trivy/trivy.changes

-------------------------------------------------------------------
Tue Dec 21 08:33:39 UTC 2021 - dmueller@suse.com

- Update to version 0.21.3:
  * fix(docs): typo (#1488)
  * feat(plugin): Add option to update plugin (#1462)
  * fix: fixed skipFiles/skipDirs flags for relative path (#1482)
  * feat (plugin): add list and info command for plugin (#1452)
  * fix: set up a vulnerability severity (#1458)
  * chore: add arm64 deb package (#1480)
  * Link to trivy tutorial on Semaphore (#1449)
  * refactor(helm): externalize env vars to configMap (#1345)
  * docs: provide more information on scanning Google's GCR (#1426)
  * docs(misconfiguration): added instruction for misconfiguration detection (#1428)
  * Update git-repository.md (#1430)
  * fix(hooks): exclude unrelated lib types from system files filtering (#1431)
  * chore: run `go fmt` (#1429)
  * fix(sarif): change `help` field in the sarif template. (#1423)
  * Update fanal with cfsec version update (#1425)
  * Replace deprecated option in goreleaser (#1406)
  * feat(alpine): support 3.15 (#1422)
  * chore: test the helm chart in the PR and used the commit hash (#1414)
  * chore(deps): bump alpine from 3.14 to 3.15.0 (#1417)
  * chore(release): add ubuntu older versions to deploy script (#1416)

-------------------------------------------------------------------
Sun Dec 05 10:46:26 UTC 2021 - dmueller@suse.com

- Update to version 0.21.1:
  * chore(mod): tidy (#1415)
  * fix(rpc): fix nil layer transmit (#1410)
  * Lang advisory order (#1409)
  * chore: add support for s390x arch (#1304)
  * fix(chart): ingress helm manifest-update trivy image (#1323)
  * docs: Add comparison for cfsec (#1388)
  * remove: delete unused functions in utils package (#1379)
  * fix(sarif): fix validation errors (#1376)
  * docs: add Bitbucket Pipelines (#1374)
  * docs: add community integrations (#1361)
  * Use a stable SARIF identifier (#1230)
  * fix(python): fix parsing of requirements.txt with hash checking mode available in pip since version 8.0
  * feat(iac): Add line information (#1366)
  * feat(cloudformation): Adding support for cfsec IaC scanning (#1360)
  * chore: send debug and info logs to stdout in install.sh, not stderr. (#1264)
  * Update containerd to v1.5.7 and docker-cli to v20.10.9 (#1356)
  * chore: update SBOM generation (#1349)

-------------------------------------------------------------------
Wed Nov 10 11:42:19 UTC 2021 - dmueller@suse.com

