From c72c54c5e488ff7928a14274ca76347158e2cdbec279828ecd3ca5b44aac477b Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 16 Aug 2022 12:09:06 +0000 Subject: [PATCH] - Update to version 0.31.0: * fix(flag): add error when there are no supported security checks (#2713) * fix(vuln): continue scanning when no vuln found in the first application (#2712) * revert: add new classes for vulnerabilities (#2701) * feat(secret): detect secrets removed or overwritten in upper layer (#2611) * fix(cli): secret scanning perf link fix (#2607) * chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650) * feat: Add AWS Cloud scanning (#2493) * docs: specify the type when verifying an attestation (#2697) * docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690) * fix(rpc): scanResponse rpc conversion for custom resources (#2692) * feat(rust): Add support for cargo-auditable (#2675) * feat: Support passing value overrides for configuration checks (#2679) * feat(sbom): add support for scanning a sbom attestation (#2652) * chore(image): skip symlinks and hardlinks from tar scan (#2634) * fix(report): Update junit.tpl (#2677) * fix(cyclonedx): add nil check to metadata.component (#2673) * docs(secret): fix missing and broken links (#2674) * refactor(cyclonedx): implement json.Unmarshaler (#2662) * chore(deps): bump github.com/aquasecurity/table from 1.6.0 to 1.7.2 (#2643) * chore(deps): bump github.com/Azure/go-autorest/autorest (#2642) * feat(kubernetes): add option to specify kubeconfig file path (#2576) * docs: follow Debian's "instructions to connect to a third-party repository" (#2511) * chore(deps): bump github.com/google/licenseclassifier/v2 (#2644) * chore(deps): bump github.com/samber/lo from 1.24.0 to 1.27.0 (#2645) * chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#2647) * chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.8 to 3.1.0 (#2646) * chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#2641) * chore(deps): bump actions/cache from 3.0.4 to 3.0.5 (#2640) * chore(deps): bump alpine from 3.16.0 to 3.16.1 (#2639) OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/trivy?expand=0&rev=15 --- _service | 2 +- _servicedata | 2 +- trivy-0.30.4.tar.gz | 3 --- trivy-0.31.0.tar.gz | 3 +++ trivy.changes | 52 +++++++++++++++++++++++++++++++++++++++++++++ trivy.spec | 2 +- vendor.tar.gz | 4 ++-- 7 files changed, 60 insertions(+), 8 deletions(-) delete mode 100644 trivy-0.30.4.tar.gz create mode 100644 trivy-0.31.0.tar.gz diff --git a/_service b/_service index 503eb20..bb66902 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/aquasecurity/trivy git - v0.30.4 + v0.31.0 @PARENT_TAG@ v(.*) enable diff --git a/_servicedata b/_servicedata index 3c29b42..2d654e9 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/aquasecurity/trivy - f9c17bd2d87b9c02da1eebd21dd45ce1ccf97995 \ No newline at end of file + 917f388852b39a0d31da4a17a73c7302b3dc0d6f \ No newline at end of file diff --git a/trivy-0.30.4.tar.gz b/trivy-0.30.4.tar.gz deleted file mode 100644 index 9976c1d..0000000 --- a/trivy-0.30.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ab1e9aaf878d4c70be26e7872ea819cd03ef684b6d9b75511e3e5d4185dba845 -size 47642090 diff --git a/trivy-0.31.0.tar.gz b/trivy-0.31.0.tar.gz new file mode 100644 index 0000000..876e4d1 --- /dev/null +++ b/trivy-0.31.