2022-04-26 20:16:18 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Apr 26 06:18:23 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.27.0:
|
|
|
|
* fix(go): fixed panic to scan gomod without version (#2038)
|
|
|
|
* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
|
|
|
|
* feat(secret): support enable rules (#2035)
|
|
|
|
* chore: app version 26.0 (#2030)
|
|
|
|
* docs(secret): add a demo movie (#2031)
|
|
|
|
* feat: support cache TTL in Redis (#2021)
|
|
|
|
* fix(go): skip system installed binaries (#2028)
|
|
|
|
* fix(go): check if go.sum is nil (#2029)
|
|
|
|
* feat: add secret scanning (#1901)
|
|
|
|
* chore: gh publish only with push the tag release (#2025)
|
|
|
|
* fix(fs): ignore permission errors (#2022)
|
|
|
|
* test(mod): using correct module inside test go.mod (#2020)
|
|
|
|
* feat(server): re-add proxy support for client/server communications (#1995)
|
|
|
|
* fix(report): truncate a description before escaping in ASFF template (#2004)
|
|
|
|
* fix(cloudformation): correct margin removal for empty lines (#2002)
|
|
|
|
* fix(template): correct check of old sarif template files (#2003)
|
|
|
|
|
2022-04-19 09:58:28 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat Apr 16 09:04:55 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.26.0:
|
|
|
|
* feat(alpine): warn mixing versions (#2000)
|
|
|
|
* Update ASFF template (#1914)
|
|
|
|
* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)
|
|
|
|
* chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)
|
|
|
|
* test(go): add integration tests for gomod (#1989)
|
|
|
|
* fix(python): fixed panic when scan .egg archive (#1992)
|
|
|
|
* fix(go): set correct go modules type (#1990)
|
|
|
|
* feat(alpine): support apk repositories (#1987)
|
|
|
|
* docs: add CBL-Mariner (#1982)
|
|
|
|
* docs(go): fix version (#1986)
|
|
|
|
* feat(go): support go.mod in Go 1.17+ (#1985)
|
|
|
|
* ci: fix URLs in the PR template (#1972)
|
|
|
|
* ci: add semantic pull requests check (#1968)
|
|
|
|
* docs(issue): added docs for wrong detection issues (#1961)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Apr 14 20:12:09 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.25.4:
|
|
|
|
* docs: move CONTRIBUTING.md to docs (#1971)
|
|
|
|
* refactor(table): use file name instead package path (#1966)
|
|
|
|
* fix(sbom): add --db-repository (#1964)
|
|
|
|
* feat(table): add PkgPath in table result (#1960)
|
|
|
|
* fix(pom): merge multiple pom imports in a good manner (#1959)
|
|
|
|
|
2022-04-08 22:45:39 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Apr 06 07:35:16 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.25.3:
|
|
|
|
* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)
|
|
|
|
* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
|
|
|
|
* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)
|
|
|
|
* feat(jar): allow setting Maven Central URL using environment variable (#1939)
|
|
|
|
* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
|
|
|
|
* chore(chart): remove version comments (#1933)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Apr 06 07:32:54 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.25.2:
|
|
|
|
* fix(downloadDB): add flag to server command (#1942)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Apr 05 06:52:40 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.25.1:
|
|
|
|
* fix(misconf): update defsec to resolve panics (#1935)
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1924)
|
|
|
|
* docs: restructure the documentation (#1887)
|
|
|
|
* chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)
|
|
|
|
* chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)
|
|
|
|
* chore(deps): bump actions/checkout from 2 to 3 (#1916)
|
|
|
|
* chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921)
|
|
|
|
* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)
|
|
|
|
* chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)
|
|
|
|
* chore(deps): bump golang from 1.17 to 1.18.0 (#1915)
|
|
|
|
* Add trivy horizontal logo (#1932)
|
|
|
|
* chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)
|
|
|
|
* chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925)
|
|
|
|
* chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)
|
|
|
|
* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)
|
|
|
|
|