- Update to version 0.20.2:
  * docs: update builtin.md (#1335)
  * chore: fix issues with Homebrew formula (#1329)
  * chore: bump GoReleaser to v0.183.0 (#1328)
  * docs: update iac.md for a typo (#1326)
  * docs: typo fix (#1308)
  * Add new networking API features to Ingress (#1262)
  * chore(release): bump up GoReleaser to v0.182.1 (#1299)
  * fix(yarn): support quoted version (#1298)
  * feat(custom-forward): Forward the extended advisory data (#1247)
  * feat(javascript) : Initialize npm driver for javascript packages (#1289)
  * fix(cli): fix incorrect comparision of DB metadata type. (#1286)
  * docs: add footer to readme (#1281)
  * feat(report): add package path (#1274)
  * feat(command): add rootfs command (#1271)
  * fix: update fanal (#1272)
  * feat(commands): remove deprecated options (#1270)
  * Aggregate jar result for table (#1269)
  * BREAKING(report): migrate to new json schema (#1265)
  * feat: improve --skip-dirs and --skip-files (#1249)
  * fix(gobinary): skip large files (#1259)
  * Disable library analyzer for OS only scan type (#1191)
  * chore: update trivy version (#1252)
  * refactor: move from io/ioutil to io and os package (#1245)
  * fix: brew test command (#1253)
  * fix:added layer info in packages (#1248)
  * fix(go/binary): improve debug messages (#1244)
  * Update db.go (#1199)
  * fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243)
  * feat(debian): support the versions that reached EOL (#1237)
  * feat(alpine): support unfixed vulnerabilities (#1235)
  * feat(report): add image config (#1231)
  * feat(nodejs): support package.json (#1225)
  * refactor: use testing DB instead of mock (#1234)
  * feat(ruby): support gemspec (#1224)
  * feat(python): add packaging detector and respective hook (#1223)
  * feat(license): Added support to new License field of go-dep-parser's library (#1167)
  * fix(oracle): handle advisories contain ksplice versions (#1209)
  * fix(docs): remove OSVDB advisories (#1215)
  * docs: fix typos in CONTRIBUTING.md (#1181)
  * Update EOL of Debian 11 (#1180)
  * fix(plugin): resolve a closure (#1207)
  * docs: fix typo (#1206)
  * fix(detector): change an argument for trivy-db getter (#1203)
  * chore(mod): update fanal (#1179)
  * Add license info to package data (#1176)
  * feat(nuget): support packages.config (#1095)
  * feat(python): add support for requirements.txt (#1169)
  * GitLab CI integration documentation (#1168)
  * chore(gorelease) change goreleaser config to include template examples (#1138)
  * chore(deps): bump dmnemec/copy_file_to_another_repo_action (#1153)
  * chore(deps): bump actions/stale from 3 to 4 (#1152)
  * feat(report): add end of service life flag to OS metadata (#1142)
  * chore: set up Dependabot for github-actions and docker (#1128)
  * docs: fix typo (#1149)
  * docs: add some external links (#1147)
  * chore (release): add ubuntu esm versions to deploy script (#1151)
  * docs(troubleshooting) add urls which are required to download vuls db (#1137)
  * Updated the Alpine Image to 3.14 (latest) (#1130)
  * Added EOL for Ubuntu 21.10 (#1131)
  * fix(image): disabled scanning of config files within container images (#1133)
  * docs: fixed typo (#1124)
  * update cyclonedx github action to v0.3.0 (#1127)
  * fix(policy): fix panic on the first run (#1116)
  * docs(misconf): add comparison with Conftest and tfsec (#1111)
  * feat(report): add schema version (#1110)
  * fix(scan): change unknown os from info to debug (#1109)
  * docs: add misconfiguration (#1101)
  * fix(config): rename include-successes with include-non-failures (#1107)
  * feat(config): support --trace (#1106)
  * fix(policy): reduce the Internet access (#1105)
  * chore: bump golangci-lint to v1.41.1 (#1104)
  * feat: support config scanning (#931)
  * feat(report): add artifact metadata (#1079)
  * Generate SBOM (#1076)
  * fix(db): multiple prefixed data sources (#1070)
  * Add EOL date for Alpine 3.14 (#1072)
  * suse: mark sle 15.3 as maintained, add opensuse 15.3 (#1059)
  * docs: improve data sources (#1069)
  * chore(label): add kind/security-advisory (#1068)
  * fix(asff): replace slice with substr (#1058)
  * fix(helm-chart): parametrized ingress host path (#1049)
  * feat: support Google Artifact Repository (#1055)
  * Update ASFF template to use label for severity (#1047)
  * BREAKING: migrate to a new JSON schema (#782)
  * docs: Fix link to AWS Security Hub template (#1046)
  * refactor(server): support gzip (#1045)
  * chore(rpc): update protoc and twirp (#1044)
  * Added support for list all packages flag in client (#1032)
  * chore: chart with 0.18.3 (#1033)
  * feat: add gitlab codequality template (#895)
  * feat(plugin): add aqua plugin (#1029)
  * fix(go): if patchedVersion is empty mark it as vulnerable (#1030)
  * docs(ubuntu): fix supported versions (#1028)
  * Support Ubuntu 21.04 (#1027)
  * chore: remove codecov (#1016)
  * fix typo on github-actions.md (#1022)
- drop 0001-suse-mark-sle-15.3-as-maintained-add-opensuse-15.3.patch (upstream)

