SHA256
1
0
forked from pool/trivy

Accepting request 1077009 from Virtualization:containers

- Update to version 0.39.0:
  * docs(cli): added makefile and go file to create docs (#3930)
  * chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946)
  * chore: ignore gpg key (#3943)
  * feat(cyclonedx): support dependency graph (#3177)
  * chore(deps): Bump defsec to v0.85.0 (#3940)
  * feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919)
  * feat(server): redis with public TLS certs support (#3783)
  * feat(flag): Add glob support to `--skip-dirs` and `--skip-files`  (#3866)
  * chore: replace make with mage (#3932)
  * fix(sbom): add checksum to files (#3888)
  * chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928)
  * chore: remove unused mount volumes (#3927)
  * feat: add auth support for downloading OCI artifacts (#3915)
  * refactor(purl): use epoch in qualifier (#3913)
  * chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#3727)
  * feat(image): add registry options (#3906)
  * feat(rust): dependency tree and line numbers support for cargo lock file (#3746)
  * chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905)
  * feat(php): add support for location, licenses and graph for composer.lock files (#3873)
  * chore(deps): updates wazero to 1.0.0 (#3904)
  * feat(image): discover SBOM in OCI referrers (#3768)
  * docs: change cache-dir key in config file (#3897)
  * fix(sbom): use release and epoch for SPDX package version (#3896)
  * ci: add gpg signing for RPM packages (#3612)
  * docs: Update incorrect comment for skip-update flag (#3878)
  * refactor(misconf): simplify policy filesystem (#3875)
  * feat(nodejs): parse package.json alongside yarn.lock (#3757)
  * fix(spdx): add PkgDownloadLocation field (#3879)
  * fix(report): try to guess direct deps for dependency tree (#3852)

OBS-URL: https://build.opensuse.org/request/show/1077009
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=49
This commit is contained in:
Dominique Leuenberger 2023-04-03 16:11:13 +00:00 committed by Git OBS Bridge
commit 6ce1e32625
8 changed files with 76 additions and 15 deletions

View File

@ -2,7 +2,7 @@
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="disabled">
<param name="url">https://github.com/aquasecurity/trivy</param> <param name="url">https://github.com/aquasecurity/trivy</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="revision">v0.38.3</param> <param name="revision">v0.39.0</param>
<param name="versionformat">@PARENT_TAG@</param> <param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param> <param name="changesgenerate">enable</param>

View File

@ -1,4 +1,4 @@
<servicedata> <servicedata>
<service name="tar_scm"> <service name="tar_scm">
<param name="url">https://github.com/aquasecurity/trivy</param> <param name="url">https://github.com/aquasecurity/trivy</param>
<param name="changesrevision">a12f58be57931c13b5ba9016bc8afd52bd63d3ae</param></service></servicedata> <param name="changesrevision">ed590966a3efdaf6cbb48e34bfb36ea0884e45d8</param></service></servicedata>

BIN
trivy-0.38.3.tar.zst (Stored with Git LFS)

Binary file not shown.

