dirkmueller/trivy
SHA256
1
0
Fork 0
forked from pool/trivy
Code Pull Requests Activity

Compare commits

base: dirkmueller:52.1_update
Branches Tags
dirkmueller:factory dirkmueller:52.1_update dirkmueller:devel pool:leap-16.0 pool:factory pool:devel
..
compare: pool:factory
Branches Tags
pool:leap-16.0 pool:factory pool:devel dirkmueller:factory dirkmueller:52.1_update dirkmueller:devel

35 Commits
52.1_updat ... factory

Author SHA256 Message Date
Git SCM Staging
fb453cccef Merge pull request 'remove rpm dependency' (#20) from dirkmueller/trivy:factory into factory 2025-07-26 04:05:05 +02:00
Dirk Müller
16e3bb45d9 remove rpm dependency 2025-07-23 13:39:28 +02:00
Git SCM Staging
e5483757bf Merge pull request 'Update to 0.64.1' (#19) from dirkmueller/trivy:factory into factory 2025-07-12 04:05:05 +02:00
Dirk Müller
abd568917e Update to 0.64.1 
Includes a changes file update to mention a already previously
dropped patch file
 2025-07-11 17:49:09 +02:00
Git SCM Staging
02f746d2a3 Merge pull request 'Update to 0.62.1' (#16) from dirkmueller/trivy:factory into factory 2025-05-09 04:05:04 +02:00
Dirk Müller
fd22818eb9 Update to 0.62.1 2025-05-07 19:09:33 +02:00
Git SCM Staging
eaa1d19d8e Merge pull request 'Update to 0.61.1' (#15) from dirkmueller/trivy:factory into factory 2025-04-26 04:05:29 +02:00
Dirk Müller
dd38f6440d Update to 0.61.1 2025-04-24 17:14:50 +02:00
Git SCM Staging
b1620bb580 Merge pull request 'Update to 0.59.1' (#13) from dirkmueller/trivy:factory into factory 2025-02-27 04:05:03 +01:00
Dirk Müller
7ca63ef751 Add CVE reference 2025-02-26 11:19:29 +01:00
Dirk Müller
f0646f271b Add patch for CVE-2025-27144 2025-02-26 10:02:35 +01:00
Dirk Müller
242c86594f Update to 0.59.1 2025-02-25 15:48:28 +01:00
Git SCM Staging
613bf3e03c Merge pull request 'Update to 0.59.0' (#12) from cwh/trivy:factory into factory 2025-02-18 15:25:59 +01:00
Dirk Müller
d519931762 Fixup go version 2025-02-07 12:33:53 +01:00
Christopher Hofmann
ff71303c93 Update to 0.59.0 2025-02-05 17:36:52 +01:00
Git SCM Staging
296e8bd503 Merge pull request 'Update to 0.58.2' (#11) from dirkmueller/trivy:factory into factory 2025-02-04 09:51:20 +01:00
Dirk Müller
757447aee9 capture another missing CVE 2025-01-29 13:07:39 +01:00
Dirk Müller
021d08eb6c update changes file 2025-01-29 13:05:37 +01:00
Dirk Müller
74c123e467 Update to 0.58.2 2025-01-29 13:00:41 +01:00
Git SCM Staging
2d26b2793e Merge pull request 'Update to 0.57.1' (#10) from cwh/trivy:factory into factory 2024-12-17 17:35:40 +01:00
Christopher Hofmann
7b167d9c3b Removing _scmsync.obsinfo 2024-12-02 16:19:55 +01:00
Christopher Hofmann
59397611e8 Fixed changelog 2024-12-02 16:10:07 +01:00
Christopher Hofmann
aae9ac0477 Update to 0.57.1 2024-12-02 14:28:51 +01:00
Git SCM Staging
ee0748bb75 Merge pull request 'Update to 0.56.2' (#8) from dirkmueller/trivy:factory into factory 2024-10-30 09:33:58 +01:00
Dirk Müller
4c05bd9c33 Update to 0.56.2 2024-10-23 15:25:52 +02:00
Git SCM Staging
2bfad5183b Merge pull request 'Update to 0.56.1' (#7) from dirkmueller/trivy:factory into factory 2024-10-23 14:46:51 +02:00
Dirk Müller
9b5c03e298 Update to 0.56.1 2024-10-08 18:51:25 +02:00
Git SCM Staging
eab0f16835 Merge pull request 'Update to 0.54.1' (#6) from dirkmueller/trivy:factory into factory 2024-08-01 22:06:07 +02:00
Dirk Müller
8c16244bf4 Update to 0.54.1 2024-08-01 17:16:29 +02:00
Git SCM Staging
da98a7ae05 Merge pull request 'refresh patch with latest PR state' (#4) from dirkmueller/trivy:factory into factory 2024-07-31 13:55:29 +02:00
Dirk Müller
c709c9b193 refresh patch with latest PR state 2024-07-25 11:40:38 +02:00
Git SCM Staging
412b62b3f0 Merge pull request 'Update to 0.53.0' (#3) from dirkmueller/trivy:factory into factory 2024-07-16 09:43:28 +02:00
Dirk Müller
c8e863eb57 Changes file updates with bugzilla references 2024-07-11 17:52:15 +02:00
Dirk Müller
b3400c2aca Update to 0.53.0 2024-07-11 17:36:46 +02:00
Git SCM Staging
8c08a13603 Merge pull request 'Update to 0.52.2' (#2) from dirkmueller/trivy:52.1_update into factory 2024-07-01 10:57:03 +02:00
11 changed files with 894 additions and 218 deletions
Expand all files Collapse all files

38
CVE-2025-53547.patch Normal file
View File

@@ -0,0 +1,38 @@
From 00de613324df4dd930e6d231d9aae7f9dee29c76 Mon Sep 17 00:00:00 2001
From: Matt Farina <matt.farina@suse.com>
Date: Wed, 2 Jul 2025 15:10:04 -0400
Subject: [PATCH] Updating link handling
Signed-off-by: Matt Farina <matt.farina@suse.com>
(cherry picked from commit 76fdba4c8c2a4829a6b7abb48a08e51fd07fa0b3)
(cherry picked from commit 4389fa639a4d8e6836fa8df9bb70dd69c2820c12)
---
pkg/downloader/manager.go | 14 +++++
pkg/downloader/manager_test.go | 94 ++++++++++++++++++++++++++++++++++
2 files changed, 108 insertions(+)
diff --git a/pkg/downloader/manager.go b/pkg/downloader/manager.go
index ec4056d2753..cc7850aae4b 100644
--- a/pkg/downloader/manager.go
+++ b/pkg/downloader/manager.go
@@ -852,6 +852,20 @@ func writeLock(chartpath string, lock *chart.Lock, legacyLockfile bool) error {
lockfileName = "requirements.lock"
}
dest := filepath.Join(chartpath, lockfileName)
+
+ info, err := os.Lstat(dest)
+ if err != nil && !os.IsNotExist(err) {
+ return fmt.Errorf("error getting info for %q: %w", dest, err)
+ } else if err == nil {
+ if info.Mode()&os.ModeSymlink != 0 {
+ link, err := os.Readlink(dest)
+ if err != nil {
+ return fmt.Errorf("error reading symlink for %q: %w", dest, err)
+ }
+ return fmt.Errorf("the %s file is a symlink to %q", lockfileName, link)
+ }
+ }
+
return os.WriteFile(dest, data, 0644)
}

4
_scmsync.obsinfo
View File

@@ -1,4 +0,0 @@
mtime: 1717765405
commit: 96ac2f27c0ccdd6423580fc28d828483ef3309a85f4741eb93d275b73f7ef52c
url: https://src.opensuse.org/pool/trivy.git
revision: factory