-------------------------------------------------------------------
Thu Jun 10 12:46:10 UTC 2021 - Dirk Müller <dmueller@suse.com>

- add 0001-suse-mark-sle-15.3-as-maintained-add-opensuse-15.3.patch

-------------------------------------------------------------------
Thu Jun 10 08:31:11 UTC 2021 - Dirk Müller <dmueller@suse.com>

- strip binaries 

-------------------------------------------------------------------
Mon Jun 07 19:14:07 UTC 2021 - dmueller@suse.com

- Update to version 0.18.3:
  * chore(ci): change to more granular tokens (#1014)
  * chore(ci): add Go scanning and update dependencies (#1001)
  * docs: Add HIGH severity to Trivy command in GitLab CI example to match comment (#1013)
  * fix(image): disable go.sum scanning (#1007)
  * fix(gomod): handle go.sum with an empty line (#1006)
  * feat: prepare for config scanning (#1005)
  * Clarify that dev dependencies are excluded (#986)
  * Include target value in Sarif template ruleID (#991)
  * chore(mkdocs): allow workflow_dispatch (#989)
  * fix(vuln) unique vulnerabilities from different data sources (#984)
  * feat(go): added support of gomod analyzer (#978)

-------------------------------------------------------------------
Mon May 03 10:04:22 UTC 2021 - dmueller@suse.com

- Update to version 0.17.2:
  * Upgrade fanal dependency (#976)
  * docs: mention upx binaries (#974)
  * Upgrade alpine to fix git and libcurl vulnerabilities in trivy docker image scan (#971)
  * fix(fs): skip dirs (#969)
  * chore(ci): replace GITHUB_TOKEN with ORG_GITHUB_TOKEN (#965)
  * chore(ci): clone trivy-repo after releasing binaries (#963)
  * docs: add golang support (#962)
  * fix(table): skip zero vulnerabilities on java (#961)
  * chore(ci): create a release discussion (#959)
  * feat(go): support binary scan (#948)
  * feat(java): support GitLab Advisory Database (#917)
  * feat: show help message when the context's deadline passes (#955)
  * chore(mkdocs): replace github token (#954)
  * Update SARIF report template (#935)
  * Update install docs to make commands consistent (#933)
  * Docker multi-platform image build with `buildx`, using Goreleaser (#915)
  * Fix JUnit template for AWS CodeBuild compatibility (#904)
  * break(cli): use StringSliceFlag for skip-dirs/files (#916)
  * docs: add white logo (#914)
  * add package name in ruleID (#913)
  * feat: gh-action for stale issues (#908)
  * chore(triage): add lifecycle/active label (#909)
  * feat: publish helm repository (#888)
  * Fix Documentation Typo (#901)
  * docs: migrate README to MkDocs (#884)
  * refactor(internal): export internal packages (#887)
  * feat: support plugins (#878)
  * chore(ci): deploy dev docs only for the main branch (#882)
  * add MkDocs implementation (#870)
  * docs(README): update ubuntu versions (#877)
  * support Ubuntu 20.10 (#876)
  * feat(cache): introduce versioned cache (#865)
  * chore: bump up Go to 1.16 (#861)
  * fix: allow the latest tag (#864)
  * feat: disable analyzers (#846)
  * chore(ci): push the official image to public ECR (#855)
  * chore(ci): migrate CircleCI to GitHub Actions (#850)
  * adds example with multistage build (#853)
  * remove SARIF helpUri if empty (#841) (#845)
  * Add Sprig to Template Engine (#832)
  * Fix "GitLab CI using Trivy container" usage example (fixes #843) (#844)
  * feat(java): support jar/war/ear (#837)
  * fix(app): increase the default value of timeout (#842)
  * Update README.md (#838)
  * Fix compatibility for Jenkins xunit plugin (#820)
  * README: add Gitlab job that uses a container with trivy (#823)
  * feat: support Podman (#825)
  * fix(eol): update EOL dates (#824)
  * fix(python): follow PEP 440 (#816)
  * Support alpine 3.13 (#819)
  * Changed the output string to "Using your github token". (#814)
  * Align comment with code (#812)
  * Parse redis backend url (#804)
  * Update README.md (#810)
  * Added nodeSelector, affinity and tolerations to helm chart (#803)
  * Fix readme typo in policy flag (#805)
  * Fix errors in SARIF format (#801)
  * Fix env variable for github token (#796)
  * fix(vulnerability): set unknown severity for empty values (#793)
  * Remove global flags from filesystem command (#772)
  * Add imagePullSecrets to helm Chart (#789)
  * Add redis cache backend configuration options (#784)
  * Update README.md (#735)
  * feat(redhat): support modular packages (#790)
  * Fix formatting of log message (#785)
  * chore(ci): migrate unit tests to GitHub Actions (#779)
  * shifted: brews.github to brews.tap (#780)

