From 67f2a55d6a7efc591cb5da635c1c0a31fdfd0357 Mon Sep 17 00:00:00 2001 From: afdesk Date: Tue, 17 Sep 2024 22:02:11 +0600 Subject: [PATCH] release: v0.56.0 [main] --- .release-please-manifest.json | 2 +- CHANGELOG.md | 273 ++++++++++++++++++++++++++++++++++ 2 files changed, 274 insertions(+), 1 deletion(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index aeec62f4b8cc..208746a81be3 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1 +1 @@ -{".":"0.55.0"} +{".":"0.56.0"} diff --git a/CHANGELOG.md b/CHANGELOG.md index 19df5eb64851..7ce9ae8d55e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,278 @@ # Changelog +## [0.56.0](https://github.com/afdesk/trivy/compare/v0.55.0...v0.56.0) (2024-09-17) + + +### ⚠ BREAKING CHANGES + +* **cli:** delete deprecated SBOM flags ([#7266](https://github.com/afdesk/trivy/issues/7266)) +* **k8s:** node-collector dynamic commands support ([#6861](https://github.com/afdesk/trivy/issues/6861)) +* add clean subcommand ([#6993](https://github.com/afdesk/trivy/issues/6993)) +* **aws:** Remove aws subcommand ([#6995](https://github.com/afdesk/trivy/issues/6995)) + +### Features + +* add `log.FilePath()` function for logger ([#7080](https://github.com/afdesk/trivy/issues/7080)) ([1f5f348](https://github.com/afdesk/trivy/commit/1f5f34895823fae81bf521fc939bee743a50e304)) +* add clean subcommand ([#6993](https://github.com/afdesk/trivy/issues/6993)) ([8d0ae1f](https://github.com/afdesk/trivy/commit/8d0ae1f5de72d92a043dcd6b7c164d30e51b6047)) +* add info log message about dev deps suppression ([#6211](https://github.com/afdesk/trivy/issues/6211)) ([7cb6c02](https://github.com/afdesk/trivy/commit/7cb6c02a4e2ad1c632a70804111a5048d1c0d1f6)) +* Add Julia language analyzer support ([#5635](https://github.com/afdesk/trivy/issues/5635)) ([fecafb1](https://github.com/afdesk/trivy/commit/fecafb1fc5bb129c7485342a0775f0dd8bedd28e)) +* Add local ImageID to SARIF metadata ([#6522](https://github.com/afdesk/trivy/issues/6522)) ([f144e91](https://github.com/afdesk/trivy/commit/f144e912d34234f00b5a13b7a11a0019fa978b27)) +* add memory cache backend ([#7048](https://github.com/afdesk/trivy/issues/7048)) ([55ccd06](https://github.com/afdesk/trivy/commit/55ccd06df43f6ff28685f46d215ccb70f55916d2)) +* add openSUSE tumbleweed detection and scanning ([#6965](https://github.com/afdesk/trivy/issues/6965)) ([17b5dbf](https://github.com/afdesk/trivy/commit/17b5dbfa12180414b87859c6c46bfe6cc5ecf7ba)) +* add relationships ([#6563](https://github.com/afdesk/trivy/issues/6563)) ([6343e4f](https://github.com/afdesk/trivy/commit/6343e4fc7112d0e8709d9ad4690b203509ee19ed)) +* add support `environment.yaml` files ([#6569](https://github.com/afdesk/trivy/issues/6569)) ([e3bef02](https://github.com/afdesk/trivy/commit/e3bef02018208057f0d840b01f12e6867b0cc1ff)) +* add support for plugin index ([#6674](https://github.com/afdesk/trivy/issues/6674)) ([26faf8f](https://github.com/afdesk/trivy/commit/26faf8f3f04b1c5f9f81c03ffc6b2008732207e2)) +* add ubuntu 23.10 and 24.04 support ([#6573](https://github.com/afdesk/trivy/issues/6573)) ([4369a19](https://github.com/afdesk/trivy/commit/4369a19af771f81df141530bacdc8680e7120ac7)) +* **aws:** apply filter options to result ([#6367](https://github.com/afdesk/trivy/issues/6367)) ([09e37b7](https://github.com/afdesk/trivy/commit/09e37b7c67664ca28923d392dc33fb1ca2600d35)) +* **aws:** quiet flag support ([#6331](https://github.com/afdesk/trivy/issues/6331)) ([87a9aa6](https://github.com/afdesk/trivy/commit/87a9aa60d13a7263e9fa4be01ec8693e17c9d4e3)) +* **aws:** Remove aws