Accepting request 1124268 from devel:Factory:git-workflow:staging:dirkmueller:trivy:2
Update to 0.47.0 (🤖: Submission of trivy via #2 by dirkmueller) OBS-URL: https://build.opensuse.org/request/show/1124268 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=59
This commit is contained in:
commit
39f9c75e6b
@ -1,4 +1,4 @@
|
||||
mtime: 1692203616
|
||||
commit: fe5cccdebe8c3f80a50568289bbf4e65174e54d1
|
||||
mtime: 1699461074
|
||||
commit: e7076f0971c7963534b0ad701267258c921d4720
|
||||
url: https://src.opensuse.org/dirkmueller/trivy.git
|
||||
revision: fe5cccdebe8c3f80a50568289bbf4e65174e54d1
|
||||
revision: e7076f0971c7963534b0ad701267258c921d4720
|
||||
|
10
_service
10
_service
@ -1,20 +1,20 @@
|
||||
<services>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<service name="tar_scm" mode="manual">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v0.44.1</param>
|
||||
<param name="revision">v0.47.0</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="versionrewrite-pattern">v(.*)</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
<service name="recompress" mode="manual">
|
||||
<param name="file">trivy-*.tar</param>
|
||||
<param name="compression">zst</param>
|
||||
</service>
|
||||
<service name="set_version" mode="disabled">
|
||||
<service name="set_version" mode="manual">
|
||||
<param name="basename">trivy</param>
|
||||
</service>
|
||||
<service name="go_modules" mode="disabled">
|
||||
<service name="go_modules" mode="manual">
|
||||
<param name="compression">zst</param>
|
||||
</service>
|
||||
</services>
|
||||
|
@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="changesrevision">f1052799894cc8a8480ff28e1c717a9d811876a2</param></service></servicedata>
|
||||
<param name="changesrevision">d6df5fbcda878e43e5e02484304726ebe7c6c418</param></service></servicedata>
|
BIN
trivy-0.44.1.tar.zst
(Stored with Git LFS)
BIN
trivy-0.44.1.tar.zst
(Stored with Git LFS)
Binary file not shown.
BIN
trivy-0.47.0.tar.zst
(Stored with Git LFS)
Normal file
BIN
trivy-0.47.0.tar.zst
(Stored with Git LFS)
Normal file
Binary file not shown.
156
trivy.changes
156
trivy.changes
@ -1,3 +1,159 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 07 12:24:51 UTC 2023 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.47.0:
|
||||
* docs: add info that license scanning supports file-patterns flag (#5484)
|
||||
* docs: add Zora integration into Ecosystem session (#5490)
|
||||
* fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)
|
||||
* ci: use maximize build space for K8s tests (#5387)
|
||||
* fix: correct error mismatch causing race in fast walks (#5516)
|
||||
* docs: k8s vulnerability scanning (#5515)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506)
|
||||
* chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493)
|
||||
* docs: remove glad for java datasources (#5508)
|
||||
* chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475)
|
||||
* chore: remove unused logger attribute in amazon detector (#5476)
|
||||
* fix: correct error mismatch causing race in fast walks (#5482)
|
||||
* chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502)
|
||||
* chore(deps): bump docker/build-push-action from 4 to 5 (#5500)
|
||||
* chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491)
|
||||
* fix(server): add licenses to `BlobInfo` message (#5382)
|
||||
* chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497)
|
||||
* feat: scan vulns on k8s core component apps (#5418)
|
||||
* fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470)
|
||||
* chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472)
|
||||
* fix(sbom): save digests for package/application when scanning SBOM files (#5432)
|
||||
* docs: fix the broken link (#5454)
|
||||
* docs: fix error when installing `PyYAML` for gh pages (#5462)
|
||||
* fix(java): download java-db once (#5442)
|
||||
* chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)
|
||||
* docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419)
|
||||
