[info=2104123c72636f1cd80a006a15bd8b68af402960]
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:dirkmueller:trivy:5/trivy?expand=0&rev=2
This commit is contained in:
parent
2b9122f8ac
commit
ce290678ab
@ -1,4 +1,4 @@
|
||||
mtime: 1691061996
|
||||
commit: 3b8b301ce3e352f21ca0c2faef2ca1bc9b104ec7
|
||||
mtime: 1707400276
|
||||
commit: 2104123c72636f1cd80a006a15bd8b68af402960
|
||||
url: https://src.opensuse.org/dirkmueller/trivy.git
|
||||
revision: 3b8b301ce3e352f21ca0c2faef2ca1bc9b104ec7
|
||||
revision: 2104123c72636f1cd80a006a15bd8b68af402960
|
||||
|
10
_service
10
_service
@ -1,20 +1,20 @@
|
||||
<services>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<service name="tar_scm" mode="manual">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v0.44.0</param>
|
||||
<param name="revision">v0.49.1</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="versionrewrite-pattern">v(.*)</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
<service name="recompress" mode="manual">
|
||||
<param name="file">trivy-*.tar</param>
|
||||
<param name="compression">zst</param>
|
||||
</service>
|
||||
<service name="set_version" mode="disabled">
|
||||
<service name="set_version" mode="manual">
|
||||
<param name="basename">trivy</param>
|
||||
</service>
|
||||
<service name="go_modules" mode="disabled">
|
||||
<service name="go_modules" mode="manual">
|
||||
<param name="compression">zst</param>
|
||||
</service>
|
||||
</services>
|
||||
|
@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="changesrevision">d19c7d9f292759848aa77109357b405a64716c78</param></service></servicedata>
|
||||
<param name="changesrevision">6ccc0a554b07b05fd049f882a1825a0e1e0aabe1</param></service></servicedata>
|
BIN
trivy-0.44.0.tar.zst
(Stored with Git LFS)
BIN
trivy-0.44.0.tar.zst
(Stored with Git LFS)
Binary file not shown.
BIN
trivy-0.49.1.tar.zst
(Stored with Git LFS)
Normal file
BIN
trivy-0.49.1.tar.zst
(Stored with Git LFS)
Normal file
Binary file not shown.
354
trivy.changes
354
trivy.changes
@ -1,3 +1,357 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 08 12:51:32 UTC 2024 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.49.1:
|
||||
* fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025)
|
||||
* docs: Fix broken link to "pronunciation" (#6057)
|
||||
* chore(deps): bump actions/upload-artifact from 3 to 4 (#6047)
|
||||
* chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#6042)
|
||||
* chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#6043)
|
||||
* ci: reduce `root-reserve-mb` size for `maximize-build-space` (#6064)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#6041)
|
||||
* chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#6039)
|
||||
* fix: fix cursor usage in Redis Clear function (#6056)
|
||||
* chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#6037)
|
||||
* fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034)
|
||||
* chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#6046)
|
||||
* chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#6044)
|
||||
* chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#6048)
|
||||
* test: fix flaky `TestDockerEngine` (#6054)
|
||||
* chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#6040)
|
||||
* chore(deps): bump easimon/maximize-build-space from 9 to 10 (#6049)
|
||||
* chore(deps): bump alpine from 3.19.0 to 3.19.1 (#6051)
|
||||
* chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#6028)
|
||||
* fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)
|
||||
* chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029)
|
||||
* fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)
|
||||
* feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)
|
||||
* docs: add note about Bun (#6001)
|
||||
* fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011)
|
||||
* fix: check returned error before deferring f.Close() (#6007)
|
||||
* feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)
|
||||
* feat(vuln): enable `--vex` for all targets (#5992)
|
||||
* docs: update link to data sources (#6000)
|
||||
* feat(java): add support for line numbers for pom.xml files (#5991)
|
||||
* refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981)
|
||||
* docs: Update troubleshooting guide with image not found error (#5983)
|
||||
* style: update band logos (#5968)
|
||||
* chore(deps): Update misconfig deps (#5956)
|
||||
* docs: update cosign tutorial and commands, update kyverno policy (#5929)
|
||||
* docs: update command to scan go binary (#5969)
|
||||
* fix: handle non-parsable images names (#5965)
|
||||
* chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693)
|
||||
* fix(amazon): save system files for pkgs containing `amzn` in src (#5951)
|
||||
* fix(alpine): Add EOL support for alpine 3.19. (#5938)
|
||||
