- Update to version 0.68.1:
* release: v0.68.1 [main] (#9867)
* fix: update cosing settings for GoReleaser after bumping cosing to v3 (#9863)
* chore(deps): bump the testcontainers group with 2 updates (#9506)
* release: v0.68.0 [main] (#9549)
* feat(aws): Add support for dualstack ECR endpoints (#9862)
* fix(vex): use a separate `visited` set for each DFS path (#9760)
* docs: catch some missed docs -> guide (#9850)
* refactor(misconf): parse azure_policy_enabled to addonprofile.azurepolicy.enabled (#9851)
* chore(cli): Remove Trivy Cloud (#9847)
* fix(misconf): ensure value used as ignore marker is non-null and known (#9835)
* fix(misconf): map healthcheck start period flag to --start-period instead of --startPeriod (#9837)
* chore(deps): bump the docker group with 3 updates (#9776)
* chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#9827)
* chore(deps): bump the common group across 1 directory with 20 updates (#9840)
* feat(image): add Sigstore bundle SBOM support (#9516)
* chore(deps): bump the aws group with 7 updates (#9691)
* test(k8s): update k8s integrtion test (#9725)
* chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (#9764)
* feat(sbom): add support for SPDX attestations (#9829)
* docs(misconf): Remove duplicate sections (#9819)
* feat(misconf): Update Azure network schema for new checks (#9791)
* feat(misconf): Update AppService schema (#9792)
* fix(misconf): ensure boolean metadata values are correctly interpreted (#9770)
* feat(misconf): support https_traffic_only_enabled in Az storage account (#9784)
* docs: restructure docs for new hosting (#9799)
* docs(server): fix info about scanning licenses on the client side. (#9805)
* ci: remove unused preinstalled software/images for build tests to free up disk space. (#9814)
* feat(report): add fingerprint generation for vulnerabilities (#9794)
* chore: trigger the trivy-www workflow (#9737)
OBS-URL: https://build.opensuse.org/request/show/1320965
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=83
- Update to version 0.67.2 (bsc#1250625, CVE-2025-11065,
bsc#1248897, CVE-2025-58058):
* release: v0.67.2 [release/v0.67] (#9639)
* fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow [backport: release/v0.67] (#9638)
* release: v0.67.1 [release/v0.67] (#9614)
* fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#9631)
* fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#9629)
* fix: add `buildInfo` for `BlobInfo` in `rpc` package [backport: release/v0.67] (#9615)
* fix(vex): don't use reused BOM [backport: release/v0.67] (#9612)
* release: v0.67.0 [main] (#9432)
* fix(vex): don't suppress vulns for packages with infinity loop (#9465)
* fix(aws): use `BuildableClient` insead of `xhttp.Client` (#9436)
* refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (#9282)
* docs: clarify inline ignore limitations for resource-less checks (#9537)
* fix(k8s): disable parallel traversal with fs cache for k8s images (#9534)
* fix(misconf): handle tofu files in module detection (#9486)
* feat(seal): add seal support (#9370)
* docs: fix modules path and update code example (#9539)
* fix: close file descriptors and pipes on error paths (#9536)
* feat: add documentation URL for database lock errors (#9531)
* fix(db): Dowload database when missing but metadata still exists (#9393)
* feat(cloudformation): support default values and list results in Fn::FindInMap (#9515)
* fix(misconf): unmark cty values before access (#9495)
* feat(cli): change --list-all-pkgs default to true (#9510)
* fix(nodejs): parse workspaces as objects for package-lock.json files (#9518)
* refactor(fs): use underlyingPath to determine virtual files more reliably (#9302)
* refactor: remove google/wire dependency and implement manual DI (#9509)
* chore(deps): bump the aws group with 6 updates (#9481)
* chore(deps): bump the common group across 1 directory with 24 updates (#9507)
* fix(misconf): wrap legacy ENV values in quotes to preserve spaces (#9497)
OBS-URL: https://build.opensuse.org/request/show/1316946
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=82
- Update to version 0.66.0 (bsc#1248937, CVE-2025-58058):
* release: v0.66.0 [main] (#9289)
* chore(deps): bump the aws group with 7 updates (#9419)
* refactor(secret): clarify secret scanner messages (#9409)
* fix(cyclonedx): handle multiple license types (#9378)
* fix(repo): sanitize git repo URL before inserting into report metadata (#9391)
* test: add HTTP basic authentication to git test server (#9407)
* fix(sbom): add support for `file` component type of `CycloneDX` (#9372)
* fix(misconf): ensure module source is known (#9404)
* ci: migrate GitHub Actions from version tags to SHA pinning (#9405)
* fix: create temp file under composite fs dir (#9387)
* chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#9403)
* refactor: switch to stable azcontainerregistry SDK package (#9319)
* chore(deps): bump the common group with 7 updates (#9382)
* refactor(misconf): migrate from custom Azure JSON parser (#9222)
* fix(repo): preserve RepoMetadata on FS cache hit (#9389)
* refactor(misconf): use atomic.Int32 (#9385)
* chore(deps): bump the aws group with 6 updates (#9383)
* docs: Fix broken link to "Built-in Checks" (#9375)
* fix(plugin): don't remove plugins when updating index.yaml file (#9358)
* fix: persistent flag option typo (#9374)
* chore(deps): bump the common group across 1 directory with 26 updates (#9347)
* fix(image): use standardized HTTP client for ECR authentication (#9322)
* refactor: export `systemFileFiltering` Post Handler (#9359)
* docs: update links to Semaphore pages (#9352)
* fix(conda): memory leak by adding closure method for `package.json` file (#9349)
* feat: add timeout handling for cache database operations (#9307)
* fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (#9296)
* fix(misconf): ensure ignore rules respect subdirectory chart paths (#9324)
* chore(deps): bump alpine from 3.21.4 to 3.22.1 (#9301)
OBS-URL: https://build.opensuse.org/request/show/1303631
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=81
