diff --git a/_service b/_service
index 755ccf9..10b2ed0 100644
--- a/_service
+++ b/_service
@@ -2,14 +2,14 @@
https://github.com/aquasecurity/trivy
git
- v0.35.0
+ v0.36.0
@PARENT_TAG@
v(.*)
enable
trivy-*.tar
- gz
+ zst
trivy
diff --git a/_servicedata b/_servicedata
index 85957e4..7437d77 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
https://github.com/aquasecurity/trivy
- bd30e983e3b9444dd750478b6976ed79fbf7d4e5
\ No newline at end of file
+ 4813cf5cfdaf22d3caf8ca2a2cc89448a5ef994f
\ No newline at end of file
diff --git a/trivy-0.35.0.tar.gz b/trivy-0.35.0.tar.gz
deleted file mode 100644
index 3a14614..0000000
--- a/trivy-0.35.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:dd2a0bff572502ec02cdd9185fefa5616232f8b82319f75c08a15cf580eca15a
-size 50150809
diff --git a/trivy-0.36.0.tar.zst b/trivy-0.36.0.tar.zst
new file mode 100644
index 0000000..ea31dab
--- /dev/null
+++ b/trivy-0.36.0.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4f9b9228e1550d5d00a26b439e860883fcb91e9975ebef3e15b6ebae08a20d67
+size 44456148
diff --git a/trivy.changes b/trivy.changes
index 94bea0c..c93843b 100644
--- a/trivy.changes
+++ b/trivy.changes
@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Mon Jan 02 08:27:43 UTC 2023 - dmueller@suse.com
+
+- Update to version 0.36.0:
+ * docs: improve compliance docs (#3340)
+ * feat(deps): add yarn lock dependency tree (#3348)
+ * fix: compliance change id and title naming (#3349)
+ * feat: add support for mix.lock files for elixir language (#3328)
+ * feat: add k8s cis bench (#3315)
+ * test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322)
+ * revert: cache merged layers (#3334)
+ * feat(cyclonedx): add recommendation (#3336)
+ * feat(ubuntu): added support ubuntu ESM versions (#1893)
+ * fix: change logic to build relative paths for skip-dirs and skip-files (#3331)
+ * chore(deps): bump github.com/hashicorp/golang-lru from 0.5.4 to 2.0.1 (#3265)
+ * feat: Adding support for Windows testing (#3037)
+ * feat: add support for Alpine 3.17 (#3319)
+ * docs: change PodFile.lock to Podfile.lock (#3318)
+ * fix(sbom): support for the detection of old CycloneDX predicate type (#3316)
+ * feat(secret): Use .trivyignore for filtering secret scanning result (#3312)
+ * chore(go): remove experimental FS API usage in Wasm (#3299)
+ * ci: add workflow to add issues to roadmap project (#3292)
+ * fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275)
+ * chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#3250)
+ * feat(sbom): better support for third-party SBOMs (#3262)
+ * docs: add information about languages with support for dependency locations (#3306)
+ * feat(vm): add `region` option to vm scan to be able to scan any region's ami and ebs snapshots (#3284)
+ * chore(deps): bump github.com/Azure/azure-sdk-for-go from 66.0.0+incompatible to 67.1.0+incompatible (#3251)
+ * fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255)
+ * docs: remove comparisons (#3289)
+ * feat: add support for Wolfi Linux (#3215)
+ * ci: add go.mod to canary workflow (#3288)
+ * feat(python): skip dev dependencies (#3282)
+ * chore: update ubuntu version for Github action runnners (#3257)
+ * fix(go): skip dep without Path for go-binaries (#3254)
+ * feat(rust): add ID for cargo pgks (#3256)
+ * chore(deps): bump github.com/samber/lo from 1.33.0 to 1.36.0 (#3263)
+ * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#3253)
+ * feat: add support for swift cocoapods lock files (#2956)
+ * fix(sbom): use proper constants (#3286)
+ * chore(deps): bump golang.org/x/term from 0.1.0 to 0.3.0 (#3278)
+ * test(vm): import relevant analyzers (#3285)
+ * feat: support scan remote repository (#3131)
+ * docs: fix typo in fluxcd (#3268)
+ * docs: fix broken "ecosystem" link in readme (#3280)
+ * feat(misconf): Add compliance check support (#3130)
+ * docs: Adding Concourse resource for trivy (#3224)
+ * chore(deps): change golang from 1.19.2 to 1.19 (#3249)
+ * fix(sbom): duplicate dependson (#3261)
+ * chore(deps): bump alpine from 3.16.2 to 3.17.0 (#3247)
+ * chore(go): updates wazero to 1.0.0-pre.4 (#3242)
+ * feat(report): add dependency locations to sarif format (#3210)
+ * fix(rpm): add rocky to osVendors (#3241)
+ * docs: fix a typo (#3236)
+ * feat(dotnet): add dependency parsing for nuget lock files (#3222)
+ * docs: add pre-commit hook to community tools (#3203)
+ * feat(helm): pass arbitrary env vars to trivy (#3208)
+
-------------------------------------------------------------------
Mon Nov 28 06:41:54 UTC 2022 - kastl@b1-systems.de
diff --git a/trivy.spec b/trivy.spec
index 72ab601..8a5898d 100644
--- a/trivy.spec
+++ b/trivy.spec
@@ -1,7 +1,7 @@
#
# spec file for package trivy
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,13 +19,13 @@
%global goipath github.com/aquasecurity/trivy
Name: trivy
-Version: 0.35.0
+Version: 0.36.0
Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0
Group: System/Management
URL: https://github.com/aquasecurity/trivy
-Source: %{name}-%{version}.tar.gz
+Source: %{name}-%{version}.tar.zst
Source1: vendor.tar.zst
BuildRequires: golang-packaging
BuildRequires: zstd
diff --git a/vendor.tar.zst b/vendor.tar.zst
index 640226b..75930e9 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:5b042df50e59dc4511e4e7e3e0f9f50033baeaa8341c8f5d52c848e5932660f5
-size 49451729
+oid sha256:317857c487739ab6917291c3eb8fcf68b3e9401d028a0d454b51717f3ec5d090
+size 49721038