* feat: allow end-users to adjust K8S client QPS and burst (#5910)
|
||||
* chore(deps): bump go-ebs-file (#5934)
|
||||
* fix(nodejs): find licenses for packages with slash (#5836)
|
||||
* fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922)
|
||||
* fix: ignore no init containers (#5939)
|
||||
* docs: Fix documentation of ecosystem (#5940)
|
||||
* docs(misconf): multiple ignores in comment (#5926)
|
||||
* fix(secret): find aws secrets ending with a comma or dot (#5921)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885)
|
||||
* docs: ✨ Updated ecosystem docs with reference to new community app (#5918)
|
||||
* fix(java): don't remove excluded deps from upper pom's (#5838)
|
||||
* fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630)
|
||||
* feat(vex): add PURL matching for CSAF VEX (#5890)
|
||||
* fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901)
|
||||
* revert(report): don't escape new line characters for sarif format (#5897)
|
||||
* docs: improve filter by rego (#5402)
|
||||
* chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)
|
||||
* docs: add_scan2html_to_trivy_ecosystem (#5875)
|
||||
* fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)
|
||||
* feat(vex): Add support for CSAF format (#5535)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880)
|
||||
* chore(deps): bump actions/setup-go from 4 to 5 (#5845)
|
||||
* chore(deps): bump actions/stale from 8 to 9 (#5846)
|
||||
* chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853)
|
||||
* chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847)
|
||||
* chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854)
|
||||
* chore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849)
|
||||
* chore(deps): bump actions/setup-python from 4 to 5 (#5848)
|
||||
* feat(python): parse licenses from dist-info folder (#4724)
|
||||
* chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852)
|
||||
* feat(nodejs): add yarn alias support (#5818)
|
||||
* chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850)
|
||||
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856)
|
||||
* chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)
|
||||
* refactor: propagate time through context values (#5858)
|
||||
* refactor: move PkgRef under PkgIdentifier (#5831)
|
||||
* fix(cyclonedx): fix unmarshal for licenses (#5828)
|
||||
* chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)
|
||||
* feat(vuln): include pkg identifier on detected vulnerabilities (#5439)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from v1.116.0 to v1.134.0 (#5822)
|
||||
* chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 (#5809)
|
||||
* chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 (#5805)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 19 14:18:46 UTC 2023 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.48.1:
|
||||
* chore(deps): bump trivy-iac to v0.7.1 (#5797)
|
||||
* fix(bitnami): use a different comparer for detecting vulnerabilities (#5633)
|
||||
* refactor(sbom): disable html escaping for CycloneDX (#5764)
|
||||
* refactor(purl): use `pub` from `package-url` (#5784)
|
||||
* docs(python): add note to using `pip freeze` for `compatible releases` (#5760)
|
||||
* fix(report): use OS information for OS packages purl in `github` template (#5783)
|
||||
* fix(report): fix error if miconfigs are empty (#5782)
|
||||
* refactor(vuln): don't remove VendorSeverity in JSON report (#5761)
|
||||
* fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767)
|
||||
* docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746)
|
||||
* fix(report): update Gitlab template (#5721)
|
||||
* feat(secret): add support of GitHub fine-grained tokens (#5740)
|
||||
* fix(misconf): add an image misconf to result (#5731)
|
||||
* feat(secret): added support of Docker registry credentials (#5720)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 (#5717)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 (#5701)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 06 10:00:18 UTC 2023 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.48.0:
|
||||
* chore(deps): bump sigstore/cosign-installer from 4a861528be5e691840a69536975ada1d4c30349d to 1fc5bd396d372bee37d608f955b336615edf79c8 (#5696)
|
||||
* chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 (#5694)
|
||||
* feat: filter k8s core components vuln results (#5713)
|
||||
* feat(vuln): remove duplicates in Fixed Version (#5596)
|
||||
* feat(report): output plugin (#4863)
|
||||
* chore(deps): bump alpine from 3.18.4 to 3.18.5 (#5700)
|
||||
* chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#5704)
|
||||
* chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 (#5699)
|
||||
* chore(deps): bump actions/github-script from 6 to 7 (#5697)
|
||||
* chore(deps): bump easimon/maximize-build-space from 8 to 9 (#5695)