subcommand ([#6995](https://github.com/afdesk/trivy/issues/6995)) ([979e118](https://github.com/afdesk/trivy/commit/979e118a9e0ca8943bef9143f492d7eb1fd4d863)) +* **c:** add license support for conan lock files ([#6329](https://github.com/afdesk/trivy/issues/6329)) ([5dd9bd4](https://github.com/afdesk/trivy/commit/5dd9bd47010366d2665ba70a81c2cd61c6ff6c41)) +* **cli:** delete deprecated SBOM flags ([#7266](https://github.com/afdesk/trivy/issues/7266)) ([7024572](https://github.com/afdesk/trivy/commit/70245721372720027b7089bd61c693df48add865)) +* **cli:** rename `--vuln-type` flag to `--pkg-types` flag ([#7104](https://github.com/afdesk/trivy/issues/7104)) ([7cbdb0a](https://github.com/afdesk/trivy/commit/7cbdb0a0b5dff33e506e1c1f3119951fa241b432)) +* **cloudformation:** add support for logging and endpoint access for EKS ([#6440](https://github.com/afdesk/trivy/issues/6440)) ([86714bf](https://github.com/afdesk/trivy/commit/86714bf6bf40ea3e3c0cbc6d1c9d0a11bb5834bf)) +* **cloudformation:** inline ignore support for YAML templates ([#6358](https://github.com/afdesk/trivy/issues/6358)) ([df024e8](https://github.com/afdesk/trivy/commit/df024e88ddccc0bd9158e7a4a553983438399826)) +* **conda:** add licenses support for `environment.yml` files ([#6953](https://github.com/afdesk/trivy/issues/6953)) ([654217a](https://github.com/afdesk/trivy/commit/654217a65485ca0a07771ea61071977894eb4920)) +* **dart:** use first version of constraint for dependencies using SDK version ([#6239](https://github.com/afdesk/trivy/issues/6239)) ([042d6b0](https://github.com/afdesk/trivy/commit/042d6b08c283105c258a3dda98983b345a5305c3)) +* **go:** add main module ([#6574](https://github.com/afdesk/trivy/issues/6574)) ([2d090ef](https://github.com/afdesk/trivy/commit/2d090ef2df7966ada7178b4b88179498ad7e1f2b)) +* **go:** parse main mod version from build info settings ([#6564](https://github.com/afdesk/trivy/issues/6564)) ([419e3d2](https://github.com/afdesk/trivy/commit/419e3d2023aa190ff62c3952219053a9bca066bb)) +* **go:** parse main module of go binary files ([#6530](https://github.com/afdesk/trivy/issues/6530)) ([e32215c](https://github.com/afdesk/trivy/commit/e32215c99d4ccda754adf46dffb5ae062a4a142b)) +* **go:** use `toolchain` as `stdlib` version for `go.mod` files ([#7163](https://github.com/afdesk/trivy/issues/7163)) ([2d80769](https://github.com/afdesk/trivy/commit/2d80769c34b118851640411fff9dac0b3e353e82)) +* **image:** customer podman host or socket option ([#6256](https://github.com/afdesk/trivy/issues/6256)) ([9d2057a](https://github.com/afdesk/trivy/commit/9d2057a7c2029d259f8ee40e84a37a90b6ba7136)) +* **image:** goversion as stdlib ([#6277](https://github.com/afdesk/trivy/issues/6277)) ([d82d6cb](https://github.com/afdesk/trivy/commit/d82d6cb73133a25e5c3f6e8d501cb2ac6512dc45)) +* **image:** Set User-Agent header for Trivy container registry requests ([#6868](https://github.com/afdesk/trivy/issues/6868)) ([9b31697](https://github.com/afdesk/trivy/commit/9b31697274c8743d6e5a8f7a1a05daf60cd15910)) +* introduce package UIDs for improved vulnerability mapping ([#6583](https://github.com/afdesk/trivy/issues/6583)) ([998f750](https://github.com/afdesk/trivy/commit/998f750432a91e1e1832d507e66aab77d02449f9)) +* **java:** add `test` scope support for `pom.xml` files ([#7414](https://github.com/afdesk/trivy/issues/7414)) ([2d97700](https://github.com/afdesk/trivy/commit/2d97700d10665142d2f66d7910202bec82116209)) +* **java:** add support for `maven-metadata.xml` files for remote snapshot