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:83a8c6be644c9a064091eb491ac76355004997945d4b9c040184c4beef73c0a4 +size 47997381 diff --git a/trivy.changes b/trivy.changes index d1f3433..ae2a5e0 100644 --- a/trivy.changes +++ b/trivy.changes @@ -1,3 +1,55 @@ +------------------------------------------------------------------- +Tue Aug 16 12:02:47 UTC 2022 - dmueller@suse.com + +- Update to version 0.31.0: + * fix(flag): add error when there are no supported security checks (#2713) + * fix(vuln): continue scanning when no vuln found in the first application (#2712) + * revert: add new classes for vulnerabilities (#2701) + * feat(secret): detect secrets removed or overwritten in upper layer (#2611) + * fix(cli): secret scanning perf link fix (#2607) + * chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650) + * feat: Add AWS Cloud scanning (#2493) + * docs: specify the type when verifying an attestation (#2697) + * docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690) + * fix(rpc): scanResponse rpc conversion for custom resources (#2692) + * feat(rust): Add support for cargo-auditable (#2675) + * feat: Support passing value overrides for configuration checks (#2679) + * feat(sbom): add support for scanning a sbom attestation (#2652) + * chore(image): skip symlinks and hardlinks from tar scan (#2634) + * fix(report): Update junit.tpl (#2677) + * fix(cyclonedx): add nil check to metadata.component (#2673) + * docs(secret): fix missing and broken links (#2674) + * refactor(cyclonedx): implement json.Unmarshaler (#2662) + * chore(deps): bump github.com/aquasecurity/table from 1.6.0 to 1.7.2 (#2643) + * chore(deps): bump github.com/Azure/go-autorest/autorest (#2642) + * feat(kubernetes): add option to specify kubeconfig file path (#2576) + * docs: follow Debian's "instructions to connect to a third-party repository" (#2511) + * chore(deps): bump github.com/google/licenseclassifier/v2 (#2644) + * chore(deps): bump github.com/samber/lo from 1.24.0 to 1.27.0 (#2645) + * chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#2647) + * chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.8 to 3.1.0 (#2646) + * chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#2641) + * chore(deps): bump actions/cache from 3.0.4 to 3.0.5 (#2640) + * chore(deps): bump alpine from 3.16.0 to 3.16.1 (#2639) + * chore(deps): bump golang from 1.18.3 to 1.18.4 (#2638) + * chore(deps): bump github.com/aws/aws-sdk-go from 1.44.48 to 1.44.66 (#2648) + * chore(deps): bump github.com/open-policy-agent/opa from 0.42.0 to 0.43.0 (#2649) + * chore(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (#2651) + * feat(alma): set AlmaLinux 9 EOL (#2653) + * fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative dirs (#2636) + * test(misconf): add tests for misconf handler for dockerfiles (#2621) + * feat(oracle): set Oracle Linux 9 EOL (#2635) + * BREAKING: add new classes for vulnerabilities (#2541) + * fix(secret): add newline escaping for asymmetric private key (#2532) + * docs: improve formatting (#2572) + * feat(helm): allows users to define an existing secret for tokens (#2587) + * docs(mariner): use tdnf in fs usage example (#2616) + * docs: remove unnecessary double quotation marks (#2609) + * fix: Fix --file-patterns flag (#2625) + * feat(report): add support for Cosign vulnerability attestation (#2567) + * docs(mariner): use v2.0 in examples (#2602) + * feat(report): add secrets template for codequality report (#2461) + ------------------------------------------------------------------- Wed Jul 27 06:38:26 UTC 2022 - kastl@b1-systems.de diff --git a/trivy.spec b/trivy.spec index 3ddf9de..e1f042a 100644 --- a/trivy.spec +++ b/trivy.spec @@ -19,7 +19,7 @@ %global goipath github.com/aquasecurity/trivy Name: trivy -Version: 0.30.4 +Version: 0.31.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 diff --git a/vendor.tar.gz b/vendor.tar.gz index be53f84..5115e52 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3c526ea0d37825e69112736086a8c6bdb24991dd270dbc2ed75241a90e6655de -size 70807228 +oid sha256:d20085f6436cd681dc4af4c2605255de18db5e3dfaf88f56bc1163327f1934b2 +size 75464937