2022-04-01 21:36:12 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Apr 1 07:30:58 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
|
|
|
|
|
|
|
|
- Buildrequire go1.18 as upstream says in go.mod
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Apr 01 07:03:41 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.25.0:
|
|
|
|
* docs(filter vulnerabilities): fix link (#1880)
|
|
|
|
* feat(template) Add misconfigurations to gitlab codequality report (#1756)
|
|
|
|
* fix(rpc): add PkgPath field to client / server mode (#1643)
|
|
|
|
* fix(vulnerabilities): fixed trivy-db vulns (#1883)
|
|
|
|
* feat(cache): remove temporary cache after filesystem scanning (#1868)
|
|
|
|
* feat(sbom): add a dedicated sbom command (#1799)
|
|
|
|
* feat(cyclonedx): add vulnerabilities (#1832)
|
|
|
|
* fix(option): hide false warning about remote options (#1865)
|
|
|
|
* chore: bump up Go to 1.18 (#1862)
|
|
|
|
* feat(filesystem): scan in client/server mode (#1829)
|
|
|
|
* refactor(template): remove unused test (#1861)
|
|
|
|
* fix(cli): json format for trivy version (#1854)
|
|
|
|
* docs: change URL for tfsec-checks (#1857)
|
|
|
|
|
2022-03-22 19:40:18 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Mar 22 10:46:08 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- tie to go.17 as 1.18 became available
|
|
|
|
|
2022-03-21 20:11:35 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 18 10:21:14 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.24.4:
|
|
|
|
* fix(docker): Getting images without a tag (#1852)
|
|
|
|
* docs(gitlab-ci): Use environment variables TRIVY_CACHE_DIR and TRIVY_NO_PROGRESS (#1801)
|
|
|
|
|
2022-03-17 17:01:51 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 17 10:14:45 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
|
|
|
|
|
|
|
|
- BuildRequire go1.17
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 16 18:04:55 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.24.3:
|
|
|
|
* chore(issue labels): added new labels (#1839)
|
|
|
|
* refactor: clarify db update warning messages (#1808)
|
|
|
|
* chore(ci): change trivy vulnerability scan for every day (#1838)
|
|
|
|
* feat(helm): make Trivy service name configurable (#1825)
|
|
|
|
* chore(deps): updated sprig to version v3.2.2. (#1814)
|
|
|
|
* chore(deps): updated testcontainers-go to version v0.12.0 (#1822)
|
|
|
|
* docs: add packages.config for .NET (#1823)
|
|
|
|
* build: sign container image (#1668)
|
|
|
|
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.4.0 to 0.5.0 (#1778)
|
|
|
|
* docs: fix Installation documentation (#1804)
|
|
|
|
* fix(report): ensure json report got a final new line (#1797)
|
|
|
|
* fix(terraform): resolve panics in defsec (#1811)
|
|
|
|
* feat(docker): Label images based on OCI image spec (#1793)
|
|
|
|
* fix(helm): indentation for ServiceAccount annotations (#1795)
|
|
|
|
* fix(hcl): fix panic in hcl2json (#1791)
|
|
|
|
* chore(helm): remove psp from helm manifest (#1315)
|
|
|
|
* build: Replace `make protoc` with `for loop` to return an error (#1655)
|
|
|
|
* fix: ASFF template to match ASFF schema (#1685)
|
|
|
|
* feat(helm): Add support for server token (#1734)
|
|
|
|
|
2022-03-04 00:19:34 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 03 13:38:37 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.24.2:
|
|
|
|
* fix(pom): keep an order of dependencies (#1784)
|
|
|
|
* chore: bump up Go to 1.17 (#1781)
|
|
|
|
* chore(deps): bump actions/setup-python from 2 to 3 (#1776)
|
|
|
|
* chore(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (#1777)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Feb 27 17:12:56 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.24.1:
|
|
|
|
* fix(python): correct handling pip package names with a hyphen (#1771)
|
|
|
|
* doc(docker): fix command to run trivy with docker on linux (#1761)
|
|
|
|
* feat(helm): Add support for custom labels (#1767)
|
|
|
|
* chore(helm): bump chart to trivy 0.24.0 (#1762)
|
|
|
|
* docs: remove erroneous command (#1763)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Feb 23 16:09:07 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.24.0:
|
|
|
|
* chore(deps): bump github.com/spf13/afero from 1.6.0 to 1.8.1 (#1708)
|
|
|
|
* fix(option): warn list-all-pkgs only with the table format (#1755)
|
|
|
|