|
||||
* docs: typo in modules.md (#5712)
|
||||
* feat: Add flag to configure node-collector image ref (#5710)
|
||||
* chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 (#5702)
|
||||
* chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 (#5698)
|
||||
* chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 (#5706)
|
||||
* feat(misconf): Add `--misconfig-scanners` option (#5670)
|
||||
* chore: bump Go to 1.21 (#5662)
|
||||
* feat: Packagesprops support (#5605)
|
||||
* chore(deps): Bump up trivy misconf deps (#5656)
|
||||
* docs: update adopters discussion template (#5632)
|
||||
* docs: terraform tutorial links updated to point to correct loc (#5661)
|
||||
* fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` (#5647)
|
||||
* fix(nodejs): support protocols for dependency section in yarn.lock files (#5612)
|
||||
* fix(secret): exclude upper case before secret for `alibaba-access-key-id` (#5618)
|
||||
* docs: Update Arch Linux package URL in installation.md (#5619)
|
||||
* chore: add prefix to image errors (#5601)
|
||||
* docs(vuln): fix link anchor (#5606)
|
||||
* docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608)
|
||||
* fix: k8s friendly error messages kbom non cluster scans (#5594)
|
||||
* feat: set InstalledFiles for DEB and RPM packages (#5488)
|
||||
* fix(report): use time.Time for CreatedAt (#5598)
|
||||
* test: retry containerd initialization (#5597)
|
||||
* feat(misconf): Expose misconf engine debug logs with `--debug` option (#5550)
|
||||
* test: mock VM walker (#5589)
|
||||
* chore: bump node-collector v0.0.9 (#5591)
|
||||
* feat(misconf): Add support for `--cf-params` for CFT (#5507)
|
||||
* feat(flag): replace '--slow' with '--parallel' (#5572)
|
||||
* fix(report): add escaping for Sarif format (#5568)
|
||||
* chore: show a deprecation notice for `--scanners config` (#5587)
|
||||
* feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)
|
||||
* test: mock RPM DB (#5567)
|
||||
* feat: add aliases to '--scanners' (#5558)
|
||||
* refactor: reintroduce output writer (#5564)
|
||||
* chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#5543)
|
||||
* chore: not load plugins for auto-generating docs (#5569)
|
||||
* chore: sort supported AWS services (#5570)
|
||||
* fix: no schedule toleration (#5562)
|
||||
* fix(cli): set correct `scanners` for `k8s` target (#5561)
|
||||
* fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX (#5533)
|
||||
* refactor(misconf): Update refactored dependencies (#5245)
|
||||
* feat(secret): add built-in rule for JWT tokens (#5480)
|
||||
* fix: trivy k8s parse ecr image with arn (#5537)
|
||||
* fix: fail k8s resource scanning (#5529)
|
||||
* refactor(misconf): don't remove Highlighted in json format (#5531)
|
||||
* docs(k8s): fix link in kubernetes.md (#5524)
|
||||
* docs(k8s): fix whitespace in list syntax (#5525)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 07 12:24:51 UTC 2023 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.47.0:
|
||||
* docs: add info that license scanning supports file-patterns flag (#5484)
|
||||
* docs: add Zora integration into Ecosystem session (#5490)
|
||||
* fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)
|
||||
* ci: use maximize build space for K8s tests (#5387)
|
||||
* fix: correct error mismatch causing race in fast walks (#5516)
|
||||
* docs: k8s vulnerability scanning (#5515)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506)
|
||||
* chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493)
|
||||
* docs: remove glad for java datasources (#5508)
|
||||
* chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475)
|
||||
* chore: remove unused logger attribute in amazon detector (#5476)
|
||||
* fix: correct error mismatch causing race in fast walks (#5482)
|
||||
* chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502)
|
||||
* chore(deps): bump docker/build-push-action from 4 to 5 (#5500)
|
||||
* chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491)
|
||||
* fix(server): add licenses to `BlobInfo` message (#5382)
|
||||
* chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497)
|
||||
* feat: scan vulns on k8s core component apps (#5418)
|
||||
* fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470)
|
||||
* chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472)
|
||||
* fix(sbom): save digests for package/application when scanning SBOM files (#5432)
|
||||
* docs: fix the broken link (#5454)
|
||||
* docs: fix error when installing `PyYAML` for gh pages (#5462)
|
||||
* fix(java): download java-db once (#5442)
|
||||
* chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)
|
||||
* docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419)
|
||||
* feat(misconf): Support `--ignore-policy` in config scans (#5359)
|
||||
