From 4e05e2e98dcf448a01074da32a77aa965e00f63a987d9cda46aecf072ac12714 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 2 Jan 2023 08:37:03 +0000 Subject: [PATCH] - Update to version 0.36.0: * docs: improve compliance docs (#3340) * feat(deps): add yarn lock dependency tree (#3348) * fix: compliance change id and title naming (#3349) * feat: add support for mix.lock files for elixir language (#3328) * feat: add k8s cis bench (#3315) * test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322) * revert: cache merged layers (#3334) * feat(cyclonedx): add recommendation (#3336) * feat(ubuntu): added support ubuntu ESM versions (#1893) * fix: change logic to build relative paths for skip-dirs and skip-files (#3331) * chore(deps): bump github.com/hashicorp/golang-lru from 0.5.4 to 2.0.1 (#3265) * feat: Adding support for Windows testing (#3037) * feat: add support for Alpine 3.17 (#3319) * docs: change PodFile.lock to Podfile.lock (#3318) * fix(sbom): support for the detection of old CycloneDX predicate type (#3316) * feat(secret): Use .trivyignore for filtering secret scanning result (#3312) * chore(go): remove experimental FS API usage in Wasm (#3299) * ci: add workflow to add issues to roadmap project (#3292) * fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275) * chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#3250) * feat(sbom): better support for third-party SBOMs (#3262) * docs: add information about languages with support for dependency locations (#3306) * feat(vm): add `region` option to vm scan to be able to scan any region's ami and ebs snapshots (#3284) * chore(deps): bump github.com/Azure/azure-sdk-for-go from 66.0.0+incompatible to 67.1.0+incompatible (#3251) * fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255) * docs: remove comparisons (#3289) * feat: add support for Wolfi Linux (#3215) * ci: add go.mod to canary workflow (#3288) * feat(python): skip dev dependencies (#3282) OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/trivy?expand=0&rev=32 --- _service | 4 +-- _servicedata | 2 +- trivy-0.35.0.tar.gz | 3 --- trivy-0.36.0.tar.zst | 3 +++ trivy.changes | 58 ++++++++++++++++++++++++++++++++++++++++++++ trivy.spec | 6 ++--- vendor.tar.zst | 4 +-- 7 files changed, 69 insertions(+), 11 deletions(-) delete mode 100644 trivy-0.35.0.tar.gz create mode 100644 trivy-0.36.0.tar.zst diff --git a/_service b/_service index 755ccf9..10b2ed0 100644 --- a/_service +++ b/_service @@ -2,14 +2,14 @@ https://github.com/aquasecurity/trivy git - v0.35.0 + v0.36.0 @PARENT_TAG@ v(.*) enable trivy-*.tar - gz + zst trivy diff --git a/_servicedata b/_servicedata index 85957e4..7437d77 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/aquasecurity/trivy - bd30e983e3b9444dd750478b6976ed79fbf7d4e5 \ No newline at end of file + 4813cf5cfdaf22d3caf8ca2a2cc89448a5ef994f \ No newline at end of file diff --git a/trivy-0.35.0.tar.gz b/trivy-0.35.0.tar.gz deleted file mode 100644 index 3a14614..0000000 --- a/trivy-0.35.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dd2a0bff572502ec02cdd9185fefa5616232f8b82319f75c08a15cf580eca15a -size 50150809 diff --git a/trivy-0.36.0.tar.zst b/trivy-0.36.0.tar.zst new file mode 100644 index 0000000..ea31dab --- /dev/null +++ b/trivy-0.36.0.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4f9b9228e1550d5d00a26b439e860883fcb91e9975ebef3e15b6ebae08a20d67 +size 44456148 diff --git a/trivy.changes b/trivy.changes index 94bea0c..c93843b 100644 --- a/trivy.changes +++ b/trivy.changes @@ -1,3 +1,61 @@ +------------------------------------------------------------------- +Mon Jan 02 08:27:43 UTC 2023 - dmueller@suse.com + +- Update to version 0.36.0: + * docs: improve compliance docs (#3340) + * feat(deps): add yarn lock dependency tree (#3348) + * fix: compliance change id and title naming (#3349) + * feat: add support for mix.lock files for elixir language (#3328) + * feat: