdx): guard against nil root component in SPDX marshaler (aquasecurity#10771)
  • 7ca5a6b ci(helm): bump Trivy version to 0.71.0 for Trivy Helm Chart 0.23.0 (aquasecurity#10768)
  • 9b49920 release: v0.71.0 [main] (aquasecurity#10638)
  • 35cefae ci: use only the first line of commit message in release-please workflow (aquasecurity#10766)
  • f8a6ddb feat: add WithDriver and WithProvider options to ospkg detector (aquasecurity#10740)
  • 3ea80c0 chore(deps): bump github.com/google/go-containerregistry to v0.21.6 (aquasecurity#10741)
  • 203dd94 refactor(secret): normalize configPath once in Init (aquasecurity#10702)
  • 9ad901d feat(secret): add Maven rules to detect passwords and passphrases in settings.xml and settings-security.xml files (aquasecurity#10704)
  • 8f049df chore(deps): bump the common group across 1 directory with 25 updates (aquasecurity#10758)
  • 900ffcb chore: migrate from gomodguard to gomodguard_v2 (aquasecurity#10739)
  • 3d5bc38 chore(deps): bump the docker group across 1 directory with 2 updates (aquasecurity#10709)
  • 1c515db chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.302.0 to 1.303.0 in the aws group (aquasecurity#10752)
  • 984581f ci: scope GitHub App tokens to minimum required permissions (aquasecurity#10755)
  • b1626a3 chore(deps): upgrade go-redis from v8 to v9 (aquasecurity#10736)
  • 9c1cf65 fix(misconf): fix rendering of nested values in terraform plan lists (aquasecurity#10746)
  • f099dc4 fix(misconf): skip resources with no after changes (aquasecurity#10352)
  • 0bc5c6d fix(misconf): reject nil plays during playbook parsing (aquasecurity#10273)
  • 0e4dc66 fix(nodejs): silently skip subdirectory package.json files with invalid names (aquasecurity#10609)
  • f080e1e fix(misconf): skip null cty values in AsMapValue to prevent panic (aquasecurity#10723)
  • 441251e refactor(misconf): replace custom Helm archive parsing with Helm SDK loaders (aquasecurity#10718)
  • 7d9d519 chore(deps): bump github.com/containerd/containerd/v2 to v2.3.1 (aquasecurity#10738)
  • cdfaf0b chore(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (aquasecurity#10686)
  • 69e78e2 fix(report): don't produce trailing comma in gitlab.tpl links array (aquasecurity#10728)
  • ac2f3d7 fix(cloudformation): propagate AWS::EC2::Instance MetadataOptions (aquasecurity#10731)
  • ac79fb9 chore(deps): upgrade github.com/cenkalti/backoff dependency to v5 (aquasecurity#10705)
  • 8047ef3 chore: bump golangci-lint to v2.12 (aquasecurity#10726)
  • f2a1237 feat(spdx): add SHA-512 hash algorithm support to SPDX serializer (aquasecurity#10719)
  • 04f739e feat(sbom): support for CycloneDX 1.7 (aquasecurity#10715)
  • f9ed425 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.300.0 to 1.302.0 in the aws group (aquasecurity#10708)
  • e169597 chore: migrate from helm.sh/helm/v3 to helm.sh/helm/v4 (aquasecurity#10678)
  • 519eac9 fix(image): correctly reconstruct RUN instructions built without BuildKit (aquasecurity#10714)
  • 0903124 feat(ospkg): update rapidfort scanner implementation and tests
  • c080ce3 feat(java): support from settings.xml (aquasecurity#10692)
  • f8fdb93 fix(java): surface 429 from a remote Maven repository as a fatal error when scanning pom.xml files (aquasecurity#10693)
  • f10fad5 chore: bump go to 1.26.3 (aquasecurity#10683)
  • 451fd99 fix(nodejs): handle legacy license formats in npm lockfile parser (aquasecurity#10684)
  • fc1e46f fix(secret): correctly skip secret-scanner config file from scanning (aquasecurity#10666)
  • a61feac feat(ubuntu): detect Ubuntu 26.04 LTS (aquasecurity#10592)
  • 2f940f0 refactor(nodejs): deduplicate license traversal across package managers (aquasecurity#10681)
  • 39a28ed fix: overwrite OS packages PURLs after overwrite OS (aquasecurity#10298)
  • 69dcd18 feat(secret): add Azure secret detection rules (aquasecurity#10562)
  • 9d91b88 fix(misconf): prevent path traversal in Terraform filesystem functions (aquasecurity#10664)
  • e4325b1 feat(secret): add a way to customize skipped folders, files and exts (aquasecurity#10550)
  • ea7e9ad ci: migrate PAT tokens to GitHub App (aquasecurity#10628)
  • cb229e9 chore(deps): bump the aws group across 1 directory with 6 updates (aquasecurity#10598)
  • 00cebeb chore(deps): bump the docker group across 1 directory with 3 updates (aquasecurity#10596)
  • 8dff4b7 chore(deps): bump the github-actions group across 2 directories with 9 updates (aquasecurity#10608)
  • 56b5471 chore(deps): bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 (aquasecurity#10641)
  • 10d64d2 chore(deps): bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 (aquasecurity#10648)
  • 99c0659 ci: migrate PAT tokens to GITHUB_TOKEN for reusable-release workflow (aquasecurity#10655)
  • b08bf6a feat(seal): add vendor support for language file detection. (aquasecurity#10297)
  • a75a468 fix(misconf): make identifiers in ignore rules case-insensitive (aquasecurity#10375)
  • 3a2f7fb fix: pull instead of clone when test repo already exists (aquasecurity#10636)
  • 920fad2 docs: document how to disable check.trivy.dev connections (aquasecurity#10623)
  • d4ac98a docs(misconf): fix typo in misconfiguration config (aquasecurity#10619)
  • 85aa9b7 ci: remove secrets from run block (aquasecurity#10590)
  • 72c2a23 docs: fix typos (aquasecurity#10605)
  • 99eabdf refactor(deps): replace archived go-homedir with os.UserHomeDir (aquasecurity#10484)
  • 28ed214 chore(deps): Bump go-ini and fix the import path. (aquasecurity#10489)
  • bb5a8cf chore(deps): bump the github-actions group across 2 directories with 9 updates (aquasecurity#10495)
  • a0f71c8 chore(deps): bump github.com/aquasecurity/testdocker (aquasecurity#10543)
  • 2095d49 docs: convert README demonstration videos to mp4 (aquasecurity#10419)
  • 4aa938d chore(deps): upgrade vm scan dependency for bug fix (aquasecurity#10575)
  • c72b416 docs(nodejs): clarify package.json behavior in image scanning (aquasecurity#10572)
  • 8e23717 chore(deps): replace xeipuuv/gojsonschema and invopop/jsonschema with google/jsonschema-go (aquasecurity#10528)
  • cb4aa9c chore(deps): bump github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0 (aquasecurity#10554)
  • 73809db chore(deps): bump alpine to 3.23.4 (aquasecurity#10552)
  • 2459b1d ci(helm): bump Trivy version to 0.70.0 for Trivy Helm Chart 0.22.0 (aquasecurity#10547)
  • 8a3177a release: v0.70.0 [main] (aquasecurity#10105)
  • 974de49 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (aquasecurity#10496)
  • 2175597 chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 (aquasecurity#10526)
  • 50c7a1e chore(deps): bump the common group across 1 directory with 8 updates (aquasecurity#10540)
  • 885fbce chore(deps): bump the docker group across 1 directory with 2 updates (aquasecurity#10538)
  • 7ee3e1e fix: use Development category for GoReleaser discussions (aquasecurity#10530)
  • 6dbe369 chore(deps): bump testcontainers-go to v0.42.0 (aquasecurity#10531)
  • 21e6888 chore: update CODEOWNERS (aquasecurity#10529)
  • 35d28e8 chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (aquasecurity#10511)
  • 6d40a98 chore(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (aquasecurity#10510)
  • 848f41b chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 (aquasecurity#10449)
  • aa8d502 ci: migrate from mkdocs-material-insiders to mkdocs-material (aquasecurity#10509)
  • d2245de chore: remove aquasecurity/homebrew-trivy tap from GoReleaser (aquasecurity#10508)
  • 57c9cd3 ci: update runners for workflows that interact with GitHub API (aquasecurity#10502)
  • 42f73ae ci: rename tokens and update runners (aquasecurity#10500)
  • 87b62ee ci: trigger helm chart publishing via helm-charts workflow (aquasecurity#10474)
  • 6be4a27 ci: remove ruleset update step from release-please workflow (aquasecurity#10499)
  • 1561215 ci: use large runner and replace ORG_REPO_TOKEN in release-please workflow (aquasecurity#10498)
  • c24d3eb ci: trigger rpm/deb deployment via trivy-repo workflow (aquasecurity#10476)
  • 54658b7 fix: address linting issues in rapidfort ospkg detector - Reorder rapidfort import in detect.go to maintain alphabetical order - Use make(map[string]string) over composite literal in rapidfort_test.go
  • a4fa9bd rapidfort: add RedHat/RPM scanner support with identifier-aware vulnerability filtering (#1)
  • bda9710 fix: remove os.Stdout from wazero module config (aquasecurity#10403)
  • 1a6f7a1 chore(deps): bump the common group across 1 directory with 22 updates (aquasecurity#10408)
  • 297e7fa chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (aquasecurity#10407)
  • 20458b8 fix(flag): validate template file extension (aquasecurity#10296)
  • e9e9e8c fix(sbom): preserve Red Hat BuildInfo when scanning SBOMs without layer info (aquasecurity#10378)
  • f207ec6 fix: handle Go 1.26 GOEXPERIMENT version format change (aquasecurity#10351)
  • 4cf4498 fix(python): handle multiple version specifiers in requirements.txt (aquasecurity#10361)
  • 51c1599 ci: run Trivy version bump in trivy-action (aquasecurity#10272)
  • 12ab3ce fix(python): nil pointer dereference with optional poetry groups without dependencies (aquasecurity#10359)
  • aef4ecc ci: replace personal email with github-actions[bot] in workflows (aquasecurity#10369)
  • 1962aa9 chore: replace smithy epoch parsing with stdlib time.Unix (aquasecurity#10286)
  • 891cd79 test: update golden files for purl changes (aquasecurity#10372)
  • fb6a83a ci: add zizmor to scan GitHub Actions workflows (aquasecurity#10322)
  • 778a853 refactor: log statuses as strings (aquasecurity#10285)
  • 88a91cf ci: add build provenance attestations for release artifacts (aquasecurity#10316)
  • 33b9d8e fix(sbom): add NOASSERTION for licenseDeclared/licenseConcluded in SPDX non-library packages (aquasecurity#10368)
  • e5da6de fix(report): set correct sarif ROOTPATH uri when scanning a git repository (aquasecurity#10366)
  • d7fb355 perf(plugin): optimize directory traversal by replacing filepath.Walk with filepath.WalkDir (aquasecurity#10325)
  • a96cede docs: correct typos in CHANGELOG and diagram (aquasecurity#10320)
  • 703de6d chore: delete roadmap wf (aquasecurity#10295)
  • 66acebb ci(helm): bump Trivy version to 0.69.3 for Trivy Helm Chart 0.21.3 (aquasecurity#10310)
  • 2a4dfbf fix(cyclonedx): include CVSS v4 vulnerability ratings (aquasecurity#10313)
  • 77f5cb5 fix: detected vulnerability fields in azure and mariner detector (aquasecurity#10275)
  • 18e6028 ci: add persist-credentials: false to checkout steps (aquasecurity#10306)
  • 4391500 rapidfort: Remove debian test cases, not supported yet
  • 2f62c94 ci(helm): bump Trivy version to 0.69.2 for Trivy Helm Chart 0.21.2 (aquasecurity#10270)
  • 9588325 chore(deps): bump the common group across 1 directory with 8 updates (aquasecurity#10248)
  • 01295f3 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (aquasecurity#10257)
  • a01f109 chore(deps): bump the aws group across 1 directory with 6 updates (aquasecurity#10249)
  • 5fe09eb chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (aquasecurity#10241)
  • 835a4ad ci: remove apidiff workflow (aquasecurity#10259)
  • 3d7f0b3 Add RapidFort OS package scanner
  • 2a140f1 chore(deps): bump github.com/docker/cli from 29.1.4+incompatible to 29.2.1+incompatible in the docker group across 1 directory (aquasecurity#10221)
  • a0f6962 ci: bump golangci-lint to v2.10 in cache-test-assets (aquasecurity#10243)