2
_service
View File

@@ -2,7 +2,7 @@
<service name="tar_scm" mode="manual">
<param name="url">https://github.com/aquasecurity/trivy</param>
<param name="scm">git</param>
<param name="revision">v0.52.2</param>
<param name="revision">v0.64.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>

2
_servicedata
View File

@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/aquasecurity/trivy</param>
<param name="changesrevision">8709d4f9c8ae29df1ff2e0d45b414cc075d3ea0b</param></service></servicedata>
<param name="changesrevision">86ee3c1176d4707536914dfa65ac8eca452e14cd</param></service></servicedata>

103
add-opensuse-tumbleweed-db.patch
View File

@@ -1,103 +0,0 @@
From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Wed, 19 Jun 2024 09:59:41 +0200
Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
(Tumbleweed has no version as it is rolling)
https://github.com/aquasecurity/trivy-db/issues/410
---
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 18 +++++++++++++++---
pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go | 4 ++++
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
index be3d4eff..297b29eb 100644
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
@@ -24,8 +24,10 @@ type Distribution int
const (
SUSEEnterpriseLinux Distribution = iota
OpenSUSE
+ OpenSUSETumbleweed
- platformOpenSUSEFormat = "openSUSE Leap %s"
+ platformOpenSUSETumbleweedFormat = "openSUSE Tumbleweed"
+ platformOpenSUSELeapFormat = "openSUSE Leap %s"
platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
)
@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
if vs.dist == OpenSUSE {
return "opensuse-cvrf"
}
+ if vs.dist == OpenSUSETumbleweed {
+ return "opensuse-tumbleweed-cvrf"
+ }
return source.ID
}
@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
case SUSEEnterpriseLinux:
rootDir = filepath.Join(rootDir, "suse")
case OpenSUSE:
+ case OpenSUSETumbleweed:
rootDir = filepath.Join(rootDir, "opensuse")
default:
return xerrors.New("unknown distribution")
@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
return ""
}
+ if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
+ // Tumbleweed has no version, it is a rolling release
+ return platformOpenSUSETumbleweedFormat
+ }
if strings.HasPrefix(platformName, "openSUSE Leap") {
// openSUSE Leap 15.0
ss := strings.Split(platformName, " ")
@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
log.Printf("invalid version: %s, err: %s", platformName, err)
return ""
}
- return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
+ return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
}
if strings.Contains(platformName, "SUSE Linux Enterprise") {
// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
case SUSEEnterpriseLinux:
bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
case OpenSUSE:
- bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
+ bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
+ case OpenSUSETumbleweed:
+ bucket = platformOpenSUSETumbleweedFormat
default:
return nil, xerrors.New("unknown distribution")
}
From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Wed, 19 Jun 2024 16:07:49 +0200
Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
---
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
index 297b29eb..f616990e 100644
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
switch vs.dist {
case SUSEEnterpriseLinux:
rootDir = filepath.Join(rootDir, "suse")
- case OpenSUSE:
- case OpenSUSETumbleweed:
+ case OpenSUSE, OpenSUSETumbleweed:
rootDir = filepath.Join(rootDir, "opensuse")
default:
return xerrors.New("unknown distribution")

94
add-opensuse-tumbleweed-support.patch
View File

@@ -1,94 +0,0 @@
From 3e9c8361a53b33bdd8bfe3009fae69a50fe5f261 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Wed, 19 Jun 2024 10:32:34 +0200
Subject: [PATCH] feat: add openSUSE tumbleweed detection and scanning
needs changes in trivy-db to go along from https://github.com/aquasecurity/trivy-db/pull/411 to go along
https://github.com/aquasecurity/trivy-db/issues/410
---
docs/docs/coverage/os/index.md | 1 +
docs/docs/coverage/os/suse.md | 5 +++--
pkg/detector/ospkg/detect.go | 1 +
pkg/detector/ospkg/suse/suse.go | 9 +++++++++
4 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md
index a8d2670d7d6..49982b1b2d6 100644
--- a/docs/docs/coverage/os/index.md
+++ b/docs/docs/coverage/os/index.md
@@ -22,6 +22,7 @@ Trivy supports operating systems for
| [CBL-Mariner](cbl-mariner.md) | 1.0, 2.0 | dnf/yum/rpm |
| [Amazon Linux](amazon.md) | 1, 2, 2023 | dnf/yum/rpm |
| [openSUSE Leap](suse.md) | 42, 15 | zypper/rpm |
+| [openSUSE Tumbleweed](suse.md) | (n/a) | zypper/rpm |
| [SUSE Enterprise Linux](suse.md) | 11, 12, 15 | zypper/rpm |
| [Photon OS](photon.md) | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm |
| [Debian GNU/Linux](debian.md) | 7, 8, 9, 10, 11, 12 | apt/dpkg |
diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md
index 6ff52de31c8..15cfb1e9379 100644
--- a/docs/docs/coverage/os/suse.md
+++ b/docs/docs/coverage/os/suse.md
@@ -2,6 +2,7 @@
Trivy supports the following distributions:
- openSUSE Leap
+- openSUSE Tumbleweed
- SUSE Enterprise Linux (SLE)
Please see [here](index.md#supported-os) for supported versions.
@@ -35,6 +36,6 @@ Trivy identifies licenses by examining the metadata of RPM packages.
[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
-[cvrf]: http://ftp.suse.com/pub/projects/security/cvrf/
+[cvrf]: https://ftp.suse.com/pub/projects/security/cvrf/
-[vulnerability statuses]: ../../configuration/filtering.md#by-status
\ No newline at end of file
+[vulnerability statuses]: ../../configuration/filtering.md#by-status
diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
index bbeb8e8649d..56c4b76d147 100644
--- a/pkg/detector/ospkg/detect.go
+++ b/pkg/detector/ospkg/detect.go
@@ -40,6 +40,7 @@ var (
ftypes.CentOS: redhat.NewScanner(),
ftypes.Rocky: rocky.NewScanner(),
ftypes.Oracle: oracle.NewScanner(),
+ ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed),
ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE),
ftypes.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux),
ftypes.Photon: photon.NewScanner(),
diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
index a5ccade5c81..439cad3ce28 100644
--- a/pkg/detector/ospkg/suse/suse.go
+++ b/pkg/detector/ospkg/suse/suse.go
@@ -66,6 +66,7 @@ const (
SUSEEnterpriseLinux Type = iota
// OpenSUSE for open versions
OpenSUSE
+ OpenSUSETumbleweed
)
// Scanner implements the SUSE scanner
@@ -84,6 +85,10 @@ func NewScanner(t Type) *Scanner {
return &Scanner{
vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE),
}
+ case OpenSUSETumbleweed:
+ return &Scanner{
+ vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSETumbleweed),
+ }
}
return nil
}
@@ -128,5 +133,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType
if osFamily == ftypes.SLES {
return osver.Supported(ctx, slesEolDates, osFamily, osVer)
}
+ // tumbleweed is a rolling release, it has no version and no eol
+ if osFamily == ftypes.OpenSUSETumbleweed {
+ return true
+ }
return osver.Supported(ctx, opensuseEolDates, osFamily, osVer)
}

BIN
trivy-0.52.2.tar.zst (Stored with Git LFS)
View File

Binary file not shown.

BIN
trivy-0.64.1.tar.zst (Stored with Git LFS) Normal file
View File

Binary file not shown.