* feat(option): warn "--list-all-pkgs" with "--format table" (#1632)
|
|
|
|
* feat(report): add support for CycloneDX (#1081)
|
|
|
|
* chore(deps): update the defsec and tfsec versions (#1747)
|
|
|
|
* fix(scanner): fix skip of language-specific files when scanning rootf… (#1751)
|
|
|
|
* chore(deps): bump github.com/google/wire from 0.4.0 to 0.5.0 (#1712)
|
|
|
|
* feat(report): considering App.Writer when printing results (#1722)
|
|
|
|
* chore(deps): replace `satori` version and skipping examples folder (#1745)
|
|
|
|
* build: add s390x container images (#1726)
|
|
|
|
* feat(template) Add misconfigurations to junit report (#1724)
|
|
|
|
* chore(deps): bump github.com/twitchtv/twirp (#1709)
|
|
|
|
* feat(client): configure TLS InsecureSkipVerify for server connection (#1287)
|
|
|
|
* fix(rpc): Supports RPC calls for new identifier CustomResource (#1605)
|
|
|
|
* chore(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 (#1705)
|
|
|
|
* chore(deps): bump github.com/caarlos0/env/v6 from 6.0.0 to 6.9.1 (#1707)
|
|
|
|
* feat(helm): Parameterise ServiceAccount annotations (#1677)
|
|
|
|
* chore(deps): bump github.com/hashicorp/go-getter from 1.5.2 to 1.5.11 (#1710)
|
|
|
|
* chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.3 to 3.0.8 (#1704)
|
|
|
|
* chore(deps): bump github.com/open-policy-agent/opa from 0.36.1 to 0.37.2 (#1711)
|
|
|
|
* chore(dependabot): enable gomod monthly (#1699)
|
|
|
|
* fix(gitlab tpl): escape double quote (#1635)
|
|
|
|
* build: Make `make protoc` be consistent (#1682)
|
|
|
|
* feat(purl): add generate purl package utilities (#1574)
|
|
|
|
* refactor: move result structs under types (#1696)
|
|
|
|
* feat(mariner): add support for CBL-Mariner 2.0 (#1694)
|
|
|
|
* docs(gitlab-ci): fix Script in GitLab CI Example #1688
|
|
|
|
* chore: Upgrade helm chart version (#1683)
|
|
|
|
* chore(mod): update Go dependencies (#1681)
|
|
|
|
* docs: fix typos in markdown docs (#1674)
|
|
|
|
* docs: update documentation for image scanning of tar files to use a tag present on Docker Hub (#1671)
|
|
|
|
* fix(repo): --no-progress suppresses git output (#1669)
|
|
|
|
|
2022-02-01 16:59:47 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Feb 01 07:14:27 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.23.0:
|
|
|
|
* docs: add ACR navigator (#1651)
|
|
|
|
* fix: update example Rego files and docs (#1628)
|
|
|
|
* feat(option): show a link to GitHub Discussions for --light deprecation (#1650)
|
|
|
|
* fix(sarif): fix the warning message (#1647)
|
|
|
|
* refactor: migrate to prefixed buckets (#1644)
|
|
|
|
* feat(mariner): add support for CBL-Mariner (#1640)
|
|
|
|
* docs: commercial use available (#1641)
|
|
|
|
* feat: support azure acr (#1611)
|
|
|
|
* feat(os-pkg): add data sources (#1636)
|
|
|
|
* feat(redhat): support build info in RHEL (#807)
|
|
|
|
* fix: change links in pull_request_template to static URLs (#1634)
|
|
|
|
* feat(lang-pkg): add data sources (#1625)
|
|
|
|
* feat(detector): support custom detector (#1615)
|
|
|
|
* docs(contribution): change role who should resolve comments (#1618)
|
|
|
|
* docs: add PR template (#1602)
|
|
|
|
* feat(rocky): support Rocky Linux (#1570)
|
|
|
|
* Add the ability to set dockerhub credentials in the helm chart (#1569)
|
|
|
|
* feat(cache): redis TLS support (#1297)
|
|
|
|
* feat(java): add support for PAR files (#1599)
|
|
|
|
* refactor(rust): move rust-advisory-db to OSV (#1591)
|
|
|
|
* feat: log ignored vulnerabilities on debug (#1378)
|
|
|
|
* chore(mod): hcl2json deps update (#1585)
|
|
|
|
* fix(rpm): do not ignore installed files via third-party rpm (#1594)
|
|
|
|
* feat(fs): allow scanning a single file (#1578)
|
|
|
|
* refactor(python): drop Safety DB (#1580)
|
|
|
|
* feat: added insecure tls skip to scan git repo (#1528)
|
|
|
|
* Supress git clone output (#1590)
|
|
|
|
* fix(alma): skip modular package because MODULARITYLABEL is not set (#1588)
|
|
|
|
* feat(photon os): added EOL dates check (#1587)
|
|
|
|
* docs: update supported os (#1586)
|
|
|
|
* BREAKING: remove root command (#1579)
|
|
|
|
* docs: add Rust to Language-specific Packages Table (#1577)
|
|
|
|
* docs: update int doc for gitlab ci (#1575)
|
|
|
|
* BREAKING: migrate the sarif template to Go code (#1437)
|
|
|
|
* refactor: remove unused field (#1567)
|
|
|
|
