From 062c4c451962038eada1d919c4641f12f713179a88a45e4b03b9bba539330e5d Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 3 Apr 2023 12:32:29 +0000 Subject: [PATCH] - Update to version 0.39.0: * docs(cli): added makefile and go file to create docs (#3930) * chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946) * chore: ignore gpg key (#3943) * feat(cyclonedx): support dependency graph (#3177) * chore(deps): Bump defsec to v0.85.0 (#3940) * feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919) * feat(server): redis with public TLS certs support (#3783) * feat(flag): Add glob support to `--skip-dirs` and `--skip-files` (#3866) * chore: replace make with mage (#3932) * fix(sbom): add checksum to files (#3888) * chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928) * chore: remove unused mount volumes (#3927) * feat: add auth support for downloading OCI artifacts (#3915) * refactor(purl): use epoch in qualifier (#3913) * chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#3727) * feat(image): add registry options (#3906) * feat(rust): dependency tree and line numbers support for cargo lock file (#3746) * chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905) * feat(php): add support for location, licenses and graph for composer.lock files (#3873) * chore(deps): updates wazero to 1.0.0 (#3904) * feat(image): discover SBOM in OCI referrers (#3768) * docs: change cache-dir key in config file (#3897) * fix(sbom): use release and epoch for SPDX package version (#3896) * ci: add gpg signing for RPM packages (#3612) * docs: Update incorrect comment for skip-update flag (#3878) * refactor(misconf): simplify policy filesystem (#3875) * feat(nodejs): parse package.json alongside yarn.lock (#3757) * fix(spdx): add PkgDownloadLocation field (#3879) * fix(report): try to guess direct deps for dependency tree (#3852) OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/trivy?expand=0&rev=53 --- _service | 2 +- _servicedata | 2 +- trivy-0.38.3.tar.zst | 3 -- trivy-0.39.0.tar.zst | 3 ++ trivy.changes | 72 +++++++++++++++++++++++++++++++++++++++----- trivy.spec | 2 +- vendor.obscpio | 3 ++ vendor.tar.zst | 4 +-- 8 files changed, 76 insertions(+), 15 deletions(-) delete mode 100644 trivy-0.38.3.tar.zst create mode 100644 trivy-0.39.0.tar.zst create mode 100644 vendor.obscpio diff --git a/_service b/_service index 9022088..20b6d82 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/aquasecurity/trivy git - v0.38.3 + v0.39.0 @PARENT_TAG@ v(.*) enable diff --git a/_servicedata b/_servicedata index 0fac1df..169bf10 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/aquasecurity/trivy - a12f58be57931c13b5ba9016bc8afd52bd63d3ae \ No newline at end of file + ed590966a3efdaf6cbb48e34bfb36ea0884e45d8 \ No newline at end of file diff --git a/trivy-0.38.3.tar.zst b/trivy-0.38.3.tar.zst deleted file mode 100644 index 28ed8d7..0000000 --- a/trivy-0.38.3.tar.zst +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a7ca8865087b1cc8dea0b3ef96c5e1c501e795c01aca167b5acafbee942660af -size 44721671 diff --git a/trivy-0.39.0.tar.zst b/trivy-0.39.0.tar.zst new file mode 100644 index 0000000..8de5d22 --- /dev/null +++ b/trivy-0.39.0.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8eec8b9859100325cba0854b654f4a5dc55e752aa6c6ff51fd02098cc3d94b2e +size 44746619 diff --git a/trivy.changes b/trivy.changes index 7c9818f..4e818e3 100644 --- a/trivy.changes +++ b/trivy.changes @@ -1,18 +1,76 @@ +------------------------------------------------------------------- +Mon Apr 03 08:36:44 UTC 2023 - dmueller@suse.com + +- Update to version 0.39.0: + * docs(cli): added makefile and go file to create docs (#3930) + * chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946) + * chore: ignore gpg key (#3943) + * feat(cyclonedx): support dependency graph (#3177) + * chore(deps): Bump defsec to v0.85.0 (#3940) + * feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919) + * feat(server): redis with public TLS certs support (#3783) + * feat(flag): Add glob support to `--skip-dirs` and `--skip-files` (#3866) + * chore: replace make with mage (#3932) + * fix(sbom): add checksum to files (#3888) + * chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928) + * chore: remove unused mount volumes (#3927) + * feat: add auth support for downloading OCI artifacts (#3915) + * refactor(purl): use epoch in qualifier (#3913) + * chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#3727) + * feat(image): add registry options (#3906) + * feat(rust): dependency tree and line numbers support for cargo lock file (#3746) + * chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905) + * feat(php): add support for location, licenses and graph for composer.lock files (#3873) + * chore(deps): updates wazero to 1.0.0 (#3904) + * feat(image): discover SBOM in OCI referrers (#3768) + * docs: change cache-dir key in config file (#3897) + * fix(sbom): use release and epoch for SPDX package version (#3896) + * ci: add gpg signing for RPM packages (#3612) + * docs: Update incorrect comment for skip-update flag (#3878) + * refactor(misconf): simplify policy filesystem (#3875) + * feat(nodejs): parse package.json alongside yarn.lock (#3757) + * fix(spdx): add PkgDownloadLocation field (#3879) + * fix(report): try to guess direct deps for dependency tree (#3852) + * chore(amazon): update EOL (#3876) + * fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877) + * feat(amazon): add al2023 support (#3854) + * chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (#3736) + * docs(misconf): Add information about selectors (#3703) + * docs(cli): update CLI docs with cobra (#3815) + * feat: k8s parallel processing (#3693) + * docs: add DefectDojo in the Security Management section (#3871) + * chore(deps): updates wazero to 1.0.0-rc.2 (#3853) + * refactor: add pipeline (#3868) + * feat(cli): add javadb metadata to version info (#3835) + * chore(deps): Move compliance types to defsec (#3842) + * feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#3849) + * feat: add node toleration option (#3823) + * fix: allow mapfs to open dirs (#3867) + * fix(report): update uri only for os class targets (#3846) + * feat(nodejs): Add v3 npm lock file support (#3826) + * feat(nodejs): parse package.json files alongside package-lock.json (#2916) + * docs(misconf): Fix links to built in policies (#3841) + ------------------------------------------------------------------- Tue Mar 14 09:56:08 UTC 2023 - dmueller@suse.com - Update to version 0.38.3: - * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.86.1 to 1.89.1 (#3827) - * fix(java): skip empty files for jar post analyzer (#3832) - * fix(docker): build healthcheck command for line without /bin/sh prefix (#3831) + * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 + from 1.86.1 to 1.89.1 + * fix(java): skip empty files for jar post analyzer + * fix(docker): build healthcheck command for line without + /bin/sh prefix * refactor(license): use goyacc for license parser (#3824) - * chore(deps): bump github.com/docker/docker from 23.0.0-rc.1+incompatible to 23.0.1+incompatible (#3586) - * fix: populate timeout context to node-collector (#3766) + * chore(deps): bump github.com/docker/docker from + 23.0.0-rc.1+incompatible to 23.0.1+incompatible + * fix: populate timeout context to node-collector * fix: exclude node collector scanning (#3771) - * fix: display correct flag in error message when skipping java db update #3808 + * fix: display correct flag in error message when skipping + java db update #3808 * fix: disable jar analyzer for scanners other than vuln (#3810) * fix(sbom): fix incompliant license format for spdx (#3335) - * fix(java): the project props take precedence over the parent's props (#3320) + * fix(java): the project props take precedence over the + parent's props (#3320) * docs: add canary build info to README.md (#3799) * docs: adding link to gh token generation (#3784) * docs: changing docs in accordance with #3460 (#3787) diff --git a/trivy.spec b/trivy.spec index 4f41255..36c0637 100644 --- a/trivy.spec +++ b/trivy.spec @@ -19,7 +19,7 @@ %global goipath github.com/aquasecurity/trivy Name: trivy -Version: 0.38.3 +Version: 0.39.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 diff --git a/vendor.obscpio b/vendor.obscpio new file mode 100644 index 0000000..0c27c9b --- /dev/null +++ b/vendor.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f44cf2cabdc09d63678bdb9cf4c5b82b4a96a7e960f22243e230c579299bb094 +size 307762556 diff --git a/vendor.tar.zst b/vendor.tar.zst index 3e75425..62c220c 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9b5343aa5bcefcd310cb398274c04a532eaccab59dbf053082ff65ab8e67095f -size 41287987 +oid sha256:b6e232385c23bddd81ab6255903fa586f48715110dddcc462d8924e08e5d567c +size 18634053