844
trivy.changes
View File

@@ -1,3 +1,845 @@
-------------------------------------------------------------------
Tue Jul 22 10:27:07 UTC 2025 - Christopher Hofmann <cwh@suse.com>
- remove dependency on 'rpm' which became obsolete a while ago
-------------------------------------------------------------------
Wed Jul 9 15:48:08 UTC 2025 - Dirk Müller <dmueller@suse.com>
- add CVE-2025-53547.patch: (CVE-2025-53547, bsc#1246151)
-------------------------------------------------------------------
Wed Jul 09 15:17:39 UTC 2025 - Dirk Müller <dmueller@suse.com>
- Update to version 0.64.1:
* release: v0.64.1 [release/v0.64] (#9122)
* fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127)
* fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124)
* fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120)
* fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119)
* release: v0.64.0 [main] (#8955)
* docs(python): fix type with METADATA file name (#9090)
* feat: reject unsupported artifact types in remote image retrieval (#9052)
* chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088)
* refactor(misconf): rewrite Rego module filtering using functional filters (#9061)
* feat(terraform): add partial evaluation for policy templates (#8967)
* feat(vuln): add Root.io support for container image scanning (#9073)
* feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019)
* fix(cli): add some values to the telemetry call (#9056)
* feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077)
* refactor: centralize HTTP transport configuration (#9058)
* test: include integration tests in linting and fix all issues (#9060)
* chore(deps): bump the common group across 1 directory with 26 updates (#9063)
* feat(java): dereference all maven settings.xml env placeholders (#9024)
* fix(misconf): reduce log noise on incompatible check (#9029)
* fix(misconf): .Config.User always takes precedence over USER in .History (#9050)
* chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037)
* docs(misconf): simplify misconfiguration docs (#9030)
* fix(misconf): move disabled checks filtering after analyzer scan (#9002)
* docs: add PR review policy for maintainers (#9032)
* fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034)
* test: improve and extend tests for iac/adapters/arm (#9028)
* chore: bump up Go version to 1.24.4 (#9031)
* feat(cli): add version constraints to annoucements (#9023)
* fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015)
* feat(ubuntu): add eol date for 20.04-ESM (#8981)
* fix(report): don't panic when report contains vulns, but doesn't contain packages for `table` format (#8549)
* fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998)
* refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983)
* docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003)
* feat(misconf): add OpenTofu file extension support (#8747)
* refactor(misconf): set Trivy version by default in Rego scanner (#9001)
* docs: fix assets with versioning (#8996)
* docs: add partners page (#8988)
* chore(alpine): add EOL date for Alpine 3.22 (#8992)
* fix: don't show corrupted trivy-db warning for first run (#8991)
* Update installation.md (#8979)
* feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953)
* chore(k8s): update comments with deprecated command format (#8964)
* chore: fix errors and typos in docs (#8963)
* fix: Add missing version check flags (#8951)
* feat(redhat): Add EOL date for RHEL 10. (#8910)
* fix: Correctly check for semver versions for trivy version check (#8948)
* refactor(server): change custom advisory and vulnerability data types fr… (#8923)
* ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946)
* release: v0.63.0 [main] (#8809)
* fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942)
* chore(deps): Bump trivy-checks (#8934)
* fix(julia): add `Relationship` field support (#8939)
* feat(minimos): Add support for MinimOS (#8792)
* feat(alpine): add maintainer field extraction for APK packages (#8930)
* feat(echo): Add Echo Support (#8833)
* fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924)
* fix(wolfi): support new APK database location (#8937)
* feat(k8s): get components from namespaced resources (#8918)
* refactor(cloudformation): remove unused ScanFile method from Scanner (#8927)
* refactor(terraform): remove result sorting from scanner (#8928)
* feat(misconf): Add support for `Minimum Trivy Version` (#8880)
* docs: improve skipping files documentation (#8749)
* feat(cli): Add available version checking (#8553)
* feat(nodejs): add a bun.lock analyzer (#8897)
* feat: terraform parser option to set current working directory (#8909)
* perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602)
* feat(misconf): export raw Terraform data to Rego (#8741)
* refactor(terraform): simplify AllReferences method signature in Attribute (#8906)
* fix: check post-analyzers for StaticPaths (#8904)
* feat: add Bottlerocket OS package analyzer (#8653)
* feat(license): improve work text licenses with custom classification (#8888)
* chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901)
* chore(deps): bump the common group across 1 directory with 9 updates (#8887)
* refactor(license): simplify compound license scanning (#8896)
* feat(license): Support compound licenses (licenses using SPDX operators) (#8816)
* fix(k8s): use in-memory cache backend during misconfig scanning (#8873)
* feat(nodejs): add bun.lock parser (#8851)
* feat(license): improve work with custom classification of licenses from config file (#8861)
* fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886)
* fix: julia parser panicing (#8883)
* refactor(db): change logic to detect wrong DB (#8864)
* fix(cli): don't use allow values for `--compliance` flag (#8881)
* docs(misconf): Reorganize misconfiguration scan pages (#8206)
* fix(server): add missed Relationship field for `rpc` (#8872)
* feat: add JSONC support for comments and trailing commas (#8862)
* fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858)
* feat(go): support license scanning in both GOPATH and vendor (#8843)
* fix(redhat): save contentSets for OS packages in fs/vm modes (#8820)
* fix: filter all files when processing files installed from package managers (#8842)
* feat(misconf): add misconfiguration location to junit template (#8793)
* docs(vuln): remove OSV for Python from data sources (#8841)
* chore: add an issue template for maintainers (#8838)
* chore: enable staticcheck (#8815)
* ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836)
* feat(license): scan vendor directory for license for go.mod files (#8689)
* docs(java): Update info about dev deps in gradle lock (#8830)
* chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822)
* fix(java): exclude dev dependencies in gradle lockfile (#8803)
* fix: octalLiteral from go-critic (#8811)
* fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818)
* chore(deps): bump the common group across 1 directory with 10 updates (#8817)
* fix: use-any from revive (#8810)
* fix: more revive rules (#8814)
* docs: change in java.md: fix the Trity -to-> Trivy typo (#8813)
* fix(misconf): check if for-each is known when expanding dyn block (#8808)
* ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802)
-------------------------------------------------------------------
Wed May 07 15:37:35 UTC 2025 - Dirk Müller <dmueller@suse.com>
- Update to version 0.62.1:
* release: v0.62.1 [release/v0.62] (#8825)
* chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831)
* fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826)
* fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824)
* release: v0.62.0 [main] (#8669)
* feat(nodejs): add root and workspace for `yarn` packages (#8535)
* fix: unused-parameter rule from revive (#8794)
* chore(deps): Update trivy-checks (#8798)
* fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796)
* fix(k8s): remove using `last-applied-configuration` (#8791)
* refactor(misconf): remove unused methods from providers (#8781)
* refactor(misconf): remove unused methods from iac types (#8782)
* fix(misconf): filter null nodes when parsing json manifest (#8785)
* fix: testifylint last issues (#8768)
* fix(misconf): perform operations on attribute safely (#8774)
* refactor(ubuntu): update time handling for fixing time (#8780)
* chore(deps): bump golangci-lint to v2.1.2 (#8766)
* feat(image): save layers metadata into report (#8394)
* feat(misconf): convert AWS managed policy to document (#8757)
* chore(deps): bump the docker group across 1 directory with 3 updates (#8762)
* ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753)
* ci(helm): create a helm branch for patches from main (#8673)
* fix(terraform): hcl object expressions to return references (#8271)
* chore(terraform): option to pass in instanced logger (#8738)
* ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740)
* chore(terraform): remove os.OpenPath call from terraform file functions (#8737)
* chore(deps): bump the common group across 1 directory with 23 updates (#8733)
* feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676)
* refactor(misconf): remove module outputs from parser.EvaluateAll (#8587)
* fix(misconf): populate context correctly for module instances (#8656)
* fix(misconf): check if metadata is not nil (#8647)
* refactor(misconf): switch to x/json (#8719)
* fix(report): clean buffer after flushing (#8725)
* ci: improve PR title validation workflow (#8720)
* refactor(flag): improve flag system architecture and extensibility (#8718)
* fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555)
* refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591)
* feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705)
* ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702)
* refactor: add hook interface for extended functionality (#8585)