* chore(deps): bump helm/chart-testing-action from 2.1.0 to 2.2.0 (#1554)
|
|
|
|
* docs: gitlab integration (#1381)
|
|
|
|
* feat(alma): support AlmaLinux (#1238)
|
|
|
|
* docs: added note about default template path when Trivy installed using rpm (#1551)
|
|
|
|
* BREAKING: Trivy DB from GHCR (#1539)
|
|
|
|
* feat(cli): Do not set default commands when a plugin is being run (#1549)
|
|
|
|
* fix: add fingerprint field to codequality template (#1541)
|
|
|
|
* fix(image): correct handling of uncompressed layers (#1544)
|
|
|
|
* chore: helm chart app version 0.22.0 (#1535)
|
|
|
|
* test(integration): use fixtures (#1532)
|
|
|
|
|
2021-12-28 13:17:07 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Dec 28 09:50:49 UTC 2021 - dmueller@suse.com
|
|
|
|
|
2022-01-06 15:51:08 +01:00
|
|
|
- Update to version 0.22.0 (jsc#SLE-18339):
|
2021-12-28 13:17:07 +01:00
|
|
|
* fix(java/pom): ignore unsupported requirements (#1514)
|
|
|
|
* feat(cli): warning for root command (#1516)
|
|
|
|
* BREAKING: disable JAR detection in fs/repo scanning (#1512)
|
|
|
|
* feat(scan): support --offline-scan option (#1511)
|
|
|
|
* fix: improve memory usage (#1509)
|
|
|
|
* feat(java): support pom.xml (#1501)
|
|
|
|
* docs: fixing rust link to security advisory (#1504)
|
|
|
|
* Add missing IacMetdata (#1505)
|
|
|
|
* feat(jar): add file path (#1498)
|
|
|
|
* feat(rpm): support NDB (#1497)
|
|
|
|
* feat: added misconfiguration field for html.tpl (#1444)
|
|
|
|
|
2021-12-21 18:40:41 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Dec 21 08:33:39 UTC 2021 - dmueller@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.21.3:
|
|
|
|
* fix(docs): typo (#1488)
|
|
|
|
* feat(plugin): Add option to update plugin (#1462)
|
|
|
|
* fix: fixed skipFiles/skipDirs flags for relative path (#1482)
|
|
|
|
* feat (plugin): add list and info command for plugin (#1452)
|
|
|
|
* fix: set up a vulnerability severity (#1458)
|
|
|
|
* chore: add arm64 deb package (#1480)
|
|
|
|
* Link to trivy tutorial on Semaphore (#1449)
|
|
|
|
* refactor(helm): externalize env vars to configMap (#1345)
|
|
|
|
* docs: provide more information on scanning Google's GCR (#1426)
|
|
|
|
* docs(misconfiguration): added instruction for misconfiguration detection (#1428)
|
|
|
|
* Update git-repository.md (#1430)
|
|
|
|
* fix(hooks): exclude unrelated lib types from system files filtering (#1431)
|
|
|
|
* chore: run `go fmt` (#1429)
|
|
|
|
* fix(sarif): change `help` field in the sarif template. (#1423)
|
|
|
|
* Update fanal with cfsec version update (#1425)
|
|
|
|
* Replace deprecated option in goreleaser (#1406)
|
|
|
|
* feat(alpine): support 3.15 (#1422)
|
|
|
|
* chore: test the helm chart in the PR and used the commit hash (#1414)
|
|
|
|
* chore(deps): bump alpine from 3.14 to 3.15.0 (#1417)
|
|
|
|
* chore(release): add ubuntu older versions to deploy script (#1416)
|
|
|
|
|
2021-12-05 22:46:20 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Dec 05 10:46:26 UTC 2021 - dmueller@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.21.1:
|
|
|
|
* chore(mod): tidy (#1415)
|
|
|
|
* fix(rpc): fix nil layer transmit (#1410)
|
|
|
|
* Lang advisory order (#1409)
|
|
|
|
* chore: add support for s390x arch (#1304)
|
|
|
|
* fix(chart): ingress helm manifest-update trivy image (#1323)
|
|
|
|
* docs: Add comparison for cfsec (#1388)
|
|
|
|
* remove: delete unused functions in utils package (#1379)
|
|
|
|
* fix(sarif): fix validation errors (#1376)
|
|
|
|
* docs: add Bitbucket Pipelines (#1374)
|
|
|
|
* docs: add community integrations (#1361)
|
|
|
|
* Use a stable SARIF identifier (#1230)
|
|
|
|
* fix(python): fix parsing of requirements.txt with hash checking mode available in pip since version 8.0
|
|
|
|
* feat(iac): Add line information (#1366)
|
|
|
|
* feat(cloudformation): Adding support for cfsec IaC scanning (#1360)
|
|
|
|
* chore: send debug and info logs to stdout in install.sh, not stderr. (#1264)
|
|
|
|
* Update containerd to v1.5.7 and docker-cli to v20.10.9 (#1356)
|
|
|
|
* chore: update SBOM generation (#1349)
|
|
|
|
|
2021-11-10 21:46:48 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Nov 10 11:42:19 UTC 2021 - dmueller@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.20.2:
|
|
|
|
* docs: update builtin.md (#1335)
|
|
|
|
* chore: fix issues with Homebrew formula (#1329)
|
|
|
|
