Changelog

d60fdac fix: goreleaser file
b6cd08c test: build only OS packages
4672907 test: revert signs for goreleaser
49de2e1 ci: use fetch-depth: 1 for trivy-repo
9629e23 test: use ubuntu runner
216951d test: remove unneeded fields
6def66e fix: add buildInfo for BlobInfo in rpc package (aquasecurity#9608)
7422cc7 fix(vex): don't use reused BOM (aquasecurity#9604)
b9e3e0b ci: use pull_request_target for apidiff workflow to support fork PRs (aquasecurity#9605)
aeeb2a1 fix: restore compatibility for google.protobuf.Value (aquasecurity#9559)
d7aa84f ci: add API diff workflow (aquasecurity#9600)
05375d1 chore(deps): update to module-compatible docker-credential-gcr/v2 (aquasecurity#9591)
3671251 docs: improve documentation for scanning raw IaC configurations (aquasecurity#9571)
c638fc6 feat: allow ignoring findings by type in Rego (aquasecurity#9578)
4bef183 docs: bump pygments from 2.18.0 to 2.19.2 (aquasecurity#9596)
19615a8 refactor(misconf): add ID to scan.Rule (aquasecurity#9573)
e286c5e fix(java): update order for resolving package fields from multiple demManagement (aquasecurity#9575)
3962ea4 chore(deps): bump the github-actions group across 1 directory with 9 updates (aquasecurity#9563)
36ab331 chore(deps): bump the common group across 1 directory with 7 updates (aquasecurity#9590)
9058d51 chore(deps): Switch to go-viper/mapstructure (aquasecurity#9579)
719ea29 chore: add context to the cache interface (aquasecurity#9565)
3dd0ebb ci(helm): bump Trivy version to 0.67.0 for Trivy Helm Chart 0.19.0 (aquasecurity#9554)
f0fd432 fix: validate backport branch name (aquasecurity#9548)
adeb362 release: v0.67.0 [main] (aquasecurity#9432)
78f0d4a fix(vex): don't suppress vulns for packages with infinity loop (aquasecurity#9465)
fa6f1bf fix(aws): use BuildableClient insead of xhttp.Client (aquasecurity#9436)
e7c16a7 refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (aquasecurity#9282)
c446a5c docs: clarify inline ignore limitations for resource-less checks (aquasecurity#9537)
c0c7a6b fix(k8s): disable parallel traversal with fs cache for k8s images (aquasecurity#9534)
bfd2f6b fix(misconf): handle tofu files in module detection (aquasecurity#9486)
e4af279 feat(seal): add seal support (aquasecurity#9370)
e149094 docs: fix modules path and update code example (aquasecurity#9539)
a4cbd6a fix: close file descriptors and pipes on error paths (aquasecurity#9536)
eba48af feat: add documentation URL for database lock errors (aquasecurity#9531)
92ebc7e fix(db): Dowload database when missing but metadata still exists (aquasecurity#9393)
42b3bf3 feat(cloudformation): support default values and list results in Fn::FindInMap (aquasecurity#9515)
8e40d27 fix(misconf): unmark cty values before access (aquasecurity#9495)
7b663d8 feat(cli): change --list-all-pkgs default to true (aquasecurity#9510)
404abb3 fix(nodejs): parse workspaces as objects for package-lock.json files (aquasecurity#9518)
352855e refactor(fs): use underlyingPath to determine virtual files more reliably (aquasecurity#9302)
d57b160 refactor: remove google/wire dependency and implement manual DI (aquasecurity#9509)
331cf5d chore(deps): bump the aws group with 6 updates (aquasecurity#9481)
366910b chore(deps): bump the common group across 1 directory with 24 updates (aquasecurity#9507)
267a970 fix(misconf): wrap legacy ENV values in quotes to preserve spaces (aquasecurity#9497)
842ebdc docs: move info about detection priority into coverage section (aquasecurity#9469)
6d562a3 feat(sbom): added support for CoreOS (aquasecurity#9448)
c938806 fix(misconf): strip build metadata suffixes from image history (aquasecurity#9498)
aff03eb feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (aquasecurity#9439)
8b2575b docs: Fix typo in terraform docs (aquasecurity#9492)
cb25a07 feat(redhat): add os-release detection for RHEL-based images (aquasecurity#9458)
8dce58c ci(deps): add 3-day cooldown period for Dependabot updates (aquasecurity#9475)
788f6fa refactor: migrate from go-json-experiment to encoding/json/v2 (aquasecurity#9422)
1ff9ac7 fix(vuln): compare nuget package names in lower case (aquasecurity#9456)
78a70e2 chore: Update release flow to include chocolatey (aquasecurity#9460)
ea0ff34 docs: document eol supportability (aquasecurity#9434)
4a2be6b docs(report): add nuanses about secret/license scanner in summary table (aquasecurity#9442)
4359fe0 ci: use environment variables in GitHub Actions for improved security (aquasecurity#9433)
2185c78 chore: bump Go to 1.24.7 (aquasecurity#9435)
4517e8c fix(nodejs): use snapshot string as Package.ID for pnpm packages (aquasecurity#9330)
a70d8e7 ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (aquasecurity#9425)
7bcb181 release: v0.66.0 [main] (aquasecurity#9289)
2125895 chore(deps): bump the aws group with 7 updates (aquasecurity#9419)
29e9ff7 refactor(secret): clarify secret scanner messages (aquasecurity#9409)
46ab76a fix(cyclonedx): handle multiple license types (aquasecurity#9378)
1ac9b1f fix(repo): sanitize git repo URL before inserting into report metadata (aquasecurity#9391)
6fa3849 test: add HTTP basic authentication to git test server (aquasecurity#9407)
aa7cf43 fix(sbom): add support for file component type of CycloneDX (aquasecurity#9372)
81d9425 fix(misconf): ensure module source is known (aquasecurity#9404)
1d646d6 ci: migrate GitHub Actions from version tags to SHA pinning (aquasecurity#9405)
ce22f54 fix: create temp file under composite fs dir (aquasecurity#9387)
db19b34 chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (aquasecurity#9403)
d1de58a refactor: switch to stable azcontainerregistry SDK package (aquasecurity#9319)
102cbee chore(deps): bump the common group with 7 updates (aquasecurity#9382)
7278718 refactor(misconf): migrate from custom Azure JSON parser (aquasecurity#9222)
4f2a44e fix(repo): preserve RepoMetadata on FS cache hit (aquasecurity#9389)
9594d63 refactor(misconf): use atomic.Int32 (aquasecurity#9385)
8abde2c chore(deps): bump the aws group with 6 updates (aquasecurity#9383)
2bbad03 docs: Fix broken link to "Built-in Checks" (aquasecurity#9375)
5f067ac fix(plugin): don't remove plugins when updating index.yaml file (aquasecurity#9358)
6e99dd3 fix: persistent flag option typo (aquasecurity#9374)
d1adbe3 chore(deps): bump the common group across 1 directory with 26 updates (aquasecurity#9347)
84fbf86 fix(image): use standardized HTTP client for ECR authentication (aquasecurity#9322)
04abb78 refactor: export systemFileFiltering Post Handler (aquasecurity#9359)
e2d30fe docs: update links to Semaphore pages (aquasecurity#9352)
03d039f fix(conda): memory leak by adding closure method for package.json file (aquasecurity#9349)
235c24e feat: add timeout handling for cache database operations (aquasecurity#9307)
04ad0c4 fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (aquasecurity#9296)
d3cd101 fix(misconf): ensure ignore rules respect subdirectory chart paths (aquasecurity#9324)
ea6663a chore(deps): bump alpine from 3.21.4 to 3.22.1 (aquasecurity#9301)
298a994 feat(terraform): use .terraform cache for remote modules in plan scanning (aquasecurity#9277)
c9cb3d1 chore: fix some function names in comment (aquasecurity#9314)
b7b4910 chore(deps): bump the aws group with 7 updates (aquasecurity#9311)
c3efe5d docs: add explanation for how to use non-system certificates (aquasecurity#9081)
406c209 chore(deps): bump the github-actions group across 1 directory with 2 updates (aquasecurity#8962)
1319d8d fix(misconf): preserve original paths of remote submodules from .terraform (aquasecurity#9294)
c0bd700 refactor(terraform): make Scan method of Terraform plan scanner private (aquasecurity#9272)
2458d5e fix: suppress debug log for context cancellation errors (aquasecurity#9298)
5a5e097 feat(secret): implement streaming secret scanner with byte offset tracking (aquasecurity#9264)
1473e88 fix(python): impove package name normalization (aquasecurity#9290)
4d4a244 feat(misconf): added audit config attribute (aquasecurity#9249)
649eb2f refactor(misconf): decouple input fs and track extracted files with fs references (aquasecurity#9281)
b77d6e2 test(misconf): remove BenchmarkCalculate using outdated check metadata (aquasecurity#9291)
b9fb7e5 refactor: simplify Detect function signature (aquasecurity#9280)
44aac2c ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (aquasecurity#9288)
b51c789 fix(fs): avoid shadowing errors in file.glob (aquasecurity#9286)
c4003b2 test(misconf): move terraform scan tests to integration tests (aquasecurity#9271)
a590743 test(misconf): drop gcp iam test covered by another case (aquasecurity#9285)
04d018b chore(deps): bump to alpine from 3.21.3 to 3.21.4 (aquasecurity#9283)
b2b1545 release: v0.65.0 [main] (aquasecurity#9108)
b4ad00f fix(cli): ensure correct command is picked by telemetry (aquasecurity#9260)
ed4640e feat(flag): add schema validation for --server flag (aquasecurity#9270)
1a0c038 chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (aquasecurity#9274)
011cefc ci: skip undefined labels in discussion triage action (aquasecurity#9175)
f4b2cf1 feat(repo): add git repository metadata to reports (aquasecurity#9252)
b4193d0 fix(license): handle WITH operator for LaxSplitLicenses (aquasecurity#9232)
d2d0ec2 chore: add modernize tool integration for code modernization (aquasecurity#9251)
54832a7 fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (aquasecurity#9253)
8f5b560 chore: implement process-safe temp file cleanup (aquasecurity#9241)
6095984 fix: prevent graceful shutdown message on normal exit (aquasecurity#9244)
77bab7b fix(misconf): correctly parse empty port ranges in google_compute_firewall (aquasecurity#9237)
2c05882 feat: add graceful shutdown with signal handling (aquasecurity#9242)
b5da1b8 chore: update template URL for brew formula (aquasecurity#9221)
4bd7512 test: add end-to-end testing framework with image scan and proxy tests (aquasecurity#9231)
5c155e3 refactor(db): use Getter interface with GetParams for trivy-db sources (aquasecurity#9239)
6737966 ci: specify repository for gh cache delete in canary worklfow (aquasecurity#9240)
24715ea ci: remove invalid --confirm flag from gh cache delete command in canary builds (aquasecurity#9236)
7ebc129 fix(misconf): fix log bucket in schema (aquasecurity#9235)
3ada677 chore(deps): bump the common group across 1 directory with 24 updates (aquasecurity#9228)
74f92b5 ci: move runner.os context from job-level env to step-level in canary workflow (aquasecurity#9233)
b4f2457 chore(deps): bump up Trivy-kubernetes to v0.9.1 (aquasecurity#9214)
110f80e feat(misconf): added logging and versioning to the gcp storage bucket (aquasecurity#9226)
1163b04 fix(server): add HTTP transport setup to server mode (aquasecurity#9217)
362be17 chore: update the rpm download Update (aquasecurity#9202)
861d51e feat(alma): add AlmaLinux 10 support (aquasecurity#9207)