repositories. ([#6950](https://github.com/afdesk/trivy/issues/6950)) ([1f8fca1](https://github.com/afdesk/trivy/commit/1f8fca1fc77b989bb4e3ba820b297464dbdd825f)) +* **java:** add support for fetching packages from repos mentioned in pom.xml ([#6171](https://github.com/afdesk/trivy/issues/6171)) ([ce81c05](https://github.com/afdesk/trivy/commit/ce81c05851f9457cd316f6af70cf3a33dd657b2d)) +* **java:** add support for sbt projects using sbt-dependency-lock ([#6882](https://github.com/afdesk/trivy/issues/6882)) ([f18d035](https://github.com/afdesk/trivy/commit/f18d035ae13b281c96aa4ed69ca32e507d336e66)) +* **java:** add support licenses and graph for gradle lock files ([#6140](https://github.com/afdesk/trivy/issues/6140)) ([f6c5d58](https://github.com/afdesk/trivy/commit/f6c5d5800166f1686403e0799cc7a330eb6197a7)) +* **java:** mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` ([#6213](https://github.com/afdesk/trivy/issues/6213)) ([617c3e3](https://github.com/afdesk/trivy/commit/617c3e31bd0fd1b386e3734ef02badc0aed130f4)) +* **k8s:** node-collector dynamic commands support ([#6861](https://github.com/afdesk/trivy/issues/6861)) ([8d618e4](https://github.com/afdesk/trivy/commit/8d618e48a2f1b60c2e4c49cdd9deb8eb45c972b0)) +* **k8s:** rancher rke2 version support ([#5988](https://github.com/afdesk/trivy/issues/5988)) ([cf0f0d0](https://github.com/afdesk/trivy/commit/cf0f0d00c23744d6ed9e9a9494e9095898f888ae)) +* **license:** improve license normalization ([#7131](https://github.com/afdesk/trivy/issues/7131)) ([6472e3c](https://github.com/afdesk/trivy/commit/6472e3c9da2a8e7ba41598a45c80df8f18e57d4c)) +* **mariner:** Add support for Azure Linux ([#7186](https://github.com/afdesk/trivy/issues/7186)) ([5cbc452](https://github.com/afdesk/trivy/commit/5cbc452a09822d1bf300ead88f0d613d4cf0349a)) +* **misconf:** add helm-api-version and helm-kube-version flag ([#6332](https://github.com/afdesk/trivy/issues/6332)) ([53517d6](https://github.com/afdesk/trivy/commit/53517d622b94f5ef2be467fdfa97b73438027362)) +* **misconf:** add metadata to Cloud schema ([#6831](https://github.com/afdesk/trivy/issues/6831)) ([02d5404](https://github.com/afdesk/trivy/commit/02d540478d495416b50d7e8b187ff9f5bba41f45)) +* **misconf:** add support for AWS::EC2::SecurityGroupIngress/Egress ([#6755](https://github.com/afdesk/trivy/issues/6755)) ([55fa610](https://github.com/afdesk/trivy/commit/55fa6109cd0463fd3221aae41ca7b1d8c44ad430)) +* **misconf:** Add support for deprecating a check ([#6664](https://github.com/afdesk/trivy/issues/6664)) ([88702cf](https://github.com/afdesk/trivy/commit/88702cfd5918b093defc5b5580f7cbf16f5f2417)) +* **misconf:** Add support for using spec from on-disk bundle ([#7179](https://github.com/afdesk/trivy/issues/7179)) ([be86126](https://github.com/afdesk/trivy/commit/be861265cafc89787fda09c59b2ef175e3d04204)) +* **misconf:** add support for wildcard ignores ([#6414](https://github.com/afdesk/trivy/issues/6414)) ([8dd0fcd](https://github.com/afdesk/trivy/commit/8dd0fcd61b37690f800f9aac6b5c95aec2bb6a65)) +* **misconf:** add Terraform 'removed' block to schema ([#6640](https://github.com/afdesk/trivy/issues/6640)) ([b7a0a13](https://github.com/afdesk/trivy/commit/b7a0a131a03ed49c08d3b0d481bc9284934fd6e1)) +* **misconf:** API Gateway V1 support for CloudFormation ([#6874](https://github.com/afdesk/trivy/issues/6874)) ([8491469](https://github.com/afdesk/trivy/commit/8491469f0b35bd9df706a433669f5b62239d4ef3)) +* **misconf:** enabled China configuration for ACRs ([#7156](https://github.com/afdesk/trivy/issues/7156)) ([d1ec89d](https://github.com/afdesk/trivy/commit/d1ec89d1db4b039f0e31076ccd1ca969fb15628e)) +* **misconf:** ignore