* chore: bump GoReleaser to v0.183.0 (#1328)
|
|
|
|
* docs: update iac.md for a typo (#1326)
|
|
|
|
* docs: typo fix (#1308)
|
|
|
|
* Add new networking API features to Ingress (#1262)
|
|
|
|
* chore(release): bump up GoReleaser to v0.182.1 (#1299)
|
|
|
|
* fix(yarn): support quoted version (#1298)
|
|
|
|
* feat(custom-forward): Forward the extended advisory data (#1247)
|
|
|
|
* feat(javascript) : Initialize npm driver for javascript packages (#1289)
|
|
|
|
* fix(cli): fix incorrect comparision of DB metadata type. (#1286)
|
|
|
|
* docs: add footer to readme (#1281)
|
|
|
|
* feat(report): add package path (#1274)
|
|
|
|
* feat(command): add rootfs command (#1271)
|
|
|
|
* fix: update fanal (#1272)
|
|
|
|
* feat(commands): remove deprecated options (#1270)
|
|
|
|
* Aggregate jar result for table (#1269)
|
|
|
|
* BREAKING(report): migrate to new json schema (#1265)
|
|
|
|
* feat: improve --skip-dirs and --skip-files (#1249)
|
|
|
|
* fix(gobinary): skip large files (#1259)
|
|
|
|
* Disable library analyzer for OS only scan type (#1191)
|
|
|
|
* chore: update trivy version (#1252)
|
|
|
|
* refactor: move from io/ioutil to io and os package (#1245)
|
|
|
|
* fix: brew test command (#1253)
|
|
|
|
* fix:added layer info in packages (#1248)
|
|
|
|
* fix(go/binary): improve debug messages (#1244)
|
|
|
|
* Update db.go (#1199)
|
|
|
|
* fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243)
|
|
|
|
* feat(debian): support the versions that reached EOL (#1237)
|
|
|
|
* feat(alpine): support unfixed vulnerabilities (#1235)
|
|
|
|
* feat(report): add image config (#1231)
|
|
|
|
* feat(nodejs): support package.json (#1225)
|
|
|
|
* refactor: use testing DB instead of mock (#1234)
|
|
|
|
* feat(ruby): support gemspec (#1224)
|
|
|
|
* feat(python): add packaging detector and respective hook (#1223)
|
|
|
|
* feat(license): Added support to new License field of go-dep-parser's library (#1167)
|
|
|
|
* fix(oracle): handle advisories contain ksplice versions (#1209)
|
|
|
|
* fix(docs): remove OSVDB advisories (#1215)
|
|
|
|
* docs: fix typos in CONTRIBUTING.md (#1181)
|
|
|
|
* Update EOL of Debian 11 (#1180)
|
|
|
|
* fix(plugin): resolve a closure (#1207)
|
|
|
|
* docs: fix typo (#1206)
|
|
|
|
* fix(detector): change an argument for trivy-db getter (#1203)
|
|
|
|
* chore(mod): update fanal (#1179)
|
|
|
|
* Add license info to package data (#1176)
|
|
|
|
* feat(nuget): support packages.config (#1095)
|
|
|
|
* feat(python): add support for requirements.txt (#1169)
|
|
|
|
* GitLab CI integration documentation (#1168)
|
|
|
|
* chore(gorelease) change goreleaser config to include template examples (#1138)
|
|
|
|
* chore(deps): bump dmnemec/copy_file_to_another_repo_action (#1153)
|
|
|
|
* chore(deps): bump actions/stale from 3 to 4 (#1152)
|
|
|
|
* feat(report): add end of service life flag to OS metadata (#1142)
|
|
|
|
* chore: set up Dependabot for github-actions and docker (#1128)
|
|
|
|
* docs: fix typo (#1149)
|
|
|
|
* docs: add some external links (#1147)
|
|
|
|
* chore (release): add ubuntu esm versions to deploy script (#1151)
|
|
|
|
* docs(troubleshooting) add urls which are required to download vuls db (#1137)
|
|
|
|
* Updated the Alpine Image to 3.14 (latest) (#1130)
|
|
|
|
* Added EOL for Ubuntu 21.10 (#1131)
|
|
|
|
* fix(image): disabled scanning of config files within container images (#1133)
|
|
|
|
* docs: fixed typo (#1124)
|
|
|
|
* update cyclonedx github action to v0.3.0 (#1127)
|
|
|
|
* fix(policy): fix panic on the first run (#1116)
|
|
|
|
* docs(misconf): add comparison with Conftest and tfsec (#1111)
|
|
|
|
* feat(report): add schema version (#1110)
|
|
|
|
* fix(scan): change unknown os from info to debug (#1109)
|
|
|
|
* docs: add misconfiguration (#1101)
|
|
|
|
* fix(config): rename include-successes with include-non-failures (#1107)
|
|
|
|
* feat(config): support --trace (#1106)
|
|
|
|
* fix(policy): reduce the Internet access (#1105)
|
|
|
|
* chore: bump golangci-lint to v1.41.1 (#1104)
|
|
|
|
* feat: support config scanning (#931)
|
|
|
|
* feat(report): add artifact metadata (#1079)
|
|
|
|
* Generate SBOM (#1076)
|
|
|
|
* fix(db): multiple prefixed data sources (#1070)
|
|
|
|
* Add EOL date for Alpine 3.14 (#1072)
|
|
|
|
* suse: mark sle 15.3 as maintained, add opensuse 15.3 (#1059)
|
|
|
|