fe96436 fix(nodejs): don't use prerelease logic for compare npm constraints (aquasecurity#9208)
6fafbeb fix(rootio): fix severity selection (aquasecurity#9181)
aa944cc fix(sbom): merge in-graph and out-of-graph OS packages in scan results (aquasecurity#9194)
adfa879 fix(cli): panic: attempt to get os.Args[1] when len(os.Args) < 2 (aquasecurity#9206)
51aa022 fix(misconf): correctly adapt azure storage account (aquasecurity#9138)
263845c feat(misconf): add private ip google access attribute to subnetwork (aquasecurity#9199)
60723e6 feat(report): add CVSS vectors in sarif report (aquasecurity#9157)
153318f fix(terraform): for_each on a map returns a resource for every key (aquasecurity#9156)
e306e2d fix: supporting .egg-info/METADATA in python.Packaging analyzer (aquasecurity#9151)
85a156c chore: migrate protoc setup from Docker to buf CLI (aquasecurity#9184)
94c751f ci: delete cache after artifacts upload in canary workflow (aquasecurity#9177)
a822ace refactor: remove aws flag helper message (aquasecurity#9080)
0449787 ci: use gh pr view to get PR number for forked repositories in auto-ready workflow (aquasecurity#9183)
6840eb7 ci: add auto-ready-for-review workflow (aquasecurity#9179)
99cd4e7 feat(image): add Docker context resolution (aquasecurity#9166)
fe26969 ci: optimize golangci-lint performance with cache-based strategy (aquasecurity#9173)
aa5b32a feat: add HTTP request/response tracing support (aquasecurity#9125)
0ecfed6 fix(aws): update amazon linux 2 EOL date (aquasecurity#9176)
2555335 chore: Update release workflow to trigger version updates (aquasecurity#9162)
c6d4607 chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 (aquasecurity#9164)
4d10a81 fix: also check filepath when removing duplicate packages (aquasecurity#9142)
75857e9 chore: add debug log to show image source location (aquasecurity#9163)
4675603 docs: add section on customizing default check data (aquasecurity#9114)
482d383 chore(deps): bump the common group across 1 directory with 9 updates (aquasecurity#9153)
e4a3fd2 docs: partners page content updates (aquasecurity#9149)
bb149fc chore(license): add missed spdx exceptions: (aquasecurity#9147)
8a1d144 docs: trivy partners page updates (aquasecurity#9133)
f224de3 fix: migrate from *.list to *.md5sums files for dpkg (aquasecurity#9131)
2807478 ci(helm): bump Trivy version to 0.64.1 for Trivy Helm Chart 0.16.1 (aquasecurity#9135)
12d6706 feat(sbom): add SHA-512 hash support for CycloneDX SBOM (aquasecurity#9126)
42ccd3d fix(misconf): skip rewriting expr if attr is nil (aquasecurity#9113)
a692f29 fix(license): add missed GFDL-NIV-1.1 and GFDL-NIV-1.2 into Trivy mapping (aquasecurity#9116)
7041a39 fix(cli): Add more non-sensitive flags to telemetry (aquasecurity#9110)
82db2fc fix(alma): parse epochs from rpmqa file (aquasecurity#9101)
c2ddd44 fix(rootio): check full version to detect root.io packages (aquasecurity#9117)
26a08f5 chore: drop FreeBSD 32-bit support (aquasecurity#9102)
143da88 fix(sbom): use correct field for licenses in CycloneDX reports (aquasecurity#9057)
e579746 fix(secret): fix line numbers for multiple-line secrets (aquasecurity#9104)
d44af8c feat(license): observe pkg types option in license scanner (aquasecurity#9091)
c752ccc ci(helm): bump Trivy version to 0.64.0 for Trivy Helm Chart 0.16.0 (aquasecurity#9107)
280491b release: v0.64.0 [main] (aquasecurity#8955)
a6e9807 docs(python): fix type with METADATA file name (aquasecurity#9090)
1e1e1b5 feat: reject unsupported artifact types in remote image retrieval (aquasecurity#9052)
7333c46 chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (aquasecurity#9088)
bac6f7b refactor(misconf): rewrite Rego module filtering using functional filters (aquasecurity#9061)
a9f7dcd feat(terraform): add partial evaluation for policy templates (aquasecurity#8967)
3a0ec0f feat(vuln): add Root.io support for container image scanning (aquasecurity#9073)
41d0f94 feat(sbom): add manufacturer field to CycloneDX tools metadata (aquasecurity#9019)
fd2bc91 fix(cli): add some values to the telemetry call (aquasecurity#9056)
367564a feat(ubuntu): add end of life date for Ubuntu 25.04 (aquasecurity#9077)
3adfd98 refactor: centralize HTTP transport configuration (aquasecurity#9058)
cd7c595 test: include integration tests in linting and fix all issues (aquasecurity#9060)
6bf7ac4 chore(deps): bump the common group across 1 directory with 26 updates (aquasecurity#9063)
5aade69 feat(java): dereference all maven settings.xml env placeholders (aquasecurity#9024)
99c5151 fix(misconf): reduce log noise on incompatible check (aquasecurity#9029)
371b8cc fix(misconf): .Config.User always takes precedence over USER in .History (aquasecurity#9050)
3f41ffa chore(deps): update Docker to v28.2.2 and fix compatibility issues (aquasecurity#9037)
f23d2f6 docs(misconf): simplify misconfiguration docs (aquasecurity#9030)
a58c36d fix(misconf): move disabled checks filtering after analyzer scan (aquasecurity#9002)
64aea25 docs: add PR review policy for maintainers (aquasecurity#9032)
198789a fix(sbom): remove unnecessary OS detection check in SBOM decoding (aquasecurity#9034)
ae85c40 test: improve and extend tests for iac/adapters/arm (aquasecurity#9028)
7cfdbf0 chore: bump up Go version to 1.24.4 (aquasecurity#9031)
19efa9f feat(cli): add version constraints to annoucements (aquasecurity#9023)
40d017b fix(misconf): correct Azure value-to-time conversion in AsTimeValue (aquasecurity#9015)
87118a0 feat(ubuntu): add eol date for 20.04-ESM (aquasecurity#8981)
87fda76 fix(report): don't panic when report contains vulns, but doesn't contain packages for table format (aquasecurity#8549)
875ec3a fix(nodejs): correctly parse packages array of bun.lock file (aquasecurity#8998)
454b894 refactor: use strings.SplitSeq instead of strings.Split in for-loop (aquasecurity#8983)
15f421f docs: change --disable-metrics to --disable-telemetry in example (aquasecurity#8999) (aquasecurity#9003)
57801d0 feat(misconf): add OpenTofu file extension support (aquasecurity#8747)
b91284a refactor(misconf): set Trivy version by default in Rego scanner (aquasecurity#9001)
e1beba2 docs: fix assets with versioning (aquasecurity#8996)
5d050ce docs: add partners page (aquasecurity#8988)
94b12a8 chore(alpine): add EOL date for Alpine 3.22 (aquasecurity#8992)
4ed78e3 fix: don't show corrupted trivy-db warning for first run (aquasecurity#8991)
a619788 Update installation.md (aquasecurity#8979)
65e155f feat(misconf): normalize CreatedBy for buildah and legacy docker builder (aquasecurity#8953)
521be3a chore(k8s): update comments with deprecated command format (aquasecurity#8964)
14d2b83 chore: fix errors and typos in docs (aquasecurity#8963)
ef5f8de fix: Add missing version check flags (aquasecurity#8951)
48258a7 feat(redhat): Add EOL date for RHEL 10. (aquasecurity#8910)
b813527 fix: Correctly check for semver versions for trivy version check (aquasecurity#8948)
c29bb21 refactor(server): change custom advisory and vulnerability data types fr… (aquasecurity#8923)
c0cc8a2 ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (aquasecurity#8946)
69093d2 release: v0.63.0 [main] (aquasecurity#8809)
7e9a54c fix(misconf): use argument value in WithIncludeDeprecatedChecks (aquasecurity#8942)
78e3304 chore(deps): Bump trivy-checks (aquasecurity#8934)
22f040f fix(julia): add Relationship field support (aquasecurity#8939)
c2dde33 feat(minimos): Add support for MinimOS (aquasecurity#8792)
104bbc1 feat(alpine): add maintainer field extraction for APK packages (aquasecurity#8930)
c7b8cc3 feat(echo): Add Echo Support (aquasecurity#8833)
906b037 fix(redhat): Also try to find buildinfo in root layer (layer 0) (aquasecurity#8924)
b15d9a6 fix(wolfi): support new APK database location (aquasecurity#8937)
4f1ab23 feat(k8s): get components from namespaced resources (aquasecurity#8918)
5bae262 refactor(cloudformation): remove unused ScanFile method from Scanner (aquasecurity#8927)
4a7ebb7 refactor(terraform): remove result sorting from scanner (aquasecurity#8928)
3b2a397 feat(misconf): Add support for Minimum Trivy Version (aquasecurity#8880)
1d420e6 docs: improve skipping files documentation (aquasecurity#8749)
5a0bf9e feat(cli): Add available version checking (aquasecurity#8553)
7ca656d feat(nodejs): add a bun.lock analyzer (aquasecurity#8897)
8939451 feat: terraform parser option to set current working directory (aquasecurity#8909)
60fef1b perf(secret): only match secrets of meaningful length, allow example strings to not be matched (aquasecurity#8602)
aaecc29 feat(misconf): export raw Terraform data to Rego (aquasecurity#8741)
6c7cb7a refactor(terraform): simplify AllReferences method signature in Attribute (aquasecurity#8906)
93e6680 fix: check post-analyzers for StaticPaths (aquasecurity#8904)
07ef63b feat: add Bottlerocket OS package analyzer (aquasecurity#8653)
ee52230 feat(license): improve work text licenses with custom classification (aquasecurity#8888)
cae79d6 chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (aquasecurity#8901)
bcf246c chore(deps): bump the common group across 1 directory with 9 updates (aquasecurity#8887)
0229eb7 refactor(license): simplify compound license scanning (aquasecurity#8896)
39f9ed1 feat(license): Support compound licenses (licenses using SPDX operators) (aquasecurity#8816)
fe12771 fix(k8s): use in-memory cache backend during misconfig scanning (aquasecurity#8873)
1dcf816 feat(nodejs): add bun.lock parser (aquasecurity#8851)
c321fdf feat(license): improve work with custom classification of licenses from config file (aquasecurity#8861)
69a5fa1 fix(cli): disable --skip-dir and --skip-files flags for sbom command (aquasecurity#8886)
be8c7b7 fix: julia parser panicing (aquasecurity#8883)
6aff7b0 refactor(db): change logic to detect wrong DB (aquasecurity#8864)
35e8889 fix(cli): don't use allow values for --compliance flag (aquasecurity#8881)
239f65a docs(misconf): Reorganize misconfiguration scan pages (aquasecurity#8206)
38f17c9 fix(server): add missed Relationship field for rpc (aquasecurity#8872)
0b0e406 feat: add JSONC support for comments and trailing commas (aquasecurity#8862)
e97af98 fix(vex): use lo.IsNil to check VEX from OCI artifact (aquasecurity#8858)
26437be feat(go): support license scanning in both GOPATH and vendor (aquasecurity#8843)
9256804 fix(redhat): save contentSets for OS packages in fs/vm modes (aquasecurity#8820)
6ebde88 fix: filter all files when processing files installed from package managers (aquasecurity#8842)
a516775 feat(misconf): add misconfiguration location to junit template (aquasecurity#8793)
c9ba460 docs(vuln): remove OSV for Python from data sources (aquasecurity#8841)
2a21fd8 chore: add an issue template for maintainers (aquasecurity#8838)
3b1426a chore: enable staticcheck (aquasecurity#8815)
6791539 ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (aquasecurity#8836)