duplicate checks ([#7317](https://github.com/afdesk/trivy/issues/7317)) ([9ef05fc](https://github.com/afdesk/trivy/commit/9ef05fc6b171a264516a025b0b0bcbbc8cff10bc)) +* **misconf:** iterator argument support for dynamic blocks ([#7236](https://github.com/afdesk/trivy/issues/7236)) ([fe92072](https://github.com/afdesk/trivy/commit/fe9207255a4f7f984ec1447f8a9219ae60e560c4)) +* **misconf:** loading embedded checks as a fallback ([#6502](https://github.com/afdesk/trivy/issues/6502)) ([12ec0df](https://github.com/afdesk/trivy/commit/12ec0dfe9ebfc746bdd1db0956055cfea600450f)) +* **misconf:** port and protocol support for EC2 networks ([#7146](https://github.com/afdesk/trivy/issues/7146)) ([98e136e](https://github.com/afdesk/trivy/commit/98e136eb7baa2b66f4233d96875c1490144e1594)) +* **misconf:** register builtin Rego funcs from trivy-checks ([#6616](https://github.com/afdesk/trivy/issues/6616)) ([7c22ee3](https://github.com/afdesk/trivy/commit/7c22ee3df5ee51beb90e44428a99541b3d19ab98)) +* **misconf:** Register checks only when needed ([#7435](https://github.com/afdesk/trivy/issues/7435)) ([f768d3a](https://github.com/afdesk/trivy/commit/f768d3a767a99a86b0372f19d9f49a2de35dbe59)) +* **misconf:** resolve tf module from OpenTofu compatible registry ([#6743](https://github.com/afdesk/trivy/issues/6743)) ([ac74520](https://github.com/afdesk/trivy/commit/ac7452009bf7ca0fa8ee1de8807c792eabad405a)) +* **misconf:** scanning support for YAML and JSON ([#7311](https://github.com/afdesk/trivy/issues/7311)) ([efdbd8f](https://github.com/afdesk/trivy/commit/efdbd8f19ab0ab0c3b48293d43e51c81b7b03b89)) +* **misconf:** support for ignore by nested attributes ([#7205](https://github.com/afdesk/trivy/issues/7205)) ([44e4686](https://github.com/afdesk/trivy/commit/44e468603d44b077cc4606327fb3e7d7ca435e05)) +* **misconf:** support for policy and bucket grants ([#7284](https://github.com/afdesk/trivy/issues/7284)) ([a817fae](https://github.com/afdesk/trivy/commit/a817fae85b7272b391b737ec86673a7cab722bae)) +* **misconf:** support for VPC resources for inbound/outbound rules ([#6779](https://github.com/afdesk/trivy/issues/6779)) ([349caf9](https://github.com/afdesk/trivy/commit/349caf96bc3dd81551d488044f1adfdb947f39fb)) +* **misconf:** support of selectors for all providers for Rego ([#6905](https://github.com/afdesk/trivy/issues/6905)) ([bc3741a](https://github.com/afdesk/trivy/commit/bc3741ae2c68cdd00fc0aef7e51985568b2eb78a)) +* **misconf:** Support private registries for misconf check bundle ([#6327](https://github.com/afdesk/trivy/issues/6327)) ([f23ed77](https://github.com/afdesk/trivy/commit/f23ed7759802391b33d957e21334e661f3bb92ae)) +* **misconf:** support symlinks inside of Helm archives ([#6621](https://github.com/afdesk/trivy/issues/6621)) ([4eae37c](https://github.com/afdesk/trivy/commit/4eae37c52b035b3576361c12f70d3d9517d0a73c)) +* **misconf:** Use updated terminology for misconfiguration checks ([#6476](https://github.com/afdesk/trivy/issues/6476)) ([37da98d](https://github.com/afdesk/trivy/commit/37da98df45f6014fcd5f1744e2e26351b61d2a02)) +* **misconf:** variable support for Terraform Plan ([#7228](https://github.com/afdesk/trivy/issues/7228)) ([db2c955](https://github.com/afdesk/trivy/commit/db2c95598da098ca610825089eb4ab63b789b215)) +* **nodejs:** add license parser to pnpm analyser ([#7036](https://github.com/afdesk/trivy/issues/7036)) ([03ac93d](https://github.com/afdesk/trivy/commit/03ac93dc208f1b40896f3fa11fa1d45293176dca)) +* **nodejs:** add