* docs(misconf): fix broken table for `Use container image` section (#5425)
|
||||
* feat(dart): add graph support (#5374)
|
||||
* refactor: define a new struct for scan targets (#5397)
|
||||
* fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399)
|
||||
* fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393)
|
||||
* chore(deps): move to aws-sdk-go-v2 (#5381)
|
||||
* docs: remove --scanners none (#5384)
|
||||
* docs: Update container_image.md #5182 (#5193)
|
||||
* feat(report): Add `InstalledFiles` field to Package (#4706)
|
||||
* feat(k8s): add support for vulnerability detection (#5268)
|
||||
* fix(python): override BOM in `requirements.txt` files (#5375)
|
||||
* docs: add kbom documentation (#5363)
|
||||
* test: use maximize build space for VM tests (#5362)
|
||||
* chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
|
||||
* fix(report): add escaping quotes in misconfig Title for asff template (#5351)
|
||||
* ci: add workflow to check Go versions of dependencies (#5340)
|
||||
* chore(deps): Upgrade defsec to v0.93.1 (#5348)
|
||||
* chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)
|
||||
* fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)
|
||||
* fix: add config files to FS for post-analyzers (#5333)
|
||||
* fix: fix MIME warnings after updating to Go 1.20 (#5336)
|
||||
* build: fix a compile error with Go 1.21 (#5339)
|
||||
* feat: added `Metadata` into the k8s resource's scan report (#5322)
|
||||
* ci: check only PR's in `actions/stale` (#5337)
|
||||
* chore: update adopters template (#5330)
|
||||
* ci: do not trigger tests on the push event (#5313)
|
||||
* fix(sbom): use PURL or Group and Name in case of Java (#5154)
|
||||
* docs: add buildkite repository to ecosystem page (#5316)
|
||||
* chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)
|
||||
* chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)
|
||||
* chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)
|
||||
* chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)
|
||||
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)
|
||||
* chore: enable go-critic (#5302)
|
||||
* chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)
|
||||
* close java-db client (#5273)
|
||||
* chore(deps): bump docker/login-action from 2 to 3 (#5291)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)
|
||||
* chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)
|
||||
* chore(deps): bump github.com/opencontainers/image-spec (#5295)
|
||||
* fix(report): removes git::http from uri in sarif (#5244)
|
||||
* Improve the meaning of sentence (#5301)
|
||||
* chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)
|
||||
* chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)
|
||||
* add app nil check (#5274)
|
||||
* typo: in secret.md (#5281)
|
||||
* docs: add info about `github` format (#5265)
|
||||
* feat(dotnet): add license support for NuGet (#5217)
|
||||
* docs: correctly export variables (#5260)
|
||||
* chore: Add line numbers for lint output (#5247)
|
||||
* chore(cli): disable java-db flags in server mode (#5263)
|
||||
* feat(db): allow passing registry options (#5226)
|
||||
* chore(deps): Bump up defsec to v0.93.0 (#5253)
|
||||
* refactor(purl): use TypeApk from purl (#5232)
|
||||
* chore: enable more linters (#5228)
|
||||
* ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236)
|
||||
* Fix typo on ide.md (#5239)
|
||||
* refactor: use defined types (#5225)
|
||||
* fix(purl): skip local Go packages (#5190)
|
||||
* docs: update info about license scanning in Yarn projects (#5207)
|
||||
* ci: auto apply labels (#5200)
|
||||
* fix link (#5203)
|
||||
* fix(purl): handle rust types (#5186)
|
||||
* chore: auto-close issues (#5177)
|
||||
* chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)
|
||||
* fix(k8s): kbom support addons labels (#5178)
|
||||
* test: validate SPDX with the JSON schema (#5124)
|
||||
* chore: bump trivy-kubernetes-latest (#5161)
|
||||
* docs: add 'Signature Verification' guide (#4731)
|
||||
* docs: add image-scanner-with-trivy for ecosystem (#5159)
|
||||
* fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)
|
||||
* chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)
|
||||
* Update filtering.md (#5131)
|
||||
* chore(deps): bump sigstore/cosign-installer (#5104)
|
||||
* chore(deps): bump github.com/cyphar/filepath-securejoin (#5143)
|
||||
* chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103)
|
||||
* chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126)
|
||||
* chaging adopters discussion tempalte (#5091)
|
||||
* chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092)
|
||||
* chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095)
|
||||
* chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097)
|
||||
* chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098)