  • 350fe33 feat(java): add support for proxy configuration from Maven settings.xml (aquasecurity#10187)
  • ccf5a5a chore(deps): bump the github-actions group across 3 directories with 11 updates (aquasecurity#10242)
  • d0a3f63 feat(python): add pylock.toml support (aquasecurity#10137)
  • 2d92b27 chore: bump SPDX license IDs and exceptions to v3.28.0 (aquasecurity#10233)
  • 21e6577 docs: fix typos and upgrade insecure HTTP links to HTTPS (aquasecurity#10219)
  • a4f7937 chore: bump golangci-lint to v2.10.0 (aquasecurity#10223)
  • da94d5f feat(misconf): support for azurerm_network_interface_security_group_association (aquasecurity#10215)
  • d758826 ci: pin Docker Engine to v29 for integration tests (aquasecurity#10232)
  • aa61dbd feat: extend RapidFort scanner with third-party package support and constraint fix
  • bd7352a feat: add RapidFort curated image scanner with advisory integration
  • 7acb5f6 feat(go): detect version from ELF symbol table for binaries built with -trimpath (aquasecurity#10197)
  • 5b54388 docs: migrate private registry documentation from GCR to GAR (aquasecurity#10208)
  • 1c09181 chore(deps): bump the common group across 1 directory with 24 updates (aquasecurity#10206)
  • fb05196 chore(deps): update Docker client SDK to v29 (aquasecurity#10202)
  • 3a3d750 test: update Docker Engine integration tests for Docker API v0.29.0+ compatibility (aquasecurity#10199)
  • 0f0d6db fix(misconf): initialize custom annotation field if empty (aquasecurity#10123)
  • 2c1f65b feat(ubuntu): add eol data for 25.10 (aquasecurity#10181)
  • 42216b5 docs: fix incorrect count of Python package managers (aquasecurity#10175)
  • 8662089 chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (aquasecurity#10179)
  • 823f363 feat(misconf): resolve Azure resources via resource_id (aquasecurity#10173)
  • 580c4ac ci(helm): bump Trivy version to 0.69.1 for Trivy Helm Chart 0.21.1 (aquasecurity#10155)
  • 68c196f refactor: remove unused Insecure field from ServiceOption (aquasecurity#10113)
  • 0b73503 refactor: reduce complexity of init in detect.go (aquasecurity#10163)
  • 66bdec4 feat(misconf): adapt ARM k8s clusters (aquasecurity#9696) (aquasecurity#10125)
  • 82019c3 docs: update version endpoint example in client/server documentation (aquasecurity#10151)
  • d6e6331 feat(vuln): skip third-party packages in common Detect function (aquasecurity#10129)
  • 5ffcdfc ci: add composite action for Go setup (aquasecurity#10146)
  • b775a1b fix(misconf): apply check aliases when filtering results via .trivyignore (aquasecurity#10112)
  • 8d3d4ee docs(terraform): add limitation for data sources and computed resource attributes (aquasecurity#10128)
  • fa195b4 fix: update PhotonOS feed URL (aquasecurity#10122)
  • 4c46d41 feat(server): include server version info in JSON output for client/server mode (aquasecurity#10075)
  • 7415661 chore(deps): bump to alpine:3.23.3 and go-1.25.6 to fix CVEs (aquasecurity#10107)
  • fc5f139 refactor: unify scanner error limit and compiler limit (aquasecurity#10106)
  • 73c64af ci(helm): bump Trivy version to 0.69.0 for Trivy Helm Chart 0.21.0 (aquasecurity#10103)
  • 9a3e0a8 fix(java): Disable overwriting exclusions (aquasecurity#10088)
  • 65e151f refactor(rust): use txtar format for cargo analyzer test data (aquasecurity#10104)
  • 1a72b32 feat(python): add pylock.toml (PEP 751) parser (aquasecurity#9632)
  • cc64eeb chore(deps): bump the aws group across 1 directory with 6 updates (aquasecurity#10068)
  • b9a8d2d fix(server): exclude JavaDB and CheckBundle from /version endpoint (aquasecurity#10100)
  • 8fb9191 release: v0.69.0 [main] (aquasecurity#9886)
  • ba9feb6 chore: bump trivy-checks to v2 (aquasecurity#9875)
  • f00f8de chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (aquasecurity#10091)
  • 036c05b fix(repo): return a nil interface for gitAuth if missing (aquasecurity#10097)
  • 2933b01 fix(java): correctly inherit properties from parent fields for pom.xml files (aquasecurity#9111)
  • 47d3103 fix(rust): implement version inheritance for Cargo mono repos (aquasecurity#10011)
  • 676709d feat(activestate): add support ActiveState images (aquasecurity#10081)
  • f809066 feat(vex): support per-repo tls configuration (aquasecurity#10030)
  • f97ac7e refactor: allow per-request transport options override (aquasecurity#10083)
  • 8b46122 chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (aquasecurity#10084)
  • 5d76153 chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (aquasecurity#10085)
  • b9415a3 fix(java): correctly propagate repositories from upper POMs to dependencies (aquasecurity#10077)
  • 31c4780 feat(rocky): enable modular package vulnerability detection (aquasecurity#10069)
  • 8025e90 chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (aquasecurity#10079)
  • bf860cd docs: fix mistake in config file example for skip-dirs/skip-files flag (aquasecurity#10070)
  • fe7d20a feat(report): add Trivy version to JSON output (aquasecurity#10065)
  • d2dc46a fix(rust): add cargo workspace members glob support (aquasecurity#10032)
  • 1953824 feat: add AnalyzedBy field to track which analyzer detected packages (aquasecurity#10059)
  • c233735 fix: use canonical SPDX license IDs from embeded licenses.json (aquasecurity#10053)
  • 5bb6540 docs: fix link to Docker Image Specification (aquasecurity#10057)
  • 34baef2 feat(secret): add detection for Symfony default secret key (aquasecurity#9892)
  • 5602951 refactor(misconf): move common logic to base value and simplify typed values (aquasecurity#9986)
  • 809db46 fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (aquasecurity#9880)
  • 5fced3a feat(misconf): use Terraform plan configuration to partially restore schema (aquasecurity#9623)
  • b06ef6d feat(misconf): add action block to Terraform schema (aquasecurity#10035)
  • ac061f8 fix(misconf): correct typos in block and attribute names (aquasecurity#9993)
  • 8c23bfd test(misconf): simplify test values using *Test helpers (aquasecurity#9985)
  • a0ecc8e fix(misconf): safely parse rotation_period in google_kms_crypto_key (aquasecurity#9980)
  • 92d3465 feat(misconf): support for ARM resources defined as an object (aquasecurity#9959)
  • 37b5da8 feat(misconf): support for azurerm_*_web_app (aquasecurity#9944)
  • 51f5412 test: migrate private test helpers to export_test.go convention (aquasecurity#10043)
  • c3373b1 chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (aquasecurity#10048)
  • cdb28ee fix(secret): improve word boundary detection for Hugging Face tokens (aquasecurity#10046)
  • 3c0ab97 fix(go): use ldflags version for all pseudo-versions (aquasecurity#10037)
  • f0e23ea chore: switch to ID from AVDID in internal and user-facing fields (aquasecurity#9655)
  • 6462dc8 refactor(misconf)!: use ID instead of AVDID for providers mapping (aquasecurity#9752)
  • 4e06c3d fix: move enum into items for array-type fields in JSON Schema (aquasecurity#10039)
  • c5b8fef docs: fix incorrect documentation URLs (aquasecurity#10038)
  • 07ff788 feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (aquasecurity#10033)
  • 7f71b57 fix(docker): fix non-det scan results for images with embedded SBOM (aquasecurity#9866)
  • 60eb3f0 chore(deps): bump the github-actions group with 11 updates (aquasecurity#10001)
  • 08a3f92 test: fix assertion after 2026 roll over (aquasecurity#10002)
  • b46cde0 fix(vuln): skip vulns detection for CentOS Stream family without scan failure (aquasecurity#9964)
  • 11dd3fa fix(license): normalize licenses for PostAnalyzers (aquasecurity#9941)
  • b64d5ad feat(nodejs): parse licenses from package-lock.json file (aquasecurity#9983)
  • 43d4e55 chore: update reference links to Go Wiki (aquasecurity#9987)
  • 93915dc refactor: add xslices.Map and replace lo.Map usages (aquasecurity#9984)
  • 18acf4f fix(image): race condition in image artifact inspection (aquasecurity#9966)
  • 4caf731 feat(flag): add JSON Schema for trivy.yaml configuration file (aquasecurity#9971)
  • 517365c refactor(debian): use txtar format for test data (aquasecurity#9957)
  • 7a6594c chore(deps): bump golang.org/x/tools to v0.40.0 + gopls to v0.21.0 (aquasecurity#9973)
  • d3096e7 feat(rootio): Update trivy db to support usage of Severity from root.io feed (aquasecurity#9930)
  • 74819bf feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (aquasecurity#9932)
  • 56f93a1 docs: add info that --file-pattern flag doesn't disable default behaviuor (aquasecurity#9961)
  • 10a50a7 perf(misconf): optimize string concatenation in azure scanner (aquasecurity#9969)
  • 75c4dc0 chore: add client option to install script (aquasecurity#9962)
  • 8777252 ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (aquasecurity#9956)
  • 5eda0a4 chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (aquasecurity#9952)
  • 718ec29 docs: update binary signature verification for sigstore bundles (aquasecurity#9929)
  • d528250 chore(deps): bump alpine from 3.22.1 to 3.23.0 (aquasecurity#9935)
  • f50b96a chore(alpine): add EOL date for alpine 3.23 (aquasecurity#9934)
  • d65b504 feat(cloudformation): add support for Fn::ForEach (aquasecurity#9508)
  • 1a901e5 ci: enable check-latest for setup-go (aquasecurity#9931)
  • effc1c0 feat(debian): detect third-party packages using maintainer list (aquasecurity#9917)
  • 335cc99 fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (aquasecurity#9924)
  • 879e4fc feat(helm): add sslCertDir parameter (aquasecurity#9697)
  • 18ecf75 fix(misconf): respect .yml files when Helm charts are detected (aquasecurity#9912)
  • 56b59e8 feat(php): add support for dev dependencies in Composer (aquasecurity#9910)
  • f58826f chore(deps): bump the common group across 1 directory with 9 updates (aquasecurity#9903)
  • 39273f3 chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (aquasecurity#9859)
  • 9db123c fix: remove trailing tab in statefulset template (aquasecurity#9889)
  • c2f82ad feat(julia): enable vulnerability scanning for the Julia language ecosystem (aquasecurity#9800)
  • 9275e15 feat(misconf): initial ansible scanning support (aquasecurity#9332)
  • 48dfede feat(misconf): Update Azure Database schema (aquasecurity#9811)
  • 7517112 ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (aquasecurity#9869)
  • 32f3df1 chore: update the install script (aquasecurity#9874)
  • 96290ae release: v0.68.1 [main] (aquasecurity#9867)
  • c7accc8 fix: update cosing settings for GoReleaser after bumping cosing to v3 (aquasecurity#9863)
  • b503278 chore(deps): bump the testcontainers group with 2 updates (aquasecurity#9506)
  • e0fa76d release: v0.68.0 [main] (aquasecurity#9549)
  • e74e2b1 feat(aws): Add support for dualstack ECR endpoints (aquasecurity#9862)
  • c274f5b fix(vex): use a separate visited set for each DFS path (aquasecurity#9760)
  • 15a5465 docs: catch some missed docs -> guide (aquasecurity#9850)
  • 51de2bd refactor(misconf): parse azure_policy_enabled to addonprofile.azurepolicy.enabled (aquasecurity#9851)
  • 96e7083 chore(cli): Remove Trivy Cloud (aquasecurity#9847)
  • 7aca801 fix(misconf): ensure value used as ignore marker is non-null and known (aquasecurity#9835)
  • 7b2b4d4 fix(misconf): map healthcheck start period flag to --start-period instead of --startPeriod (aquasecurity#9837)
  • f5bbb0b chore(deps): bump the docker group with 3 updates (aquasecurity#9776)
  • e13d970 chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 (aquasecurity#9827)
  • 8967622 chore(deps): bump the common group across 1 directory with 20 updates (aquasecurity#9840)