* fix(misconf): add missing variable as unknown (#8683)
* docs: Update maintainer docs (#8674)
* ci(vuln): reduce github action script injection attack risk (#8610)
* fix(secret): ignore .dist-info directories during secret scanning (#8646)
* fix(server): fix redis key when trying to delete blob (#8649)
* chore(deps): bump the testcontainers group with 2 updates (#8650)
* test: use `aquasecurity` repository for test images (#8677)
* chore(deps): bump the aws group across 1 directory with 5 updates (#8652)
* fix(k8s): skip passed misconfigs for the summary report (#8684)
* fix(k8s): correct compare artifact versions (#8682)
* chore: update Docker lib (#8681)
* refactor(misconf): remove unused terraform attribute methods (#8657)
* feat(misconf): add option to pass Rego scanner to IaC scanner (#8369)
* chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643)
* docs: Add info about helm charts release (#8640)
* ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638)
-------------------------------------------------------------------
Thu Apr 24 15:03:57 UTC 2025 - dmueller@suse.com
- Update to version 0.61.1:
* release: v0.61.1 [release/v0.61] (#8704)
* fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748)
* fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699)
* test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698)
* release: v0.61.0 [main] (#8507)
* fix(misconf): Improve logging for unsupported checks (#8634)
* feat(k8s): add support for controllers (#8614)
* fix(debian): don't include empty licenses for `dpkgs` (#8623)
* fix(misconf): Check values wholly prior to evalution (#8604)
* chore(deps): Bump trivy-checks (#8619)
* fix(k8s): show report for `--report all` (#8613)
* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597)
* refactor: rename scanner to service (#8584)
* fix(misconf): do not skip loading documents from subdirectories (#8526)
* refactor(misconf): get a block or attribute without calling HasChild (#8586)
* fix(misconf): identify the chart file exactly by name (#8590)
* test: use table-driven tests in Helm scanner tests (#8592)
* refactor(misconf): Simplify misconfig checks bundle parsing (#8533)
* chore(deps): bump the common group across 1 directory with 10 updates (#8566)
* fix(misconf): do not use cty.NilVal for non-nil values (#8567)
* docs(cli): improve flag value display format (#8560)
* fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548)
* docs: remove slack (#8565)
* fix: use `--file-patterns` flag for all post analyzers (#7365)
* docs(python): Mention pip-compile (#8484)
* feat(misconf): adapt aws_opensearch_domain (#8550)
* feat(misconf): adapt AWS::EC2::VPC (#8534)
* docs: fix a broken link (#8546)
* fix(fs): check postAnalyzers for StaticPaths (#8543)
* refactor(misconf): remove unused methods for ec2.Instance (#8536)
* feat(misconf): adapt aws_default_security_group (#8538)
* feat(fs): optimize scanning performance by direct file access for known paths (#8525)
* feat(misconf): adapt AWS::DynamoDB::Table (#8529)
* style: Fix MD syntax in self-hosting.md (#8523)
* perf(misconf): retrieve check metadata from annotations once (#8478)
* feat(misconf): Add support for aws_ami (#8499)
* fix(misconf): skip Azure CreateUiDefinition (#8503)
* refactor(misconf): use OPA v1 (#8518)
* fix(misconf): add ephemeral block type to config schema (#8513)
* perf(misconf): parse input for Rego once (#8483)
* feat: replace TinyGo with standard Go for WebAssembly modules (#8496)
* chore: replace deprecated tenv linter with usetesting (#8504)
* fix(spdx): save text licenses into `otherLicenses` without normalize (#8502)
* chore(deps): bump the common group across 1 directory with 13 updates (#8491)
* chore: use go.mod for managing Go tools (#8493)
* ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494)
* release: v0.60.0 [main] (#8327)
* fix(sbom): improve logic for binding direct dependency to parent component (#8489)
* chore(deps): remove missed replace of `trivy-db` (#8492)
* chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490)
* chore(deps): update Go to 1.24 and switch to go-version-file (#8388)
* docs: add abbreviation list (#8453)
* chore(terraform): assign *terraform.Module 'parent' field (#8444)
* feat: add report summary table (#8177)
* chore(deps): bump the github-actions group with 3 updates (#8473)
* refactor(vex): improve SBOM reference handling with project standards (#8457)
* ci: update GitHub Actions cache to v4 (#8475)
* feat: add `--vuln-severity-source` flag (#8269)
* fix(os): add mapping OS aliases (#8466)
* chore(deps): bump the aws group across 1 directory with 7 updates (#8468)
* chore(deps): Bump trivy-checks to v1.7.1 (#8467)
* refactor(report): write tables after rendering all results (#8357)
* docs: update VEX documentation index page (#8458)
* fix(db): fix case when 2 trivy-db were copied at the same time (#8452)
* feat(misconf): render causes for Terraform (#8360)
* fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073)
* feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254)
* chore(deps): update go-rustaudit location (#8450)
* fix: update all documentation links (#8045)
* chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443)
* chore(deps): bump the common group with 6 updates (#8411)
* fix(k8s): add missed option `PkgRelationships` (#8442)
* fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346)
* feat(go): fix parsing main module version for go >= 1.24 (#8433)
* refactor(misconf): make Rego scanner independent of config type (#7517)
* fix(image): disable AVD-DS-0007 for history scanning (#8366)
* fix(server): secrets inspectation for the config analyzer in client server mode (#8418)
* chore: remove mockery (#8417)
* test(server): replace mock driver with memory cache in server tests (#8416)
* test: replace mock with memory cache and fix non-deterministic tests (#8410)
* test: replace mock with memory cache in scanner tests (#8413)
* test: use memory cache (#8403)
* fix(spdx): init `pkgFilePaths` map for all formats (#8380)
* chore(deps): bump the common group across 1 directory with 11 updates (#8381)
* docs: correct Ruby documentation (#8402)
* chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390)
* fix: don't use `scope` for `trivy registry login` command (#8393)
* fix(go): merge nested flags into string for ldflags for Go binaries (#8368)
* chore(terraform): export module path on terraform modules (#8374)
* fix(terraform): apply parser options to submodule parsing (#8377)
* docs: Fix typos in documentation (#8361)
* docs: fix navigate links (#8336)
* ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354)
* ci(spdx): add `aqua-installer` step to fix `mage` error (#8353)
* chore: remove debug prints (#8347)
* fix(misconf): do not log scanners when misconfig scanning is disabled (#8345)
* fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344)
* chore(deps): bump Go to `v1.23.5` (#8341)
* fix(python): add `poetry` v2 support (#8323)
* chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331)
* fix(misconf): ecs include enhanced for container insights (#8326)
* fix(sbom): preserve OS packages from multiple SBOMs (#8325)
* ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311)
- drop jwe-avoid-unbounded-splits.patch (included upstream via
version update)
-------------------------------------------------------------------
Wed Feb 26 09:01:28 UTC 2025 - Dirk Müller <dmueller@suse.com>
- add jwe-avoid-unbounded-splits.patch (bsc#1237618,
CVE-2025-27144)
-------------------------------------------------------------------
Tue Feb 25 14:46:22 UTC 2025 - dmueller@suse.com
- Update to version 0.59.1:
* release: v0.59.1 [release/v0.59] (#8334)
* fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349)
* chore(deps): bump Go to `v1.23.5` [backport: release/v0.59] (#8343)
* fix(python): add `poetry` v2 support [backport: release/v0.59] (#8335)
* fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59] (#8333)
-------------------------------------------------------------------
Fri Feb 7 11:33:46 UTC 2025 - Dirk Müller <dmueller@suse.com>
- bump go version
-------------------------------------------------------------------
Wed Feb 05 16:28:33 UTC 2025 - cwh@suse.com
- Update to version 0.59.0:
* release: v0.59.0 [main] (#8041)
* feat(image): return error early if total size of layers exceeds limit (#8294)
* chore(deps): Bump trivy-checks (#8310)
* chore(terraform): add accessors to underlying raw hcl values (#8306)
* fix: improve conversion of image config to Dockerfile (#8308)
* docs: replace short codes with Unicode emojis (#8296)
* feat(k8s): improve artifact selections for specific namespaces (#8248)
* chore: update code owners (#8303)
* fix(misconf): handle heredocs in dockerfile instructions (#8284)
* fix: de-duplicate same `dpkg` packages with different filePaths from different layers (#8298)
* chore(deps): bump the aws group with 7 updates (#8299)
* chore(deps): bump the common group with 12 updates (#8301)
* chore: enable int-conversion from perfsprint (#8194)
* feat(fs): use git commit hash as cache key for clean repositories (#8278)
* fix(spdx): use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX (#8077)
* chore: use require.ErrorContains when possible (#8291)
* feat(image): prevent scanning oversized container images (#8178)
* chore(deps): use aqua forks for `github.com/liamg/jfather` and `github.com/liamg/iamgo` (#8289)
* fix(fs): fix cache key generation to use UUID (#8275)
* fix(misconf): correctly handle all YAML tags in K8S templates (#8259)
* feat: add support for registry mirrors (#8244)
* chore(deps): bump the common group across 1 directory with 29 updates (#8261)
* refactor(license): improve license expression normalization (#8257)
* feat(misconf): support for ignoring by inline comments for Dockerfile (#8115)
* feat: add a examples field to check metadata (#8068)
* chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (#8196)
* ci: add workflow to restrict direct PRs to release branches (#8240)
* fix(suse): SUSE - update OSType constants and references for compatility (#8236)
* ci: fix path to main dir for canary builds (#8231)
* chore(secret): add reported issues related to secrets in junit template (#8193)
* refactor: use trivy-checks/pkg/specs package (#8226)
* ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170)
* fix(misconf): allow null values only for tf variables (#8112)
* feat(misconf): support for ignoring by inline comments for Helm (#8138)
* fix(redhat): check `usr/share/buildinfo/` dir to detect content sets (#8222)
* chore(alpine): add EOL date for Alpine 3.21 (#8221)
* fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207)
* fix(misconf): disable git terminal prompt on tf module load (#8026)
* chore: remove aws iam related scripts (#8179)
* docs: Updated JSON schema version 2 in the trivy documentation (#8188)
* refactor(python): use once + debug for `License acquired from METADATA...` logs (#8175)
* refactor: use slices package instead of custom function (#8172)
* chore(deps): bump the common group with 6 updates (#8162)
* feat(python): add support for uv dev and optional dependencies (#8134)
* feat(python): add support for poetry dev dependencies (#8152)
* fix(sbom): attach nested packages to Application (#8144)
* docs(vex): use debian minor version in examples (#8166)
* refactor: add generic Set implementation (#8149)
* chore(deps): bump the aws group across 1 directory with 6 updates (#8163)
* fix(python): skip dev group's deps for poetry (#8106)
* fix(sbom): use root package for `unknown` dependencies (if exists) (#8104)
* chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` (#8140)
* chore(vex): suppress CVE-2024-45338 (#8137)
* feat(python): add support for uv (#8080)
* chore(deps): bump the docker group across 1 directory with 3 updates (#8127)
* chore(deps): bump the common group across 1 directory with 14 updates (#8126)
* chore: bump go to 1.23.4 (#8123)
* test: set dummy value for NUGET_PACKAGES (#8107)
* chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` (#8105)
* chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103)
* fix: wasm module test (#8099)
* fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088)
* chore(vex): suppress CVE-2024-45337 (#8101)
* fix(license): always trim leading and trailing spaces for licenses (#8095)
* fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635)
* fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063)
* fix: enable err-error and errorf rules from perfsprint linter (#7859)
* chore(deps): bump the aws group across 1 directory with 6 updates (#8074)
* perf: avoid heap allocation in applier findPackage (#7883)
* fix: Updated twitter icon (#7772)
* docs(k8s): add a note about multi-container pods (#7815)
* feat: add `--distro` flag to manually specify OS distribution for vulnerability scanning (#8070)
* fix(oracle): add architectures support for advisories (#4809)
* fix: handle `BLOW_UNKNOWN` error to download DBs (#8060)
* feat(misconf): generate placeholders for random provider resources (#8051)
* fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052)
* fix(flag): skip hidden flags for `--generate-default-config` command (#8046)
* fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props (#8050)
* feat(nodejs): respect peer dependencies for dependency tree (#7989)
* ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038)
* fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580)
* chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029)
* fix(misconf): use log instead of fmt for logging (#8033)
* docs: add commercial content (#8030)
-------------------------------------------------------------------
Wed Jan 29 11:56:12 UTC 2025 - dmueller@suse.com
- Update to version 0.58.2 (
bsc#1234512, CVE-2024-45337,
bsc#1235265, CVE-2024-45338,
bsc#1232948, CVE-2024-51744):
* release: v0.58.2 [release/v0.58] (#8216)
* fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238)
* fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237)
* fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215)
* release: v0.58.1 [release/v0.58] (#8120)
* fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168)
* fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158)
* fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156)
* chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142)
* chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136)
* fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135)
* fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125)
* fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124)
* chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122)
* fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121)
* fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119)
* release: v0.58.0 [main] (#7874)
* fix(misconf): wrap AWS EnvVar to iac types (#7407)
* chore(deps): Upgrade trivy-checks (#8018)
* refactor(misconf): Remove unused options (#7896)
* docs: add terminology page to explain Trivy concepts (#7996)
* feat: add `workspaceRelationship` (#7889)
* refactor(sbom): simplify relationship generation (#7985)
* chore: remove Go checks (#7907)
* docs: improve databases documentation (#7732)
* refactor: remove support for custom Terraform checks (#7901)
* docs: fix dead links (#7998)
* docs: drop AWS account scanning (#7997)
* fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995)
* fix(cli): Handle empty ignore files more gracefully (#7962)
* fix(misconf): load full Terraform module (#7925)
* fix(misconf): properly resolve local Terraform cache (#7983)
* refactor(k8s): add v prefix for Go packages (#7839)
* test: replace Go checks with Rego (#7867)
* feat(misconf): log causes of HCL file parsing errors (#7634)
* chore(deps): bump the aws group across 1 directory with 7 updates (#7991)
* chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990)
* chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992)
* chore: downgrade the failed block expand message to debug (#7964)
* fix(misconf): do not erase variable type for child modules (#7941)
* feat(go): construct dependencies of `go.mod` main module in the parser (#7977)
* feat(go): construct dependencies in the parser (#7973)
* feat: add cvss v4 score and vector in scan response (#7968)
* docs: add `overview` page for `others` (#7972)
* fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871)
* feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965)
* chore(deps): bump the common group with 4 updates (#7949)
* feat(oracle): add `flavors` support (#7858)
* fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953)
* chore(deps): Bump up trivy-checks to v1.3.0 (#7959)
* fix(k8s): check all results for vulnerabilities (#7946)
* ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945)
* feat(secret): Add built-in secrets rules for Private Packagist (#7826)
* docs: Fix broken links (#7900)
* docs: fix mistakes/typos (#7942)
* feat: Update registry fallbacks (#7679)
* fix(alpine): add `UID` for removed packages (#7887)
* chore(deps): bump the aws group with 6 updates (#7902)
* chore(deps): bump the common group with 6 updates (#7904)
* fix(debian): infinite loop (#7928)
* fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912)
* docs: add note about temporary podman socket (#7921)
* docs: combine trivy.dev into trivy docs (#7884)
* test: change branch in spdx schema link to check in integration tests (#7935)
* docs: add Headlamp to the Trivy Ecosystem page (#7916)
* fix(report): handle `git@github.com` schema for misconfigs in `sarif` report (#7898)
* chore(k8s): enhance k8s scan log (#6997)
* fix(terraform): set null value as fallback for missing variables (#7669)
* fix(misconf): handle null properties in CloudFormation templates (#7813)
* fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882)
* chore(deps): bump the common group across 1 directory with 20 updates (#7876)
* chore: bump containerd to v2.0.0 (#7875)
* fix: Improve version comparisons when build identifiers are present (#7873)
* feat(k8s): add default commands for unknown platform (#7863)
* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868)
* refactor(secret): optimize performance by moving ToLower operation outside loop (#7862)
* test: save `containerd` image into archive and use in tests (#7816)
* chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854)
* chore: bump golangci-lint to v1.61.0 (#7853)
-------------------------------------------------------------------
Mon Dec 02 13:10:12 UTC 2024 - cwh@suse.com
- Update to version 0.57.1:
* release: v0.57.1 [release/v0.57] (#7943)
* feat: Update registry fallbacks [backport: release/v0.57] (#7944)
* fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939)
* test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940)
* release: v0.57.0 [main] (#7710)
* chore: lint `errors.Join` (#7845)
* feat(db): append errors (#7843)
* docs(java): add info about supported scopes (#7842)
* docs: add example of creating whitelist of checks (#7821)
* chore(deps): Bump trivy-checks (#7819)
* fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)
* fix(k8s): skip resources without misconfigs (#7797)
* fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811)
* fix(cli): add config name to skip-policy-update alias (#7820)
* fix(helm): properly handle multiple archived dependencies (#7782)
* refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776)
* fix(k8s)!: support k8s multi container (#7444)
* fix(k8s): support kubernetes v1.31 (#7810)
* docs: add Windows install instructions (#7800)
* ci(helm): auto public Helm chart after PR merged (#7526)
* feat: add end of life date for Ubuntu 24.10 (#7787)