add k8s cis bench (#3315) + * test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322) + * revert: cache merged layers (#3334) + * feat(cyclonedx): add recommendation (#3336) + * feat(ubuntu): added support ubuntu ESM versions (#1893) + * fix: change logic to build relative paths for skip-dirs and skip-files (#3331) + * chore(deps): bump github.com/hashicorp/golang-lru from 0.5.4 to 2.0.1 (#3265) + * feat: Adding support for Windows testing (#3037) + * feat: add support for Alpine 3.17 (#3319) + * docs: change PodFile.lock to Podfile.lock (#3318) + * fix(sbom): support for the detection of old CycloneDX predicate type (#3316) + * feat(secret): Use .trivyignore for filtering secret scanning result (#3312) + * chore(go): remove experimental FS API usage in Wasm (#3299) + * ci: add workflow to add issues to roadmap project (#3292) + * fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275) + * chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#3250) + * feat(sbom): better support for third-party SBOMs (#3262) + * docs: add information about languages with support for dependency locations (#3306) + * feat(vm): add `region` option to vm scan to be able to scan any region's ami and ebs snapshots (#3284) + * chore(deps): bump github.com/Azure/azure-sdk-for-go from 66.0.0+incompatible to 67.1.0+incompatible (#3251) + * fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255) + * docs: remove comparisons (#3289) + * feat: add support for Wolfi Linux (#3215) + * ci: add go.mod to canary workflow (#3288) + * feat(python): skip dev dependencies (#3282) + * chore: update ubuntu version for Github action runnners (#3257) + * fix(go): skip dep without Path for go-binaries (#3254) + * feat(rust): add ID for cargo pgks (#3256) + * chore(deps): bump github.com/samber/lo from 1.33.0 to 1.36.0 (#3263) + * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#3253) + * feat: add support for swift cocoapods lock files (#2956) + * fix(sbom): use proper constants (#3286) + * chore(deps): bump golang.org/x/term from 0.1.0 to 0.3.0 (#3278) + * test(vm): import relevant analyzers (#3285) + * feat: support scan remote repository (#3131) + * docs: fix typo in fluxcd (#3268) + * docs: fix broken "ecosystem" link in readme (#3280) + * feat(misconf): Add compliance check support (#3130) + * docs: Adding Concourse resource for trivy (#3224) + * chore(deps): change golang from 1.19.2 to 1.19 (#3249) + * fix(sbom): duplicate dependson (#3261) + * chore(deps): bump alpine from 3.16.2 to 3.17.0 (#3247) + * chore(go): updates wazero to 1.0.0-pre.4 (#3242) + * feat(report): add dependency locations to sarif format (#3210) + * fix(rpm): add rocky to osVendors (#3241) + * docs: fix a typo (#3236) + * feat(dotnet): add dependency parsing for nuget lock files (#3222) + * docs: add pre-commit hook to community tools (#3203) + * feat(helm): pass arbitrary env vars to trivy (#3208) + ------------------------------------------------------------------- Mon Nov 28 06:41:54 UTC 2022 - kastl@b1-systems.de diff --git a/trivy.spec b/trivy.spec index 72ab601..8a5898d 100644 --- a/trivy.spec +++ b/trivy.spec @@ -1,7 +1,7 @@ # # spec file for package trivy # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,13 +19,13 @@ %global goipath github.com/aquasecurity/trivy Name: trivy -Version: 0.35.0 +Version: 0.36.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 Group: System/Management URL: https://github.com/aquasecurity/trivy -Source: %{name}-%{version}.tar.gz +Source: %{name}-%{version}.tar.zst Source1: vendor.tar.zst BuildRequires: golang-packaging BuildRequires: zstd diff --git a/vendor.tar.zst b/vendor.tar.zst index 640226b..75930e9 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5b042df50e59dc4511e4e7e3e0f9f50033baeaa8341c8f5d52c848e5932660f5 -size 49451729 +oid sha256:317857c487739ab6917291c3eb8fcf68b3e9401d028a0d454b51717f3ec5d090 +size 49721038