  • e1f3f28 feat(image): add Sigstore bundle SBOM support (aquasecurity#9516)
  • 8876b46 chore(deps): bump the aws group with 7 updates (aquasecurity#9691)
  • 5f9b695 test(k8s): update k8s integrtion test (aquasecurity#9725)
  • 3169ebf chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (aquasecurity#9764)
  • d8eaaeb feat(sbom): add support for SPDX attestations (aquasecurity#9829)
  • 5c42cc5 docs(misconf): Remove duplicate sections (aquasecurity#9819)
  • ea2dc58 feat(misconf): Update Azure network schema for new checks (aquasecurity#9791)
  • c6d95d7 feat(misconf): Update AppService schema (aquasecurity#9792)
  • a6ceff7 fix(misconf): ensure boolean metadata values are correctly interpreted (aquasecurity#9770)
  • c8d5ab7 feat(misconf): support https_traffic_only_enabled in Az storage account (aquasecurity#9784)
  • 9da33b5 docs: restructure docs for new hosting (aquasecurity#9799)
  • f64e0da docs(server): fix info about scanning licenses on the client side. (aquasecurity#9805)
  • 31218f6 ci: remove unused preinstalled software/images for build tests to free up disk space. (aquasecurity#9814)
  • cbad9ca feat(report): add fingerprint generation for vulnerabilities (aquasecurity#9794)
  • 612ee98 chore: trigger the trivy-www workflow (aquasecurity#9737)
  • 738b2b4 fix: update all documentation links (aquasecurity#9777)
  • 019af7f feat(suse): Add new openSUSE, Micro and SLES releases end of life dates (aquasecurity#9788)
  • 3a2a31d test(go): set GOPATH for tests (aquasecurity#9785)
  • 6048173 feat(flag): add --cacert flag (aquasecurity#9781)
  • 08d51a8 fix(misconf): handle unsupported experimental flags in Dockerfile (aquasecurity#9769)
  • 09ea608 test(go): refactor mod_test.go to use txtar format (aquasecurity#9775)
  • 2c3aca5 docs: Fix typos and linguistic errors in documentation / hacktoberfest (aquasecurity#9586)
  • 2ce48c7 chore(deps): bump github.com/opencontainers/selinux from 1.12.0 to 1.13.0 (aquasecurity#9778)
  • be419c7 chore(deps): bump github.com/containerd/containerd/v2 from 2.1.4 to 2.1.5 (aquasecurity#9763)
  • d87d9b9 fix(java): use true as default value for Repository Release|Snapshot Enabled in pom.xml and settings.xml files (aquasecurity#9751)
  • 0487d8e docs: add info that SSL_CERT_FILE works on Unix systems other than macOS only (aquasecurity#9772)
  • 14ecdb5 docs: change SecObserve URLs in documentatio (aquasecurity#9771)
  • d70d994 feat(db): enable concurrent access to vulnerability database (aquasecurity#9750)
  • 69f400c feat(misconf): add agentpools to azure container schema (aquasecurity#9714)
  • 6fb3fde feat(report): switch ReportID from UUIDv4 to UUIDv7 (aquasecurity#9749)
  • cb58bf6 feat(misconf): Update Azure Compute schema (aquasecurity#9675)
  • c3bfecf feat(misconf): Update azure storage schema (aquasecurity#9728)
  • 58819c5 feat(misconf): Update SecurityCenter schema (aquasecurity#9674)
  • 2690ac9 feat(image): pass global context to docker/podman image save func (aquasecurity#9733)
  • c03facf chore(deps): bump the github-actions group with 4 updates (aquasecurity#9739)
  • bf43629 fix(flag): remove viper.SetDefault to fix IsSet() for config-only flags (aquasecurity#9732)
  • 012f3d7 feat(license): use separate SPDX ids to ignore SPDX expressions (aquasecurity#9087)
  • 18c0ee8 feat(dotnet): add dependency graph support for .deps.json files (aquasecurity#9726)
  • 445cd2b feat(misconf): Add support for configurable Rego error limit (aquasecurity#9657)
  • 3fb8703 feat(misconf): Add RoleAssignments attribute (aquasecurity#9396)
  • d020f26 feat(report): add image reference to report metadata (aquasecurity#9729)
  • 29f0347 fix(os): Add photon 5.0 in supported OS (aquasecurity#9724)
  • 212f078 fix(license): handle SPDX WITH exceptions as single license in category detection (aquasecurity#9380)
  • 89fc7b6 refactor: add case-insensitive string set implementation (aquasecurity#9720)
  • 758f271 feat: include registry and repository in artifact ID calculation (aquasecurity#9689)
  • eff52eb feat(java): add support remote repositories from settings.xml files (aquasecurity#9708)
  • fb0593b fix(sbom): don’t panic on SBOM format if scanned CycloneDX file has empty metadata (aquasecurity#9562)
  • 39051b7 docs: update vulnerability reporting guidelines in SECURITY.md (aquasecurity#9395)
  • 3cf4bfd docs: add info about java-db subdir (aquasecurity#9706)
  • d20216e fix(report): correct field order in SARIF license results (aquasecurity#9712)
  • a6010c3 test: improve golden file management in integration tests (aquasecurity#9699)
  • e0c0416 ci: get base_sha using base.ref (aquasecurity#9704)
  • a282228 refactor(misconf): mark AVDID fields as deprecated and use ID internally (aquasecurity#9576)
  • 231492d fix(nodejs): fix npmjs parser.pkgNameFromPath() panic issue (aquasecurity#9688)
  • fa6f779 fix: close all opened resources if an error occurs (aquasecurity#9665)
  • 807bbbd refactor(misconf): type-safe parser results in generic scanner (aquasecurity#9685)
  • a9a3031 feat(image): add RepoTags support for Docker archives (aquasecurity#9690)
  • 68ca612 chore(deps): bump github.com/quic-go/quic-go from 0.52.0 to 0.54.1 (aquasecurity#9694)
  • 43a7546 feat(misconf): Update Azure Container Schema (aquasecurity#9673)
  • 7ca1b8f ci: use merge commit for apidiff to avoid false positives (aquasecurity#9622)
  • 197c9e1 feat(misconf): include map key in manifest snippet for diagnostics (aquasecurity#9681)
  • c32ddfc refactor(misconf): add ManifestFromYAML for unified manifest parsing (aquasecurity#9680)
  • 263aee0 test: update golden files for TestRepository* integration tests (aquasecurity#9684)
  • 559fe1f refactor(cli): Update the cloud config command (aquasecurity#9676)
  • 2c43425 fix(sbom): add buildInfo info as properties (aquasecurity#9683)
  • fc976be feat: add ReportID field to scan reports (aquasecurity#9670)
  • fcd8dcd docs: add vulnerability database contribution guide (aquasecurity#9667)
  • 8e6a7ff feat(cli): Add trivy cloud suppport (aquasecurity#9637)
  • 84a7d9a feat: add ArtifactID field to uniquely identify scan targets (aquasecurity#9663)
  • 804ea4a fix(nodejs): use the default ID format to match licenses in pnpm packages. (aquasecurity#9661)
  • 35db88c feat(sbom): use SPDX license IDs list to validate SPDX IDs (aquasecurity#9569)
  • b885d3a fix: use context for analyzers (aquasecurity#9538)
  • 84518db chore(deps): bump the docker group with 3 updates (aquasecurity#9545)
  • fd92773 chore(deps): bump the aws group with 6 updates (aquasecurity#9547)
  • ce8d47e ci(helm): bump Trivy version to 0.67.2 for Trivy Helm Chart 0.19.1 (aquasecurity#9641)
  • 4e1e6fc test(helm): bump up Yamale dependency for Helm chart-testing-action (aquasecurity#9653)
  • e18b038 fix: Trim the end-of-range suffix (aquasecurity#9618)
  • 492797b test(k8s): use a specific bundle for k8s misconfig scan (aquasecurity#9633)
  • 6e53686 fix: Use fetch-level: 1 to check out trivy-repo in the release workflow (aquasecurity#9636)
  • 2f695b9 refactor: move the aws config (aquasecurity#9617)
  • 09162e5 fix(license): don't normalize unlicensed licenses into unlicense (aquasecurity#9611)
  • 66479f0 fix: using SrcVersion instead of Version for echo detector (aquasecurity#9552)
  • cff91ac feat(fs): change artifact type to repository when git info is detected (aquasecurity#9613)
  • 6def66e fix: add buildInfo for BlobInfo in rpc package (aquasecurity#9608)
  • 7422cc7 fix(vex): don't use reused BOM (aquasecurity#9604)
  • b9e3e0b ci: use pull_request_target for apidiff workflow to support fork PRs (aquasecurity#9605)
  • aeeb2a1 fix: restore compatibility for google.protobuf.Value (aquasecurity#9559)
  • d7aa84f ci: add API diff workflow (aquasecurity#9600)
  • 05375d1 chore(deps): update to module-compatible docker-credential-gcr/v2 (aquasecurity#9591)
  • 3671251 docs: improve documentation for scanning raw IaC configurations (aquasecurity#9571)
  • c638fc6 feat: allow ignoring findings by type in Rego (aquasecurity#9578)
  • 4bef183 docs: bump pygments from 2.18.0 to 2.19.2 (aquasecurity#9596)
  • 19615a8 refactor(misconf): add ID to scan.Rule (aquasecurity#9573)
  • e286c5e fix(java): update order for resolving package fields from multiple demManagement (aquasecurity#9575)
  • 3962ea4 chore(deps): bump the github-actions group across 1 directory with 9 updates (aquasecurity#9563)
  • 36ab331 chore(deps): bump the common group across 1 directory with 7 updates (aquasecurity#9590)
  • 9058d51 chore(deps): Switch to go-viper/mapstructure (aquasecurity#9579)
  • 719ea29 chore: add context to the cache interface (aquasecurity#9565)
  • 3dd0ebb ci(helm): bump Trivy version to 0.67.0 for Trivy Helm Chart 0.19.0 (aquasecurity#9554)
  • f0fd432 fix: validate backport branch name (aquasecurity#9548)
  • adeb362 release: v0.67.0 [main] (aquasecurity#9432)
  • 78f0d4a fix(vex): don't suppress vulns for packages with infinity loop (aquasecurity#9465)
  • fa6f1bf fix(aws): use BuildableClient insead of xhttp.Client (aquasecurity#9436)
  • e7c16a7 refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (aquasecurity#9282)
  • c446a5c docs: clarify inline ignore limitations for resource-less checks (aquasecurity#9537)
  • c0c7a6b fix(k8s): disable parallel traversal with fs cache for k8s images (aquasecurity#9534)
  • bfd2f6b fix(misconf): handle tofu files in module detection (aquasecurity#9486)
  • e4af279 feat(seal): add seal support (aquasecurity#9370)
  • e149094 docs: fix modules path and update code example (aquasecurity#9539)
  • a4cbd6a fix: close file descriptors and pipes on error paths (aquasecurity#9536)
  • eba48af feat: add documentation URL for database lock errors (aquasecurity#9531)
  • 92ebc7e fix(db): Dowload database when missing but metadata still exists (aquasecurity#9393)
  • 42b3bf3 feat(cloudformation): support default values and list results in Fn::FindInMap (aquasecurity#9515)
  • 8e40d27 fix(misconf): unmark cty values before access (aquasecurity#9495)
  • 7b663d8 feat(cli): change --list-all-pkgs default to true (aquasecurity#9510)
  • 404abb3 fix(nodejs): parse workspaces as objects for package-lock.json files (aquasecurity#9518)
  • 352855e refactor(fs): use underlyingPath to determine virtual files more reliably (aquasecurity#9302)
  • d57b160 refactor: remove google/wire dependency and implement manual DI (aquasecurity#9509)
  • 331cf5d chore(deps): bump the aws group with 6 updates (aquasecurity#9481)
  • 366910b chore(deps): bump the common group across 1 directory with 24 updates (aquasecurity#9507)
  • 267a970 fix(misconf): wrap legacy ENV values in quotes to preserve spaces (aquasecurity#9497)
  • 842ebdc docs: move info about detection priority into coverage section (aquasecurity#9469)
  • 6d562a3 feat(sbom): added support for CoreOS (aquasecurity#9448)
  • c938806 fix(misconf): strip build metadata suffixes from image history (aquasecurity#9498)
  • aff03eb feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (aquasecurity#9439)
  • 8b2575b docs: Fix typo in terraform docs (aquasecurity#9492)
  • cb25a07 feat(redhat): add os-release detection for RHEL-based images (aquasecurity#9458)
  • 8dce58c ci(deps): add 3-day cooldown period for Dependabot updates (aquasecurity#9475)
  • 788f6fa refactor: migrate from go-json-experiment to encoding/json/v2 (aquasecurity#9422)
  • 1ff9ac7 fix(vuln): compare nuget package names in lower case (aquasecurity#9456)
  • 78a70e2 chore: Update release flow to include chocolatey (aquasecurity#9460)