|
||||
* chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106)
|
||||
* docs: add Bitnami (#5078)
|
||||
* feat(docker): add support for scanning Bitnami components (#5062)
|
||||
* feat: add support for .trivyignore.yaml (#5070)
|
||||
* fix(terraform): improve detection of terraform files (#4984)
|
||||
* feat: filter artifacts on --exclude-owned flag (#5059)
|
||||
* fix(sbom): cyclonedx advisory should omit `null` value (#5041)
|
||||
* build: maximize build space for build tests (#5072)
|
||||
* feat: improve kbom component name (#5058)
|
||||
* fix(pom): add licenses for pom artifacts (#5071)
|
||||
* chore(deps): Update defsec to v0.92.0 (#5068)
|
||||
* chore: bump Go to `1.20` (#5067)
|
||||
* feat: PURL matching with qualifiers in OpenVEX (#5061)
|
||||
* feat(java): add graph support for pom.xml (#4902)
|
||||
* feat(swift): add vulns for cocoapods (#5037)
|
||||
* fix: support image pull secret for additional workloads (#5052)
|
||||
* fix: #5033 Superfluous double quote in html.tpl (#5036)
|
||||
* docs(repo): update trivy repo usage and example (#5049)
|
||||
* perf: Optimize Dockerfile for reduced layers and size (#5038)
|
||||
* feat: scan K8s Resources Kind with --all-namespaces (#5043)
|
||||
* fix: vulnerability typo (#5044)
|
||||
* docs: adding a terraform tutorial to the docs (#3708)
|
||||
* feat(report): add licenses to sarif format (#4866)
|
||||
* feat(misconf): show the resource name in the report (#4806)
|
||||
* chore: update alpine base images (#5015)
|
||||
* feat: add Package.resolved swift files support (#4932)
|
||||
* feat(nodejs): parse licenses in yarn projects (#4652)
|
||||
* fix: k8s private registries support (#5021)
|
||||
* bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)
|
||||
* feat(vuln): support last_affected field from osv (#4944)
|
||||
* feat(server): add version endpoint (#4869)
|
||||
* feat: k8s private registries support (#4987)
|
||||
* fix(server): add indirect prop to package (#4974)
|
||||
* docs: add coverage (#4954)
|
||||
* feat(c): add location for lock file dependencies. (#4994)
|
||||
* docs: adding blog post on ec2 (#4813)
|
||||
* revert 32bit bins (#4977)
|
||||
* chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 10 10:51:52 UTC 2023 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.44.1:
|
||||
* fix(report): return severity colors in table format (#4969)
|
||||
* build: maximize available disk space for release (#4937)
|
||||
* test(cli): Fix assertion helptext (#4966)
|
||||
* chore(deps): Bump defsec to v0.91.1 (#4965)
|
||||
* test: validate CycloneDX with the JSON schema (#4956)
|
||||
* fix(server): add licenses to the Result message (#4955)
|
||||
* fix(aws): resolve endpoint if endpoint is passed (#4925)
|
||||
* fix(sbom): move licenses to `name` field in Cyclonedx format (#4941)
|
||||
* add only uniq deps in dependsOn (#4943)
|
||||
* use testify instead of gotest.tools (#4946)
|
||||
* fix(nodejs): do not detect lock file in node_modules as an app (#4949)
|
||||
* bump go-dep-parser (#4936)
|
||||
* chore(deps): bump github.com/openvex/go-vex from 0.2.0 to 0.2.1 (#4914)
|
||||
* chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#4909)
|
||||
* chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#4912)
|
||||
* test(aws): move part of unit tests to integration (#4884)
|
||||
* docs(cli): update help string for file and dir skipping (#4872)
|
||||
* chore(deps): bump sigstore/cosign-installer (#4910)
|
||||
* chore(deps): bump github.com/sosedoff/gitkit from 0.3.0 to 0.4.0 (#4916)
|
||||
* chore(deps): bump k8s.io/api from 0.27.3 to 0.27.4 (#4918)
|
||||
* chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (#4919)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#4913)
|
||||
* chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 (#4915)
|
||||
* docs: update the discussion template (#4928)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 03 11:21:12 UTC 2023 - dmueller@suse.com
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: trivy
|
||||
Version: 0.44.0
|
||||
Version: 0.49.1
|
||||
Release: 0
|
||||
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
|
||||
License: Apache-2.0
|
||||
@ -25,9 +25,9 @@ Group: System/Management
|
||||
URL: https://github.com/aquasecurity/trivy
|
||||
Source: %{name}-%{version}.tar.zst
|
||||
Source1: vendor.tar.zst
|
||||
BuildRequires: golang(API) = 1.21
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: zstd
|
||||
BuildRequires: golang(API) = 1.19
|
||||
Requires: ca-certificates
|
||||
Requires: git-core
|
||||
Requires: rpm
|
||||
|
BIN
vendor.obscpio
(Stored with Git LFS)
BIN
vendor.obscpio
(Stored with Git LFS)
Binary file not shown.
BIN
vendor.tar.zst
(Stored with Git LFS)
BIN
vendor.tar.zst
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user