* docs: improve data sources (#1069)
|
|
|
|
* chore(label): add kind/security-advisory (#1068)
|
|
|
|
* fix(asff): replace slice with substr (#1058)
|
|
|
|
* fix(helm-chart): parametrized ingress host path (#1049)
|
|
|
|
* feat: support Google Artifact Repository (#1055)
|
|
|
|
* Update ASFF template to use label for severity (#1047)
|
|
|
|
* BREAKING: migrate to a new JSON schema (#782)
|
|
|
|
* docs: Fix link to AWS Security Hub template (#1046)
|
|
|
|
* refactor(server): support gzip (#1045)
|
|
|
|
* chore(rpc): update protoc and twirp (#1044)
|
|
|
|
* Added support for list all packages flag in client (#1032)
|
|
|
|
* chore: chart with 0.18.3 (#1033)
|
|
|
|
* feat: add gitlab codequality template (#895)
|
|
|
|
* feat(plugin): add aqua plugin (#1029)
|
|
|
|
* fix(go): if patchedVersion is empty mark it as vulnerable (#1030)
|
|
|
|
* docs(ubuntu): fix supported versions (#1028)
|
|
|
|
* Support Ubuntu 21.04 (#1027)
|
|
|
|
* chore: remove codecov (#1016)
|
|
|
|
* fix typo on github-actions.md (#1022)
|
|
|
|
- drop 0001-suse-mark-sle-15.3-as-maintained-add-opensuse-15.3.patch (upstream)
|
|
|
|
|
2021-06-07 22:45:06 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-06-19 23:02:56 +02:00
|
|
|
Thu Jun 10 12:46:10 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- add 0001-suse-mark-sle-15.3-as-maintained-add-opensuse-15.3.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jun 10 08:31:11 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- strip binaries
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-06-07 22:45:06 +02:00
|
|
|
Mon Jun 07 19:14:07 UTC 2021 - dmueller@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.18.3:
|
|
|
|
* chore(ci): change to more granular tokens (#1014)
|
|
|
|
* chore(ci): add Go scanning and update dependencies (#1001)
|
|
|
|
* docs: Add HIGH severity to Trivy command in GitLab CI example to match comment (#1013)
|
|
|
|
* fix(image): disable go.sum scanning (#1007)
|
|
|
|
* fix(gomod): handle go.sum with an empty line (#1006)
|
|
|
|
* feat: prepare for config scanning (#1005)
|
|
|
|
* Clarify that dev dependencies are excluded (#986)
|
|
|
|
* Include target value in Sarif template ruleID (#991)
|
|
|
|
* chore(mkdocs): allow workflow_dispatch (#989)
|
|
|
|
* fix(vuln) unique vulnerabilities from different data sources (#984)
|
|
|
|
* feat(go): added support of gomod analyzer (#978)
|
|
|
|
|
2021-05-17 18:45:04 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon May 03 10:04:22 UTC 2021 - dmueller@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.17.2:
|
|
|
|
* Upgrade fanal dependency (#976)
|
|
|
|
* docs: mention upx binaries (#974)
|
|
|
|
* Upgrade alpine to fix git and libcurl vulnerabilities in trivy docker image scan (#971)
|
|
|
|
* fix(fs): skip dirs (#969)
|
|
|
|
* chore(ci): replace GITHUB_TOKEN with ORG_GITHUB_TOKEN (#965)
|
|
|
|
* chore(ci): clone trivy-repo after releasing binaries (#963)
|
|
|
|
* docs: add golang support (#962)
|
|
|
|
* fix(table): skip zero vulnerabilities on java (#961)
|
|
|
|
* chore(ci): create a release discussion (#959)
|
|
|
|
* feat(go): support binary scan (#948)
|
|
|
|
* feat(java): support GitLab Advisory Database (#917)
|
|
|
|
* feat: show help message when the context's deadline passes (#955)
|
|
|
|
* chore(mkdocs): replace github token (#954)
|
|
|
|
* Update SARIF report template (#935)
|
|
|
|
* Update install docs to make commands consistent (#933)
|
|
|
|
* Docker multi-platform image build with `buildx`, using Goreleaser (#915)
|
|
|
|
* Fix JUnit template for AWS CodeBuild compatibility (#904)
|
|
|
|
* break(cli): use StringSliceFlag for skip-dirs/files (#916)
|
|
|
|
* docs: add white logo (#914)
|
|
|
|
* add package name in ruleID (#913)
|
|
|
|
* feat: gh-action for stale issues (#908)
|
|
|
|
* chore(triage): add lifecycle/active label (#909)
|
|
|
|
* feat: publish helm repository (#888)
|
|
|
|
* Fix Documentation Typo (#901)
|
|
|
|
* docs: migrate README to MkDocs (#884)
|
|
|
|
* refactor(internal): export internal packages (#887)
|
|
|
|
* feat: support plugins (#878)
|
|
|
|
* chore(ci): deploy dev docs only for the main branch (#882)
|
|
|
|
* add MkDocs implementation (#870)
|
|
|
|
* docs(README): update ubuntu versions (#877)
|
|
|
|
* support Ubuntu 20.10 (#876)
|
|
|
|
* feat(cache): introduce versioned cache (#865)
