- Update to version 0.38.0:

* fix(cli): pass integer to exit-on-eol (#3716)
  * feat: add kubernetes pss compliance (#3498)
  * feat: Adding --module-dir and --enable-modules (#3677)
  * feat: add special IDs for filtering secrets (#3702)
  * chore(deps): Update defsec (#3713)
  * docs(misconf): Add guide on input schema (#3692)
  * feat(go): support dependency graph and show only direct dependencies in the tree (#3691)
  * feat: docker multi credential support (#3631)
  * feat: summarize vulnerabilities in compliance reports (#3651)
  * feat(python): parse pyproject.toml alongside poetry.lock (#3695)
  * feat(python): add dependency tree for poetry lock file (#3665)
  * fix(cyclonedx): incompliant affect ref (#3679)
  * chore(helm): update skip-db-update environment variable (#3657)
  * fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675)
  * fix(sbom): export empty dependencies in CycloneDX (#3664)
  * docs: java-db air-gap doc tweaks (#3561)
  * feat(go): license support (#3683)
  * feat(ruby): add dependency tree/location support for Gemfile.lock (#3669)
  * fix(k8s): k8s label size (#3678)
  * fix(cyclondx): fix array empty value, null to [] (#3676)
  * refactor: rewrite gomod analyzer as post-analyzer (#3674)
  * feat: config outdated-api result filtered by k8s version (#3578)
  * fix: Update to Alpine 3.17.2 (#3655)
  * feat: add support for virtual files (#3654)
  * feat: add post-analyzers (#3640)
  * chore(deps): updates wazero to 1.0.0-pre.9 (#3653)
  * chore(deps): bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#3528)
  * chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 (#3633)
  * feat(python): add dependency locations for Pipfile.lock (#3614)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/trivy?expand=0&rev=44

_service

@@ -2,7 +2,7 @@
   <service name="tar_scm" mode="disabled">
     <param name="url">https://github.com/aquasecurity/trivy</param>
     <param name="scm">git</param>
-    <param name="revision">v0.37.3</param>
+    <param name="revision">v0.38.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param name="changesrevision">85d5d61bc7f69e3bc0eec9d52b6aa47f53797cc3</param></service></servicedata>
+              <param name="changesrevision">bc0836623c6d6bed9fdca4561c6aaacb87e09032</param></service></servicedata>

trivy.changes

@@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Wed Mar 01 10:38:28 UTC 2023 - dmueller@suse.com
+
+- Update to version 0.38.0:
+  * fix(cli): pass integer to exit-on-eol (#3716)
+  * feat: add kubernetes pss compliance (#3498)
+  * feat: Adding --module-dir and --enable-modules (#3677)
+  * feat: add special IDs for filtering secrets (#3702)
+  * chore(deps): Update defsec (#3713)
+  * docs(misconf): Add guide on input schema (#3692)
+  * feat(go): support dependency graph and show only direct dependencies in the tree (#3691)
+  * feat: docker multi credential support (#3631)
+  * feat: summarize vulnerabilities in compliance reports (#3651)
+  * feat(python): parse pyproject.toml alongside poetry.lock (#3695)
+  * feat(python): add dependency tree for poetry lock file (#3665)
+  * fix(cyclonedx): incompliant affect ref (#3679)
+  * chore(helm): update skip-db-update environment variable (#3657)
+  * fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675)
+  * fix(sbom): export empty dependencies in CycloneDX (#3664)
+  * docs: java-db air-gap doc tweaks (#3561)
+  * feat(go): license support (#3683)
+  * feat(ruby): add dependency tree/location support for Gemfile.lock (#3669)
+  * fix(k8s): k8s label size (#3678)
+  * fix(cyclondx): fix array empty value, null to [] (#3676)
+  * refactor: rewrite gomod analyzer as post-analyzer (#3674)
+  * feat: config outdated-api result filtered by k8s version (#3578)
+  * fix: Update to Alpine 3.17.2 (#3655)
+  * feat: add support for virtual files (#3654)
+  * feat: add post-analyzers (#3640)
+  * chore(deps): updates wazero to 1.0.0-pre.9 (#3653)
+  * chore(deps): bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#3528)
+  * chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 (#3633)
+  * feat(python): add dependency locations for Pipfile.lock (#3614)
+  * chore(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 (#3648)
+  * fix(java): fix groupID selection by ArtifactID for jar files. (#3644)
+  * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.63.1 to 1.85.0 (#3607)
+  * fix(aws): Adding a fix for update-cache flag that is not applied on AWS scans. (#3619)
+  * feat(cli): add command completion (#3061)
+  * docs(misconf): update dockerfile link (#3627)
+  * feat(flag): add exit-on-eosl option (#3423)
+  * chore(deps): bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.2 (#3533)
+  * fix(cli): make java db repository configurable (#3595)
+  * chore: bump trivy-kubernetes (#3613)
+
 -------------------------------------------------------------------
 Wed Feb 15 08:39:40 UTC 2023 - dmueller@suse.com
 

trivy.spec

@@ -19,7 +19,7 @@
 
 %global goipath github.com/aquasecurity/trivy
 Name:           trivy
-Version:        0.37.3
+Version:        0.38.0
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0