From c1a1f463527bc2f29997ab59c081fb4f07fd3d63bc3d9f864b75cf23630e9a98 Mon Sep 17 00:00:00 2001 From: Ana Guerrero Date: Wed, 3 Dec 2025 13:13:46 +0000 Subject: [PATCH 1/2] Accepting request 1320965 from Virtualization:containers - Update to version 0.68.1: * release: v0.68.1 [main] (#9867) * fix: update cosing settings for GoReleaser after bumping cosing to v3 (#9863) * chore(deps): bump the testcontainers group with 2 updates (#9506) * release: v0.68.0 [main] (#9549) * feat(aws): Add support for dualstack ECR endpoints (#9862) * fix(vex): use a separate `visited` set for each DFS path (#9760) * docs: catch some missed docs -> guide (#9850) * refactor(misconf): parse azure_policy_enabled to addonprofile.azurepolicy.enabled (#9851) * chore(cli): Remove Trivy Cloud (#9847) * fix(misconf): ensure value used as ignore marker is non-null and known (#9835) * fix(misconf): map healthcheck start period flag to --start-period instead of --startPeriod (#9837) * chore(deps): bump the docker group with 3 updates (#9776) * chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#9827) * chore(deps): bump the common group across 1 directory with 20 updates (#9840) * feat(image): add Sigstore bundle SBOM support (#9516) * chore(deps): bump the aws group with 7 updates (#9691) * test(k8s): update k8s integrtion test (#9725) * chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (#9764) * feat(sbom): add support for SPDX attestations (#9829) * docs(misconf): Remove duplicate sections (#9819) * feat(misconf): Update Azure network schema for new checks (#9791) * feat(misconf): Update AppService schema (#9792) * fix(misconf): ensure boolean metadata values are correctly interpreted (#9770) * feat(misconf): support https_traffic_only_enabled in Az storage account (#9784) * docs: restructure docs for new hosting (#9799) * docs(server): fix info about scanning licenses on the client side. (#9805) * ci: remove unused preinstalled software/images for build tests to free up disk space. (#9814) * feat(report): add fingerprint generation for vulnerabilities (#9794) * chore: trigger the trivy-www workflow (#9737) OBS-URL: https://build.opensuse.org/request/show/1320965 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=83 --- _constraints | 2 +- _scmsync.obsinfo | 4 +- _service | 2 +- _servicedata | 2 +- build.specials.obscpio | 2 +- trivy-0.67.2.tar.zst | 3 -- trivy-0.68.1.tar.zst | 3 ++ trivy.changes | 119 +++++++++++++++++++++++++++++++++++++++++ trivy.spec | 2 +- vendor.tar.zst | 4 +- 10 files changed, 131 insertions(+), 12 deletions(-) delete mode 100644 trivy-0.67.2.tar.zst create mode 100644 trivy-0.68.1.tar.zst diff --git a/_constraints b/_constraints index a275540..3b9592e 100644 --- a/_constraints +++ b/_constraints @@ -2,7 +2,7 @@ - 10 + 14 diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo index 9161313..01fbc87 100644 --- a/_scmsync.obsinfo +++ b/_scmsync.obsinfo @@ -1,4 +1,4 @@ -mtime: 1762785671 -commit: 164877c6629cb2e90213000c34f05c349a050b059b858659c8e8dc8c72e8c662 +mtime: 1764757918 +commit: 9be48396ff34661becca0a625465081e14bcc00512524f8c5226658c82082fac url: https://src.opensuse.org/dirkmueller/trivy.git revision: factory diff --git a/_service b/_service index ae48680..93914b9 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/aquasecurity/trivy git - v0.67.2 + v0.68.1 @PARENT_TAG@ v(.*) enable diff --git a/_servicedata b/_servicedata index 2f6d211..ff87fae 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/aquasecurity/trivy - 60c57ad5ad7f270cecb51dff2dbf4d680114f6f8 \ No newline at end of file + 96290ae3fb1d974fd2f9ec7e37cee43f6b7f1511 \ No newline at end of file diff --git a/build.specials.obscpio b/build.specials.obscpio index 7a34573..ae52f01 100644 --- a/build.specials.obscpio +++ b/build.specials.obscpio @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b857154d411d5657e23bed28b85fc06b8baa6e847450e583d812832f64c18b1d +oid sha256:4f7160b80beafd405e1c4979b85b212e11ad10c356dc62da53c6276ebcd5ad8b size 256 diff --git a/trivy-0.67.2.tar.zst b/trivy-0.67.2.tar.zst deleted file mode 100644 index 7b0196b..0000000 --- a/trivy-0.67.2.tar.zst +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c0af11c2f9d23c4864c87937c5d33a1136592fe3d65054b339ba5321ba2e8b6a -size 52632776 diff --git a/trivy-0.68.1.tar.zst b/trivy-0.68.1.tar.zst new file mode 100644 index 0000000..2454dfd --- /dev/null +++ b/trivy-0.68.1.