|
|
|
|
* chore: bump up Go to 1.16 (#861)
|
|
|
|
* fix: allow the latest tag (#864)
|
|
|
|
* feat: disable analyzers (#846)
|
|
|
|
* chore(ci): push the official image to public ECR (#855)
|
|
|
|
* chore(ci): migrate CircleCI to GitHub Actions (#850)
|
|
|
|
* adds example with multistage build (#853)
|
|
|
|
* remove SARIF helpUri if empty (#841) (#845)
|
|
|
|
* Add Sprig to Template Engine (#832)
|
|
|
|
* Fix "GitLab CI using Trivy container" usage example (fixes #843) (#844)
|
|
|
|
* feat(java): support jar/war/ear (#837)
|
|
|
|
* fix(app): increase the default value of timeout (#842)
|
|
|
|
* Update README.md (#838)
|
|
|
|
* Fix compatibility for Jenkins xunit plugin (#820)
|
|
|
|
* README: add Gitlab job that uses a container with trivy (#823)
|
|
|
|
* feat: support Podman (#825)
|
|
|
|
* fix(eol): update EOL dates (#824)
|
|
|
|
* fix(python): follow PEP 440 (#816)
|
|
|
|
* Support alpine 3.13 (#819)
|
|
|
|
* Changed the output string to "Using your github token". (#814)
|
|
|
|
* Align comment with code (#812)
|
|
|
|
* Parse redis backend url (#804)
|
|
|
|
* Update README.md (#810)
|
|
|
|
* Added nodeSelector, affinity and tolerations to helm chart (#803)
|
|
|
|
* Fix readme typo in policy flag (#805)
|
|
|
|
* Fix errors in SARIF format (#801)
|
|
|
|
* Fix env variable for github token (#796)
|
|
|
|
* fix(vulnerability): set unknown severity for empty values (#793)
|
|
|
|
* Remove global flags from filesystem command (#772)
|
|
|
|
* Add imagePullSecrets to helm Chart (#789)
|
|
|
|
* Add redis cache backend configuration options (#784)
|
|
|
|
* Update README.md (#735)
|
|
|
|
* feat(redhat): support modular packages (#790)
|
|
|
|
* Fix formatting of log message (#785)
|
|
|
|
* chore(ci): migrate unit tests to GitHub Actions (#779)
|
|
|
|
* shifted: brews.github to brews.tap (#780)
|
|
|
|
|
2021-01-19 16:01:44 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jan 08 13:31:54 UTC 2021 - rbrown@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.15.0:
|
|
|
|
* Feat: NuGet Scanner (#686)
|
|
|
|
* feat(cache): support Redis (#770)
|
|
|
|
* fix(redhat): skip module packages (#776)
|
|
|
|
* chore: migrate from master to main (#778)
|
|
|
|
* chore(circleci): remove gofmt (#777)
|
|
|
|
* chore(README): remove experimental (#775)
|
|
|
|
* NVD: Add timestamps. (#761)
|
|
|
|
* (fix): Make the table output less wide. (#763)
|
|
|
|
* Add gitHubToken to prevent rate limit problems (#769)
|
|
|
|
* Add helm chart to install trivy in server mode. (#751)
|
|
|
|
* chore(docs): add nix install (#762)
|
|
|
|
* HTML template (#567)
|
|
|
|
* feat: remove rpm dependency (#753)
|
|
|
|
* fix(vulnerability): make an empty severity UNKNOWN (#759)
|
|
|
|
* chore(README): add TRIVY_INSECURE (#760)
|
|
|
|
* feat(vulnerability): add primary URLs (#752)
|
|
|
|
|
2020-11-29 12:27:50 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Nov 26 15:23:00 UTC 2020 - dmueller@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.13.0:
|
|
|
|
* fix(oracle): handle ksplice advisories (#745)
|
|
|
|
* fix: version comparison (#740)
|
|
|
|
* updated Readme.md (#737)
|
|
|
|
* Add suse sles 15.2 to the EOL list as well (#734)
|
|
|
|
* Update README.md (#731)
|
|
|
|
* Warn when a user attempts to use trivy without a detectable lockfile (#729)
|
|
|
|
* Add back support for FreeBSD & OpenBSD (#728)
|
|
|
|
* Add support for ppc64le architecture (#724)
|
|
|
|
* Skip packages from unsupported repository (remi) (#695)
|
|
|
|
* Skip downloading DB if a remote DB is not updated (#717)
|
|
|
|
* Sunsetting VendorVectors (#718)
|
|
|
|
* Add GitHub Container Registry to README (#712)
|
|
|
|
* update BUG_REPORT.md using H2 instead of bold formatting (#714)
|
|
|
|
* fix(ci/deb): do not remove old packages for EOL versions (#706)
|
|
|
|
* Add linter check support (#679)
|
|
|
|
* Optimize images (#696)
|
|
|
|
* Update triage.md (#701)
|
|
|
|
- remove 0001-Add-suse-sles-15.2-to-the-EOL-list-as-well.patch (merged)
|
|
|
|
|
2020-11-06 23:45:37 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Oct 30 14:52:37 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- add 0001-Add-suse-sles-15.2-to-the-EOL-list-as-well.patch
|
|
|
|
|
2020-10-29 14:52:19 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Oct 28 12:47:30 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- revert _service and build changes in last update to use