dd6a6e5 feat(license): scan vendor directory for license for go.mod files (aquasecurity#8689)
3bf4f44 docs(java): Update info about dev deps in gradle lock (aquasecurity#8830)
2ab8ae9 chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (aquasecurity#8822)
8995838 fix(java): exclude dev dependencies in gradle lockfile (aquasecurity#8803)
a19e0aa fix: octalLiteral from go-critic (aquasecurity#8811)
fa1077b fix(redhat): trim invalid suffix from content_sets in manifest parsing (aquasecurity#8818)
e322f21 chore(deps): bump the common group across 1 directory with 10 updates (aquasecurity#8817)
883c63b fix: use-any from revive (aquasecurity#8810)
3ab459e fix: more revive rules (aquasecurity#8814)
296eb3c docs: change in java.md: fix the Trity -to-> Trivy typo (aquasecurity#8813)
5706603 fix(misconf): check if for-each is known when expanding dyn block (aquasecurity#8808)
6e23ca9 ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (aquasecurity#8802)
6e6af01 release: v0.62.0 [main] (aquasecurity#8669)
bf4cd4f feat(nodejs): add root and workspace for yarn packages (aquasecurity#8535)
6562082 fix: unused-parameter rule from revive (aquasecurity#8794)
573f35c chore(deps): Update trivy-checks (aquasecurity#8798)
43350dd fix: early-return, indent-error-flow and superfluous-else rules from revive (aquasecurity#8796)
7a58ccb fix(k8s): remove using last-applied-configuration (aquasecurity#8791)
471dcc3 refactor(misconf): remove unused methods from providers (aquasecurity#8781)
dd62d4e refactor(misconf): remove unused methods from iac types (aquasecurity#8782)
e10929a fix(misconf): filter null nodes when parsing json manifest (aquasecurity#8785)
ee4f7dc fix: testifylint last issues (aquasecurity#8768)
3ce7d59 fix(misconf): perform operations on attribute safely (aquasecurity#8774)
312649c refactor(ubuntu): update time handling for fixing time (aquasecurity#8780)
427a18e chore(deps): bump golangci-lint to v2.1.2 (aquasecurity#8766)
a95cab0 feat(image): save layers metadata into report (aquasecurity#8394)
7abf5f0 feat(misconf): convert AWS managed policy to document (aquasecurity#8757)
9fbfb04 chore(deps): bump the docker group across 1 directory with 3 updates (aquasecurity#8762)
3032def ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (aquasecurity#8753)
8c9a92b ci(helm): create a helm branch for patches from main (aquasecurity#8673)
0d3efa5 fix(terraform): hcl object expressions to return references (aquasecurity#8271)
6c6beea chore(terraform): option to pass in instanced logger (aquasecurity#8738)
2849abb ci: use Skitionek/notify-microsoft-teams instead of aquasecurity fork (aquasecurity#8740)
4141013 chore(terraform): remove os.OpenPath call from terraform file functions (aquasecurity#8737)
b7cbbdc chore(deps): bump the common group across 1 directory with 23 updates (aquasecurity#8733)
93efe07 feat(rust): add root and workspace relationships/package for cargo lock files (aquasecurity#8676)
8e25ca0 refactor(misconf): remove module outputs from parser.EvaluateAll (aquasecurity#8587)
efd177b fix(misconf): populate context correctly for module instances (aquasecurity#8656)
b7dfd64 fix(misconf): check if metadata is not nil (aquasecurity#8647)
195880b refactor(misconf): switch to x/json (aquasecurity#8719)
9a5383e fix(report): clean buffer after flushing (aquasecurity#8725)
346a6b7 ci: improve PR title validation workflow (aquasecurity#8720)
4a38d01 refactor(flag): improve flag system architecture and extensibility (aquasecurity#8718)
e25de25 fix(terraform): evaluateStep to correctly set EvalContext for multiple instances of blocks (aquasecurity#8555)
4b84dab refactor: migrate from github.com/aquasecurity/jfather to github.com/go-json-experiment/json (aquasecurity#8591)
9792611 feat(misconf): support auto_provisioning_defaults in google_container_cluster (aquasecurity#8705)
13608ea ci: use github.event.pull_request.user.login for release PR check workflow (aquasecurity#8702)
a0dc3b6 refactor: add hook interface for extended functionality (aquasecurity#8585)
9dcd06f fix(misconf): add missing variable as unknown (aquasecurity#8683)
12cf218 docs: Update maintainer docs (aquasecurity#8674)
8613832 ci(vuln): reduce github action script injection attack risk (aquasecurity#8610)
a032ad6 fix(secret): ignore .dist-info directories during secret scanning (aquasecurity#8646)
36f8d0f fix(server): fix redis key when trying to delete blob (aquasecurity#8649)
f1329c7 chore(deps): bump the testcontainers group with 2 updates (aquasecurity#8650)
c5e03f7 test: use aquasecurity repository for test images (aquasecurity#8677)
a8a7ddb chore(deps): bump the aws group across 1 directory with 5 updates (aquasecurity#8652)
bff0e9b fix(k8s): skip passed misconfigs for the summary report (aquasecurity#8684)
cc47711 fix(k8s): correct compare artifact versions (aquasecurity#8682)
b9b27fc chore: update Docker lib (aquasecurity#8681)
bfa99d2 refactor(misconf): remove unused terraform attribute methods (aquasecurity#8657)
890a360 feat(misconf): add option to pass Rego scanner to IaC scanner (aquasecurity#8369)
ad1c379 chore: typo fix to replace rego with repo on the RepoFlagGroup options error output (aquasecurity#8643)
dd28d4e docs: Add info about helm charts release (aquasecurity#8640)
1d42969 ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (aquasecurity#8638)
7f41822 release: v0.61.0 [main] (aquasecurity#8507)
5b7704d fix(misconf): Improve logging for unsupported checks (aquasecurity#8634)
1bf0117 feat(k8s): add support for controllers (aquasecurity#8614)
346f5b3 fix(debian): don't include empty licenses for dpkgs (aquasecurity#8623)
ad58cf4 fix(misconf): Check values wholly prior to evalution (aquasecurity#8604)
c76764e chore(deps): Bump trivy-checks (aquasecurity#8619)
dbb6f28 fix(k8s): show report for --report all (aquasecurity#8613)
548a340 chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (aquasecurity#8597)
c80310d refactor: rename scanner to service (aquasecurity#8584)
de7eb13 fix(misconf): do not skip loading documents from subdirectories (aquasecurity#8526)
f07030d refactor(misconf): get a block or attribute without calling HasChild (aquasecurity#8586)
ba77dbe fix(misconf): identify the chart file exactly by name (aquasecurity#8590)
7bafdca test: use table-driven tests in Helm scanner tests (aquasecurity#8592)
68b164d refactor(misconf): Simplify misconfig checks bundle parsing (aquasecurity#8533)
8e1019d chore(deps): bump the common group across 1 directory with 10 updates (aquasecurity#8566)
400a79c fix(misconf): do not use cty.NilVal for non-nil values (aquasecurity#8567)
fe400ea docs(cli): improve flag value display format (aquasecurity#8560)
1f05b45 fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (aquasecurity#8548)
6973da6 docs: remove slack (aquasecurity#8565)
8b88238 fix: use --file-patterns flag for all post analyzers (aquasecurity#7365)
e8c32de docs(python): Mention pip-compile (aquasecurity#8484)
9913465 feat(misconf): adapt aws_opensearch_domain (aquasecurity#8550)
0d9865f feat(misconf): adapt AWS::EC2::VPC (aquasecurity#8534)
9bedd98 docs: fix a broken link (aquasecurity#8546)
c228307 fix(fs): check postAnalyzers for StaticPaths (aquasecurity#8543)
126d6cd refactor(misconf): remove unused methods for ec2.Instance (aquasecurity#8536)
b57eccb feat(misconf): adapt aws_default_security_group (aquasecurity#8538)
8bf6caf feat(fs): optimize scanning performance by direct file access for known paths (aquasecurity#8525)
8112cdf feat(misconf): adapt AWS::DynamoDB::Table (aquasecurity#8529)
124e161 style: Fix MD syntax in self-hosting.md (aquasecurity#8523)
7b96351 perf(misconf): retrieve check metadata from annotations once (aquasecurity#8478)
573502e feat(misconf): Add support for aws_ami (aquasecurity#8499)
c7814f1 fix(misconf): skip Azure CreateUiDefinition (aquasecurity#8503)
19e2c10 refactor(misconf): use OPA v1 (aquasecurity#8518)
41512f8 fix(misconf): add ephemeral block type to config schema (aquasecurity#8513)
0e5e909 perf(misconf): parse input for Rego once (aquasecurity#8483)
529957e feat: replace TinyGo with standard Go for WebAssembly modules (aquasecurity#8496)
fe09410 chore: replace deprecated tenv linter with usetesting (aquasecurity#8504)
e5072f1 fix(spdx): save text licenses into otherLicenses without normalize (aquasecurity#8502)
a930561 chore(deps): bump the common group across 1 directory with 13 updates (aquasecurity#8491)
463b117 chore: use go.mod for managing Go tools (aquasecurity#8493)
2998dcd ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (aquasecurity#8494)
a4009f6 release: v0.60.0 [main] (aquasecurity#8327)
85cca8c fix(sbom): improve logic for binding direct dependency to parent component (aquasecurity#8489)
9892d04 chore(deps): remove missed replace of trivy-db (aquasecurity#8492)
8a89b2b chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (aquasecurity#8490)
57b08d6 chore(deps): update Go to 1.24 and switch to go-version-file (aquasecurity#8388)
453c66d docs: add abbreviation list (aquasecurity#8453)
f670602 chore(terraform): assign *terraform.Module 'parent' field (aquasecurity#8444)
dd54f80 feat: add report summary table (aquasecurity#8177)
ab1cf03 chore(deps): bump the github-actions group with 3 updates (aquasecurity#8473)
1f85b27 refactor(vex): improve SBOM reference handling with project standards (aquasecurity#8457)
da0b876 ci: update GitHub Actions cache to v4 (aquasecurity#8475)
d464807 feat: add --vuln-severity-source flag (aquasecurity#8269)
6b4cebe fix(os): add mapping OS aliases (aquasecurity#8466)
af1ea64 chore(deps): bump the aws group across 1 directory with 7 updates (aquasecurity#8468)
09cdae6 chore(deps): Bump trivy-checks to v1.7.1 (aquasecurity#8467)
3d3a3d6 refactor(report): write tables after rendering all results (aquasecurity#8357)
036ab75 docs: update VEX documentation index page (aquasecurity#8458)
bb3cca6 fix(db): fix case when 2 trivy-db were copied at the same time (aquasecurity#8452)
a99498c feat(misconf): render causes for Terraform (aquasecurity#8360)
a994453 fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (aquasecurity#8073)
4820eb7 feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (aquasecurity#8254)
3840d90 chore(deps): update go-rustaudit location (aquasecurity#8450)
49456ba fix: update all documentation links (aquasecurity#8045)
b3521e8 chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (aquasecurity#8443)
50364b8 chore(deps): bump the common group with 6 updates (aquasecurity#8411)
f987e41 fix(k8s): add missed option PkgRelationships (aquasecurity#8442)
ecc01bb fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (aquasecurity#8346)
e58dcfc feat(go): fix parsing main module version for go >= 1.24 (aquasecurity#8433)
9c609c4 refactor(misconf): make Rego scanner independent of config type (aquasecurity#7517)
a3cd693 fix(image): disable AVD-DS-0007 for history scanning (aquasecurity#8366)