* feat(report): update gitlab template to populate operating_system value (#7735)
* feat(misconf): Show misconfig ID in output (#7762)
* feat(misconf): export unresolvable field of IaC types to Rego (#7765)
* refactor(k8s): scan config files as a folder (#7690)
* fix(license): fix license normalization for Universal Permissive License (#7766)
* fix: enable usestdlibvars linter (#7770)
* fix(misconf): properly expand dynamic blocks (#7612)
* feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507)
* fix(misconf): fix for Azure Storage Account network acls adaptation (#7602)
* refactor(misconf): simplify k8s scanner (#7717)
* feat(parser): ignore white space in pom.xml files (#7747)
* test: use forked images (#7755)
* fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541)
* fix(misconf): check if property is not nil before conversion (#7578)
* fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577)
* feat(misconf): ssl_mode support for GCP SQL DB instance (#7564)
* test: define constants for test images (#7739)
* docs: add note about disabled DS016 check (#7724)
* feat(misconf): public network support for Azure Storage Account (#7601)
* feat(cli): rename `trivy auth` to `trivy registry` (#7727)
* docs: apt-transport-https is a transitional package (#7678)
* refactor(misconf): introduce generic scanner (#7515)
* fix(cli): `clean --all` deletes only relevant dirs (#7704)
* feat(cli): add `trivy auth` (#7664)
* fix(sbom): add options for DBs in private registries (#7660)
* docs(report): fix reporting doc format (#7671)
* fix(repo): `git clone` output to Stderr (#7561)
* fix(redhat): include arch in PURL qualifiers (#7654)
* fix(report): Fix invalid URI in SARIF report (#7645)
* docs(report): Improve SARIF reporting doc (#7655)
* fix(db): fix javadb downloading error handling (#7642)
* feat(cli): error out when ignore file cannot be found (#7624)
-------------------------------------------------------------------
Wed Oct 23 12:47:45 UTC 2024 - dmueller@suse.com
- Update to version 0.56.2:
* release: v0.56.2 [release/v0.56] (#7694)
* fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702)
* fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)
-------------------------------------------------------------------
Tue Oct 08 16:43:27 UTC 2024 - dmueller@suse.com
- Update to version 0.56.1:
* release: v0.56.1 [release/v0.56] (#7648)
* fix(db): fix javadb downloading error handling [backport: release/v0.56] (#7646)
* release: v0.56.0 [main] (#7447)
* fix(misconf): not to warn about missing selectors of libraries (#7638)
* feat: support RPM archives (#7628)
* fix(secret): change grafana token regex to find them without unquoted (#7627)
* chore(deps): Bump trivy-checks to v1.1.0 (#7631)
* fix(misconf): Disable deprecated checks by default (#7632)
* chore: add prefixes to log messages (#7625)
* feat(misconf): Support `--skip-*` for all included modules (#7579)
* feat: support multiple DB repositories for vulnerability and Java DB (#7605)
* ci: don't use cache for `setup-go` (#7622)
* test: use loaded image names (#7617)
* feat(java): add empty versions if `pom.xml` dependency versions can't be detected (#7520)
* feat(secret): enhance secret scanning for python binary files (#7223)
* refactor: fix auth error handling (#7615)
* ci: split `save` and `restore` cache actions (#7614)
* fix(misconf): disable DS016 check for image history analyzer (#7540)
* feat(suse): added SUSE Linux Enterprise Micro support (#7294)
* feat(misconf): add ability to disable checks by ID (#7536)
* fix(misconf): escape all special sequences (#7558)
* test: use a local registry for remote scanning (#7607)
* fix: allow access to '..' in mapfs (#7575)
* fix(db): check `DownloadedAt` for `trivy-java-db` (#7592)
* chore(deps): bump the common group across 1 directory with 20 updates (#7604)
* ci: add `workflow_dispatch` trigger for test workflow. (#7606)
* ci: cache test images for `integration`, `VM` and `module` tests (#7599)
* chore(deps): remove broken replaces for opa and discovery (#7600)
* docs(misconf): Add more info on how to use arbitrary JSON/YAML scan feat (#7458)
* fix(misconf): Fixed scope for China Cloud (#7560)
* perf(misconf): use port ranges instead of enumeration (#7549)
* fix(sbom): export bom-ref when converting a package to a component (#7340)
* refactor(misconf): pass options to Rego scanner as is (#7529)
* fix(sbom): parse type `framework` as `library` when unmarshalling `CycloneDX` files (#7527)
* chore(deps): bump go-ebs-file (#7513)
* fix(misconf): Fix logging typo (#7473)
* feat(misconf): Register checks only when needed (#7435)
* refactor: split `.egg` and `packaging` analyzers (#7514)
* fix(java): use `dependencyManagement` from root/child pom's for dependencies from parents (#7497)
* chore(vex): add `CVE-2024-34155`, `CVE-2024-34156` and `CVE-2024-34158` in `trivy.openvex.json` (#7510)
* chore(deps): bump alpine from 3.20.0 to 3.20.3 (#7508)
* chore(vex): suppress openssl vulnerabilities (#7500)
* docs: refine go docs (#7442)
* revert(java): stop supporting of `test` scope for `pom.xml` files (#7488)
* docs(db): add a manifest example (#7485)
* feat(license): improve license normalization (#7131)
* docs(oci): Add a note About the expected Media Type for the Trivy-DB OCI Artifact (#7449)
* fix(report): fix error with unmarshal of `ExperimentalModifiedFindings` (#7463)
* fix(report): change a receiver of MarshalJSON (#7483)
* fix(oracle): Update EOL date for Oracle 7 (#7480)
* chore(deps): bump the aws group with 6 updates (#7468)
* chore(deps): bump the common group across 1 directory with 19 updates (#7436)
* chore(helm): bump up Trivy Helm chart (#7441)
* refactor(java): add error/statusCode for logs when we can't get pom.xml/maven-metadata.xml from remote repo (#7451)
* fix(license): stop spliting a long license text (#7336)
* release: v0.55.0 [main] (#7271)
* feat(go): use `toolchain` as `stdlib` version for `go.mod` files (#7163)
* fix(license): add license handling to JUnit template (#7409)
* feat(java): add `test` scope support for `pom.xml` files (#7414)
* chore(deps): Bump trivy-checks and pin OPA (#7427)
* fix(helm): explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element (#7362)
* feat(sbom): set User-Agent header on requests to Rekor (#7396)
* test: add integration plugin tests (#7299)
* fix(nodejs): check all `importers` to detect dev deps from pnpm-lock.yaml file (#7387)
* fix: logger initialization before flags parsing (#7372)
* fix(aws): handle ECR repositories in different regions (#6217)
* fix(misconf): fix infer type for null value (#7424)
* fix(secret): use `.eyJ` keyword for JWT secret (#7410)
* fix(misconf): do not recreate filesystem map (#7416)
* chore(deps): Bump trivy-checks (#7417)
* fix(misconf): do not register Rego libs in checks registry (#7420)
* fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats (#7403)
* feat(report): export modified findings in JSON (#7383)
* feat(server): Make Trivy Server Multiplexer Exported (#7389)
* chore: update CODEOWNERS (#7398)
* fix(secret): use only line with secret for long secret lines (#7412)
* chore: fix allow rule of ignoring test files to make it case insensitive (#7415)
* feat(misconf): port and protocol support for EC2 networks (#7146)
* fix(misconf): do not filter Terraform plan JSON by name (#7406)
* feat(misconf): support for ignore by nested attributes (#7205)
* fix(misconf): use module to log when metadata retrieval fails (#7405)
* fix(report): escape `Message` field in `asff.tpl` template (#7401)
* feat(misconf): Add support for using spec from on-disk bundle (#7179)
* docs: add pkg flags to config file page (#7370)
* feat(python): use minimum version for pip packages (#7348)
* fix(misconf): support deprecating for Go checks (#7377)
* fix(misconf): init frameworks before updating them (#7376)
* feat(misconf): ignore duplicate checks (#7317)
* refactor(misconf): use slog (#7295)
* chore(deps): bump trivy-checks (#7350)
* feat(server): add internal `--path-prefix` flag for client/server mode (#7321)
* chore(deps): bump the aws group across 1 directory with 7 updates (#7358)
* fix: safely check if the directory exists (#7353)
* feat(misconf): variable support for Terraform Plan (#7228)
* feat(misconf): scanning support for YAML and JSON (#7311)
* fix(misconf): wrap Azure PortRange in iac types (#7357)
* refactor(misconf): highlight only affected rows (#7310)
* fix(misconf): change default TLS values for the Azure storage account (#7345)
* chore(deps): bump the common group with 9 updates (#7333)
* docs(misconf): Update callsites to use correct naming (#7335)
* docs: update air-gapped docs (#7160)
* refactor: replace ftypes.Gradle with packageurl.TypeGradle (#7323)
* perf(misconf): optimize work with context (#6968)
* docs: update links to packaging.python.org (#7318)
* docs: update client/server docs for misconf and license scanning (#7277)
* chore(deps): bump the common group across 1 directory with 7 updates (#7305)
* feat(misconf): iterator argument support for dynamic blocks (#7236)
* fix(misconf): do not set default value for default_cache_behavior (#7234)
* feat(misconf): support for policy and bucket grants (#7284)
* fix(misconf): load only submodule if it is specified in source (#7112)
* perf(misconf): use json.Valid to check validity of JSON (#7308)
* refactor(misconf): remove unused universal scanner (#7293)
* perf(misconf): do not convert contents of a YAML file to string (#7292)
* fix(terraform): add aws_region name to presets (#7184)
* docs: add auto-generated config (#7261)
* feat(vuln): Add `--detection-priority` flag for accuracy tuning (#7288)
* refactor(misconf): remove file filtering from parsers (#7289)
* fix(flag): incorrect behavior for deprected flag `--clear-cache` (#7281)
* fix(java): Return error when trying to find a remote pom to avoid segfault (#7275)
