Skip to content

v0.51.0
Compare
Choose a tag to compare
@aqua-bot aqua-bot released this 03 May 12:41
· 60 commits to main since this release
v0.51.0
14c1024
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

⚡Release highlights and summary⚡

👉 #6622

Changelog

  • 14c1024 refactor: move setting scanners when using compliance reports to flag parsing (#6619)
  • 998f750 feat: introduce package UIDs for improved vulnerability mapping (#6583)
  • 770b141 perf(misconf): Improve cause performance (#6586)
  • 3ccb1a0 docs: trivy-k8s new experiance remove un-used section (#6608)
  • 58cfd1b chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible (#6612)
  • 715963d docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)
  • 37da98d feat(misconf): Use updated terminology for misconfiguration checks (#6476)
  • cdee703 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 (#6593)
  • 6a2225b docs: use generic link from trivy-repo (#6606)
  • a2a02de docs: update trivy k8s with new experience (#6465)
  • e739ab8 feat: support --skip-images scanning flag (#6334)
  • c6d5d85 BREAKING: add support for k8s disable-node-collector flag (#6311)
  • 194a814 chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 (#6601)
  • 03830c5 chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 (#6599)
  • 8e814fa chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#6597)
  • 2dc76ba chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#6588)
  • c17176b chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 (#6595)
  • bce70af chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 (#6596)
  • 4369a19 feat: add ubuntu 23.10 and 24.04 support (#6573)
  • 5566548 chore(deps): bump azure/setup-helm from 3.5 to 4 (#6590)
  • a8af76a chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#6587)
  • c8ed432 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.24.6 to 1.27.4 (#6598)
  • 551a46e docs(go): add stdlib (#6580)
  • 261649b chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.16 (#6592)
  • acfddd4 chore(deps): bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 (#6600)
  • 419e3d2 feat(go): parse main mod version from build info settings (#6564)
  • f0961d5 feat: respect custom exit code from plugin (#6584)
  • a5d485c docs: add asdf and mise installation method (#6063)
  • 29b8faf feat(vuln): Handle scanning conan v2.x lockfiles (#6357)
  • e3bef02 feat: add support environment.yaml files (#6569)
  • 916f6c6 fix: close plugin.yaml (#6577)
  • 8e6cd0e fix: trivy k8s avoid deleting non-default node collector namespace (#6559)
  • 060d0bb BREAKING: support exclude kinds/namespaces and include kinds/namespaces (#6323)
  • 2d090ef feat(go): add main module (#6574)
  • 6343e4f feat: add relationships (#6563)
  • a018ee1 ci: disable Go cache for reusable-release.yaml (#6572)
  • 5da053f docs: mention --show-suppressed is available in table (#6571)
  • 3d66cb8 chore: fix sqlite to support loong64 (#6511)
  • 9aca98c fix(debian): sort dpkg info before parsing due to exclude directories (#6551)
  • 7811ad0 docs: update info about config file (#6547)
  • fae710d docs: remove RELEASE_VERSION from trivy.repo (#6546)
  • d2d4022 fix(sbom): change error to warning for multiple OSes (#6541)
  • 164b025 fix(vuln): skip empty versions (#6542)
  • 5dd9bd4 feat(c): add license support for conan lock files (#6329)
  • 7c2017f fix(terraform): Attribute and fileset fixes (#6544)
  • 63c9469 refactor: change warning if no vulnerability details are found (#6230)
  • aa822c2 refactor(misconf): improve error handling in the Rego scanner (#6527)
  • 30cc88f ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
  • e32215c feat(go): parse main module of go binary files (#6530)
  • d4da83c chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
  • 0d7d97d refactor(misconf): simplify the retrieval of module annotations (#6528)
  • 9873cf3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
  • 95c8fd9 docs(nodejs): add info about supported versions of pnpm lock files (#6510)
  • 12ec0df feat(misconf): loading embedded checks as a fallback (#6502)
  • 9b7d713 fix(misconf): Parse JSON k8s manifests properly (#6490)
  • 13e72ec refactor: remove parallel walk (#5180)
  • a986199 fix: close pom.xml (#6507)
  • 46d5aba fix(secret): convert severity for custom rules (#6500)
  • 34ab09d fix(java): update logic to detect pom.xml file snapshot artifacts from remote repositories (#6412)
  • 1ba5b59 fix: typo (#6283)
  • 4fab0f8 docs(k8s,image): fix command-line syntax issues (#6403)
  • d770981 chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#6435)
  • 4337068 fix(misconf): avoid panic if the scheme is not valid (#6496)
  • d82d6cb feat(image): goversion as stdlib (#6277)
  • cfddfb3 fix: add color for error inside of log message (#6493)
  • dfcb0f9 chore(deps): bump actions/add-to-project from 0.4.1 to 1.0.0 (#6438)
  • 183eaaf docs: fix links to OPA docs (#6480)
  • 94d6e8c refactor: replace zap with slog (#6466)
  • 336c47e docs: update links to IaC schemas (#6477)
  • 06b4473 chore: bump Go to 1.22 (#6075)
  • a51cedd refactor(terraform): sync funcs with Terraform (#6415)
  • 53517d6 feat(misconf): add helm-api-version and helm-kube-version flag (#6332)
  • ad544e9 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.4.0 to 1.5.1 (#6426)
  • 089368d chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 (#6452)
  • 1163565 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 (#6430)
  • 637da2b chore(deps): bump aquaproj/aqua-installer from 2.2.0 to 3.0.0 (#6437)
  • 13190e9 fix(terraform): eval submodules (#6411)
  • 6bca7c3 refactor(terraform): remove unused options (#6446)
  • 8e4279b refactor(terraform): remove unused file (#6445)
  • e98c873 chore(deps): bump github.com/testcontainers/testcontainers-go to v0.28.0 (#6387)
  • b1c2eab chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.0 to 1.10.0 (#6427)
  • 1c49a16 fix(misconf): Escape template value correctly (#6292)
  • 8dd0fcd feat(misconf): add support for wildcard ignores (#6414)
  • 74e4c6e fix(cloudformation): resolve DedicatedMasterEnabled parsing issue (#6439)
  • 245c120 refactor(terraform): remove metrics collection (#6444)
  • 86714bf feat(cloudformation): add support for logging and endpoint access for EKS (#6440)
  • a758392 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.53.1 (#6424)
  • 4d00d8b chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.10 (#6428)
  • 3ad2b3e chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#6429)
  • 8baccd7 fix(db): check schema version for image name only (#6410)
  • e75a90f chore(deps): bump github.com/google/wire from 0.5.0 to 0.6.0 (#6425)
  • 6625bd3 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.149.1 to 1.155.1 (#6433)
  • 826fe60 chore(deps): bump actions/cache from 4.0.0 to 4.0.2 (#6436)
  • f23ed77 feat(misconf): Support private registries for misconf check bundle (#6327)
  • df024e8 feat(cloudformation): inline ignore support for YAML templates (#6358)
  • 29dee32 feat(terraform): ignore resources by nested attributes (#6302)
  • 1a67472 perf(helm): load in-memory files (#6383)
  • 09e37b7 feat(aws): apply filter options to result (#6367)
  • 87a9aa6 feat(aws): quiet flag support (#6331)
  • 712dcd3 fix(misconf): clear location URI for SARIF (#6405)
  • 625f22b test(cloudformation): add CF tests (#6315)
  • 6a2f6fd fix(cloudformation): infer type after resolving a function (#6406)
Assets 75
0 Join discussion