a1c4bd7 fix(server): secrets inspectation for the config analyzer in client server mode (aquasecurity#8418)
613fc71 chore: remove mockery (aquasecurity#8417)
e9b3f0b test(server): replace mock driver with memory cache in server tests (aquasecurity#8416)
10b8127 test: replace mock with memory cache and fix non-deterministic tests (aquasecurity#8410)
5ed6fc6 test: replace mock with memory cache in scanner tests (aquasecurity#8413)
24d0e2b test: use memory cache (aquasecurity#8403)
72ea4b0 fix(spdx): init pkgFilePaths map for all formats (aquasecurity#8380)
9637286 chore(deps): bump the common group across 1 directory with 11 updates (aquasecurity#8381)
a3a68c6 docs: correct Ruby documentation (aquasecurity#8402)
3e503a0 chore: bump mockery to update v2.52.2 version and rebuild mock files (aquasecurity#8390)
8715e5d fix: don't use scope for trivy registry login command (aquasecurity#8393)
b675b06 fix(go): merge nested flags into string for ldflags for Go binaries (aquasecurity#8368)
f9c5043 chore(terraform): export module path on terraform modules (aquasecurity#8374)
398620b fix(terraform): apply parser options to submodule parsing (aquasecurity#8377)
02ebb4c docs: Fix typos in documentation (aquasecurity#8361)
7b10def docs: fix navigate links (aquasecurity#8336)
04c80a6 ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (aquasecurity#8354)
f7b3f87 ci(spdx): add aqua-installer step to fix mage error (aquasecurity#8353)
ffa3023 chore: remove debug prints (aquasecurity#8347)
5695eb2 fix(misconf): do not log scanners when misconfig scanning is disabled (aquasecurity#8345)
3eb0b03 fix(report): remove html escaping for shortDescription and fullDescription fields for sarif reports (aquasecurity#8344)
3e13633 chore(deps): bump Go to v1.23.5 (aquasecurity#8341)
10cd98c fix(python): add poetry v2 support (aquasecurity#8323)
9b74384 chore(deps): bump the github-actions group across 1 directory with 4 updates (aquasecurity#8331)
39789ff fix(misconf): ecs include enhanced for container insights (aquasecurity#8326)
bd5baaf fix(sbom): preserve OS packages from multiple SBOMs (aquasecurity#8325)
1d5ab92 ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (aquasecurity#8311)
a58d685 release: v0.59.0 [main] (aquasecurity#8041)
73bd20d feat(image): return error early if total size of layers exceeds limit (aquasecurity#8294)
0031a38 chore(deps): Bump trivy-checks (aquasecurity#8310)
87f3751 chore(terraform): add accessors to underlying raw hcl values (aquasecurity#8306)
2e8e38a fix: improve conversion of image config to Dockerfile (aquasecurity#8308)
f258fd5 docs: replace short codes with Unicode emojis (aquasecurity#8296)
db9e57a feat(k8s): improve artifact selections for specific namespaces (aquasecurity#8248)
da7bba9 chore: update code owners (aquasecurity#8303)
0a3887c fix(misconf): handle heredocs in dockerfile instructions (aquasecurity#8284)
846498d fix: de-duplicate same dpkg packages with different filePaths from different layers (aquasecurity#8298)
d749b62 chore(deps): bump the aws group with 7 updates (aquasecurity#8299)
13fe2ee chore(deps): bump the common group with 12 updates (aquasecurity#8301)
60491f8 chore: enable int-conversion from perfsprint (aquasecurity#8194)
b5062f3 feat(fs): use git commit hash as cache key for clean repositories (aquasecurity#8278)
aec8885 fix(spdx): use the hasExtractedLicensingInfos field for licenses that are not listed in the SPDX (aquasecurity#8077)
715575d chore: use require.ErrorContains when possible (aquasecurity#8291)
509e030 feat(image): prevent scanning oversized container images (aquasecurity#8178)
cc66d6d chore(deps): use aqua forks for github.com/liamg/jfather and github.com/liamg/iamgo (aquasecurity#8289)
eafd810 fix(fs): fix cache key generation to use UUID (aquasecurity#8275)
f12054e fix(misconf): correctly handle all YAML tags in K8S templates (aquasecurity#8259)
4316bcb feat: add support for registry mirrors (aquasecurity#8244)
2acd8e3 chore(deps): bump the common group across 1 directory with 29 updates (aquasecurity#8261)
2d30dd7 refactor(license): improve license expression normalization (aquasecurity#8257)
c002327 feat(misconf): support for ignoring by inline comments for Dockerfile (aquasecurity#8115)
6d84e0c feat: add a examples field to check metadata (aquasecurity#8068)
4f77e01 chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (aquasecurity#8196)
011012a ci: add workflow to restrict direct PRs to release branches (aquasecurity#8240)
ae28398 fix(suse): SUSE - update OSType constants and references for compatility (aquasecurity#8236)
92697c7 ci: fix path to main dir for canary builds (aquasecurity#8231)
ca41a28 chore(secret): add reported issues related to secrets in junit template (aquasecurity#8193)
243e5a3 refactor: use trivy-checks/pkg/specs package (aquasecurity#8226)
0aa2607 ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (aquasecurity#8170)
23dc3a6 fix(misconf): allow null values only for tf variables (aquasecurity#8112)
a0429f7 feat(misconf): support for ignoring by inline comments for Helm (aquasecurity#8138)
f352f6b fix(redhat): check usr/share/buildinfo/ dir to detect content sets (aquasecurity#8222)
f9a6a71 chore(alpine): add EOL date for Alpine 3.21 (aquasecurity#8221)
670fbf2 fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (aquasecurity#8207)
bbc5a85 fix(misconf): disable git terminal prompt on tf module load (aquasecurity#8026)
70f3faa chore: remove aws iam related scripts (aquasecurity#8179)
e8085ba docs: Updated JSON schema version 2 in the trivy documentation (aquasecurity#8188)
4f111b9 refactor(python): use once + debug for License acquired from METADATA... logs (aquasecurity#8175)
03db7fc refactor: use slices package instead of custom function (aquasecurity#8172)
eedefdd chore(deps): bump the common group with 6 updates (aquasecurity#8162)
49c54b4 feat(python): add support for uv dev and optional dependencies (aquasecurity#8134)
774e04d feat(python): add support for poetry dev dependencies (aquasecurity#8152)
735335f fix(sbom): attach nested packages to Application (aquasecurity#8144)
9fd5cc5 docs(vex): use debian minor version in examples (aquasecurity#8166)
b5859d3 refactor: add generic Set implementation (aquasecurity#8149)
e6d0ba5 chore(deps): bump the aws group across 1 directory with 6 updates (aquasecurity#8163)
a034d26 fix(python): skip dev group's deps for poetry (aquasecurity#8106)
7558df7 fix(sbom): use root package for unknown dependencies (if exists) (aquasecurity#8104)
30c7cb1 chore(deps): bump golang.org/x/net from v0.32.0 to v0.33.0 (aquasecurity#8140)
95f7a56 chore(vex): suppress CVE-2024-45338 (aquasecurity#8137)
c4a4a5f feat(python): add support for uv (aquasecurity#8080)
49f3540 chore(deps): bump the docker group across 1 directory with 3 updates (aquasecurity#8127)
dcf28a1 chore(deps): bump the common group across 1 directory with 14 updates (aquasecurity#8126)
e79e73d chore: bump go to 1.23.4 (aquasecurity#8123)
17827db test: set dummy value for NUGET_PACKAGES (aquasecurity#8107)
f0b3a99 chore(deps): bump github.com/CycloneDX/cyclonedx-go from v0.9.1 to v0.9.2 (aquasecurity#8105)
e7507f0 chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (aquasecurity#8103)
2200f38 fix: wasm module test (aquasecurity#8099)
d7ac286 fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (aquasecurity#8088)
328db73 chore(vex): suppress CVE-2024-45337 (aquasecurity#8101)
f5e4291 fix(license): always trim leading and trailing spaces for licenses (aquasecurity#8095)
f9fceb5 fix(sbom): scan results of SBOMs generated from container images are missing layers (aquasecurity#7635)
4202c4b fix(redhat): correct rewriting of recommendations for the same vulnerability (aquasecurity#8063)
156a2aa fix: enable err-error and errorf rules from perfsprint linter (aquasecurity#7859)
e8b31bf chore(deps): bump the aws group across 1 directory with 6 updates (aquasecurity#8074)
9bd6ed7 perf: avoid heap allocation in applier findPackage (aquasecurity#7883)
2c41ac8 fix: Updated twitter icon (aquasecurity#7772)
11dbf54 docs(k8s): add a note about multi-container pods (aquasecurity#7815)
da17dc7 feat: add --distro flag to manually specify OS distribution for vulnerability scanning (aquasecurity#8070)
90f1d8d fix(oracle): add architectures support for advisories (aquasecurity#4809)
51f2123 fix: handle BLOW_UNKNOWN error to download DBs (aquasecurity#8060)
ffe24e1 feat(misconf): generate placeholders for random provider resources (aquasecurity#8051)
fd07074 fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (aquasecurity#8052)
5e68bdc fix(flag): skip hidden flags for --generate-default-config command (aquasecurity#8046)
9d9f80d fix(java): correctly overwrite version from depManagement if dependency uses project.* props (#8050)
7389961 feat(nodejs): respect peer dependencies for dependency tree (#7989)
1feb81c ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038)
21b68e1 fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580)
71391a5 chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029)
07b2d7f fix(misconf): use log instead of fmt for logging (#8033)
775f954 docs: add commercial content (#8030)
cd01f23 release: v0.58.0 [main] (#7874)
54130dc fix(misconf): wrap AWS EnvVar to iac types (#7407)
a16270c chore(deps): Upgrade trivy-checks (#8018)
511b7d3 refactor(misconf): Remove unused options (#7896)
eaf8d41 docs: add terminology page to explain Trivy concepts (#7996)
d622ca2 feat: add workspaceRelationship (#7889)
0627992 refactor(sbom): simplify relationship generation (#7985)
c238c51 chore: remove Go checks (#7907)
745be1a docs: improve databases documentation (#7732)
f5bdc79 refactor: remove support for custom Terraform checks (#7901)
ad0ff5d docs: fix dead links (#7998)
7e2a8cb docs: drop AWS account scanning (#7997)
aeeba70 fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995)
4cfb2a9 fix(cli): Handle empty ignore files more gracefully (#7962)
fbc42a0 fix(misconf): load full Terraform module (#7925)
fe3a897 fix(misconf): properly resolve local Terraform cache (#7983)
44c7fdd refactor(k8s): add v prefix for Go packages (#7839)
5a93a77 test: replace Go checks with Rego (#7867)
e9a899a feat(misconf): log causes of HCL file parsing errors (#7634)
9054303 chore(deps): bump the aws group across 1 directory with 7 updates (#7991)
83cb3da chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990)
53d12bc chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992)
32951f9 chore: downgrade the failed block expand message to debug (#7964)
de3b7ea fix(misconf): do not erase variable type for child modules (#7941)
5448ba2 feat(go): construct dependencies of go.mod main module in the parser (#7977)
bcdc0bb feat(go): construct dependencies in the parser (#7973)
e0f2054 feat: add cvss v4 score and vector in scan response (#7968)
de523ff docs: add overview page for others (#7972)
461a68a fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871)