v9 pnpm lock file support ([#6617](https://github.com/afdesk/trivy/issues/6617)) ([1e08648](https://github.com/afdesk/trivy/commit/1e0864842e32a709941d4b4e8f521602bcee684d)) +* **php:** add installed.json file support ([#4865](https://github.com/afdesk/trivy/issues/4865)) ([edc556b](https://github.com/afdesk/trivy/commit/edc556b85e3554c31e19b1ece189effb9ba2be12)) +* **plugin:** add support for nested archives ([#6845](https://github.com/afdesk/trivy/issues/6845)) ([622c67b](https://github.com/afdesk/trivy/commit/622c67b7647f94d0a0ca3acf711d8f847cdd8d98)) +* **plugin:** specify plugin version ([#6683](https://github.com/afdesk/trivy/issues/6683)) ([d6dc567](https://github.com/afdesk/trivy/commit/d6dc56732babbc9d7f788c280a768d8648aa093d)) +* **python:** add license support for `requirement.txt` files ([#6782](https://github.com/afdesk/trivy/issues/6782)) ([29615be](https://github.com/afdesk/trivy/commit/29615be85e8bfeaf5a0cd51829b1898c55fa4274)) +* **python:** add line number support for `requirement.txt` files ([#6729](https://github.com/afdesk/trivy/issues/6729)) ([2bc54ad](https://github.com/afdesk/trivy/commit/2bc54ad2752aba5de4380cb92c13b09c0abefd73)) +* **python:** use minimum version for pip packages ([#7348](https://github.com/afdesk/trivy/issues/7348)) ([e9b43f8](https://github.com/afdesk/trivy/commit/e9b43f81e67789b067352fcb6aa55bc9478bc518)) +* **report:** export modified findings in JSON ([#7383](https://github.com/afdesk/trivy/issues/7383)) ([7aea79d](https://github.com/afdesk/trivy/commit/7aea79dd93cfb61453766dbbb2e3fc0fbd317852)) +* **report:** Include licenses and secrets filtered by rego to ModifiedFindings ([#6483](https://github.com/afdesk/trivy/issues/6483)) ([fa3cf99](https://github.com/afdesk/trivy/commit/fa3cf993eace4be793f85907b42365269c597b91)) +* respect custom exit code from plugin ([#6584](https://github.com/afdesk/trivy/issues/6584)) ([f0961d5](https://github.com/afdesk/trivy/commit/f0961d54f6d68324003419f65042d15d5435d28b)) +* **sbom:** add image labels into `SPDX` and `CycloneDX` reports ([#7257](https://github.com/afdesk/trivy/issues/7257)) ([4a2f492](https://github.com/afdesk/trivy/commit/4a2f492c6e685ff577fb96a7006cd0c43755baf4)) +* **sbom:** add vulnerability support for SPDX formats ([#7213](https://github.com/afdesk/trivy/issues/7213)) ([efb1f69](https://github.com/afdesk/trivy/commit/efb1f6938321eec3529ef4fea6608261f6771ae0)) +* **sbom:** migrate to `CycloneDX v1.6` ([#6903](https://github.com/afdesk/trivy/issues/6903)) ([09e50ce](https://github.com/afdesk/trivy/commit/09e50ce6a82073ba62f1732d5aa0cd2701578693)) +* **sbom:** set User-Agent header on requests to Rekor ([#7396](https://github.com/afdesk/trivy/issues/7396)) ([af1d257](https://github.com/afdesk/trivy/commit/af1d257730422d238871beb674767f8f83c5d06a)) +* **sbom:** Support license detection for SBOM scan ([#6072](https://github.com/afdesk/trivy/issues/6072)) ([eb3ceb3](https://github.com/afdesk/trivy/commit/eb3ceb323d2646fceecc4e3c18f13eecb3081c0f)) +* **secret:** Support for detecting Hugging Face Access Tokens ([#6236](https://github.com/afdesk/trivy/issues/6236)) ([6639911](https://github.com/afdesk/trivy/commit/66399116627afbaa936da3965e25c2afb409c112)) +* **server:** add internal `--path-prefix` flag for client/server mode ([#7321](https://github.com/afdesk/trivy/issues/7321)) ([24a4563](https://github.com/afdesk/trivy/commit/24a45636867b893ff54c5ce07197f3b5c6db1d9b)) +* **server:** Make Trivy Server Multiplexer Exported ([#7389](https://github.com/afdesk/trivy/issues/7389)) ([4c6e8ca](https://github.com/afdesk/trivy/commit/4c6e8ca9cc9591799907cc73075f2d740e303b8f)) +* share build-in rules ([#7207](https://github.com/afdesk/trivy/issues/7207)) ([bff317c](https://github.com/afdesk/trivy/commit/bff317c77bf4a5f615a80d9875d129213bd52f6d)) +* support `--skip-images` scanning flag ([#6334](https://github.com/afdesk/trivy/issues/6334)) ([e739ab8](https://github.com/afdesk/trivy/commit/e739ab85063c82a817cdf33130d7dd1ca9ddb65a)) +* **terraform:** Add hyphen and non-ASCII support for domain names in credential extraction ([#6108](https://github.com/afdesk/trivy/issues/6108)) ([4a9ac6d](https://github.com/afdesk/trivy/commit/4a9ac6d1995b6a81d8d0e0f7b606940a1b6264f9)) +* **terraform:** ignore resources by nested attributes ([#6302](https://github.com/afdesk/trivy/issues/6302)) ([29dee32](https://github.com/afdesk/trivy/commit/29dee32814729f8ba2382f975582d1dbd092cf5c)) +* **terraform:** Terraform Plan snapshot scanning support ([#6176](https://github.com/afdesk/trivy/issues/6176)) ([9361cdb](https://github.com/afdesk/trivy/commit/9361cdb7e28fd304d6fd2a1091feac64a6786672)) +* **vex:** consider root component for relationships ([#6313](https://github.com/afdesk/trivy/issues/6313)) ([c4022d6](https://github.com/afdesk/trivy/commit/c4022d61b39a4f4139f01f6254f182ab81d2bc35)) +* **vex:** improve relationship support in CSAF VEX ([#6735](https://github.com/afdesk/trivy/issues/6735)) ([a447f6b](https://github.com/afdesk/trivy/commit/a447f6ba94b6f8b14177dc5e4369a788e2020d90)) +* **vex:** retrieve VEX attestations from OCI registries ([#7249](https://github.com/afdesk/trivy/issues/7249)) ([c2fd2e0](https://github.com/afdesk/trivy/commit/c2fd2e0d89567a0ccd996dda8790f3c3305ea6f7)) +* **vex:** support non-root components for products in OpenVEX ([#6728](https://github.com/afdesk/trivy/issues/6728)) ([9515695](https://github.com/afdesk/trivy/commit/9515695d45e9b5c20890e27e21e3ab45bfd4ce5f)) +* **vex:** VEX Repository support ([#7206](https://github.com/afdesk/trivy/issues/7206)) ([88ba460](https://github.com/afdesk/trivy/commit/88ba46047c93e6046292523ae701de774dfdc4dc)) +* **vm:** Support direct filesystem ([#7058](https://github.com/afdesk/trivy/issues/7058)) ([45b3f34](https://github.com/afdesk/trivy/commit/45b3f344042bcd90ca63ab696b69bff0e9ab4e36)) +* **vm:** support the Ext2/Ext3 filesystems ([#6983](https://github.com/afdesk/trivy/issues/6983)) ([35c60f0](https://github.com/afdesk/trivy/commit/35c60f030fa48de8d8e57958e5ba379814126831)) +* **vuln:** Add `--detection-priority` flag for accuracy tuning ([#7288](https://github.com/afdesk/trivy/issues/7288)) ([fd8348d](https://github.com/afdesk/trivy/commit/fd8348d610f20c6c33da81cd7b0e7d5504ce26be)) +* **vuln:** add `--pkg-relationships` ([#7237](https://github.com/afdesk/trivy/issues/7237)) ([5c37361](https://github.com/afdesk/trivy/commit/5c37361600d922db27dd594b2a80c010a19b3a6e)) +* **vuln:** Handle scanning conan v2.x lockfiles ([#6357](https://github.com/afdesk/trivy/issues/6357)) ([29b8faf](https://github.com/afdesk/trivy/commit/29b8faf5faaa02e463cbb54465563b40d5667bf4)) +* **vuln:** ignore vulnerabilities by PURL ([#6178](https://github.com/afdesk/trivy/issues/6178)) ([cd3e4bc](https://github.com/afdesk/trivy/commit/cd3e4bcac235c30c144f440a11d568df68f0c6b5)) + + +### Bug Fixes + +* add color for error inside of log message ([#6493](https://github.com/afdesk/trivy/issues/6493)) ([cfddfb3](https://github.com/afdesk/trivy/commit/cfddfb33c1b9bd7128b78079c298f3417e1fbe34)) +* add context to target finding on k8s table view ([#6099](https://github.com/afdesk/trivy/issues/6099)) ([1b7e474](https://github.com/afdesk/trivy/commit/1b7e47424b9f48c9fe194ab24b1d4ccdc7a1a005)) +* Add dependencyManagement exclusions to the child exclusions ([#6969](https://github.com/afdesk/trivy/issues/6969)) ([dc68a66](https://github.com/afdesk/trivy/commit/dc68a662a701980d6529f61a65006f1e4728a3e5)) +* add missing platform and type to spec ([#7149](https://github.com/afdesk/trivy/issues/7149)) ([c8a7abd](https://github.com/afdesk/trivy/commit/c8a7abd3b508975fcf10c254d13d1a2cd42da657)) +* **amazon:** check only major version of AL to find advisories ([#6295](https://github.com/afdesk/trivy/issues/6295)) ([fb8c516](https://github.com/afdesk/trivy/commit/fb8c516ded3f1fa38efbd9cfc54d3cf5c63f2491)) +* **aws:** handle ECR repositories in different regions ([#6217](https://github.com/afdesk/trivy/issues/6217)) ([feaef96](https://github.com/afdesk/trivy/commit/feaef9699df5d8ca399770e701a59d7c0ff979a3)) +* **c:** don't skip conan files from `file-patterns` and scan `.conan2` cache dir ([#6949](https://github.com/afdesk/trivy/issues/6949)) ([38b35dd](https://github.com/afdesk/trivy/commit/38b35dd3c804027e7a6e6a9d3c87b7ac333896c5)) +* clean up golangci lint configuration ([#6797](https://github.com/afdesk/trivy/issues/6797)) ([62de6f3](https://github.com/afdesk/trivy/commit/62de6f3feba6e4c56ad3922441d5b0f150c3d6b7)) +* **cli:** always output fatal errors to stderr ([#6827](https://github.com/afdesk/trivy/issues/6827)) ([c2b9132](https://github.com/afdesk/trivy/commit/c2b9132a7e933a68df4cc0eb86aab23719ded1b5)) +* **cli:** error on missing config file ([#7154](https://github.com/afdesk/trivy/issues/7154)) ([7fa5e7d](https://github.com/afdesk/trivy/commit/7fa5e7d0ab67f20d434b2922725988695e32e6af)) +* **cli:** show info message only when --scanners is available ([#7032](https://github.com/afdesk/trivy/issues/7032)) ([e9fc3e3](https://github.com/afdesk/trivy/commit/e9fc3e3397564512038ddeca2adce0efcb3f93c5)) +* close APKINDEX archive file ([#6672](https://github.com/afdesk/trivy/issues/6672)) ([5caf437](https://github.com/afdesk/trivy/commit/5caf4377f3a7fcb1f6e1a84c67136ae62d100be3)) +* close file when failed to open gzip ([#7164](https://github.com/afdesk/trivy/issues/7164)) ([2a577a7](https://github.com/afdesk/trivy/commit/2a577a7bae37e5731dceaea8740683573b6b70a5)) +* close plugin.yaml ([#6577](https://github.com/afdesk/trivy/issues/6577)) ([916f6c6](https://github.com/afdesk/trivy/commit/916f6c66f8031bb311657944ff3ca1284169902e)) +* close pom.xml ([#6507](https://github.com/afdesk/trivy/issues/6507)) ([a986199](https://github.com/afdesk/trivy/commit/a9861994e51b45b18880d7432347f9d911148faa)) +* close settings.xml ([#6768](https://github.com/afdesk/trivy/issues/6768)) ([9c3e895](https://github.com/afdesk/trivy/commit/9c3e895fcb0852c00ac03ed21338768f76b5273b)) +* close testfile ([#6830](https://github.com/afdesk/trivy/issues/6830)) ([aa0c413](https://github.com/afdesk/trivy/commit/aa0c413814e8915b38d2285c6a8ba5bc3f0705b4)) +* **cloudformation:** infer type after resolving a function ([#6406](https://github.com/afdesk/trivy/issues/6406)) ([6a2f6fd](https://github.com/afdesk/trivy/commit/6a2f6fde4f97f254eb4ef3b79cab99f574abf72a)) +* **cloudformation:** resolve `DedicatedMasterEnabled` parsing issue ([#6439](https://github.com/afdesk/trivy/issues/6439)) ([74e4c6e](https://github.com/afdesk/trivy/commit/74e4c6e0127c5594516ed54c1202213d4f670c8e)) +* **cloudformation:** support of all SSE algorithms for s3 ([#6270](https://github.com/afdesk/trivy/issues/6270)) ([337cb75](https://github.com/afdesk/trivy/commit/337cb753533ccb7d14b01bb2ef69d26c9061c708)) +* **conda:** add