-------------------------------------------------------------------
Fri Jan 08 13:31:54 UTC 2021 - rbrown@suse.com

- Update to version 0.15.0:
  * Feat: NuGet Scanner (#686)
  * feat(cache): support Redis (#770)
  * fix(redhat): skip module packages (#776)
  * chore: migrate from master to main (#778)
  * chore(circleci): remove gofmt (#777)
  * chore(README): remove experimental (#775)
  * NVD: Add timestamps. (#761)
  * (fix): Make the table output less wide. (#763)
  * Add gitHubToken to prevent rate limit problems (#769)
  * Add helm chart to install trivy in server mode. (#751)
  * chore(docs): add nix install (#762)
  * HTML template (#567)
  * feat: remove rpm dependency (#753)
  * fix(vulnerability): make an empty severity UNKNOWN (#759)
  * chore(README): add TRIVY_INSECURE (#760)
  * feat(vulnerability): add primary URLs (#752)

-------------------------------------------------------------------
Thu Nov 26 15:23:00 UTC 2020 - dmueller@suse.com

- Update to version 0.13.0:
  * fix(oracle): handle ksplice advisories (#745)
  * fix: version comparison (#740)
  * updated Readme.md (#737)
  * Add suse sles 15.2 to the EOL list as well (#734)
  * Update README.md (#731)
  * Warn when a user attempts to use trivy without a detectable lockfile (#729)
  * Add back support for FreeBSD & OpenBSD (#728)
  * Add support for ppc64le architecture (#724)
  * Skip packages from unsupported repository (remi) (#695)
  * Skip downloading DB if a remote DB is not updated (#717)
  * Sunsetting VendorVectors (#718)
  * Add GitHub Container Registry to README (#712)
  * update BUG_REPORT.md using H2 instead of bold formatting (#714)
  * fix(ci/deb): do not remove old packages for EOL versions (#706)
  * Add linter check support (#679)
  * Optimize images (#696)
  * Update triage.md (#701)
- remove 0001-Add-suse-sles-15.2-to-the-EOL-list-as-well.patch (merged)

-------------------------------------------------------------------
Fri Oct 30 14:52:37 UTC 2020 - Dirk Mueller <dmueller@suse.com>

- add 0001-Add-suse-sles-15.2-to-the-EOL-list-as-well.patch 

-------------------------------------------------------------------
Wed Oct 28 12:47:30 UTC 2020 - Dirk Mueller <dmueller@suse.com>

- revert _service and build changes in last update to use
  the proper macros
- set VERSION parameter properly (jsc#CAPS-105)
- remove update-end-of-life-dates.patch