45d3b40 feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965)
9688370 chore(deps): bump the common group with 4 updates (#7949)
b9b383e feat(oracle): add flavors support (#7858)
9988147 fix(misconf): Update trivy-checks default repo to mirror.gcr.io (#7953)
6565bef chore(deps): Bump up trivy-checks to v1.3.0 (#7959)
797b36f fix(k8s): check all results for vulnerabilities (#7946)
516e7cb ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945)
132d9df feat(secret): Add built-in secrets rules for Private Packagist (#7826)
afd7216 docs: Fix broken links (#7900)
9169f6f docs: fix mistakes/typos (#7942)
5ba9a83 feat: Update registry fallbacks (#7679)
07915da fix(alpine): add UID for removed packages (#7887)
58fdab2 chore(deps): bump the aws group with 6 updates (#7902)
40f6e35 chore(deps): bump the common group with 6 updates (#7904)
d982e6a fix(debian): infinite loop (#7928)
38775a5 fix(redhat): don't return error if root/buildinfo/content_manifests/ contains files that are not contentSets files (#7912)
a5f0ef5 docs: add note about temporary podman socket (#7921)
94791f8 docs: combine trivy.dev into trivy docs (#7884)
0d3d934 test: change branch in spdx schema link to check in integration tests (#7935)
c8add84 docs: add Headlamp to the Trivy Ecosystem page (#7916)
19aea4b fix(report): handle [email protected] schema for misconfigs in sarif report (#7898)
bdfcc19 chore(k8s): enhance k8s scan log (#6997)
611558e fix(terraform): set null value as fallback for missing variables (#7669)
99b2db3 fix(misconf): handle null properties in CloudFormation templates (#7813)
ab32297 fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882)
6018461 chore(deps): bump the common group across 1 directory with 20 updates (#7876)
6e3252b chore: bump containerd to v2.0.0 (#7875)
eda4d76 fix: Improve version comparisons when build identifiers are present (#7873)
b1c7f55 feat(k8s): add default commands for unknown platform (#7863)
ed2288f chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868)
2529b58 refactor(secret): optimize performance by moving ToLower operation outside loop (#7862)
a6a45b3 test: save containerd image into archive and use in tests (#7816)
a9b557d chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854)
4da59bd chore: bump golangci-lint to v1.61.0 (#7853)
efec326 release: v0.57.0 [main] (#7710)
7632625 chore: lint errors.Join (#7845)
5e78b6c feat(db): append errors (#7843)
dc44946 docs(java): add info about supported scopes (#7842)
7654b2e docs: add example of creating whitelist of checks (#7821)
194d4ab chore(deps): Bump trivy-checks (#7819)
e872ec0 fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)
7882776 fix(k8s): skip resources without misconfigs (#7797)
f2bb9c6 fix(sbom): use Annotation instead of AttributionTexts for SPDX formats (#7811)
b661d68 fix(cli): add config name to skip-policy-update alias (#7820)
6fab88d fix(helm): properly handle multiple archived dependencies (#7782)
c70b6fa refactor(misconf): Deprecate EXCEPTIONS for misconfiguration scanning (#7776)
c434775 fix(k8s)!: support k8s multi container (#7444)
7a4f4d8 fix(k8s): support kubernetes v1.31 (#7810)
63dd3d6 docs: add Windows install instructions (#7800)
a16b830 ci(helm): auto public Helm chart after PR merged (#7526)
ad3c09e feat: add end of life date for Ubuntu 24.10 (#7787)
c0d79fa feat(report): update gitlab template to populate operating_system value (#7735)
f75c0d1 feat(misconf): Show misconfig ID in output (#7762)
9514148 feat(misconf): export unresolvable field of IaC types to Rego (#7765)
010b213 refactor(k8s): scan config files as a folder (#7690)
f6acdf7 fix(license): fix license normalization for Universal Permissive License (#7766)
57e24aa fix: enable usestdlibvars linter (#7770)
8d5dbc9 fix(misconf): properly expand dynamic blocks (#7612)
c225883 feat(cyclonedx): add file checksums to CycloneDX reports (#7507)
35fd018 fix(misconf): fix for Azure Storage Account network acls adaptation (#7602)
cd44bb4 refactor(misconf): simplify k8s scanner (#7717)
a7baa93 feat(parser): ignore white space in pom.xml files (#7747)
922949a test: use forked images (#7755)
778df82 fix(java): correctly inherit version and scope from upper/root depManagement and dependencies into parents (#7541)
c8c14d3 fix(misconf): check if property is not nil before conversion (#7578)
9da84f5 fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577)
2eaa17e feat(misconf): ssl_mode support for GCP SQL DB instance (#7564)
bcfc37b test: define constants for test images (#7739)
83e5b83 docs: add note about disabled DS016 check (#7724)
ad91412 feat(misconf): public network support for Azure Storage Account (#7601)
633a7ab feat(cli): rename trivy auth to trivy registry (#7727)
31aa20a docs: apt-transport-https is a transitional package (#7678)
c78f45b refactor(misconf): introduce generic scanner (#7515)
672e886 fix(cli): clean --all deletes only relevant dirs (#7704)
27117f8 feat(cli): add trivy auth (#7664)
1f2e91b fix(sbom): add options for DBs in private registries (#7660)
55b5a7e docs(report): fix reporting doc format (#7671)
fdf203c fix(repo): git clone output to Stderr (#7561)
a585e95 fix(redhat): include arch in PURL qualifiers (#7654)
015bb88 fix(report): Fix invalid URI in SARIF report (#7645)
ab3a3b2 docs(report): Improve SARIF reporting doc (#7655)
2c87f0c fix(db): fix javadb downloading error handling (#7642)
cb0b3a9 feat(cli): error out when ignore file cannot be found (#7624)
d246401 release: v0.56.0 [main] (#7447)
fcaea74 fix(misconf): not to warn about missing selectors of libraries (#7638)
69bf7e0 feat: support RPM archives (#7628)
3e1fa21 fix(secret): change grafana token regex to find them without unquoted (#7627)
8735242 chore(deps): Bump trivy-checks to v1.1.0 (#7631)
82e2adc fix(misconf): Disable deprecated checks by default (#7632)
1faf529 chore: add prefixes to log messages (#7625)
c0e8da3 feat(misconf): Support --skip-* for all included modules (#7579)
3562529 feat: support multiple DB repositories for vulnerability and Java DB (#7605)
7602d14 ci: don't use cache for setup-go (#7622)
d4edeb5 test: use loaded image names (#7617)
b836232 feat(java): add empty versions if pom.xml dependency versions can't be detected (#7520)
60725f8 feat(secret): enhance secret scanning for python binary files (#7223)
9d1be41 refactor: fix auth error handling (#7615)
cb16d43 ci: split save and restore cache actions (#7614)
de40df9 fix(misconf): disable DS016 check for image history analyzer (#7540)
efdb68d feat(suse): added SUSE Linux Enterprise Micro support (#7294)
ef0a27d feat(misconf): add ability to disable checks by ID (#7536)
ea0cf03 fix(misconf): escape all special sequences (#7558)
9baf658 test: use a local registry for remote scanning (#7607)
a8fbe46 fix: allow access to '..' in mapfs (#7575)
13ef3e7 fix(db): check DownloadedAt for trivy-java-db (#7592)
3fa24e8 chore(deps): bump the common group across 1 directory with 20 updates (#7604)
1fdf30a ci: add workflow_dispatch trigger for test workflow. (#7606)
fea7250 ci: cache test images for integration, VM and module tests (#7599)
bbc8e1d chore(deps): remove broken replaces for opa and discovery (#7600)
8128ecc docs(misconf): Add more info on how to use arbitrary JSON/YAML scan feat (#7458)
37d549e fix(misconf): Fixed scope for China Cloud (#7560)
1f9fc13 perf(misconf): use port ranges instead of enumeration (#7549)
5dd94eb fix(sbom): export bom-ref when converting a package to a component (#7340)
dbd2dd6 refactor(misconf): pass options to Rego scanner as is (#7529)
aeb7039 fix(sbom): parse type framework as library when unmarshalling CycloneDX files (#7527)
d1d7132 chore(deps): bump go-ebs-file (#7513)
56db43c fix(misconf): Fix logging typo (#7473)
f768d3a feat(misconf): Register checks only when needed (#7435)
e6f45cd refactor: split .egg and packaging analyzers (#7514)
5442949 fix(java): use dependencyManagement from root/child pom's for dependencies from parents (#7497)
0efd202 chore(vex): add CVE-2024-34155, CVE-2024-34156 and CVE-2024-34158 in trivy.openvex.json (#7510)
701dbda chore(deps): bump alpine from 3.20.0 to 3.20.3 (#7508)
42748c4 chore(vex): suppress openssl vulnerabilities (#7500)
04a854c docs: refine go docs (#7442)
b0222fe revert(java): stop supporting of test scope for pom.xml files (#7488)
8876e70 docs(db): add a manifest example (#7485)
6472e3c feat(license): improve license normalization (#7131)
d589856 docs(oci): Add a note About the expected Media Type for the Trivy-DB OCI Artifact (#7449)
7ff9aff fix(report): fix error with unmarshal of ExperimentalModifiedFindings (#7463)
927c6e0 fix(report): change a receiver of MarshalJSON (#7483)
dd0a64a fix(oracle): Update EOL date for Oracle 7 (#7480)
3642fe1 chore(deps): bump the aws group with 6 updates (#7468)
5375cd2 chore(deps): bump the common group across 1 directory with 19 updates (#7436)
e2118e8 chore(helm): bump up Trivy Helm chart (#7441)
412fb76 refactor(java): add error/statusCode for logs when we can't get pom.xml/maven-metadata.xml from remote repo (#7451)
4926da7 fix(license): stop spliting a long license text (#7336)
7a1e8b8 release: v0.55.0 [main] (#7271)
2d80769 feat(go): use toolchain as stdlib version for go.mod files (#7163)
f80183c fix(license): add license handling to JUnit template (#7409)
2d97700 feat(java): add test scope support for pom.xml files (#7414)
870523d chore(deps): Bump trivy-checks and pin OPA (#7427)
da4ebfa fix(helm): explicitly define kind and apiVersion of volumeClaimTemplate element (#7362)
af1d257 feat(sbom): set User-Agent header on requests to Rekor (#7396)
1a6295c test: add integration plugin tests (#7299)
fd9ed3a fix(nodejs): check all importers to detect dev deps from pnpm-lock.yaml file (#7387)
c929290 fix: logger initialization before flags parsing (#7372)
feaef96 fix(aws): handle ECR repositories in different regions (#6217)
0cac3ac fix(misconf): fix infer type for null value (#7424)
bf64003 fix(secret): use .eyJ keyword for JWT secret (#7410)
3a5d091 fix(misconf): do not recreate filesystem map (#7416)
39c8024 chore(deps): Bump trivy-checks (#7417)
a5aa63e fix(misconf): do not register Rego libs in checks registry (#7420)
c96dcdd fix(sbom): use NOASSERTION for licenses fields in SPDX formats (#7403)
7aea79d feat(report): export modified findings in JSON (#7383)
4c6e8ca feat(server): Make Trivy Server Multiplexer Exported (#7389)
84118d0 chore: update CODEOWNERS (#7398)
391448a fix(secret): use only line with secret for long secret lines (#7412)
344dafd chore: fix allow rule of ignoring test files to make it case insensitive (#7415)
98e136e feat(misconf): port and protocol support for EC2 networks (#7146)
9d7264a fix(misconf): do not filter Terraform plan JSON by name (#7406)
44e4686 feat(misconf): support for ignore by nested attributes (#7205)
0799770 fix(misconf): use module to log when metadata retrieval fails (#7405)