|
|
|
|
the proper macros
|
|
|
|
- set VERSION parameter properly (jsc#CAPS-105)
|
|
|
|
- remove update-end-of-life-dates.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 22 14:20:24 UTC 2020 - Stefan Nica <snica@suse.com>
|
|
|
|
|
|
|
|
- Require golang >= 1.15 to fix EINTR read issues (jsc#CAPS-170)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 22 13:16:40 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
|
|
|
|
|
|
|
- add update-end-of-life-dates.patch
|
|
|
|
|
2020-10-21 14:40:13 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Oct 20 13:13:39 UTC 2020 - msabate@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.12.0:
|
|
|
|
* ci(circle): update remote docker version (#683)
|
|
|
|
* suse: update end of life dates for SLES service packs (#676)
|
|
|
|
* update readme for parallel run issue (#660)
|
|
|
|
* fix link for Clear images section in README (#659)
|
|
|
|
* add link to Gitlab CI pipeline in README (#658)
|
|
|
|
* test: add tests for mux (#645)
|
|
|
|
* chore: bump up Go to 1.15 (#646)
|
|
|
|
* Add contrib/ to the release chain for Docker (#638)
|
|
|
|
* Add health check endpoint to trivy server (#644)
|
|
|
|
* fix(cli): show help for subcommands (#629)
|
|
|
|
|
2020-10-20 16:13:13 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Sep 08 18:00:57 UTC 2020 - jsuchome@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.9.2:
|
|
|
|
* Fixing `Error retrieving template from path` when --format is not template but template is provided (#556)
|
|
|
|
* Adding contrib/junit.tpl to docker image (#554)
|
|
|
|
* db: Update trivy-db to include CVSS score info (#530)
|
|
|
|
* docs: fix markdown (#553)
|
|
|
|
* Added function to escape string in failure message title and descriptions (#551)
|
|
|
|
* Added JUNIT support (#541)
|
|
|
|
* chore(docs): mention air-gapped environment (#544)
|
|
|
|
* chore(README): add programming languages (#543)
|
|
|
|
* fix(log): write error messages to stderr (#538)
|
|
|
|
* Use StoreMetadata from trivy-db (#509)
|
|
|
|
* docs: add more CI options to README (#535)
|
|
|
|
* chore(Dockerfile): bump up alpine to 3.12 (#528)
|
|
|
|
* fix(alpine): replace go-deb-version with go-apk-version (#520)
|
|
|
|
* fix: MissingBlobs is implemented different in FS and S3 the method log… (#522)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Aug 19 11:24:03 UTC 2020 - dmueller@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.9.1:
|
|
|
|
* fix(alpine): support 3.12 (#517)
|
|
|
|
* chore(README): prepare for v0.9.0 (#507)
|
|
|
|
* fix(config): transpose arguments (#516)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jul 28 12:33:21 UTC 2020 - jsuchome@suse.com
|
|
|
|
|
|
|
|
- Update to version 0.9.0:
|
|
|
|
* fix(app): add ArgsUsage (#508)
|
|
|
|
* feat: support repository and filesystem scan (#503)
|
|
|
|
* Add GHSA support (#467)
|
|
|
|
* refactor: define common options and embed them into the option for subcommand (#502)
|
|
|
|
* Add image subcommand (#493)
|
|
|
|
* fix: remove help template (#500)
|
|
|
|
* vulnerability: Add CVSS Vectors to JSON output. (#484)
|
|
|
|
* feat: support registry token (#482)
|
|
|
|
* chore: bump up urfave/cli to v2 (#499)
|
|
|
|
* chore(doc): update README (#490)
|
|
|
|
* chore(ci): move integration tests to GitHub Actions (#485)
|
|
|
|
* feat: support OCI Image Format (#475)
|
|
|
|
* chore(github): fix issue templates (#483)
|
|
|
|
* contrib/gitlab.tpl: Add new id field (#468)
|
|
|
|
* chore(docs): add triage.md (#473)
|
|
|
|
* fix: handle a scratch/busybox/DockerSlim image gracefully (#476)
|
|
|
|
* rpc: Fix output to use templates when in client server mode. (#469)
|
|
|
|
* Override with Vendor score if exists (#433)
|
|
|
|
* docs: Update installation docs for pointing to Trivy Releases. (#463)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jul 24 11:34:15 UTC 2020 - jsuchome@suse.com
|
|
|
|
|
2020-10-21 14:40:13 +02:00
|
|
|
- enabled changesgenerate option to automatically generate changes
|
2020-10-20 16:13:13 +02:00
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jul 16 15:54:15 CEST 2020 - jsuchome@suse.com
|
|
|
|
|
2020-10-21 14:40:13 +02:00
|
|
|
- initial release of 0.6.0 version, supported by Harbor 2.0
|
2020-10-20 16:13:13 +02:00
|
|
|
|