  • ea0ff34 docs: document eol supportability (aquasecurity#9434)
  • 4a2be6b docs(report): add nuanses about secret/license scanner in summary table (aquasecurity#9442)
  • 4359fe0 ci: use environment variables in GitHub Actions for improved security (aquasecurity#9433)
  • 2185c78 chore: bump Go to 1.24.7 (aquasecurity#9435)
  • 4517e8c fix(nodejs): use snapshot string as Package.ID for pnpm packages (aquasecurity#9330)
  • a70d8e7 ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (aquasecurity#9425)
  • 7bcb181 release: v0.66.0 [main] (aquasecurity#9289)
  • 2125895 chore(deps): bump the aws group with 7 updates (aquasecurity#9419)
  • 29e9ff7 refactor(secret): clarify secret scanner messages (aquasecurity#9409)
  • 46ab76a fix(cyclonedx): handle multiple license types (aquasecurity#9378)
  • 1ac9b1f fix(repo): sanitize git repo URL before inserting into report metadata (aquasecurity#9391)
  • 6fa3849 test: add HTTP basic authentication to git test server (aquasecurity#9407)
  • aa7cf43 fix(sbom): add support for file component type of CycloneDX (aquasecurity#9372)
  • 81d9425 fix(misconf): ensure module source is known (aquasecurity#9404)
  • 1d646d6 ci: migrate GitHub Actions from version tags to SHA pinning (aquasecurity#9405)
  • ce22f54 fix: create temp file under composite fs dir (aquasecurity#9387)
  • db19b34 chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (aquasecurity#9403)
  • d1de58a refactor: switch to stable azcontainerregistry SDK package (aquasecurity#9319)
  • 102cbee chore(deps): bump the common group with 7 updates (aquasecurity#9382)
  • 7278718 refactor(misconf): migrate from custom Azure JSON parser (aquasecurity#9222)
  • 4f2a44e fix(repo): preserve RepoMetadata on FS cache hit (aquasecurity#9389)
  • 9594d63 refactor(misconf): use atomic.Int32 (aquasecurity#9385)
  • 8abde2c chore(deps): bump the aws group with 6 updates (aquasecurity#9383)
  • 2bbad03 docs: Fix broken link to "Built-in Checks" (aquasecurity#9375)
  • 5f067ac fix(plugin): don't remove plugins when updating index.yaml file (aquasecurity#9358)
  • 6e99dd3 fix: persistent flag option typo (aquasecurity#9374)
  • d1adbe3 chore(deps): bump the common group across 1 directory with 26 updates (aquasecurity#9347)
  • 84fbf86 fix(image): use standardized HTTP client for ECR authentication (aquasecurity#9322)
  • 04abb78 refactor: export systemFileFiltering Post Handler (aquasecurity#9359)
  • e2d30fe docs: update links to Semaphore pages (aquasecurity#9352)
  • 03d039f fix(conda): memory leak by adding closure method for package.json file (aquasecurity#9349)
  • 235c24e feat: add timeout handling for cache database operations (aquasecurity#9307)
  • 04ad0c4 fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (aquasecurity#9296)
  • d3cd101 fix(misconf): ensure ignore rules respect subdirectory chart paths (aquasecurity#9324)
  • ea6663a chore(deps): bump alpine from 3.21.4 to 3.22.1 (aquasecurity#9301)
  • 298a994 feat(terraform): use .terraform cache for remote modules in plan scanning (aquasecurity#9277)
  • c9cb3d1 chore: fix some function names in comment (aquasecurity#9314)
  • b7b4910 chore(deps): bump the aws group with 7 updates (aquasecurity#9311)
  • c3efe5d docs: add explanation for how to use non-system certificates (aquasecurity#9081)
  • 406c209 chore(deps): bump the github-actions group across 1 directory with 2 updates (aquasecurity#8962)
  • 1319d8d fix(misconf): preserve original paths of remote submodules from .terraform (aquasecurity#9294)
  • c0bd700 refactor(terraform): make Scan method of Terraform plan scanner private (aquasecurity#9272)
  • 2458d5e fix: suppress debug log for context cancellation errors (aquasecurity#9298)
  • 5a5e097 feat(secret): implement streaming secret scanner with byte offset tracking (aquasecurity#9264)
  • 1473e88 fix(python): impove package name normalization (aquasecurity#9290)
  • 4d4a244 feat(misconf): added audit config attribute (aquasecurity#9249)
  • 649eb2f refactor(misconf): decouple input fs and track extracted files with fs references (aquasecurity#9281)
  • b77d6e2 test(misconf): remove BenchmarkCalculate using outdated check metadata (aquasecurity#9291)
  • b9fb7e5 refactor: simplify Detect function signature (aquasecurity#9280)
  • 44aac2c ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (aquasecurity#9288)
  • b51c789 fix(fs): avoid shadowing errors in file.glob (aquasecurity#9286)
  • c4003b2 test(misconf): move terraform scan tests to integration tests (aquasecurity#9271)
  • a590743 test(misconf): drop gcp iam test covered by another case (aquasecurity#9285)
  • 04d018b chore(deps): bump to alpine from 3.21.3 to 3.21.4 (aquasecurity#9283)
  • b2b1545 release: v0.65.0 [main] (aquasecurity#9108)
  • b4ad00f fix(cli): ensure correct command is picked by telemetry (aquasecurity#9260)
  • ed4640e feat(flag): add schema validation for --server flag (aquasecurity#9270)
  • 1a0c038 chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (aquasecurity#9274)
  • 011cefc ci: skip undefined labels in discussion triage action (aquasecurity#9175)
  • f4b2cf1 feat(repo): add git repository metadata to reports (aquasecurity#9252)
  • b4193d0 fix(license): handle WITH operator for LaxSplitLicenses (aquasecurity#9232)
  • d2d0ec2 chore: add modernize tool integration for code modernization (aquasecurity#9251)
  • 54832a7 fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (aquasecurity#9253)
  • 8f5b560 chore: implement process-safe temp file cleanup (aquasecurity#9241)
  • 6095984 fix: prevent graceful shutdown message on normal exit (aquasecurity#9244)
  • 77bab7b fix(misconf): correctly parse empty port ranges in google_compute_firewall (aquasecurity#9237)
  • 2c05882 feat: add graceful shutdown with signal handling (aquasecurity#9242)
  • b5da1b8 chore: update template URL for brew formula (aquasecurity#9221)
  • 4bd7512 test: add end-to-end testing framework with image scan and proxy tests (aquasecurity#9231)
  • 5c155e3 refactor(db): use Getter interface with GetParams for trivy-db sources (aquasecurity#9239)
  • 6737966 ci: specify repository for gh cache delete in canary worklfow (aquasecurity#9240)
  • 24715ea ci: remove invalid --confirm flag from gh cache delete command in canary builds (aquasecurity#9236)
  • 7ebc129 fix(misconf): fix log bucket in schema (aquasecurity#9235)
  • 3ada677 chore(deps): bump the common group across 1 directory with 24 updates (aquasecurity#9228)
  • 74f92b5 ci: move runner.os context from job-level env to step-level in canary workflow (aquasecurity#9233)
  • b4f2457 chore(deps): bump up Trivy-kubernetes to v0.9.1 (aquasecurity#9214)
  • 110f80e feat(misconf): added logging and versioning to the gcp storage bucket (aquasecurity#9226)
  • 1163b04 fix(server): add HTTP transport setup to server mode (aquasecurity#9217)
  • 362be17 chore: update the rpm download Update (aquasecurity#9202)
  • 861d51e feat(alma): add AlmaLinux 10 support (aquasecurity#9207)
  • fe96436 fix(nodejs): don't use prerelease logic for compare npm constraints (aquasecurity#9208)
  • 6fafbeb fix(rootio): fix severity selection (aquasecurity#9181)
  • aa944cc fix(sbom): merge in-graph and out-of-graph OS packages in scan results (aquasecurity#9194)
  • adfa879 fix(cli): panic: attempt to get os.Args[1] when len(os.Args) < 2 (aquasecurity#9206)
  • 51aa022 fix(misconf): correctly adapt azure storage account (aquasecurity#9138)
  • 263845c feat(misconf): add private ip google access attribute to subnetwork (aquasecurity#9199)
  • 60723e6 feat(report): add CVSS vectors in sarif report (aquasecurity#9157)
  • 153318f fix(terraform): for_each on a map returns a resource for every key (aquasecurity#9156)
  • e306e2d fix: supporting .egg-info/METADATA in python.Packaging analyzer (aquasecurity#9151)
  • 85a156c chore: migrate protoc setup from Docker to buf CLI (aquasecurity#9184)
  • 94c751f ci: delete cache after artifacts upload in canary workflow (aquasecurity#9177)
  • a822ace refactor: remove aws flag helper message (aquasecurity#9080)
  • 0449787 ci: use gh pr view to get PR number for forked repositories in auto-ready workflow (aquasecurity#9183)
  • 6840eb7 ci: add auto-ready-for-review workflow (aquasecurity#9179)
  • 99cd4e7 feat(image): add Docker context resolution (aquasecurity#9166)
  • fe26969 ci: optimize golangci-lint performance with cache-based strategy (aquasecurity#9173)
  • aa5b32a feat: add HTTP request/response tracing support (aquasecurity#9125)
  • 0ecfed6 fix(aws): update amazon linux 2 EOL date (aquasecurity#9176)
  • 2555335 chore: Update release workflow to trigger version updates (aquasecurity#9162)
  • c6d4607 chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 (aquasecurity#9164)
  • 4d10a81 fix: also check filepath when removing duplicate packages (aquasecurity#9142)
  • 75857e9 chore: add debug log to show image source location (aquasecurity#9163)
  • 4675603 docs: add section on customizing default check data (aquasecurity#9114)
  • 482d383 chore(deps): bump the common group across 1 directory with 9 updates (aquasecurity#9153)
  • e4a3fd2 docs: partners page content updates (aquasecurity#9149)
  • bb149fc chore(license): add missed spdx exceptions: (aquasecurity#9147)
  • 8a1d144 docs: trivy partners page updates (aquasecurity#9133)
  • f224de3 fix: migrate from *.list to *.md5sums files for dpkg (aquasecurity#9131)
  • 2807478 ci(helm): bump Trivy version to 0.64.1 for Trivy Helm Chart 0.16.1 (aquasecurity#9135)
  • 12d6706 feat(sbom): add SHA-512 hash support for CycloneDX SBOM (aquasecurity#9126)
  • 42ccd3d fix(misconf): skip rewriting expr if attr is nil (aquasecurity#9113)
  • a692f29 fix(license): add missed GFDL-NIV-1.1 and GFDL-NIV-1.2 into Trivy mapping (aquasecurity#9116)
  • 7041a39 fix(cli): Add more non-sensitive flags to telemetry (aquasecurity#9110)
  • 82db2fc fix(alma): parse epochs from rpmqa file (aquasecurity#9101)
  • c2ddd44 fix(rootio): check full version to detect root.io packages (aquasecurity#9117)
  • 26a08f5 chore: drop FreeBSD 32-bit support (aquasecurity#9102)
  • 143da88 fix(sbom): use correct field for licenses in CycloneDX reports (aquasecurity#9057)
  • e579746 fix(secret): fix line numbers for multiple-line secrets (aquasecurity#9104)
  • d44af8c feat(license): observe pkg types option in license scanner (aquasecurity#9091)
  • c752ccc ci(helm): bump Trivy version to 0.64.0 for Trivy Helm Chart 0.16.0 (aquasecurity#9107)
  • 280491b release: v0.64.0 [main] (aquasecurity#8955)
  • a6e9807 docs(python): fix type with METADATA file name (aquasecurity#9090)
  • 1e1e1b5 feat: reject unsupported artifact types in remote image retrieval (#9052)
  • 7333c46 chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088)
  • bac6f7b refactor(misconf): rewrite Rego module filtering using functional filters (#9061)
  • a9f7dcd feat(terraform): add partial evaluation for policy templates (#8967)
  • 3a0ec0f feat(vuln): add Root.io support for container image scanning (#9073)
  • 41d0f94 feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019)
  • fd2bc91 fix(cli): add some values to the telemetry call (#9056)
  • 367564a feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077)
  • 3adfd98 refactor: centralize HTTP transport configuration (#9058)
  • cd7c595 test: include integration tests in linting and fix all issues (#9060)
  • 6bf7ac4 chore(deps): bump the common group across 1 directory with 26 updates (#9063)
  • 5aade69 feat(java): dereference all maven settings.xml env placeholders (#9024)