* feat(misconf): Support `--ignore-policy` in config scans (#5359)
|
||||
* docs(misconf): fix broken table for `Use container image` section (#5425)
|
||||
* feat(dart): add graph support (#5374)
|
||||
* refactor: define a new struct for scan targets (#5397)
|
||||
* fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399)
|
||||
* fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393)
|
||||
* chore(deps): move to aws-sdk-go-v2 (#5381)
|
||||
* docs: remove --scanners none (#5384)
|
||||
* docs: Update container_image.md #5182 (#5193)
|
||||
* feat(report): Add `InstalledFiles` field to Package (#4706)
|
||||
* feat(k8s): add support for vulnerability detection (#5268)
|
||||
* fix(python): override BOM in `requirements.txt` files (#5375)
|
||||
* docs: add kbom documentation (#5363)
|
||||
* test: use maximize build space for VM tests (#5362)
|
||||
* chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
|
||||
* fix(report): add escaping quotes in misconfig Title for asff template (#5351)
|
||||
* ci: add workflow to check Go versions of dependencies (#5340)
|
||||
* chore(deps): Upgrade defsec to v0.93.1 (#5348)
|
||||
* chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)
|
||||
* fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)
|
||||
* fix: add config files to FS for post-analyzers (#5333)
|
||||
* fix: fix MIME warnings after updating to Go 1.20 (#5336)
|
||||
* build: fix a compile error with Go 1.21 (#5339)
|
||||
* feat: added `Metadata` into the k8s resource's scan report (#5322)
|
||||
* ci: check only PR's in `actions/stale` (#5337)
|
||||
* chore: update adopters template (#5330)
|
||||
* ci: do not trigger tests on the push event (#5313)
|
||||
* fix(sbom): use PURL or Group and Name in case of Java (#5154)
|
||||
* docs: add buildkite repository to ecosystem page (#5316)
|
||||
* chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)
|
||||
* chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)
|
||||
* chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)
|
||||
* chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)
|
||||
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)
|
||||
* chore: enable go-critic (#5302)
|
||||
* chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)
|
||||
* close java-db client (#5273)
|
||||
* chore(deps): bump docker/login-action from 2 to 3 (#5291)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)
|
||||
* chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)
|
||||
* chore(deps): bump github.com/opencontainers/image-spec (#5295)
|
||||
* fix(report): removes git::http from uri in sarif (#5244)
|
||||
* Improve the meaning of sentence (#5301)
|
||||
* chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)
|
||||
* chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)
|
||||
* add app nil check (#5274)
|
||||
* typo: in secret.md (#5281)
|
||||
* docs: add info about `github` format (#5265)
|
||||
* feat(dotnet): add license support for NuGet (#5217)
|
||||
* docs: correctly export variables (#5260)
|
||||
* chore: Add line numbers for lint output (#5247)
|
||||
* chore(cli): disable java-db flags in server mode (#5263)
|
||||
* feat(db): allow passing registry options (#5226)
|
||||
* chore(deps): Bump up defsec to v0.93.0 (#5253)
|
||||
* refactor(purl): use TypeApk from purl (#5232)
|
||||
* chore: enable more linters (#5228)
|
||||
* ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236)
|
||||
* Fix typo on ide.md (#5239)
|
||||
* refactor: use defined types (#5225)
|
||||
* fix(purl): skip local Go packages (#5190)
|
||||
* docs: update info about license scanning in Yarn projects (#5207)
|
||||
* ci: auto apply labels (#5200)
|
||||
* fix link (#5203)
|
||||
* fix(purl): handle rust types (#5186)
|
||||
* chore: auto-close issues (#5177)
|
||||
* chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)
|
||||
* fix(k8s): kbom support addons labels (#5178)
|
||||
* test: validate SPDX with the JSON schema (#5124)
|
||||