* fix(plugin): do not call GitHub content API for releases and tags (#7274)
* feat(vm): support the Ext2/Ext3 filesystems (#6983)
* feat(cli)!: delete deprecated SBOM flags (#7266)
* feat(vm): Support direct filesystem (#7058)
-------------------------------------------------------------------
Thu Aug 01 12:24:35 UTC 2024 - dmueller@suse.com
- Update to version 0.54.1:
* release: v0.54.1 [release/v0.54] (#7282)
* fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285)
* fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283)
* fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279)
* release: v0.54.0 [main] (#7075)
* docs: update ecosystem page reporting with plopsec.com app (#7262)
* chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#7136)
* feat(vex): retrieve VEX attestations from OCI registries (#7249)
* feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257)
* refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259)
* fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110)
* fix(java): avoid panic if deps from `pom` in `it` dir are not found (#7245)
* chore: show VEX notice for OSS maintainers in CI environments (#7246)
* feat(vuln): add `--pkg-relationships` (#7237)
* docs: show VEX cli pages + update config file page for VEX flags (#7244)
* fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194)
* chore(deps): bump the common group across 1 directory with 17 updates (#7230)
* feat(vex): VEX Repository support (#7206)
* fix(secret): skip regular strings contain secret patterns (#7182)
* feat: share build-in rules (#7207)
* fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171)
* fix(cli): error on missing config file (#7154)
* fix(secret): update length of `hugging-face-access-token` (#7216)
* feat(sbom): add vulnerability support for SPDX formats (#7213)
* ci: use free runner for all tests except `build tests` (#7215)
* chore(deps): bump the docker group across 1 directory with 2 updates (#7208)
* fix(secret): trim excessively long lines (#7192)
* chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201)
* fix(server): pass license categories to options (#7203)
* feat(mariner): Add support for Azure Linux (#7186)
* docs: updates config file (#7188)
* refactor(fs): remove unused field for CompositeFS (#7195)
* fix(dotnet): don't include non-runtime libraries into report for `*.deps.json` files (#7039)
* chore(deps): bump goreleaser from `v2.0.0` to `v2.1.0` (#7162)
* fix: add missing platform and type to spec (#7149)
* chore(deps): bump the aws group with 6 updates (#7166)
* feat(misconf): enabled China configuration for ACRs (#7156)
* fix: close file when failed to open gzip (#7164)
* docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141)
* docs(misconf): add info about limitations for terraform plan json (#7143)
* chore: add VEX for Trivy images (#7140)
* chore(deps): bump the common group across 1 directory with 7 updates (#7125)
* chore: add VEX document and generator for Trivy (#7128)
* fix(misconf): do not evaluate TF when a load error occurs (#7109)
* feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104)
* refactor(secret): move warning about file size after `IsBinary` check (#7123)
* chore(deps): bump the docker group with 2 updates (#7116)
* feat: add openSUSE tumbleweed detection and scanning (#6965)
* test: add missing advisory details for integration tests database (#7122)
* fix: Add dependencyManagement exclusions to the child exclusions (#6969)
* chore(deps): bump the aws group with 4 updates (#7115)
* fix: ignore nodes when listing permission is not allowed (#7107)
* fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088)
* refactor(secret): add warning about large files (#7085)
* feat(nodejs): add license parser to pnpm analyser (#7036)
* refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074)
* feat: add `log.FilePath()` function for logger (#7080)
* chore: bump golangci-lint from v1.58 to v1.59 (#7077)
* chore(deps): bump the common group across 1 directory with 23 updates (#7066)
* perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065)
* refactor: pass DB dir to trivy-db (#7057)
* docs: navigate to the release highlights and summary (#7072)
* chore(deps): bump the github-actions group with 2 updates (#7067)
- drop add-opensuse-tumbleweed-db.patch,
add-opensuse-tumbleweed-support.patch: merged upstream
-------------------------------------------------------------------
Thu Jul 25 09:40:25 UTC 2024 - Dirk Müller <dmueller@suse.com>
- refresh add-opensuse-tumbleweed-support.patch
-------------------------------------------------------------------
Thu Jul 11 15:31:03 UTC 2024 - dmueller@suse.com
- Update to version 0.53.0 (bsc#1227022, CVE-2024-6257):
* release: v0.53.0 [main] (#6855)
* feat(conda): add licenses support for `environment.yml` files (#6953)
* fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051)
* feat: add memory cache backend (#7048)
* fix(sbom): use package UIDs for uniqueness (#7042)
* feat(php): add installed.json file support (#4865)
* docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
* fix: use embedded when command path not found (#7037)
* chore(deps): bump trivy-kubernetes version (#7012)
* refactor: use google/wire for cache (#7024)
* fix(cli): show info message only when --scanners is available (#7032)
* chore: enable float-compare rule from testifylint (#6967)
* docs: Add sudo on commands, chmod before mv on install docs (#7009)
* fix(plugin): respect `--insecure` (#7022)
* feat(k8s)!: node-collector dynamic commands support (#6861)
* fix(sbom): take pkg name from `purl` for maven pkgs (#7008)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#7018)
* feat!: add clean subcommand (#6993)
* chore: use `!` for breaking changes (#6994)
* feat(aws)!: Remove aws subcommand (#6995)
* refactor: replace global cache directory with parameter passing (#6986)
* fix(sbom): use `purl` for `bitnami` pkg names (#6982)
* chore: bump Go toolchain version (#6984)
* refactor: unify cache implementations (#6977)
* docs: non-packaged and sbom clarifications (#6975)
* BREAKING(aws): Deprecate `trivy aws` as subcmd in favour of a plugin (#6819)
* docs: delete unknown URL (#6972)
* refactor: use version-specific URLs for documentation references (#6966)
* refactor: delete db mock (#6940)
* ci: add depguard (#6963)
* refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726)
* feat: Add local ImageID to SARIF metadata (#6522)
* fix(suse): Add SLES 15.6 and Leap 15.6 (#6964)
* feat(java): add support for sbt projects using sbt-dependency-lock (#6882)
* feat(java): add support for `maven-metadata.xml` files for remote snapshot repositories. (#6950)
* fix(purl): add missed os types (#6955)
* fix(cyclonedx): trim non-URL info for `advisory.url` (#6952)
* fix(c): don't skip conan files from `file-patterns` and scan `.conan2` cache dir (#6949)
* ci: correctly handle categories (#6943)
* fix(image): parse `image.inspect.Created` field only for non-empty values (#6948)
* fix(misconf): handle source prefix to ignore (#6945)
* fix(misconf): fix parsing of engine links and frameworks (#6937)
* feat(misconf): support of selectors for all providers for Rego (#6905)
* ci: don't run `tests` for `release-please` PRs (#6936)
* fix(license): return license separation using separators `,`, `or`, etc. (#6916)
* ci: use `ubuntu-latest-m` runner (#6918)
* feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755)
* BREAKING(misconf): flatten recursive types (#6862)
* ci: move triage workflow yaml under .github/workflows (#6895)
* ci: add `trivy` group for `dependabot` (#6908)
* chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 (#6910)
* test: bump docker API to 1.45 (#6914)
* feat(sbom): migrate to `CycloneDX v1.6` (#6903)
* chore(deps): bump the aws group with 8 updates (#6898)
* ci: bump `github.com/goreleaser/goreleaser` to `v2.0.0` (#6887)
* feat(image): Set User-Agent header for Trivy container registry requests (#6868)
* fix(debian): take installed files from the origin layer (#6849)
* fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken (#6858)
* feat(misconf): API Gateway V1 support for CloudFormation (#6874)
* ci: add created release branch to `rulesets` to enable merge queue (#6880)
* feat(plugin): add support for nested archives (#6845)
* fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866)
* fix(secret): `Asymmetric Private Key` shouldn't start with space (#6867)
* ci: use author permission check instead of `author_association` field for backport workflow (#6870)
* chore: auto label discussions (#5259)
* docs: explain how VEX is applied (#6864)
* ci: automate backporting process (#6781)
* ci: create release branch (#6859)
* fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase (#6852)
* fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857)
* feat(dart): use first version of constraint for dependencies using SDK version (#6239)
* fix(misconf): parsing numbers without fraction as int (#6834)
* fix(misconf): fix caching of modules in subdirectories (#6814)
* feat(misconf): add metadata to Cloud schema (#6831)
* chore(deps): bump the aws group across 1 directory with 7 updates (#6837)
* chore(deps): bump the common group with 5 updates (#6842)
* test: replace embedded Git repository with dynamically created repository (#6824)
-------------------------------------------------------------------
Wed Jun 19 15:58:20 UTC 2024 - dmueller@suse.com
@@ -116,7 +958,7 @@ Thu Jun 06 13:09:56 UTC 2024 - dmueller@suse.com
-------------------------------------------------------------------
Thu May 09 13:21:53 UTC 2024 - dmueller@suse.com
- Update to version 0.51.1:
- Update to version 0.51.1 (bsc#1227010, CVE-2024-3817):
* fix(fs): handle default skip dirs properly (#6628)
* fix(misconf): load cached tf modules (#6607)
* fix(misconf): do not use semver for parsing tf module versions (#6614)