  • 99c5151 fix(misconf): reduce log noise on incompatible check (#9029)
  • 371b8cc fix(misconf): .Config.User always takes precedence over USER in .History (#9050)
  • 3f41ffa chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037)
  • f23d2f6 docs(misconf): simplify misconfiguration docs (#9030)
  • a58c36d fix(misconf): move disabled checks filtering after analyzer scan (#9002)
  • 64aea25 docs: add PR review policy for maintainers (#9032)
  • 198789a fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034)
  • ae85c40 test: improve and extend tests for iac/adapters/arm (#9028)
  • 7cfdbf0 chore: bump up Go version to 1.24.4 (#9031)
  • 19efa9f feat(cli): add version constraints to annoucements (#9023)
  • 40d017b fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015)
  • 87118a0 feat(ubuntu): add eol date for 20.04-ESM (#8981)
  • 87fda76 fix(report): don't panic when report contains vulns, but doesn't contain packages for table format (#8549)
  • 875ec3a fix(nodejs): correctly parse packages array of bun.lock file (#8998)
  • 454b894 refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983)
  • 15f421f docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003)
  • 57801d0 feat(misconf): add OpenTofu file extension support (#8747)
  • b91284a refactor(misconf): set Trivy version by default in Rego scanner (#9001)
  • e1beba2 docs: fix assets with versioning (#8996)
  • 5d050ce docs: add partners page (#8988)
  • 94b12a8 chore(alpine): add EOL date for Alpine 3.22 (#8992)
  • 4ed78e3 fix: don't show corrupted trivy-db warning for first run (#8991)
  • a619788 Update installation.md (#8979)
  • 65e155f feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953)
  • 521be3a chore(k8s): update comments with deprecated command format (#8964)
  • 14d2b83 chore: fix errors and typos in docs (#8963)
  • ef5f8de fix: Add missing version check flags (#8951)
  • 48258a7 feat(redhat): Add EOL date for RHEL 10. (#8910)
  • b813527 fix: Correctly check for semver versions for trivy version check (#8948)
  • c29bb21 refactor(server): change custom advisory and vulnerability data types fr… (#8923)
  • c0cc8a2 ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946)
  • 69093d2 release: v0.63.0 [main] (#8809)
  • 7e9a54c fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942)
  • 78e3304 chore(deps): Bump trivy-checks (#8934)
  • 22f040f fix(julia): add Relationship field support (#8939)
  • c2dde33 feat(minimos): Add support for MinimOS (#8792)
  • 104bbc1 feat(alpine): add maintainer field extraction for APK packages (#8930)
  • c7b8cc3 feat(echo): Add Echo Support (#8833)
  • 906b037 fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924)
  • b15d9a6 fix(wolfi): support new APK database location (#8937)
  • 4f1ab23 feat(k8s): get components from namespaced resources (#8918)
  • 5bae262 refactor(cloudformation): remove unused ScanFile method from Scanner (#8927)
  • 4a7ebb7 refactor(terraform): remove result sorting from scanner (#8928)
  • 3b2a397 feat(misconf): Add support for Minimum Trivy Version (#8880)
  • 1d420e6 docs: improve skipping files documentation (#8749)
  • 5a0bf9e feat(cli): Add available version checking (#8553)
  • 7ca656d feat(nodejs): add a bun.lock analyzer (#8897)
  • 8939451 feat: terraform parser option to set current working directory (#8909)
  • 60fef1b perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602)
  • aaecc29 feat(misconf): export raw Terraform data to Rego (#8741)
  • 6c7cb7a refactor(terraform): simplify AllReferences method signature in Attribute (#8906)
  • 93e6680 fix: check post-analyzers for StaticPaths (#8904)
  • 07ef63b feat: add Bottlerocket OS package analyzer (#8653)
  • ee52230 feat(license): improve work text licenses with custom classification (#8888)
  • cae79d6 chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901)
  • bcf246c chore(deps): bump the common group across 1 directory with 9 updates (#8887)
  • 0229eb7 refactor(license): simplify compound license scanning (#8896)
  • 39f9ed1 feat(license): Support compound licenses (licenses using SPDX operators) (#8816)
  • fe12771 fix(k8s): use in-memory cache backend during misconfig scanning (#8873)
  • 1dcf816 feat(nodejs): add bun.lock parser (#8851)
  • c321fdf feat(license): improve work with custom classification of licenses from config file (#8861)
  • 69a5fa1 fix(cli): disable --skip-dir and --skip-files flags for sbom command (#8886)
  • be8c7b7 fix: julia parser panicing (#8883)
  • 6aff7b0 refactor(db): change logic to detect wrong DB (#8864)
  • 35e8889 fix(cli): don't use allow values for --compliance flag (#8881)
  • 239f65a docs(misconf): Reorganize misconfiguration scan pages (#8206)
  • 38f17c9 fix(server): add missed Relationship field for rpc (#8872)
  • 0b0e406 feat: add JSONC support for comments and trailing commas (#8862)
  • e97af98 fix(vex): use lo.IsNil to check VEX from OCI artifact (#8858)
  • 26437be feat(go): support license scanning in both GOPATH and vendor (#8843)
  • 9256804 fix(redhat): save contentSets for OS packages in fs/vm modes (#8820)
  • 6ebde88 fix: filter all files when processing files installed from package managers (#8842)
  • a516775 feat(misconf): add misconfiguration location to junit template (#8793)
  • c9ba460 docs(vuln): remove OSV for Python from data sources (#8841)
  • 2a21fd8 chore: add an issue template for maintainers (#8838)
  • 3b1426a chore: enable staticcheck (#8815)
  • 6791539 ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836)
  • dd6a6e5 feat(license): scan vendor directory for license for go.mod files (#8689)
  • 3bf4f44 docs(java): Update info about dev deps in gradle lock (#8830)
  • 2ab8ae9 chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822)
  • 8995838 fix(java): exclude dev dependencies in gradle lockfile (#8803)
  • a19e0aa fix: octalLiteral from go-critic (#8811)
  • fa1077b fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818)
  • e322f21 chore(deps): bump the common group across 1 directory with 10 updates (#8817)
  • 883c63b fix: use-any from revive (#8810)
  • 3ab459e fix: more revive rules (#8814)
  • 296eb3c docs: change in java.md: fix the Trity -to-> Trivy typo (#8813)
  • 5706603 fix(misconf): check if for-each is known when expanding dyn block (#8808)
  • 6e23ca9 ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802)
  • 6e6af01 release: v0.62.0 [main] (#8669)
  • bf4cd4f feat(nodejs): add root and workspace for yarn packages (#8535)
  • 6562082 fix: unused-parameter rule from revive (#8794)
  • 573f35c chore(deps): Update trivy-checks (#8798)
  • 43350dd fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796)
  • 7a58ccb fix(k8s): remove using last-applied-configuration (#8791)
  • 471dcc3 refactor(misconf): remove unused methods from providers (#8781)
  • dd62d4e refactor(misconf): remove unused methods from iac types (#8782)
  • e10929a fix(misconf): filter null nodes when parsing json manifest (#8785)
  • ee4f7dc fix: testifylint last issues (#8768)
  • 3ce7d59 fix(misconf): perform operations on attribute safely (#8774)
  • 312649c refactor(ubuntu): update time handling for fixing time (#8780)
  • 427a18e chore(deps): bump golangci-lint to v2.1.2 (#8766)
  • a95cab0 feat(image): save layers metadata into report (#8394)
  • 7abf5f0 feat(misconf): convert AWS managed policy to document (#8757)
  • 9fbfb04 chore(deps): bump the docker group across 1 directory with 3 updates (#8762)
  • 3032def ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753)
  • 8c9a92b ci(helm): create a helm branch for patches from main (#8673)
  • 0d3efa5 fix(terraform): hcl object expressions to return references (#8271)
  • 6c6beea chore(terraform): option to pass in instanced logger (#8738)
  • 2849abb ci: use Skitionek/notify-microsoft-teams instead of aquasecurity fork (#8740)
  • 4141013 chore(terraform): remove os.OpenPath call from terraform file functions (#8737)
  • b7cbbdc chore(deps): bump the common group across 1 directory with 23 updates (#8733)
  • 93efe07 feat(rust): add root and workspace relationships/package for cargo lock files (#8676)
  • 8e25ca0 refactor(misconf): remove module outputs from parser.EvaluateAll (#8587)
  • efd177b fix(misconf): populate context correctly for module instances (#8656)
  • b7dfd64 fix(misconf): check if metadata is not nil (#8647)
  • 195880b refactor(misconf): switch to x/json (#8719)
  • 9a5383e fix(report): clean buffer after flushing (#8725)
  • 346a6b7 ci: improve PR title validation workflow (#8720)
  • 4a38d01 refactor(flag): improve flag system architecture and extensibility (#8718)
  • e25de25 fix(terraform): evaluateStep to correctly set EvalContext for multiple instances of blocks (#8555)
  • 4b84dab refactor: migrate from github.com/aquasecurity/jfather to github.com/go-json-experiment/json (#8591)
  • 9792611 feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705)
  • 13608ea ci: use github.event.pull_request.user.login for release PR check workflow (#8702)
  • a0dc3b6 refactor: add hook interface for extended functionality (#8585)
  • 9dcd06f fix(misconf): add missing variable as unknown (#8683)
  • 12cf218 docs: Update maintainer docs (#8674)
  • 8613832 ci(vuln): reduce github action script injection attack risk (#8610)
  • a032ad6 fix(secret): ignore .dist-info directories during secret scanning (#8646)
  • 36f8d0f fix(server): fix redis key when trying to delete blob (#8649)
  • f1329c7 chore(deps): bump the testcontainers group with 2 updates (#8650)
  • c5e03f7 test: use aquasecurity repository for test images (#8677)
  • a8a7ddb chore(deps): bump the aws group across 1 directory with 5 updates (#8652)
  • bff0e9b fix(k8s): skip passed misconfigs for the summary report (#8684)
  • cc47711 fix(k8s): correct compare artifact versions (#8682)
  • b9b27fc chore: update Docker lib (#8681)
  • bfa99d2 refactor(misconf): remove unused terraform attribute methods (#8657)
  • 890a360 feat(misconf): add option to pass Rego scanner to IaC scanner (#8369)
  • ad1c379 chore: typo fix to replace rego with repo on the RepoFlagGroup options error output (#8643)
  • dd28d4e docs: Add info about helm charts release (#8640)
  • 1d42969 ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638)
  • 7f41822 release: v0.61.0 [main] (#8507)
  • 5b7704d fix(misconf): Improve logging for unsupported checks (#8634)
  • 1bf0117 feat(k8s): add support for controllers (#8614)
  • 346f5b3 fix(debian): don't include empty licenses for dpkgs (#8623)
  • ad58cf4 fix(misconf): Check values wholly prior to evalution (#8604)
  • c76764e chore(deps): Bump trivy-checks (#8619)
  • dbb6f28 fix(k8s): show report for --report all (#8613)
  • 548a340 chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597)
  • c80310d refactor: rename scanner to service (#8584)
  • de7eb13 fix(misconf): do not skip loading documents from subdirectories (#8526)
  • f07030d refactor(misconf): get a block or attribute without calling HasChild (#8586)
  • ba77dbe fix(misconf): identify the chart file exactly by name (#8590)
  • 7bafdca test: use table-driven tests in Helm scanner tests (#8592)
  • 68b164d refactor(misconf): Simplify misconfig checks bundle parsing (#8533)
  • 8e1019d chore(deps): bump the common group across 1 directory with 10 updates (#8566)
  • 400a79c fix(misconf): do not use cty.NilVal for non-nil values (#8567)
  • fe400ea docs(cli): improve flag value display format (#8560)
  • 1f05b45 fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548)
