From 7d9d718b33d38e5374b6cf2905ebd9e5f58f652ad805357d83ced644e522df3a Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 23 May 2022 13:51:56 +0000 Subject: [PATCH] Accepting request 978633 from Virtualization:containers - Update to version 0.28.0 (bsc#1199760, CVE-2022-28946): * fix: remove Highlighted from json output (#2131) * fix: remove trivy-kubernetes replace (#2132) * docs: Add Operator docs under Kubernetes section (#2111) * fix(k8s): security-checks panic (#2127) * ci: added k8s scope (#2130) * docs: Update misconfig output in examples (#2128) * fix(misconf): Fix coloured output in Goland terminal (#2126) * docs(secret): Fix default value of --security-checks in docs (#2107) * refactor(report): move colorize function from trivy-db (#2122) * feat: k8s resource scanning (#2118) * chore: add CODEOWNERS (#2121) * feat(image): add `--server` option for remote scans (#1871) * refactor: k8s (#2116) * refactor: export useful APIs (#2108) * docs: fix k8s doc (#2114) * feat(kubernetes): Add report flag for summary (#2112) * fix: Remove problematic advanced rego policies (#2113) * feat(misconf): Add special output format for misconfigurations (#2100) * feat: add k8s subcommand (#2065) * chore: fix make lint version (#2102) * fix(java): handle relative pom modules (#2101) * fix(misconf): Add missing links for non-rego misconfig results (#2094) * feat(misconf): Added fs.FS based scanning via latest defsec (#2084) * chore(deps): bump trivy-issue-action to v0.0.4 (#2091) * chore(deps): bump github.com/twitchtv/twirp (#2077) * chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074) * chore(os): updated fanal version and alpine distroless test (#2086) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075) * chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076) OBS-URL: https://build.opensuse.org/request/show/978633 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=25 --- _service | 2 +- _servicedata | 2 +- trivy-0.27.1.tar.gz | 3 --- trivy-0.28.0.tar.gz | 3 +++ trivy.changes | 45 +++++++++++++++++++++++++++++++++++++++++++++ trivy.spec | 2 +- vendor.tar.gz | 4 ++-- 7 files changed, 53 insertions(+), 8 deletions(-) delete mode 100644 trivy-0.27.1.tar.gz create mode 100644 trivy-0.28.0.tar.gz diff --git a/_service b/_service index c3eac55..95f0992 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/aquasecurity/trivy git - v0.27.1 + v0.28.0 @PARENT_TAG@ v(.*) enable diff --git a/_servicedata b/_servicedata index 9e5ffea..99abbf4 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/aquasecurity/trivy - 55f29b8fb2d18502cfeadfcacd8d8bb38eabb6c6 \ No newline at end of file + afe32928436231e6c05602fd15359c7432520167 \ No newline at end of file diff --git a/trivy-0.27.1.tar.gz b/trivy-0.27.1.tar.gz deleted file mode 100644 index c37fd91..0000000 --- a/trivy-0.27.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:60f38d3dd8a909623895e7925915f67fcf6afd86a7859abda50eadcbbd7820d2 -size 11306313 diff --git a/trivy-0.28.0.tar.gz b/trivy-0.28.0.tar.gz new file mode 100644 index 0000000..41f1d12 --- /dev/null +++ b/trivy-0.28.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f6de9b4ca074827f7a4fac71e244e4e47e7f3e9c038f7e95d443e10c4b479643 +size 14530285 diff --git a/trivy.changes b/trivy.changes index fb2e5bc..227144a 100644 --- a/trivy.changes +++ b/trivy.changes @@ -1,3 +1,48 @@ +------------------------------------------------------------------- +Mon May 23 06:14:37 UTC 2022 - dmueller@suse.com + +- Update to version 0.28.0 (bsc#1199760, CVE-2022-28946): + * fix: remove Highlighted from json output (#2131) + * fix: remove trivy-kubernetes replace (#2132) + * docs: Add Operator docs under Kubernetes section (#2111) + * fix(k8s): security-checks panic (#2127) + * ci: added k8s scope (#2130) + * docs: Update misconfig output in examples (#2128) + * fix(misconf): Fix coloured output in Goland terminal (#2126) + * docs(secret): Fix default value of --security-checks in docs (#2107) + * refactor(report): move colorize function from trivy-db (#2122) + * feat: k8s resource scanning (#2118) + * chore: add CODEOWNERS (#2121) + * feat(image): add `--server` option for remote scans (#1871) + * refactor: k8s (#2116) + * refactor: export useful APIs (#2108) + * docs: fix k8s doc (#2114) + * feat(kubernetes): Add report flag for summary (#2112) + * fix: Remove problematic advanced rego policies (#2113) + * feat(misconf): Add special output format for misconfigurations (#2100) + * feat: add k8s subcommand (#2065) + * chore: fix make lint version (#2102) + * fix(java): handle relative pom modules (#2101) + * fix(misconf): Add missing links for non-rego misconfig results (#2094) + * feat(misconf): Added fs.FS based scanning via latest defsec (#2084) + * chore(deps): bump trivy-issue-action to v0.0.4 (#2091) + * chore(deps): bump github.com/twitchtv/twirp (#2077) + * chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074) + * chore(os): updated fanal version and alpine distroless test (#2086) + * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075) + * chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076) + * feat(report): add support for SPDX (#2059) + * chore(deps): bump actions/setup-go from 2 to 3 (#2073) + * chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071) + * chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069) + * chore(deps): bump actions/stale from 4 to 5 (#2070) + * chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072) + * chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#2079) + * chore: app version 0.27.0 (#2046) + * fix(misconf): added to skip conf files if their scanning is not enabled (#2066) + * docs(secret) fix rule path in docs (#2061) + * docs: change from go.sum to go.mod (#2056) + ------------------------------------------------------------------- Wed Apr 27 12:40:06 UTC 2022 - kastl@b1-systems.de diff --git a/trivy.spec b/trivy.spec index bfa2e2b..19b92f1 100644 --- a/trivy.spec +++ b/trivy.spec @@ -19,7 +19,7 @@ %global goipath github.com/aquasecurity/trivy Name: trivy -Version: 0.27.1 +Version: 0.28.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 diff --git a/vendor.tar.gz b/vendor.tar.gz index 35528fc..a79aba8 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:647114a17ce80a2da0b83fd765c76bca4fbd284f72cb9a877d755a9682ffa7b0 -size 34460802 +oid sha256:ba16ab00fffd9552ee8213cf3bcb9f76c0c9eefb407c2fb85bccb382120fb85d +size 38537843