* chore: bump trivy-kubernetes-latest (#5161)
|
||||
* docs: add 'Signature Verification' guide (#4731)
|
||||
* docs: add image-scanner-with-trivy for ecosystem (#5159)
|
||||
* fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)
|
||||
* chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)
|
||||
* Update filtering.md (#5131)
|
||||
* chore(deps): bump sigstore/cosign-installer (#5104)
|
||||
* chore(deps): bump github.com/cyphar/filepath-securejoin (#5143)
|
||||
* chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103)
|
||||
* chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126)
|
||||
* chaging adopters discussion tempalte (#5091)
|
||||
* chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092)
|
||||
* chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095)
|
||||
* chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097)
|
||||
* chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098)
|
||||
* chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106)
|
||||
* docs: add Bitnami (#5078)
|
||||
* feat(docker): add support for scanning Bitnami components (#5062)
|
||||
* feat: add support for .trivyignore.yaml (#5070)
|
||||
* fix(terraform): improve detection of terraform files (#4984)
|
||||
* feat: filter artifacts on --exclude-owned flag (#5059)
|
||||
* fix(sbom): cyclonedx advisory should omit `null` value (#5041)
|
||||
* build: maximize build space for build tests (#5072)
|
||||
* feat: improve kbom component name (#5058)
|
||||
* fix(pom): add licenses for pom artifacts (#5071)
|
||||
* chore(deps): Update defsec to v0.92.0 (#5068)
|
||||
* chore: bump Go to `1.20` (#5067)
|
||||
* feat: PURL matching with qualifiers in OpenVEX (#5061)
|
||||
* feat(java): add graph support for pom.xml (#4902)
|
||||
* feat(swift): add vulns for cocoapods (#5037)
|
||||
* fix: support image pull secret for additional workloads (#5052)
|
||||
* fix: #5033 Superfluous double quote in html.tpl (#5036)
|
||||
* docs(repo): update trivy repo usage and example (#5049)
|
||||
* perf: Optimize Dockerfile for reduced layers and size (#5038)
|
||||
* feat: scan K8s Resources Kind with --all-namespaces (#5043)
|
||||
* fix: vulnerability typo (#5044)
|
||||
* docs: adding a terraform tutorial to the docs (#3708)
|
||||
* feat(report): add licenses to sarif format (#4866)
|
||||
* feat(misconf): show the resource name in the report (#4806)
|
||||
* chore: update alpine base images (#5015)
|
||||
* feat: add Package.resolved swift files support (#4932)
|
||||
* feat(nodejs): parse licenses in yarn projects (#4652)
|
||||
* fix: k8s private registries support (#5021)
|
||||
* bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)
|
||||
* feat(vuln): support last_affected field from osv (#4944)
|
||||
* feat(server): add version endpoint (#4869)
|
||||
* feat: k8s private registries support (#4987)
|
||||
* fix(server): add indirect prop to package (#4974)
|
||||
* docs: add coverage (#4954)
|
||||
* feat(c): add location for lock file dependencies. (#4994)
|
||||
* docs: adding blog post on ec2 (#4813)
|
||||
* revert 32bit bins (#4977)
|
||||
* chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 10 10:51:52 UTC 2023 - dmueller@suse.com
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: trivy
|
||||
Version: 0.44.1
|
||||
Version: 0.47.0
|
||||
Release: 0
|
||||
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
|
||||
License: Apache-2.0
|
||||
@ -25,7 +25,7 @@ Group: System/Management
|
||||
URL: https://github.com/aquasecurity/trivy
|
||||
Source: %{name}-%{version}.tar.zst
|
||||
Source1: vendor.tar.zst
|
||||
BuildRequires: golang(API) = 1.19
|
||||
BuildRequires: golang(API) = 1.20
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: zstd
|
||||
Requires: ca-certificates
|
||||
|
BIN
vendor.obscpio
(Stored with Git LFS)
BIN
vendor.obscpio
(Stored with Git LFS)
Binary file not shown.
BIN
vendor.tar.zst
(Stored with Git LFS)
BIN
vendor.tar.zst
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user