15
trivy.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package trivy
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: trivy
Version: 0.52.2
Version: 0.64.1
Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0
@@ -25,15 +25,13 @@ Group: System/Management
URL: https://github.com/aquasecurity/trivy
Source: %{name}-%{version}.tar.zst
Source1: vendor.tar.zst
# From https://github.com/aquasecurity/trivy-db/pull/411.patch
Patch1: add-opensuse-tumbleweed-db.patch
Patch2: https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumbleweed-support.patch
BuildRequires: golang(API) = 1.22
# PATCH-FIX-OPENSUSE: backport from https://github.com/helm/helm/commit/00de613324df4dd930e6d231d9aae7f9dee29c76.patch
Patch1: CVE-2025-53547.patch
BuildRequires: golang-packaging
BuildRequires: zstd
BuildRequires: golang(API) = 1.24
Requires: ca-certificates
Requires: git-core
Requires: rpm
%description
Trivy (`tri` pronounced like trigger, `vy` pronounced like envy) is a simple and
@@ -47,10 +45,9 @@ name of the container.
%prep
%setup -a1
pushd vendor/github.com/aquasecurity/trivy-db
pushd vendor/helm.sh/helm/v3
%patch -P 1 -p1
popd
%patch -P 2 -p1
%build
export CGO_ENABLED=1

BIN
vendor.tar.zst (Stored with Git LFS)
View File

Binary file not shown.