  • 6973da6 docs: remove slack (#8565)
  • 8b88238 fix: use --file-patterns flag for all post analyzers (#7365)
  • e8c32de docs(python): Mention pip-compile (#8484)
  • 9913465 feat(misconf): adapt aws_opensearch_domain (#8550)
  • 0d9865f feat(misconf): adapt AWS::EC2::VPC (#8534)
  • 9bedd98 docs: fix a broken link (#8546)
  • c228307 fix(fs): check postAnalyzers for StaticPaths (#8543)
  • 126d6cd refactor(misconf): remove unused methods for ec2.Instance (#8536)
  • b57eccb feat(misconf): adapt aws_default_security_group (#8538)
  • 8bf6caf feat(fs): optimize scanning performance by direct file access for known paths (#8525)
  • 8112cdf feat(misconf): adapt AWS::DynamoDB::Table (#8529)
  • 124e161 style: Fix MD syntax in self-hosting.md (#8523)
  • 7b96351 perf(misconf): retrieve check metadata from annotations once (#8478)
  • 573502e feat(misconf): Add support for aws_ami (#8499)
  • c7814f1 fix(misconf): skip Azure CreateUiDefinition (#8503)
  • 19e2c10 refactor(misconf): use OPA v1 (#8518)
  • 41512f8 fix(misconf): add ephemeral block type to config schema (#8513)
  • 0e5e909 perf(misconf): parse input for Rego once (#8483)
  • 529957e feat: replace TinyGo with standard Go for WebAssembly modules (#8496)
  • fe09410 chore: replace deprecated tenv linter with usetesting (#8504)
  • e5072f1 fix(spdx): save text licenses into otherLicenses without normalize (#8502)
  • a930561 chore(deps): bump the common group across 1 directory with 13 updates (#8491)
  • 463b117 chore: use go.mod for managing Go tools (#8493)
  • 2998dcd ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494)
  • a4009f6 release: v0.60.0 [main] (#8327)
  • 85cca8c fix(sbom): improve logic for binding direct dependency to parent component (#8489)
  • 9892d04 chore(deps): remove missed replace of trivy-db (#8492)
  • 8a89b2b chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490)
  • 57b08d6 chore(deps): update Go to 1.24 and switch to go-version-file (#8388)
  • 453c66d docs: add abbreviation list (#8453)
  • f670602 chore(terraform): assign *terraform.Module 'parent' field (#8444)
  • dd54f80 feat: add report summary table (#8177)
  • ab1cf03 chore(deps): bump the github-actions group with 3 updates (#8473)
  • 1f85b27 refactor(vex): improve SBOM reference handling with project standards (#8457)
  • da0b876 ci: update GitHub Actions cache to v4 (#8475)
  • d464807 feat: add --vuln-severity-source flag (#8269)
  • 6b4cebe fix(os): add mapping OS aliases (#8466)
  • af1ea64 chore(deps): bump the aws group across 1 directory with 7 updates (#8468)
  • 09cdae6 chore(deps): Bump trivy-checks to v1.7.1 (#8467)
  • 3d3a3d6 refactor(report): write tables after rendering all results (#8357)
  • 036ab75 docs: update VEX documentation index page (#8458)
  • bb3cca6 fix(db): fix case when 2 trivy-db were copied at the same time (#8452)
  • a99498c feat(misconf): render causes for Terraform (#8360)
  • a994453 fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073)
  • 4820eb7 feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254)
  • 3840d90 chore(deps): update go-rustaudit location (#8450)
  • 49456ba fix: update all documentation links (#8045)
  • b3521e8 chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443)
  • 50364b8 chore(deps): bump the common group with 6 updates (#8411)
  • f987e41 fix(k8s): add missed option PkgRelationships (#8442)
  • ecc01bb fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346)
  • e58dcfc feat(go): fix parsing main module version for go >= 1.24 (#8433)
  • 9c609c4 refactor(misconf): make Rego scanner independent of config type (#7517)
  • a3cd693 fix(image): disable AVD-DS-0007 for history scanning (#8366)
  • a1c4bd7 fix(server): secrets inspectation for the config analyzer in client server mode (#8418)
  • 613fc71 chore: remove mockery (#8417)
  • e9b3f0b test(server): replace mock driver with memory cache in server tests (#8416)
  • 10b8127 test: replace mock with memory cache and fix non-deterministic tests (#8410)
  • 5ed6fc6 test: replace mock with memory cache in scanner tests (#8413)
  • 24d0e2b test: use memory cache (#8403)
  • 72ea4b0 fix(spdx): init pkgFilePaths map for all formats (#8380)
  • 9637286 chore(deps): bump the common group across 1 directory with 11 updates (#8381)
  • a3a68c6 docs: correct Ruby documentation (#8402)
  • 3e503a0 chore: bump mockery to update v2.52.2 version and rebuild mock files (#8390)
  • 8715e5d fix: don't use scope for trivy registry login command (#8393)
  • b675b06 fix(go): merge nested flags into string for ldflags for Go binaries (#8368)
  • f9c5043 chore(terraform): export module path on terraform modules (#8374)
  • 398620b fix(terraform): apply parser options to submodule parsing (#8377)
  • 02ebb4c docs: Fix typos in documentation (#8361)
  • 7b10def docs: fix navigate links (#8336)
  • 04c80a6 ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354)
  • f7b3f87 ci(spdx): add aqua-installer step to fix mage error (#8353)
  • ffa3023 chore: remove debug prints (#8347)
  • 5695eb2 fix(misconf): do not log scanners when misconfig scanning is disabled (#8345)
  • 3eb0b03 fix(report): remove html escaping for shortDescription and fullDescription fields for sarif reports (#8344)
  • 3e13633 chore(deps): bump Go to v1.23.5 (#8341)
  • 10cd98c fix(python): add poetry v2 support (#8323)
  • 9b74384 chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331)
  • 39789ff fix(misconf): ecs include enhanced for container insights (#8326)
  • bd5baaf fix(sbom): preserve OS packages from multiple SBOMs (#8325)
  • 1d5ab92 ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311)
  • a58d685 release: v0.59.0 [main] (#8041)
  • 73bd20d feat(image): return error early if total size of layers exceeds limit (#8294)
  • 0031a38 chore(deps): Bump trivy-checks (#8310)
  • 87f3751 chore(terraform): add accessors to underlying raw hcl values (#8306)
  • 2e8e38a fix: improve conversion of image config to Dockerfile (#8308)
  • f258fd5 docs: replace short codes with Unicode emojis (#8296)
  • db9e57a feat(k8s): improve artifact selections for specific namespaces (#8248)
  • da7bba9 chore: update code owners (#8303)
  • 0a3887c fix(misconf): handle heredocs in dockerfile instructions (#8284)
  • 846498d fix: de-duplicate same dpkg packages with different filePaths from different layers (#8298)
  • d749b62 chore(deps): bump the aws group with 7 updates (#8299)
  • 13fe2ee chore(deps): bump the common group with 12 updates (#8301)
  • 60491f8 chore: enable int-conversion from perfsprint (#8194)
  • b5062f3 feat(fs): use git commit hash as cache key for clean repositories (#8278)
  • aec8885 fix(spdx): use the hasExtractedLicensingInfos field for licenses that are not listed in the SPDX (#8077)
  • 715575d chore: use require.ErrorContains when possible (#8291)
  • 509e030 feat(image): prevent scanning oversized container images (#8178)
  • cc66d6d chore(deps): use aqua forks for github.com/liamg/jfather and github.com/liamg/iamgo (#8289)
  • eafd810 fix(fs): fix cache key generation to use UUID (#8275)
  • f12054e fix(misconf): correctly handle all YAML tags in K8S templates (#8259)
  • 4316bcb feat: add support for registry mirrors (#8244)
  • 2acd8e3 chore(deps): bump the common group across 1 directory with 29 updates (#8261)
  • 2d30dd7 refactor(license): improve license expression normalization (#8257)
  • c002327 feat(misconf): support for ignoring by inline comments for Dockerfile (#8115)
  • 6d84e0c feat: add a examples field to check metadata (#8068)
  • 4f77e01 chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (#8196)
  • 011012a ci: add workflow to restrict direct PRs to release branches (#8240)
  • ae28398 fix(suse): SUSE - update OSType constants and references for compatility (#8236)
  • 92697c7 ci: fix path to main dir for canary builds (#8231)
  • ca41a28 chore(secret): add reported issues related to secrets in junit template (#8193)
  • 243e5a3 refactor: use trivy-checks/pkg/specs package (#8226)
  • 0aa2607 ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170)
  • 23dc3a6 fix(misconf): allow null values only for tf variables (#8112)
  • a0429f7 feat(misconf): support for ignoring by inline comments for Helm (#8138)
  • f352f6b fix(redhat): check usr/share/buildinfo/ dir to detect content sets (#8222)
  • f9a6a71 chore(alpine): add EOL date for Alpine 3.21 (#8221)
  • 670fbf2 fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207)
  • bbc5a85 fix(misconf): disable git terminal prompt on tf module load (#8026)
  • 70f3faa chore: remove aws iam related scripts (#8179)
  • e8085ba docs: Updated JSON schema version 2 in the trivy documentation (#8188)
  • 4f111b9 refactor(python): use once + debug for License acquired from METADATA... logs (#8175)
  • 03db7fc refactor: use slices package instead of custom function (#8172)
  • eedefdd chore(deps): bump the common group with 6 updates (#8162)
  • 49c54b4 feat(python): add support for uv dev and optional dependencies (#8134)
  • 774e04d feat(python): add support for poetry dev dependencies (#8152)
  • 735335f fix(sbom): attach nested packages to Application (#8144)
  • 9fd5cc5 docs(vex): use debian minor version in examples (#8166)
  • b5859d3 refactor: add generic Set implementation (#8149)
  • e6d0ba5 chore(deps): bump the aws group across 1 directory with 6 updates (#8163)
  • a034d26 fix(python): skip dev group's deps for poetry (#8106)
  • 7558df7 fix(sbom): use root package for unknown dependencies (if exists) (#8104)
  • 30c7cb1 chore(deps): bump golang.org/x/net from v0.32.0 to v0.33.0 (#8140)
  • 95f7a56 chore(vex): suppress CVE-2024-45338 (#8137)
  • c4a4a5f feat(python): add support for uv (#8080)
  • 49f3540 chore(deps): bump the docker group across 1 directory with 3 updates (#8127)
  • dcf28a1 chore(deps): bump the common group across 1 directory with 14 updates (#8126)
  • e79e73d chore: bump go to 1.23.4 (#8123)
  • 17827db test: set dummy value for NUGET_PACKAGES (#8107)
  • f0b3a99 chore(deps): bump github.com/CycloneDX/cyclonedx-go from v0.9.1 to v0.9.2 (#8105)
  • e7507f0 chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103)
  • 2200f38 fix: wasm module test (#8099)
  • d7ac286 fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088)
  • 328db73 chore(vex): suppress CVE-2024-45337 (#8101)
  • f5e4291 fix(license): always trim leading and trailing spaces for licenses (#8095)
  • f9fceb5 fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635)
  • 4202c4b fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063)
  • 156a2aa fix: enable err-error and errorf rules from perfsprint linter (#7859)
  • e8b31bf chore(deps): bump the aws group across 1 directory with 6 updates (#8074)
  • 9bd6ed7 perf: avoid heap allocation in applier findPackage (#7883)
  • 2c41ac8 fix: Updated twitter icon (#7772)
  • 11dbf54 docs(k8s): add a note about multi-container pods (#7815)
  • da17dc7 feat: add --distro flag to manually specify OS distribution for vulnerability scanning (#8070)
  • 90f1d8d fix(oracle): add architectures support for advisories (#4809)
  • 51f2123 fix: handle BLOW_UNKNOWN error to download DBs (#8060)
  • ffe24e1 feat(misconf): generate placeholders for random provider resources (#8051)
  • fd07074 fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052)
  • 5e68bdc fix(flag): skip hidden flags for --generate-default-config command (#8046)
  • 9d9f80d fix(java): correctly overwrite version from depManagement if dependency uses project.* props (#8050)