BIN
trivy-0.39.0.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,18 +1,76 @@
-------------------------------------------------------------------
Mon Apr 03 08:36:44 UTC 2023 - dmueller@suse.com
- Update to version 0.39.0:
* docs(cli): added makefile and go file to create docs (#3930)
* chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946)
* chore: ignore gpg key (#3943)
* feat(cyclonedx): support dependency graph (#3177)
* chore(deps): Bump defsec to v0.85.0 (#3940)
* feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919)
* feat(server): redis with public TLS certs support (#3783)
* feat(flag): Add glob support to `--skip-dirs` and `--skip-files` (#3866)
* chore: replace make with mage (#3932)
* fix(sbom): add checksum to files (#3888)
* chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928)
* chore: remove unused mount volumes (#3927)
* feat: add auth support for downloading OCI artifacts (#3915)
* refactor(purl): use epoch in qualifier (#3913)
* chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#3727)
* feat(image): add registry options (#3906)
* feat(rust): dependency tree and line numbers support for cargo lock file (#3746)
* chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905)
* feat(php): add support for location, licenses and graph for composer.lock files (#3873)
* chore(deps): updates wazero to 1.0.0 (#3904)
* feat(image): discover SBOM in OCI referrers (#3768)
* docs: change cache-dir key in config file (#3897)
* fix(sbom): use release and epoch for SPDX package version (#3896)
* ci: add gpg signing for RPM packages (#3612)
* docs: Update incorrect comment for skip-update flag (#3878)
* refactor(misconf): simplify policy filesystem (#3875)
* feat(nodejs): parse package.json alongside yarn.lock (#3757)
* fix(spdx): add PkgDownloadLocation field (#3879)
* fix(report): try to guess direct deps for dependency tree (#3852)
* chore(amazon): update EOL (#3876)
* fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877)
* feat(amazon): add al2023 support (#3854)
* chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (#3736)
* docs(misconf): Add information about selectors (#3703)
* docs(cli): update CLI docs with cobra (#3815)
* feat: k8s parallel processing (#3693)
* docs: add DefectDojo in the Security Management section (#3871)
* chore(deps): updates wazero to 1.0.0-rc.2 (#3853)
* refactor: add pipeline (#3868)
* feat(cli): add javadb metadata to version info (#3835)
* chore(deps): Move compliance types to defsec (#3842)
* feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#3849)
* feat: add node toleration option (#3823)
* fix: allow mapfs to open dirs (#3867)
* fix(report): update uri only for os class targets (#3846)
* feat(nodejs): Add v3 npm lock file support (#3826)
* feat(nodejs): parse package.json files alongside package-lock.json (#2916)
* docs(misconf): Fix links to built in policies (#3841)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Mar 14 09:56:08 UTC 2023 - dmueller@suse.com Tue Mar 14 09:56:08 UTC 2023 - dmueller@suse.com
- Update to version 0.38.3: - Update to version 0.38.3:
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.86.1 to 1.89.1 (#3827) * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
* fix(java): skip empty files for jar post analyzer (#3832) from 1.86.1 to 1.89.1
* fix(docker): build healthcheck command for line without /bin/sh prefix (#3831) * fix(java): skip empty files for jar post analyzer
* fix(docker): build healthcheck command for line without
/bin/sh prefix
* refactor(license): use goyacc for license parser (#3824) * refactor(license): use goyacc for license parser (#3824)
* chore(deps): bump github.com/docker/docker from 23.0.0-rc.1+incompatible to 23.0.1+incompatible (#3586) * chore(deps): bump github.com/docker/docker from
* fix: populate timeout context to node-collector (#3766) 23.0.0-rc.1+incompatible to 23.0.1+incompatible
* fix: populate timeout context to node-collector
* fix: exclude node collector scanning (#3771) * fix: exclude node collector scanning (#3771)
* fix: display correct flag in error message when skipping java db update #3808 * fix: display correct flag in error message when skipping
java db update #3808
* fix: disable jar analyzer for scanners other than vuln (#3810) * fix: disable jar analyzer for scanners other than vuln (#3810)
* fix(sbom): fix incompliant license format for spdx (#3335) * fix(sbom): fix incompliant license format for spdx (#3335)
* fix(java): the project props take precedence over the parent's props (#3320) * fix(java): the project props take precedence over the
parent's props (#3320)
* docs: add canary build info to README.md (#3799) * docs: add canary build info to README.md (#3799)
* docs: adding link to gh token generation (#3784) * docs: adding link to gh token generation (#3784)
* docs: changing docs in accordance with #3460 (#3787) * docs: changing docs in accordance with #3460 (#3787)

View File

@ -19,7 +19,7 @@
%global goipath github.com/aquasecurity/trivy %global goipath github.com/aquasecurity/trivy
Name: trivy Name: trivy
Version: 0.38.3 Version: 0.39.0
Release: 0 Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0 License: Apache-2.0

BIN
vendor.obscpio (Stored with Git LFS) Normal file

Binary file not shown.

BIN
vendor.tar.zst (Stored with Git LFS)

Binary file not shown.