dd9733e fix(report): escape Message field in asff.tpl template (#7401)
be86126 feat(misconf): Add support for using spec from on-disk bundle (#7179)
45a9627 docs: add pkg flags to config file page (#7370)
e9b43f8 feat(python): use minimum version for pip packages (#7348)
2a6c7ab fix(misconf): support deprecating for Go checks (#7377)
b65b32d fix(misconf): init frameworks before updating them (#7376)
9ef05fc feat(misconf): ignore duplicate checks (#7317)
bfdf5cf refactor(misconf): use slog (#7295)
6fe6727 chore(deps): bump trivy-checks (#7350)
24a4563 feat(server): add internal --path-prefix flag for client/server mode (#7321)
3f0e7eb chore(deps): bump the aws group across 1 directory with 7 updates (#7358)
05a8297 fix: safely check if the directory exists (#7353)
db2c955 feat(misconf): variable support for Terraform Plan (#7228)
efdbd8f feat(misconf): scanning support for YAML and JSON (#7311)
c5c62d5 fix(misconf): wrap Azure PortRange in iac types (#7357)
0c6687d refactor(misconf): highlight only affected rows (#7310)
aadb090 fix(misconf): change default TLS values for the Azure storage account (#7345)
0047dbf chore(deps): bump the common group with 9 updates (#7333)
ee339b5 docs(misconf): Update callsites to use correct naming (#7335)
08cc14b docs: update air-gapped docs (#7160)
59c1541 refactor: replace ftypes.Gradle with packageurl.TypeGradle (#7323)
2b6d8d9 perf(misconf): optimize work with context (#6968)
65d991c docs: update links to packaging.python.org (#7318)
7278abd docs: update client/server docs for misconf and license scanning (#7277)
ac3eb9d chore(deps): bump the common group across 1 directory with 7 updates (#7305)
fe92072 feat(misconf): iterator argument support for dynamic blocks (#7236)
f0ed5e4 fix(misconf): do not set default value for default_cache_behavior (#7234)
a817fae feat(misconf): support for policy and bucket grants (#7284)
a4180bd fix(misconf): load only submodule if it is specified in source (#7112)
c766831 perf(misconf): use json.Valid to check validity of JSON (#7308)
13789b7 refactor(misconf): remove unused universal scanner (#7293)
85dadf5 perf(misconf): do not convert contents of a YAML file to string (#7292)
bb2e26a fix(terraform): add aws_region name to presets (#7184)
555ac8c docs: add auto-generated config (#7261)
fd8348d feat(vuln): Add --detection-priority flag for accuracy tuning (#7288)
e95152f refactor(misconf): remove file filtering from parsers (#7289)
2a0e529 fix(flag): incorrect behavior for deprected flag --clear-cache (#7281)
49d5270 fix(java): Return error when trying to find a remote pom to avoid segfault (#7275)
b3ee6da fix(plugin): do not call GitHub content API for releases and tags (#7274)
35c60f0 feat(vm): support the Ext2/Ext3 filesystems (#6983)
7024572 feat(cli)!: delete deprecated SBOM flags (#7266)
45b3f34 feat(vm): Support direct filesystem (#7058)
ff403a3 release: v0.54.0 [main] (#7075)
b3ee4bc docs: update ecosystem page reporting with plopsec.com app (#7262)
3b7aad3 chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#7136)
c2fd2e0 feat(vex): retrieve VEX attestations from OCI registries (#7249)
4a2f492 feat(sbom): add image labels into SPDX and CycloneDX reports (#7257)
f198cf8 refactor(flag): return error if both --download-db-only and --download-java-db-only are specified (#7259)
54bb8bd fix(nodejs): detect direct dependencies when using latest version for files yarn.lock + package.json (#7110)
4e54a7e fix(java): avoid panic if deps from pom in it dir are not found (#7245)
805592d chore: show VEX notice for OSS maintainers in CI environments (#7246)
5c37361 feat(vuln): add --pkg-relationships (#7237)
f35f4a5 docs: show VEX cli pages + update config file page for VEX flags (#7244)
d76feba fix(dotnet): show nuget package dir not found log only when checking nuget packages (#7194)
8d5ba3f chore(deps): bump the common group across 1 directory with 17 updates (#7230)
88ba460 feat(vex): VEX Repository support (#7206)
174b1e3 fix(secret): skip regular strings contain secret patterns (#7182)
bff317c feat: share build-in rules (#7207)
c3036de fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171)
7fa5e7d fix(cli): error on missing config file (#7154)
8c87194 fix(secret): update length of hugging-face-access-token (#7216)
efb1f69 feat(sbom): add vulnerability support for SPDX formats (#7213)
0e286f0 ci: use free runner for all tests except build tests (#7215)
051ac39 chore(deps): bump the docker group across 1 directory with 2 updates (#7208)
92b13be fix(secret): trim excessively long lines (#7192)
9269563 chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201)
9d52018 fix(server): pass license categories to options (#7203)
5cbc452 feat(mariner): Add support for Azure Linux (#7186)
5f78045 docs: updates config file (#7188)
5f78ea4 refactor(fs): remove unused field for CompositeFS (#7195)
5bc662b fix(dotnet): don't include non-runtime libraries into report for *.deps.json files (#7039)
b76a725 chore(deps): bump goreleaser from v2.0.0 to v2.1.0 (#7162)
c8a7abd fix: add missing platform and type to spec (#7149)
7066f5e chore(deps): bump the aws group with 6 updates (#7166)
d1ec89d feat(misconf): enabled China configuration for ACRs (#7156)
2a577a7 fix: close file when failed to open gzip (#7164)
4308a0a docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141)
d1f8967 docs(misconf): add info about limitations for terraform plan json (#7143)
a3a6de2 chore: add VEX for Trivy images (#7140)
e674c93 chore(deps): bump the common group across 1 directory with 7 updates (#7125)
d2f4da8 chore: add VEX document and generator for Trivy (#7128)
f27c236 fix(misconf): do not evaluate TF when a load error occurs (#7109)
7cbdb0a feat(cli): rename --vuln-type flag to --pkg-types flag (#7104)
5a9f1a6 refactor(secret): move warning about file size after IsBinary check (#7123)
ab0fd0d chore(deps): bump the docker group with 2 updates (#7116)
17b5dbf feat: add openSUSE tumbleweed detection and scanning (#6965)
a64993e test: add missing advisory details for integration tests database (#7122)
dc68a66 fix: Add dependencyManagement exclusions to the child exclusions (#6969)
ec3e0ca chore(deps): bump the aws group with 4 updates (#7115)
25f8143 fix: ignore nodes when listing permission is not allowed (#7107)
a7a304d fix(java): use go-mvn-version to remove Package duplicates (#7088)
cb89fbb refactor(secret): add warning about large files (#7085)
03ac93d feat(nodejs): add license parser to pnpm analyser (#7036)
266d9b1 refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074)
1f5f348 feat: add log.FilePath() function for logger (#7080)
db68d10 chore: bump golangci-lint from v1.58 to v1.59 (#7077)
91f2237 chore(deps): bump the common group across 1 directory with 23 updates (#7066)
acbec05 perf(debian): use bytes.Index in emptyLineSplit to cut allocation (#7065)
fc6b3a7 refactor: pass DB dir to trivy-db (#7057)
6a307bb docs: navigate to the release highlights and summary (#7072)
c464726 chore(deps): bump the github-actions group with 2 updates (#7067)
c55b0e6 release: v0.53.0 [main] (#6855)
654217a feat(conda): add licenses support for environment.yml files (#6953)
3d4ae8b fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051)
55ccd06 feat: add memory cache backend (#7048)
14d71ba fix(sbom): use package UIDs for uniqueness (#7042)
edc556b feat(php): add installed.json file support (#4865)
4f8b399 docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
137c916 fix: use embedded when command path not found (#7037)
9e4927e chore(deps): bump trivy-kubernetes version (#7012)
4be02ba refactor: use google/wire for cache (#7024)
e9fc3e3 fix(cli): show info message only when --scanners is available (#7032)
0ccdbfb chore: enable float-compare rule from testifylint (#6967)
9045f24 docs: Add sudo on commands, chmod before mv on install docs (#7009)
3d02a31 fix(plugin): respect --insecure (#7022)
8d618e4 feat(k8s)!: node-collector dynamic commands support (#6861)
a76e328 fix(sbom): take pkg name from purl for maven pkgs (#7008)
eb636c1 chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#7018)
8d0ae1f feat!: add clean subcommand (#6993)
de201dc chore: use ! for breaking changes (#6994)
979e118 feat(aws)!: Remove aws subcommand (#6995)
648ead9 refactor: replace global cache directory with parameter passing (#6986)
7eabb92 fix(sbom): use purl for bitnami pkg names (#6982)
333087c chore: bump Go toolchain version (#6984)
6dff422 refactor: unify cache implementations (#6977)
9dc8a2b docs: non-packaged and sbom clarifications (#6975)
b58d42d BREAKING(aws): Deprecate trivy aws as subcmd in favour of a plugin (#6819)
6469d37 docs: delete unknown URL (#6972)
30bcb95 refactor: use version-specific URLs for documentation references (#6966)
e493fc9 refactor: delete db mock (#6940)
983ac15 ci: add depguard (#6963)
dfe757e refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726)
f144e91 feat: Add local ImageID to SARIF metadata (#6522)
5ee4e9d fix(suse): Add SLES 15.6 and Leap 15.6 (#6964)
f18d035 feat(java): add support for sbt projects using sbt-dependency-lock (#6882)
1f8fca1 feat(java): add support for maven-metadata.xml files for remote snapshot repositories. (#6950)
2d85a00 fix(purl): add missed os types (#6955)
417212e fix(cyclonedx): trim non-URL info for advisory.url (#6952)
38b35dd fix(c): don't skip conan files from file-patterns and scan .conan2 cache dir (#6949)
eb6d0d9 ci: correctly handle categories (#6943)
0af5730 fix(image): parse image.inspect.Created field only for non-empty values (#6948)
c3192f0 fix(misconf): handle source prefix to ignore (#6945)
ec68c9a fix(misconf): fix parsing of engine links and frameworks (#6937)
bc3741a feat(misconf): support of selectors for all providers for Rego (#6905)
735aadf ci: don't run tests for release-please PRs (#6936)
52f7aa5 fix(license): return license separation using separators ,, or, etc. (#6916)
d77d9ce ci: use ubuntu-latest-m runner (#6918)
55fa610 feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755)
cd360dd BREAKING(misconf): flatten recursive types (#6862)
08a428a ci: move triage workflow yaml under .github/workflows (#6895)
04ed5ed ci: add trivy group for dependabot (#6908)
fdf799e chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 (#6910)
baa1216 test: bump docker API to 1.45 (#6914)
09e50ce feat(sbom): migrate to CycloneDX v1.6 (#6903)
6e7f62d chore(deps): bump the aws group with 8 updates (#6898)
1bdc135 ci: bump github.com/goreleaser/goreleaser to v2.0.0 (#6887)
9b31697 feat(image): Set User-Agent header for Trivy container registry requests (#6868)
089b953 fix(debian): take installed files from the origin layer (#6849)
cf5aa33 fix(nodejs): fix infinite loop when package link from package-lock.json file is broken (#6858)
8491469 feat(misconf): API Gateway V1 support for CloudFormation (#6874)