-------------------------------------------------------------------
Thu Oct 22 14:20:24 UTC 2020 - Stefan Nica <snica@suse.com>

- Require golang >= 1.15 to fix EINTR read issues (jsc#CAPS-170)

-------------------------------------------------------------------
Thu Oct 22 13:16:40 UTC 2020 - Dirk Mueller <dmueller@suse.com>

- add update-end-of-life-dates.patch 

-------------------------------------------------------------------
Tue Oct 20 13:13:39 UTC 2020 - msabate@suse.com

- Update to version 0.12.0:
  * ci(circle): update remote docker version (#683)
  * suse: update end of life dates for SLES service packs (#676)
  * update readme for parallel run issue (#660)
  * fix link for Clear images section in README (#659)
  * add link to Gitlab CI pipeline in README (#658)
  * test: add tests for mux (#645)
  * chore: bump up Go to 1.15 (#646)
  * Add contrib/ to the release chain for Docker (#638)
  * Add health check endpoint to trivy server (#644)
  * fix(cli): show help for subcommands (#629)

-------------------------------------------------------------------
Tue Sep 08 18:00:57 UTC 2020 - jsuchome@suse.com

- Update to version 0.9.2:
  * Fixing `Error retrieving template from path` when --format is not template but template is provided (#556)
  * Adding contrib/junit.tpl to docker image (#554)
  * db: Update trivy-db to include CVSS score info (#530)
  * docs: fix markdown (#553)
  * Added function to escape string in failure message title and descriptions (#551)
  * Added JUNIT support (#541)
  * chore(docs): mention air-gapped environment (#544)
  * chore(README): add programming languages (#543)
  * fix(log): write error messages to stderr (#538)
  * Use StoreMetadata from trivy-db (#509)
  * docs: add more CI options to README (#535)
  * chore(Dockerfile): bump up alpine to 3.12 (#528)
  * fix(alpine): replace go-deb-version with go-apk-version (#520)
  * fix: MissingBlobs is implemented different in FS and S3 the method log… (#522)

-------------------------------------------------------------------
Wed Aug 19 11:24:03 UTC 2020 - dmueller@suse.com

- Update to version 0.9.1:
  * fix(alpine): support 3.12 (#517)
  * chore(README): prepare for v0.9.0 (#507)
  * fix(config): transpose arguments (#516)

-------------------------------------------------------------------
Tue Jul 28 12:33:21 UTC 2020 - jsuchome@suse.com

- Update to version 0.9.0:
  * fix(app): add ArgsUsage (#508)
  * feat: support repository and filesystem scan (#503)
  * Add GHSA support (#467)
  * refactor: define common options and embed them into the option for subcommand (#502)
  * Add image subcommand (#493)
  * fix: remove help template (#500)
  * vulnerability: Add CVSS Vectors to JSON output. (#484)
  * feat: support registry token (#482)
  * chore: bump up urfave/cli to v2 (#499)
  * chore(doc): update README (#490)
  * chore(ci): move integration tests to GitHub Actions (#485)
  * feat: support OCI Image Format (#475)
  * chore(github): fix issue templates (#483)
  * contrib/gitlab.tpl: Add new id field (#468)
  * chore(docs): add triage.md (#473)
  * fix: handle a scratch/busybox/DockerSlim image gracefully (#476)
  * rpc: Fix output to use templates when in client server mode. (#469)
  * Override with Vendor score if exists (#433)
  * docs: Update installation docs for pointing to Trivy Releases. (#463)

-------------------------------------------------------------------
Fri Jul 24 11:34:15 UTC 2020 - jsuchome@suse.com

- enabled changesgenerate option to automatically generate changes

-------------------------------------------------------------------
Thu Jul 16 15:54:15 CEST 2020 - jsuchome@suse.com

- initial release of 0.6.0 version, supported by Harbor 2.0