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:de79a513a649ad495e0f118f91d453ffbc598ab3231eb10fcf2b0d8818c159b5 +size 52162645 diff --git a/trivy.changes b/trivy.changes index 06437e3..fafbd87 100644 --- a/trivy.changes +++ b/trivy.changes @@ -1,3 +1,122 @@ +------------------------------------------------------------------- +Wed Dec 03 10:23:46 UTC 2025 - Dirk Müller + +- Update to version 0.68.1: + * release: v0.68.1 [main] (#9867) + * fix: update cosing settings for GoReleaser after bumping cosing to v3 (#9863) + * chore(deps): bump the testcontainers group with 2 updates (#9506) + * release: v0.68.0 [main] (#9549) + * feat(aws): Add support for dualstack ECR endpoints (#9862) + * fix(vex): use a separate `visited` set for each DFS path (#9760) + * docs: catch some missed docs -> guide (#9850) + * refactor(misconf): parse azure_policy_enabled to addonprofile.azurepolicy.enabled (#9851) + * chore(cli): Remove Trivy Cloud (#9847) + * fix(misconf): ensure value used as ignore marker is non-null and known (#9835) + * fix(misconf): map healthcheck start period flag to --start-period instead of --startPeriod (#9837) + * chore(deps): bump the docker group with 3 updates (#9776) + * chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#9827) + * chore(deps): bump the common group across 1 directory with 20 updates (#9840) + * feat(image): add Sigstore bundle SBOM support (#9516) + * chore(deps): bump the aws group with 7 updates (#9691) + * test(k8s): update k8s integrtion test (#9725) + * chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (#9764) + * feat(sbom): add support for SPDX attestations (#9829) + * docs(misconf): Remove duplicate sections (#9819) + * feat(misconf): Update Azure network schema for new checks (#9791) + * feat(misconf): Update AppService schema (#9792) + * fix(misconf): ensure boolean metadata values are correctly interpreted (#9770) + * feat(misconf): support https_traffic_only_enabled in Az storage account (#9784) + * docs: restructure docs for new hosting (#9799) + * docs(server): fix info about scanning licenses on the client side. (#9805) + * ci: remove unused preinstalled software/images for build tests to free up disk space. (#9814) + * feat(report): add fingerprint generation for vulnerabilities (#9794) + * chore: trigger the trivy-www workflow (#9737) + * fix: update all documentation links (#9777) + * feat(suse): Add new openSUSE, Micro and SLES releases end of life dates (#9788) + * test(go): set `GOPATH` for tests (#9785) + * feat(flag): add `--cacert` flag (#9781) + * fix(misconf): handle unsupported experimental flags in Dockerfile (#9769) + * test(go): refactor mod_test.go to use txtar format (#9775) + * docs: Fix typos and linguistic errors in documentation / hacktoberfest (#9586) + * chore(deps): bump github.com/opencontainers/selinux from 1.12.0 to 1.13.0 (#9778) + * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.4 to 2.1.5 (#9763) + * fix(java): use `true` as default value for Repository Release|Snapshot Enabled in pom.xml and settings.xml files (#9751) + * docs: add info that `SSL_CERT_FILE` works on `Unix systems other than macOS` only (#9772) + * docs: change SecObserve URLs in documentatio (#9771) + * feat(db): enable concurrent access to vulnerability database (#9750) + * feat(misconf): add agentpools to azure container schema (#9714) + * feat(report): switch ReportID from UUIDv4 to UUIDv7 (#9749) + * feat(misconf): Update Azure Compute schema (#9675) + * feat(misconf): Update azure storage schema (#9728) + * feat(misconf): Update SecurityCenter schema (#9674) + * feat(image): pass global context to docker/podman image save func (#9733) + * chore(deps): bump the github-actions group with 4 updates (#9739) + * fix(flag): remove viper.SetDefault to fix IsSet() for config-only flags (#9732) + * feat(license): use separate SPDX ids to ignore SPDX expressions (#9087) + * feat(dotnet): add dependency graph support for .deps.json files (#9726) + * feat(misconf): Add support for configurable Rego error limit (#9657) + * feat(misconf): Add RoleAssignments attribute (#9396) + * feat(report): add image reference to report metadata (#9729) + * fix(os): Add photon 5.0 in supported OS (#9724) + * fix(license): handle SPDX WITH exceptions as single license in category detection (#9380) + * refactor: add case-insensitive string set implementation (#9720) + * feat: include registry and repository in artifact ID calculation (#9689) + * feat(java): add support remote repositories from settings.xml files (#9708) + * fix(sbom): don’t panic on SBOM format if scanned CycloneDX file has empty metadata (#9562) + * docs: update vulnerability reporting guidelines in SECURITY.md (#9395) + * docs: add info about `java-db` subdir (#9706) + * fix(report): correct field order in SARIF license results (#9712) + * test: improve golden file management in integration tests (#9699) + * ci: get base_sha using base.ref (#9704) + * refactor(misconf): mark AVDID fields as deprecated and use ID internally (#9576) + * fix(nodejs): fix npmjs parser.pkgNameFromPath() panic issue (#9688) + * fix: close all opened resources if an error occurs (#9665) + * refactor(misconf): type-safe parser results in generic scanner (#9685) + * feat(image): add RepoTags support for Docker archives (#9690) + * chore(deps): bump github.com/quic-go/quic-go from 0.52.0 to 0.54.1 (#9694) + * feat(misconf): Update Azure Container Schema (#9673) + * ci: use merge commit for apidiff to avoid false positives (#9622) + * feat(misconf): include map key in manifest snippet for diagnostics (#9681) + * refactor(misconf): add ManifestFromYAML for unified manifest parsing (#9680) + * test: update golden files for TestRepository* integration tests (#9684) + * refactor(cli): Update the cloud config command (#9676) + * fix(sbom): add `buildInfo` info as properties (#9683) + * feat: add ReportID field to scan reports (#9670) + * docs: add vulnerability database contribution guide (#9667) + * feat(cli): Add trivy cloud suppport (#9637) + * feat: add ArtifactID field to uniquely identify scan targets (#9663) + * fix(nodejs): use the default ID format to match licenses in pnpm packages. (#9661) + * feat(sbom): use SPDX license IDs list to validate SPDX IDs (#9569) + * fix: use context for analyzers (#9538) + * chore(deps): bump the docker group with 3 updates (#9545) + * chore(deps): bump the aws group with 6 updates (#9547) + * ci(helm): bump Trivy version to 0.67.2 for Trivy Helm Chart 0.19.1 (#9641) + * test(helm): bump up Yamale dependency for Helm chart-testing-action (#9653) + * fix: Trim the end-of-range suffix (#9618) + * test(k8s): use a specific bundle for k8s misconfig scan (#9633) + * fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow (#9636) + * refactor: move the aws config (#9617) + * fix(license): don't normalize `unlicensed` licenses into `unlicense` (#9611) + * fix: using SrcVersion instead of Version for echo detector (#9552) + * feat(fs): change artifact type to repository when git info is detected (#9613) + * fix: add `buildInfo` for `BlobInfo` in `rpc` package (#9608) + * fix(vex): don't use reused BOM (#9604) + * ci: use pull_request_target for apidiff workflow to support fork PRs (#9605) + * fix: restore compatibility for google.protobuf.Value (#9559) + * ci: add API diff workflow (#9600) + * chore(deps): update to module-compatible docker-credential-gcr/v2 (#9591) + * docs: improve documentation for scanning raw IaC configurations (#9571) + * feat: allow ignoring findings by type in Rego (#9578) + * docs: bump pygments from 2.18.0 to 2.19.2 (#9596) + * refactor(misconf): add ID to scan.Rule (#9573) + * fix(java): update order for resolving package fields from multiple demManagement (#9575) + * chore(deps): bump the github-actions group across 1 directory with 9 updates (#9563) + * chore(deps): bump the common group across 1 directory with 7 updates (#9590) + * chore(deps): Switch to go-viper/mapstructure (#9579) + * chore: add context to the cache interface (#9565) + * ci(helm): bump Trivy version to 0.67.0 for Trivy Helm Chart 0.19.0 (#9554) + * fix: validate backport branch name (#9548) + ------------------------------------------------------------------- Mon Nov 10 14:05:45 UTC 2025 - Dirk Müller diff --git a/trivy.spec b/trivy.spec index 4a5cf50..afce6f0 100644 --- a/trivy.spec +++ b/trivy.spec @@ -17,7 +17,7 @@ Name: trivy -Version: 0.67.2 +Version: 0.68.1 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 diff --git a/vendor.tar.zst b/vendor.tar.zst index 7b069e6..4384efd 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d46d1b092e1a7b311a278504edd8842c9d000f4a2bcc1f536cd102dc3a9daff2 -size 42544562 +oid sha256:eecc750ffe8a863533cde96e35f6e85317ea60b9be56a4095e4167a78cc7f49c +size 42000488 -- 2.51.1 From d8a2a02ec0f2eac1b48b69e841980f82f6fb97e07c9451d1e5067e20ecbd597a Mon Sep 17 00:00:00 2001 From: Ana Guerrero Date: Mon, 29 Dec 2025 14:17:35 +0000 Subject: [PATCH 2/2] Accepting request 1324695 from Virtualization:containers - Update to version 0.68.2: * release: v0.68.2 [release/v0.68] (#9950) * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949) * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946) - Update to version 0.68.1 (bsc#1251363, CVE-2025-47911, bsc#1251547, CVE-2025-58190, bsc#1253512, CVE-2025-47913, bsc#1253512, CVE-2025-47913, bsc#1253786, CVE-2025-58181, bsc#1253977, CVE-2025-47914): OBS-URL: https://build.opensuse.org/request/show/1324695 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=84 --- _scmsync.obsinfo | 4 ++-- _service | 2 +- _servicedata | 2 +- build.specials.obscpio | 2 +- trivy-0.68.1.tar.zst | 3 --- trivy-0.68.2.tar.zst | 3 +++ trivy.changes | 13 ++++++++++++- trivy.spec | 2 +- vendor.tar.zst | 4 ++-- 9 files changed, 23 insertions(+), 12 deletions(-) delete mode 100644 trivy-0.68.1.tar.zst create mode 100644 trivy-0.68.2.tar.zst diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo index 01fbc87..fa6ad73 100644 --- a/_scmsync.obsinfo +++ b/_scmsync.obsinfo @@ -1,4 +1,4 @@ -mtime: 1764757918 -commit: 9be48396ff34661becca0a625465081e14bcc00512524f8c5226658c82082fac +mtime: 1767005426 +commit: 2a31742e2345f9d7617b0b7bfde8e3f5c3e6682ad3833fa3b5f7718e12942f32 url: https://src.opensuse.org/dirkmueller/trivy.git revision: factory diff --git a/_service b/_service index 93914b9..cfbe8fc 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/aquasecurity/trivy git - v0.68.1 + v0.68.2 @PARENT_TAG@ v(.*) enable diff --git a/_servicedata b/_servicedata index ff87fae..f98fbe6 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/aquasecurity/trivy - 96290ae3fb1d974fd2f9ec7e37cee43f6b7f1511 \ No newline at end of file + 0c40a8d4b9b943f1b679a20f8ba3cb61c94831de \ No newline at end of file diff --git a/build.specials.obscpio b/build.specials.obscpio index ae52f01..334562c 100644 --- a/build.specials.obscpio +++ b/build.specials.obscpio @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4f7160b80beafd405e1c4979b85b212e11ad10c356dc62da53c6276ebcd5ad8b +oid sha256:ef35e096c64e806417f5b179e789cf9d6e344fe26ad9f74be77f2b06dc54f0f6 size 256 diff --git a/trivy-0.68.1.tar.zst b/trivy-0.68.1.tar.zst deleted file mode 100644 index 2454dfd..0000000 --- a/trivy-0.68.1.tar.zst +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:de79a513a649ad495e0f118f91d453ffbc598ab3231eb10fcf2b0d8818c159b5 -size 52162645 diff --git a/trivy-0.68.2.tar.zst b/trivy-0.68.2.tar.zst new file mode 100644 index 0000000..b9539e7 --- /dev/null +++ b/trivy-0.68.2.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:82d48451586e8b766015af96cda1d07262a8e57cfa4d6abf48fb408f0965801c +size 52162194 diff --git a/trivy.changes b/trivy.changes index fafbd87..c2bb732 100644 --- a/trivy.changes +++ b/trivy.changes @@ -1,7 +1,18 @@ +------------------------------------------------------------------- +Mon Dec 29 09:58:28 UTC 2025 - Dirk Müller + +- Update to version 0.68.2: + * release: v0.68.2 [release/v0.68] (#9950) + * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949) + * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946) + ------------------------------------------------------------------- Wed Dec 03 10:23:46 UTC 2025 - Dirk Müller -- Update to version 0.68.1: +- Update to version 0.68.1 (bsc#1251363, CVE-2025-47911, + bsc#1251547, CVE-2025-58190, bsc#1253512, CVE-2025-47913, + bsc#1253512, CVE-2025-47913, bsc#1253786, CVE-2025-58181, + bsc#1253977, CVE-2025-47914): * release: v0.68.1 [main] (#9867) * fix: update cosing settings for GoReleaser after bumping cosing to v3 (#9863) * chore(deps): bump the testcontainers group with 2 updates (#9506) diff --git a/trivy.spec b/trivy.spec index afce6f0..18b5ebf 100644 --- a/trivy.spec +++ b/trivy.spec @@ -17,7 +17,7 @@ Name: trivy -Version: 0.68.1 +Version: 0.68.2 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 diff --git a/vendor.tar.zst b/vendor.tar.zst index 4384efd..5c671d4 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:eecc750ffe8a863533cde96e35f6e85317ea60b9be56a4095e4167a78cc7f49c -size 42000488 +oid sha256:908be8c2861c1027c232ff3d01bf6d0287b966f761018f26d23d767a9e9eee95 +size 42422889 -- 2.51.1