bb88937 ci: add created release branch to rulesets to enable merge queue (#6880)
622c67b feat(plugin): add support for nested archives (#6845)
04af59c fix(sbom): don't overwrite srcEpoch when decoding SBOM files (#6866)
bb26445 fix(secret): Asymmetric Private Key shouldn't start with space (#6867)
72e20d7 ci: use author permission check instead of author_association field for backport workflow (#6870)
e8d8af4 chore: auto label discussions (#5259)
63eb85a docs: explain how VEX is applied (#6864)
1e2db83 ci: automate backporting process (#6781)
d4aea27 ci: create release branch (#6859)
faa9d92 fix(python): compare pkg names from poetry.lock and pyproject.toml in lowercase (#6852)
7d083bc fix(nodejs): fix infinity loops for pnpm with cyclic imports (#6857)
042d6b0 feat(dart): use first version of constraint for dependencies using SDK version (#6239)
8141a13 fix(misconf): parsing numbers without fraction as int (#6834)
0bcfedb fix(misconf): fix caching of modules in subdirectories (#6814)
02d5404 feat(misconf): add metadata to Cloud schema (#6831)
8dd076a chore(deps): bump the aws group across 1 directory with 7 updates (#6837)
bab16b8 chore(deps): bump the common group with 5 updates (#6842)
b7b8cdc test: replace embedded Git repository with dynamically created repository (#6824)
c24dfba release: v0.52.0 [main] (#6809)
728e77a fix(plugin): initialize logger (#6836)
83fc6e7 chore(deps): bump alpine from 3.19.1 to 3.20.0 in the docker group (#6835)
c2b9132 fix(cli): always output fatal errors to stderr (#6827)
aa0c413 fix: close testfile (#6830)
1c49ae9 docs(julia): add scanner table (#6826)
29615be feat(python): add license support for requirement.txt files (#6782)
2f05418 docs: add more workarounds for out-of-disk (#6821)
5b0bc58 chore: improve error message for image not found (#6822)
f92ea09 fix(sbom): fix panic for convert mode when scanning json file derived from sbom file (#6808)
aa59489 ci(deps): use modules instead of incompatible version (#6805)
fb3c756 ci: set initial version to v0.51.1 (#6810)
c4741b0 ci: replace PAT with ORG_REPO_TOKEN (#6806)
dca5029 chore(deps): bump the common group with 3 updates (#6789)
62de6f3 fix: clean up golangci lint configuration (#6797)
b1e159b ci: introduce Release Please for automated release management (#6795)
ea3a124 fix(python): add package name and version validation for requirements.txt files. (#6804)
a447f6b feat(vex): improve relationship support in CSAF VEX (#6735)
e66dbb9 chore(alpine): add eol date for Alpine 3.20 (#6800)
0e3560a docs(plugin): add missed plugin section (#6799)
56dbe1f fix: include packages unless it is not needed (#6765)
5ccfd17 ci(deps): fix ineffassign and bodyclose in ".*_test.go$" (#6777)
03fc534 chore(deps): Bump trivy-aws and trivy-checks (#6796)
349caf9 feat(misconf): support for VPC resources for inbound/outbound rules (#6779)
21114c9 ci(deps): fix govet in ".*_test.go$" (#6736)
3a4e845 ci(deps): simplify gosec rules exclusion (#6778)
ebb123f chore: replace interface{} with any (#6751)
9c3e895 fix: close settings.xml (#6768)
20781e5 refactor(go): add priority for gobinary module versions from ldflags (#6745)
e86bacb ci(deps): fix gocritic in ".*_test.go$" (#6763)
e373833 build: use main package instead of main.go (#6766)
ac74520 feat(misconf): resolve tf module from OpenTofu compatible registry (#6743)
49678ae chore(deps): bump the common group across 1 directory with 29 updates (#6756)
c3e734f ci(deps): fix tenv in ".*_test.go$" (#6748)
db5c523 chore(deps): bump the aws group with 8 updates (#6738)
df422c8 chore(deps): bump the docker group with 2 updates (#6739)
bac4689 chore(deps): bump the github-actions group with 4 updates (#6737)
9297885 chore(deps): bump the testcontainers group with 2 updates (#6740)
28194e5 docs: add info on adding compliance checks (#6275)
693d8c5 docs: Add documentation for contributing additional checks to the trivy policies repo (#6234)
48a7183 ci: add groups for dependabot (#6734)
48bdc6e ci(deps): fix gci and gofmt in ".*_test.go$" (#6721)
1e08648 feat(nodejs): add v9 pnpm lock file support (#6617)
9515695 feat(vex): support non-root components for products in OpenVEX (#6728)
2bc54ad feat(python): add line number support for requirement.txt files (#6729)
b526e73 chore: respect timeout value in .golangci.yaml (#6724)
bbaf595 ci(deps): enable require-error rule from testifylint linter (#6718)
65b8a40 chore(deps): bump golangci-lint to v1.58.2 (#6719)
ff32deb fix: node-collector high and critical cves (#6707)
e7f14f7 Merge pull request from GHSA-xcq4-m2r3-cmrj
eca5150 chore: auto-bump golang patch versions (#6711)
39a746c fix(misconf): don't shift ignore rule related to code (#6708)
d6dc567 feat(plugin): specify plugin version (#6683)
a944f0e chore: enforce golangci-lint version (#6700)
903bd69 ci(deps): update golangci-lint-action and enable testifylint linter on "integration/*" (#6706)
afb4f9d fix(go): include only .version|.ver (no prefixes) ldflags for gobinaries (#6705)
c96f2a5 fix(go): add only non-empty root modules for gobinaries (#6710)
4d4ea1d refactor: unify package addition and vulnerability scanning (#6579)
696f2ae fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696)
9d26ae8 ci(deps): enable testifylint linter on .*_test.go$ (#6688)
88702cf feat(misconf): Add support for deprecating a check (#6664)
1ad47c2 chore(deps): use google.golang.org/protobuf/types/known instead of github.com/golang/protobuf/ptypes (#6681)
fecafb1 feat: Add Julia language analyzer support (#5635)
7c22ee3 feat(misconf): register builtin Rego funcs from trivy-checks (#6616)
3d388d8 fix(report): hide empty tables if all vulns has been filtered (#6352)
fa3cf99 feat(report): Include licenses and secrets filtered by rego to ModifiedFindings (#6483)
26faf8f feat: add support for plugin index (#6674)
150a773 fix(conda): add support pip deps for environment.yml files (#6675)
787b466 docs: add support table for client server mode (#6498)
5caf437 fix: close APKINDEX archive file (#6672)
a126e10 fix(misconf): skip Rego errors with a nil location (#6666)
6a72dd4 refactor: move artifact types under artifact package to avoid import cycles (#6652)
357c358 refactor(misconf): remove extrafs (#6656)
04a6073 refactor: re-define module structs for serialization (#6655)
fe5d40e chore(misconf): Clean up iac logger (#6642)
4eae37c feat(misconf): support symlinks inside of Helm archives (#6621)
b7a0a13 feat(misconf): add Terraform 'removed' block to schema (#6640)
3eecfc6 refactor: unify Library and Package structs (#6633)
39ebed4 fix: use of specified context to obtain cluster name (#6645)
67c6b1d perf(misconf): parse rego input once (#6615)
a2c522d fix(misconf): skip Rego errors with a nil location (#6638)
16e9fc0 ci: add generic dir to deb deploy script (#6636)
38e2fbf docs: link warning to both timeout config options (#6620)
2482aa7 docs: fix usage of image-config-scanners (#6635)
290462b chore(deps): bump knqyf263/trivy-issue-action to v0.0.6 (#6632)
8016b82 fix(fs): handle default skip dirs properly (#6628)
7a25dad fix(misconf): load cached tf modules (#6607)
9c794c0 fix(misconf): do not use semver for parsing tf module versions (#6614)
14c1024 refactor: move setting scanners when using compliance reports to flag parsing (#6619)
998f750 feat: introduce package UIDs for improved vulnerability mapping (#6583)
770b141 perf(misconf): Improve cause performance (#6586)
3ccb1a0 docs: trivy-k8s new experiance remove un-used section (#6608)
58cfd1b chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible (#6612)
715963d docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)
37da98d feat(misconf): Use updated terminology for misconfiguration checks (#6476)
cdee703 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 (#6593)
6a2225b docs: use generic link from trivy-repo (#6606)
a2a02de docs: update trivy k8s with new experience (#6465)
e739ab8 feat: support --skip-images scanning flag (#6334)
c6d5d85 BREAKING: add support for k8s disable-node-collector flag (#6311)
194a814 chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 (#6601)
03830c5 chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 (#6599)
8e814fa chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#6597)
2dc76ba chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#6588)
c17176b chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 (#6595)
bce70af chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 (#6596)
4369a19 feat: add ubuntu 23.10 and 24.04 support (#6573)
5566548 chore(deps): bump azure/setup-helm from 3.5 to 4 (#6590)
a8af76a chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#6587)
c8ed432 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.24.6 to 1.27.4 (#6598)
551a46e docs(go): add stdlib (#6580)
261649b chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.16 (#6592)
acfddd4 chore(deps): bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 (#6600)
419e3d2 feat(go): parse main mod version from build info settings (#6564)
f0961d5 feat: respect custom exit code from plugin (#6584)
a5d485c docs: add asdf and mise installation method (#6063)
29b8faf feat(vuln): Handle scanning conan v2.x lockfiles (#6357)
e3bef02 feat: add support environment.yaml files (#6569)
916f6c6 fix: close plugin.yaml (#6577)
8e6cd0e fix: trivy k8s avoid deleting non-default node collector namespace (#6559)
060d0bb BREAKING: support exclude kinds/namespaces and include kinds/namespaces (#6323)
2d090ef feat(go): add main module (#6574)
6343e4f feat: add relationships (#6563)
a018ee1 ci: disable Go cache for reusable-release.yaml (#6572)
5da053f docs: mention --show-suppressed is available in table (#6571)
3d66cb8 chore: fix sqlite to support loong64 (#6511)
9aca98c fix(debian): sort dpkg info before parsing due to exclude directories (#6551)
7811ad0 docs: update info about config file (#6547)
fae710d docs: remove RELEASE_VERSION from trivy.repo (#6546)
d2d4022 fix(sbom): change error to warning for multiple OSes (#6541)
164b025 fix(vuln): skip empty versions (#6542)
5dd9bd4 feat(c): add license support for conan lock files (#6329)
7c2017f fix(terraform): Attribute and fileset fixes (#6544)
63c9469 refactor: change warning if no vulnerability details are found (#6230)
aa822c2 refactor(misconf): improve error handling in the Rego scanner (#6527)
30cc88f ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
e32215c feat(go): parse main module of go binary files (#6530)
d4da83c chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
0d7d97d refactor(misconf): simplify the retrieval of module annotations (#6528)
9873cf3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
95c8fd9 docs(nodejs): add info about supported versions of pnpm lock files (#6510)
12ec0df feat(misconf): loading embedded checks as a fallback (#6502)
9b7d713 fix(misconf): Parse JSON k8s manifests properly (#6490)
13e72ec refactor: remove parallel walk (#5180)
a986199 fix: close pom.xml (#6507)