  • 7389961 feat(nodejs): respect peer dependencies for dependency tree (#7989)
  • 1feb81c ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038)
  • 21b68e1 fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580)
  • 71391a5 chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029)
  • 07b2d7f fix(misconf): use log instead of fmt for logging (#8033)
  • 775f954 docs: add commercial content (#8030)
  • cd01f23 release: v0.58.0 [main] (#7874)
  • 54130dc fix(misconf): wrap AWS EnvVar to iac types (#7407)
  • a16270c chore(deps): Upgrade trivy-checks (#8018)
  • 511b7d3 refactor(misconf): Remove unused options (#7896)
  • eaf8d41 docs: add terminology page to explain Trivy concepts (#7996)
  • d622ca2 feat: add workspaceRelationship (#7889)
  • 0627992 refactor(sbom): simplify relationship generation (#7985)
  • c238c51 chore: remove Go checks (#7907)
  • 745be1a docs: improve databases documentation (#7732)
  • f5bdc79 refactor: remove support for custom Terraform checks (#7901)
  • ad0ff5d docs: fix dead links (#7998)
  • 7e2a8cb docs: drop AWS account scanning (#7997)
  • aeeba70 fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995)
  • 4cfb2a9 fix(cli): Handle empty ignore files more gracefully (#7962)
  • fbc42a0 fix(misconf): load full Terraform module (#7925)
  • fe3a897 fix(misconf): properly resolve local Terraform cache (#7983)
  • 44c7fdd refactor(k8s): add v prefix for Go packages (#7839)
  • 5a93a77 test: replace Go checks with Rego (#7867)
  • e9a899a feat(misconf): log causes of HCL file parsing errors (#7634)
  • 9054303 chore(deps): bump the aws group across 1 directory with 7 updates (#7991)
  • 83cb3da chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990)
  • 53d12bc chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992)
  • 32951f9 chore: downgrade the failed block expand message to debug (#7964)
  • de3b7ea fix(misconf): do not erase variable type for child modules (#7941)
  • 5448ba2 feat(go): construct dependencies of go.mod main module in the parser (#7977)
  • bcdc0bb feat(go): construct dependencies in the parser (#7973)
  • e0f2054 feat: add cvss v4 score and vector in scan response (#7968)
  • de523ff docs: add overview page for others (#7972)
  • 461a68a fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871)
  • 45d3b40 feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965)
  • 9688370 chore(deps): bump the common group with 4 updates (#7949)
  • b9b383e feat(oracle): add flavors support (#7858)
  • 9988147 fix(misconf): Update trivy-checks default repo to mirror.gcr.io (#7953)
  • 6565bef chore(deps): Bump up trivy-checks to v1.3.0 (#7959)
  • 797b36f fix(k8s): check all results for vulnerabilities (#7946)
  • 516e7cb ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945)
  • 132d9df feat(secret): Add built-in secrets rules for Private Packagist (#7826)
  • afd7216 docs: Fix broken links (#7900)
  • 9169f6f docs: fix mistakes/typos (#7942)
  • 5ba9a83 feat: Update registry fallbacks (#7679)
  • 07915da fix(alpine): add UID for removed packages (#7887)
  • 58fdab2 chore(deps): bump the aws group with 6 updates (#7902)
  • 40f6e35 chore(deps): bump the common group with 6 updates (#7904)
  • d982e6a fix(debian): infinite loop (#7928)
  • 38775a5 fix(redhat): don't return error if root/buildinfo/content_manifests/ contains files that are not contentSets files (#7912)
  • a5f0ef5 docs: add note about temporary podman socket (#7921)
  • 94791f8 docs: combine trivy.dev into trivy docs (#7884)
  • 0d3d934 test: change branch in spdx schema link to check in integration tests (#7935)
  • c8add84 docs: add Headlamp to the Trivy Ecosystem page (#7916)
  • 19aea4b fix(report): handle git@github.com schema for misconfigs in sarif report (#7898)
  • bdfcc19 chore(k8s): enhance k8s scan log (#6997)
  • 611558e fix(terraform): set null value as fallback for missing variables (#7669)
  • 99b2db3 fix(misconf): handle null properties in CloudFormation templates (#7813)
  • ab32297 fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882)
  • 6018461 chore(deps): bump the common group across 1 directory with 20 updates (#7876)
  • 6e3252b chore: bump containerd to v2.0.0 (#7875)
  • eda4d76 fix: Improve version comparisons when build identifiers are present (#7873)
  • b1c7f55 feat(k8s): add default commands for unknown platform (#7863)
  • ed2288f chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868)
  • 2529b58 refactor(secret): optimize performance by moving ToLower operation outside loop (#7862)
  • a6a45b3 test: save containerd image into archive and use in tests (#7816)
  • a9b557d chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854)
  • 4da59bd chore: bump golangci-lint to v1.61.0 (#7853)
  • efec326 release: v0.57.0 [main] (#7710)
  • 7632625 chore: lint errors.Join (#7845)
  • 5e78b6c feat(db): append errors (#7843)
  • dc44946 docs(java): add info about supported scopes (#7842)
  • 7654b2e docs: add example of creating whitelist of checks (#7821)
  • 194d4ab chore(deps): Bump trivy-checks (#7819)
  • e872ec0 fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)
  • 7882776 fix(k8s): skip resources without misconfigs (#7797)
  • f2bb9c6 fix(sbom): use Annotation instead of AttributionTexts for SPDX formats (#7811)
  • b661d68 fix(cli): add config name to skip-policy-update alias (#7820)
  • 6fab88d fix(helm): properly handle multiple archived dependencies (#7782)
  • c70b6fa refactor(misconf): Deprecate EXCEPTIONS for misconfiguration scanning (#7776)
  • c434775 fix(k8s)!: support k8s multi container (#7444)
  • 7a4f4d8 fix(k8s): support kubernetes v1.31 (#7810)
  • 63dd3d6 docs: add Windows install instructions (#7800)
  • a16b830 ci(helm): auto public Helm chart after PR merged (#7526)
  • ad3c09e feat: add end of life date for Ubuntu 24.10 (#7787)
  • c0d79fa feat(report): update gitlab template to populate operating_system value (#7735)
  • f75c0d1 feat(misconf): Show misconfig ID in output (#7762)
  • 9514148 feat(misconf): export unresolvable field of IaC types to Rego (#7765)
  • 010b213 refactor(k8s): scan config files as a folder (#7690)
  • f6acdf7 fix(license): fix license normalization for Universal Permissive License (#7766)
  • 57e24aa fix: enable usestdlibvars linter (#7770)
  • 8d5dbc9 fix(misconf): properly expand dynamic blocks (#7612)
  • c225883 feat(cyclonedx): add file checksums to CycloneDX reports (#7507)
  • 35fd018 fix(misconf): fix for Azure Storage Account network acls adaptation (#7602)
  • cd44bb4 refactor(misconf): simplify k8s scanner (#7717)
  • a7baa93 feat(parser): ignore white space in pom.xml files (#7747)
  • 922949a test: use forked images (#7755)
  • 778df82 fix(java): correctly inherit version and scope from upper/root depManagement and dependencies into parents (#7541)
  • c8c14d3 fix(misconf): check if property is not nil before conversion (#7578)
  • 9da84f5 fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577)
  • 2eaa17e feat(misconf): ssl_mode support for GCP SQL DB instance (#7564)
  • bcfc37b test: define constants for test images (#7739)
  • 83e5b83 docs: add note about disabled DS016 check (#7724)
  • ad91412 feat(misconf): public network support for Azure Storage Account (#7601)
  • 633a7ab feat(cli): rename trivy auth to trivy registry (#7727)
  • 31aa20a docs: apt-transport-https is a transitional package (#7678)
  • c78f45b refactor(misconf): introduce generic scanner (#7515)
  • 672e886 fix(cli): clean --all deletes only relevant dirs (#7704)
  • 27117f8 feat(cli): add trivy auth (#7664)
  • 1f2e91b fix(sbom): add options for DBs in private registries (#7660)
  • 55b5a7e docs(report): fix reporting doc format (#7671)
  • fdf203c fix(repo): git clone output to Stderr (#7561)
  • a585e95 fix(redhat): include arch in PURL qualifiers (#7654)
  • 015bb88 fix(report): Fix invalid URI in SARIF report (#7645)
  • ab3a3b2 docs(report): Improve SARIF reporting doc (#7655)
  • 2c87f0c fix(db): fix javadb downloading error handling (#7642)
  • cb0b3a9 feat(cli): error out when ignore file cannot be found (#7624)
  • d246401 release: v0.56.0 [main] (#7447)
  • fcaea74 fix(misconf): not to warn about missing selectors of libraries (#7638)
  • 69bf7e0 feat: support RPM archives (#7628)
  • 3e1fa21 fix(secret): change grafana token regex to find them without unquoted (#7627)
  • 8735242 chore(deps): Bump trivy-checks to v1.1.0 (#7631)
  • 82e2adc fix(misconf): Disable deprecated checks by default (#7632)
  • 1faf529 chore: add prefixes to log messages (#7625)
  • c0e8da3 feat(misconf): Support --skip-* for all included modules (#7579)
  • 3562529 feat: support multiple DB repositories for vulnerability and Java DB (#7605)
  • 7602d14 ci: don't use cache for setup-go (#7622)
  • d4edeb5 test: use loaded image names (#7617)
  • b836232 feat(java): add empty versions if pom.xml dependency versions can't be detected (#7520)
  • 60725f8 feat(secret): enhance secret scanning for python binary files (#7223)
  • 9d1be41 refactor: fix auth error handling (#7615)
  • cb16d43 ci: split save and restore cache actions (#7614)
  • de40df9 fix(misconf): disable DS016 check for image history analyzer (#7540)
  • efdb68d feat(suse): added SUSE Linux Enterprise Micro support (#7294)
  • ef0a27d feat(misconf): add ability to disable checks by ID (#7536)
  • ea0cf03 fix(misconf): escape all special sequences (#7558)
  • 9baf658 test: use a local registry for remote scanning (#7607)
  • a8fbe46 fix: allow access to '..' in mapfs (#7575)
  • 13ef3e7 fix(db): check DownloadedAt for trivy-java-db (#7592)
  • 3fa24e8 chore(deps): bump the common group across 1 directory with 20 updates (#7604)
  • 1fdf30a ci: add workflow_dispatch trigger for test workflow. (#7606)
  • fea7250 ci: cache test images for integration, VM and module tests (#7599)
  • bbc8e1d chore(deps): remove broken replaces for opa and discovery (#7600)
  • 8128ecc docs(misconf): Add more info on how to use arbitrary JSON/YAML scan feat (#7458)
  • 37d549e fix(misconf): Fixed scope for China Cloud (#7560)
  • 1f9fc13 perf(misconf): use port ranges instead of enumeration (#7549)
  • 5dd94eb fix(sbom): export bom-ref when converting a package to a component (#7340)
  • dbd2dd6 refactor(misconf): pass options to Rego scanner as is (#7529)
  • aeb7039 fix(sbom): parse type framework as library when unmarshalling CycloneDX files (#7527)
  • d1d7132 chore(deps): bump go-ebs-file (#7513)
  • 56db43c fix(misconf): Fix logging typo (#7473)
  • f768d3a feat(misconf): Register checks only when needed (#7435)
  • e6f45cd refactor: split .egg and packaging analyzers (#7514)
  • 5442949 fix(java): use dependencyManagement from root/child pom's for dependencies from parents (#7497)
  • 0efd202 chore(vex): add CVE-2024-34155, CVE-2024-34156 and CVE-2024-34158 in trivy.openvex.json (#7510)
  • 701dbda chore(deps): bump alpine from 3.20.0 to 3.20.3 (#7508)
  • 42748c4 chore(vex): suppress openssl vulnerabilities (#7500)
  • 04a854c docs: refine go docs (#7442)
  • b0222fe revert(java): stop supporting of test scope for pom.xml files (#7488)
  • 8876e70 docs(db): add a manifest example (#7485)
  • 6472e3c feat(license): improve license normalization (#7131)
  • d589856 docs(oci): Add a note About the expected Media Type for the Trivy-DB OCI Artifact (#7449)
  • 7ff9aff fix(report): fix error with unmarshal of ExperimentalModifiedFindings (#7463)
  • 927c6e0 fix(report): change a receiver of MarshalJSON (#7483)