46d5aba fix(secret): convert severity for custom rules (#6500)
34ab09d fix(java): update logic to detect pom.xml file snapshot artifacts from remote repositories (#6412)
1ba5b59 fix: typo (#6283)
4fab0f8 docs(k8s,image): fix command-line syntax issues (#6403)
d770981 chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#6435)
4337068 fix(misconf): avoid panic if the scheme is not valid (#6496)
d82d6cb feat(image): goversion as stdlib (#6277)
cfddfb3 fix: add color for error inside of log message (#6493)
dfcb0f9 chore(deps): bump actions/add-to-project from 0.4.1 to 1.0.0 (#6438)
183eaaf docs: fix links to OPA docs (#6480)
94d6e8c refactor: replace zap with slog (#6466)
336c47e docs: update links to IaC schemas (#6477)
06b4473 chore: bump Go to 1.22 (#6075)
a51cedd refactor(terraform): sync funcs with Terraform (#6415)
53517d6 feat(misconf): add helm-api-version and helm-kube-version flag (#6332)
ad544e9 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.4.0 to 1.5.1 (#6426)
089368d chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 (#6452)
1163565 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 (#6430)
637da2b chore(deps): bump aquaproj/aqua-installer from 2.2.0 to 3.0.0 (#6437)
13190e9 fix(terraform): eval submodules (#6411)
6bca7c3 refactor(terraform): remove unused options (#6446)
8e4279b refactor(terraform): remove unused file (#6445)
e98c873 chore(deps): bump github.com/testcontainers/testcontainers-go to v0.28.0 (#6387)
b1c2eab chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.0 to 1.10.0 (#6427)
1c49a16 fix(misconf): Escape template value correctly (#6292)
8dd0fcd feat(misconf): add support for wildcard ignores (#6414)
74e4c6e fix(cloudformation): resolve DedicatedMasterEnabled parsing issue (#6439)
245c120 refactor(terraform): remove metrics collection (#6444)
86714bf feat(cloudformation): add support for logging and endpoint access for EKS (#6440)
a758392 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.53.1 (#6424)
4d00d8b chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.10 (#6428)
3ad2b3e chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#6429)
8baccd7 fix(db): check schema version for image name only (#6410)
e75a90f chore(deps): bump github.com/google/wire from 0.5.0 to 0.6.0 (#6425)
6625bd3 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.149.1 to 1.155.1 (#6433)
826fe60 chore(deps): bump actions/cache from 4.0.0 to 4.0.2 (#6436)
f23ed77 feat(misconf): Support private registries for misconf check bundle (#6327)
df024e8 feat(cloudformation): inline ignore support for YAML templates (#6358)
29dee32 feat(terraform): ignore resources by nested attributes (#6302)
1a67472 perf(helm): load in-memory files (#6383)
09e37b7 feat(aws): apply filter options to result (#6367)
87a9aa6 feat(aws): quiet flag support (#6331)
712dcd3 fix(misconf): clear location URI for SARIF (#6405)
625f22b test(cloudformation): add CF tests (#6315)
6a2f6fd fix(cloudformation): infer type after resolving a function (#6406)
5f69937 fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399)
258d153 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same deps from package-lock.json files v2 or later (#6356)
ade033a docs: add info about support for package license detection in fs/repo modes (#6381)
f85c9fa fix(nodejs): add support for parsing workspaces from package.json as an object (#6231)
9d7f5c9 fix: use 0600 perms for tmp files for post analyzers (#6386)
f148eb1 fix(helm): scan the subcharts once (#6382)
97f95c4 docs(terraform): add file patterns for Terraform Plan (#6393)
abd62ae fix(terraform): сhecking SSE encryption algorithm validity (#6341)
7c409fd fix(java): parse modules from pom.xml files once (#6312)
1b68327 chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#6364)
a2482c1 fix(server): add Locations for Packages in client/server mode (#6366)
e866bd5 fix(sbom): add check for CreationInfo to nil when detecting SPDX created using Trivy (#6346)
1870f28 fix(report): don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (#6348)
6c81e55 chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371)
8ec3938 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321)
f6c5d58 feat(java): add support licenses and graph for gradle lock files (#6140)
c4022d6 feat(vex): consider root component for relationships (#6313)
3177924 fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298)
dd9620e chore: updates wazero to v1.7.0 (#6301)
eb3ceb3 feat(sbom): Support license detection for SBOM scan (#6072)
ab74caa refactor(sbom): use intermediate representation for SPDX (#6310)
71da44f docs(terraform): improve documentation for filtering by inline comments (#6284)
102b6df fix(terraform): fix policy document retrieval (#6276)
aa19aaf refactor(terraform): remove unused custom error (#6303)
8fcef35 refactor(sbom): add intermediate representation for BOM (#6240)
fb8c516 fix(amazon): check only major version of AL to find advisories (#6295)
96bd7ac fix(db): use schema version as tag only for trivy-db and trivy-java-db registries by default (#6219)
12c5bf0 fix(nodejs): add name validation for package name from package.json (#6268)
d6c40ce docs: Added install instructions for FreeBSD (#6293)
9d2057a feat(image): customer podman host or socket option (#6256)
2a9d9bd chore(deps): bump wazero from 1.2.1 to 1.6.0 (#6290)
617c3e3 feat(java): mark dependencies from maven-invoker-plugin integration tests pom.xml files as Dev (#6213)
56cedc0 fix(license): reorder logic of how python package licenses are acquired (#6220)
d7d7265 test(terraform): skip cached modules (#6281)
6639911 feat(secret): Support for detecting Hugging Face Access Tokens (#6236)
337cb75 fix(cloudformation): support of all SSE algorithms for s3 (#6270)
9361cdb feat(terraform): Terraform Plan snapshot scanning support (#6176)
ee01e6e chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#6249)
3d2f583 fix: typo function name and comment optimization (#6200)
c4b5ab7 fix(java): don't ignore runtime scope for pom.xml files (#6223)
355c1b5 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#6242)
7244ece chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#6243)
5cd0566 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#6251)
ebb74a5 chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#6253)
24a8d6a chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#6250)
9d0d7ad chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#6247)
e8230e1 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#6246)
04535b5 fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215)
939e34e chore(deps): Upgrade iac deps (#6255)
7cb6c02 feat: add info log message about dev deps suppression (#6211)
c1d26ec test(k8s): use test-db for k8s integration tests (#6222)
4f70468 ci: add maximize-build-space for Test job (#6221)
1dfece8 fix(terraform): fix root module search (#6160)
e1ea02c test(parser): squash test data for yarn (#6203)
64926d8 fix(terraform): do not re-expand dynamic blocks (#6151)
eb54bb5 docs: update ecosystem page reporting with db app (#6201)
dc76c6e fix: k8s summary separate infra and user finding results (#6120)
1b7e474 fix: add context to target finding on k8s table view (#6099)
876ab84 fix: Printf format err (#6198)
eef7c4f refactor: better integration of the parser into Trivy (#6183)
069aae5 chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#6189)
4a9ac6d feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108)
9c5e5a0 fix(vex): CSAF filtering should consider relationships (#5923)
388f476 refactor(report): Replacing source_location in github report when scanning an image (#5999)
cd3e4bc feat(vuln): ignore vulnerabilities by PURL (#6178)
ce81c05 feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171)
cf0f0d0 feat(k8s): rancher rke2 version support (#5988)
8a3a113 docs: update kbom distribution for scanning (#6019)
19495ba chore: update CODEOWNERS (#6173)
e787e1a fix(swift): try to use branch to resolve version (#6168)
327cf88 fix(terraform): ensure consistent path handling across OS (#6161)
8221473 fix(java): add only valid libs from pom.properties files from jars (#6164)
7694df1 fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163)
74dc5b6 chore(deps): merge go-dep-parser into Trivy (#6094)
32a02a9 docs(report): add remark about path to filter licenses using .trivyignore.yaml file (#6145)
fb79ea7 docs: update template path for gitlab-ci tutorial (#6144)
c6844a7 feat(report): support for filtering licenses and secrets via rego policy files (#6004)
a813506 fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113)
14adbb4 refactor(deps): Merge defsec into trivy (#6109)
efe0e0f chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#6142)
73dde32 docs: add SecObserve in CI/CD and reporting (#6139)
aadbad1 fix(alpine): exclude empty licenses for apk packages (#6130)
14a0981 docs: add docs tutorial on custom policies with rego (#6104)
3ac6388 fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102)
3c1601b feat(vuln): show suppressed vulnerabilities in table (#6084)
c107e1a docs: rename governance to principles (#6107)
b26f217 docs: add governance (#6090)
7bd3b63 refactor(deps): Merge trivy-iac into Trivy (#6005)
535b5a9 feat(java): add dependency location support for gradle files (#6083)
428420e chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#6038)
7fec991 fix(misconf): get user from Config.User (#6070)
6ccc0a5 fix: check unescaped BomRef when matching PkgIdentifier (#6025)
458c5d9 docs: Fix broken link to "pronunciation" (#6057)
5c0ff6d chore(deps): bump actions/upload-artifact from 3 to 4 (#6047)
e2bd7f7 chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#6042)
f95fbcb chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#6043)
7651bf5 ci: reduce root-reserve-mb size for maximize-build-space (#6064)
fc20dfd chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#6041)
3bd80e7 chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#6039)
2900a21 fix: fix cursor usage in Redis Clear function (#6056)
85cb9a7 chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#6037)
4e962c0 fix(nodejs): add local packages support for pnpm-lock.yaml files (#6034)
aa48a7b chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#6046)
8aabbea chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#6044)
ec02a65 chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#6048)
27d35ba test: fix flaky TestDockerEngine (#6054)
c3a66da chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#6040)
2000fe2 chore(deps): bump easimon/maximize-build-space from 9 to 10 (#6049)
2be6421 chore(deps): bump alpine from 3.19.0 to 3.19.1 (#6051)
41c0ef6 chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#6028)
729a051 fix(java): recursive check all nested d...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v0.67.1

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Changelog

Uh oh!