  • dd0a64a fix(oracle): Update EOL date for Oracle 7 (#7480)
  • 3642fe1 chore(deps): bump the aws group with 6 updates (#7468)
  • 5375cd2 chore(deps): bump the common group across 1 directory with 19 updates (#7436)
  • e2118e8 chore(helm): bump up Trivy Helm chart (#7441)
  • 412fb76 refactor(java): add error/statusCode for logs when we can't get pom.xml/maven-metadata.xml from remote repo (#7451)
  • 4926da7 fix(license): stop spliting a long license text (#7336)
  • 7a1e8b8 release: v0.55.0 [main] (#7271)
  • 2d80769 feat(go): use toolchain as stdlib version for go.mod files (#7163)
  • f80183c fix(license): add license handling to JUnit template (#7409)
  • 2d97700 feat(java): add test scope support for pom.xml files (#7414)
  • 870523d chore(deps): Bump trivy-checks and pin OPA (#7427)
  • da4ebfa fix(helm): explicitly define kind and apiVersion of volumeClaimTemplate element (#7362)
  • af1d257 feat(sbom): set User-Agent header on requests to Rekor (#7396)
  • 1a6295c test: add integration plugin tests (#7299)
  • fd9ed3a fix(nodejs): check all importers to detect dev deps from pnpm-lock.yaml file (#7387)
  • c929290 fix: logger initialization before flags parsing (#7372)
  • feaef96 fix(aws): handle ECR repositories in different regions (#6217)
  • 0cac3ac fix(misconf): fix infer type for null value (#7424)
  • bf64003 fix(secret): use .eyJ keyword for JWT secret (#7410)
  • 3a5d091 fix(misconf): do not recreate filesystem map (#7416)
  • 39c8024 chore(deps): Bump trivy-checks (#7417)
  • a5aa63e fix(misconf): do not register Rego libs in checks registry (#7420)
  • c96dcdd fix(sbom): use NOASSERTION for licenses fields in SPDX formats (#7403)
  • 7aea79d feat(report): export modified findings in JSON (#7383)
  • 4c6e8ca feat(server): Make Trivy Server Multiplexer Exported (#7389)
  • 84118d0 chore: update CODEOWNERS (#7398)
  • 391448a fix(secret): use only line with secret for long secret lines (#7412)
  • 344dafd chore: fix allow rule of ignoring test files to make it case insensitive (#7415)
  • 98e136e feat(misconf): port and protocol support for EC2 networks (#7146)
  • 9d7264a fix(misconf): do not filter Terraform plan JSON by name (#7406)
  • 44e4686 feat(misconf): support for ignore by nested attributes (#7205)
  • 0799770 fix(misconf): use module to log when metadata retrieval fails (#7405)
  • dd9733e fix(report): escape Message field in asff.tpl template (#7401)
  • be86126 feat(misconf): Add support for using spec from on-disk bundle (#7179)
  • 45a9627 docs: add pkg flags to config file page (#7370)
  • e9b43f8 feat(python): use minimum version for pip packages (#7348)
  • 2a6c7ab fix(misconf): support deprecating for Go checks (#7377)
  • b65b32d fix(misconf): init frameworks before updating them (#7376)
  • 9ef05fc feat(misconf): ignore duplicate checks (#7317)
  • bfdf5cf refactor(misconf): use slog (#7295)
  • 6fe6727 chore(deps): bump trivy-checks (#7350)
  • 24a4563 feat(server): add internal --path-prefix flag for client/server mode (#7321)
  • 3f0e7eb chore(deps): bump the aws group across 1 directory with 7 updates (#7358)
  • 05a8297 fix: safely check if the directory exists (#7353)
  • db2c955 feat(misconf): variable support for Terraform Plan (#7228)
  • efdbd8f feat(misconf): scanning support for YAML and JSON (#7311)
  • c5c62d5 fix(misconf): wrap Azure PortRange in iac types (#7357)
  • 0c6687d refactor(misconf): highlight only affected rows (#7310)
  • aadb090 fix(misconf): change default TLS values for the Azure storage account (#7345)
  • 0047dbf chore(deps): bump the common group with 9 updates (#7333)
  • ee339b5 docs(misconf): Update callsites to use correct naming (#7335)
  • 08cc14b docs: update air-gapped docs (#7160)
  • 59c1541 refactor: replace ftypes.Gradle with packageurl.TypeGradle (#7323)
  • 2b6d8d9 perf(misconf): optimize work with context (#6968)
  • 65d991c docs: update links to packaging.python.org (#7318)
  • 7278abd docs: update client/server docs for misconf and license scanning (#7277)
  • ac3eb9d chore(deps): bump the common group across 1 directory with 7 updates (#7305)
  • fe92072 feat(misconf): iterator argument support for dynamic blocks (#7236)
  • f0ed5e4 fix(misconf): do not set default value for default_cache_behavior (#7234)
  • a817fae feat(misconf): support for policy and bucket grants (#7284)
  • a4180bd fix(misconf): load only submodule if it is specified in source (#7112)
  • c766831 perf(misconf): use json.Valid to check validity of JSON (#7308)
  • 13789b7 refactor(misconf): remove unused universal scanner (#7293)
  • 85dadf5 perf(misconf): do not convert contents of a YAML file to string (#7292)
  • bb2e26a fix(terraform): add aws_region name to presets (#7184)
  • 555ac8c docs: add auto-generated config (#7261)
  • fd8348d feat(vuln): Add --detection-priority flag for accuracy tuning (#7288)
  • e95152f refactor(misconf): remove file filtering from parsers (#7289)
  • 2a0e529 fix(flag): incorrect behavior for deprected flag --clear-cache (#7281)
  • 49d5270 fix(java): Return error when trying to find a remote pom to avoid segfault (#7275)
  • b3ee6da fix(plugin): do not call GitHub content API for releases and tags (#7274)
  • 35c60f0 feat(vm): support the Ext2/Ext3 filesystems (#6983)
  • 7024572 feat(cli)!: delete deprecated SBOM flags (#7266)
  • 45b3f34 feat(vm): Support direct filesystem (#7058)
  • ff403a3 release: v0.54.0 [main] (#7075)
  • b3ee4bc docs: update ecosystem page reporting with plopsec.com app (#7262)
  • 3b7aad3 chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#7136)
  • c2fd2e0 feat(vex): retrieve VEX attestations from OCI registries (#7249)
  • 4a2f492 feat(sbom): add image labels into SPDX and CycloneDX reports (#7257)
  • f198cf8 refactor(flag): return error if both --download-db-only and --download-java-db-only are specified (#7259)
  • 54bb8bd fix(nodejs): detect direct dependencies when using latest version for files yarn.lock + package.json (#7110)
  • 4e54a7e fix(java): avoid panic if deps from pom in it dir are not found (#7245)
  • 805592d chore: show VEX notice for OSS maintainers in CI environments (#7246)
  • 5c37361 feat(vuln): add --pkg-relationships (#7237)
  • f35f4a5 docs: show VEX cli pages + update config file page for VEX flags (#7244)
  • d76feba fix(dotnet): show nuget package dir not found log only when checking nuget packages (#7194)
  • 8d5ba3f chore(deps): bump the common group across 1 directory with 17 updates (#7230)
  • 88ba460 feat(vex): VEX Repository support (#7206)
  • 174b1e3 fix(secret): skip regular strings contain secret patterns (#7182)
  • bff317c feat: share build-in rules (#7207)
  • c3036de fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171)
  • 7fa5e7d fix(cli): error on missing config file (#7154)
  • 8c87194 fix(secret): update length of hugging-face-access-token (#7216)
  • efb1f69 feat(sbom): add vulnerability support for SPDX formats (#7213)
  • 0e286f0 ci: use free runner for all tests except build tests (#7215)
  • 051ac39 chore(deps): bump the docker group across 1 directory with 2 updates (#7208)
  • 92b13be fix(secret): trim excessively long lines (#7192)
  • 9269563 chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201)
  • 9d52018 fix(server): pass license categories to options (#7203)
  • 5cbc452 feat(mariner): Add support for Azure Linux (#7186)
  • 5f78045 docs: updates config file (#7188)
  • 5f78ea4 refactor(fs): remove unused field for CompositeFS (#7195)
  • 5bc662b fix(dotnet): don't include non-runtime libraries into report for *.deps.json files (#7039)
  • b76a725 chore(deps): bump goreleaser from v2.0.0 to v2.1.0 (#7162)
  • c8a7abd fix: add missing platform and type to spec (#7149)
  • 7066f5e chore(deps): bump the aws group with 6 updates (#7166)
  • d1ec89d feat(misconf): enabled China configuration for ACRs (#7156)
  • 2a577a7 fix: close file when failed to open gzip (#7164)
  • 4308a0a docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141)
  • d1f8967 docs(misconf): add info about limitations for terraform plan json (#7143)
  • a3a6de2 chore: add VEX for Trivy images (#7140)
  • e674c93 chore(deps): bump the common group across 1 directory with 7 updates (#7125)
  • d2f4da8 chore: add VEX document and generator for Trivy (#7128)
  • f27c236 fix(misconf): do not evaluate TF when a load error occurs (#7109)
  • 7cbdb0a feat(cli): rename --vuln-type flag to --pkg-types flag (#7104)
  • 5a9f1a6 refactor(secret): move warning about file size after IsBinary check (#7123)
  • ab0fd0d chore(deps): bump the docker group with 2 updates (#7116)
  • 17b5dbf feat: add openSUSE tumbleweed detection and scanning (#6965)
  • a64993e test: add missing advisory details for integration tests database (#7122)
  • dc68a66 fix: Add dependencyManagement exclusions to the child exclusions (#6969)
  • ec3e0ca chore(deps): bump the aws group with 4 updates (#7115)
  • 25f8143 fix: ignore nodes when listing permission is not allowed (#7107)
  • a7a304d fix(java): use go-mvn-version to remove Package duplicates (#7088)
  • cb89fbb refactor(secret): add warning about large files (#7085)
  • 03ac93d feat(nodejs): add license parser to pnpm analyser (#7036)
  • 266d9b1 refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074)
  • 1f5f348 feat: add log.FilePath() function for logger (#7080)
  • db68d10 chore: bump golangci-lint from v1.58 to v1.59 (#7077)
  • 91f2237 chore(deps): bump the common group across 1 directory with 23 updates (#7066)
  • acbec05 perf(debian): use bytes.Index in emptyLineSplit to cut allocation (#7065)
  • fc6b3a7 refactor: pass DB dir to trivy-db (#7057)
  • 6a307bb docs: navigate to the release highlights and summary (#7072)
  • c464726 chore(deps): bump the github-actions group with 2 updates (#7067)
  • c55b0e6 release: v0.53.0 [main] (#6855)
  • 654217a feat(conda): add licenses support for environment.yml files (#6953)
  • 3d4ae8b fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051)
  • 55ccd06 feat: add memory cache backend (#7048)
  • 14d71ba fix(sbom): use package UIDs for uniqueness (#7042)
  • edc556b feat(php): add installed.json file support (#4865)
  • 4f8b399 docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
  • 137c916 fix: use embedded when command path not found (#7037)
  • 9e4927e chore(deps): bump trivy-kubernetes version (#7012)
  • 4be02ba refactor: use google/wire for cache (#7024)
  • e9fc3e3 fix(cli): show info message only when --scanners is available (#7032)
  • 0ccdbfb chore: enable float-compare rule from testifylint (#6967)
  • 9045f24 docs: Add sudo on commands, chmod before mv on install docs (#7009)
  • 3d02a31 fix(plugin): respect --insecure (#7022)
  • 8d618e4 feat(k8s)!: node-collector dynamic commands support (#6861)
  • a76e328 fix(sbom): take pkg name from purl for maven pkgs (#7008)
  • eb636c1 chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#7018)
  • 8d0ae1f feat!: add clean subcommand (#6993)
  • de201dc chore: use ! for breaking changes (#6994)
  • 979e118 feat(aws)!: Remove aws subcommand (#6995)
  • 648ead9 refactor: replace global cache directory with parameter passing (#6986)
  • 7eabb92 fix(sbom): use purl for bitnami pkg names (#6982)
  • 333087c chore: bump Go toolchain version (#6984)
  • 6dff422 refactor: unify cache implementations (#6977)
  • 9dc8a2b docs: non-packaged and sbom clarifications (#6975)
  • b58d42d BREAKING(aws): Deprecate trivy aws as subcmd in favour of a plugin (#6819)
  • 6469d37 docs: delete unknown URL (#6972)
  • 30bcb95 refactor: u...