support `pip` deps for `environment.yml` files ([#6675](https://github.com/afdesk/trivy/issues/6675)) ([150a773](https://github.com/afdesk/trivy/commit/150a77313e980cd63797a89a03afcbc97b285f38)) +* **cyclonedx:** trim non-URL info for `advisory.url` ([#6952](https://github.com/afdesk/trivy/issues/6952)) ([417212e](https://github.com/afdesk/trivy/commit/417212e0930aa52a27ebdc1b9370d2943ce0f8fa)) +* **db:** check schema version for image name only ([#6410](https://github.com/afdesk/trivy/issues/6410)) ([8baccd7](https://github.com/afdesk/trivy/commit/8baccd7909a4b91970f2a8effcfce2628a42c206)) +* **db:** use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default ([#6219](https://github.com/afdesk/trivy/issues/6219)) ([96bd7ac](https://github.com/afdesk/trivy/commit/96bd7ac59452160a02adab1c7d43e3e6d9b639ba)) +* **debian:** sort dpkg info before parsing due to exclude directories ([#6551](https://github.com/afdesk/trivy/issues/6551)) ([9aca98c](https://github.com/afdesk/trivy/commit/9aca98cca87d037ad756a3dbe61931cd2ddf1fc0)) +* **debian:** take installed files from the origin layer ([#6849](https://github.com/afdesk/trivy/issues/6849)) ([089b953](https://github.com/afdesk/trivy/commit/089b953462260f01c40bdf588b2568ae0ef658bc)) +* **dotnet:** don't include non-runtime libraries into report for `*.deps.json` files ([#7039](https://github.com/afdesk/trivy/issues/7039)) ([5bc662b](https://github.com/afdesk/trivy/commit/5bc662be9a8f072599f90abfd3b400c8ab055ed6)) +* **dotnet:** show `nuget package dir not found` log only when checking `nuget` packages ([#7194](https://github.com/afdesk/trivy/issues/7194)) ([d76feba](https://github.com/afdesk/trivy/commit/d76febaee107c645e864da0f4d74a8f6ae4ad232)) +* **flag:** incorrect behavior for deprected flag `--clear-cache` ([#7281](https://github.com/afdesk/trivy/issues/7281)) ([2a0e529](https://github.com/afdesk/trivy/commit/2a0e529c36057b572119815af59c28e4790034ca)) +* **fs:** handle default skip dirs properly ([#6628](https://github.com/afdesk/trivy/issues/6628)) ([8016b82](https://github.com/afdesk/trivy/commit/8016b821a260840ccb81ef520f2804b9482f3820)) +* **go:** add only non-empty root modules for `gobinaries` ([#6710](https://github.com/afdesk/trivy/issues/6710)) ([c96f2a5](https://github.com/afdesk/trivy/commit/c96f2a5b3de820da37e14594dd537c3b0949ae9c)) +* **go:** include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` ([#6705](https://github.com/afdesk/trivy/issues/6705)) ([afb4f9d](https://github.com/afdesk/trivy/commit/afb4f9dc4730671ba004e1734fa66422c4c86dad)) +* Golang version parsing from binaries w/GOEXPERIMENT ([#6696](https://github.com/afdesk/trivy/issues/6696)) ([696f2ae](https://github.com/afdesk/trivy/commit/696f2ae0ecdd4f90303f41249924a09ace70dd78)) +* **helm:** explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element ([#7362](https://github.com/afdesk/trivy/issues/7362)) ([da4ebfa](https://github.com/afdesk/trivy/commit/da4ebfa1a741f3f8b0b43289b4028afe763f7d43)) +* **helm:** scan the subcharts once ([#6382](https://github.com/afdesk/trivy/issues/6382)) ([f148eb1](https://github.com/afdesk/trivy/commit/f148eb10f25b4daaf97b38ef523e6f16e9b118a1)) +* ignore nodes when listing permission is not allowed ([#7107](https://github.com/afdesk/trivy/issues/7107)) ([25f8143](https://github.com/afdesk/trivy/commit/25f8143f120965c636c5ea8386398b211b082398)) +* **image:** parse `image.inspect.Created` field only for non-empty values ([#6948](https://github.com/afdesk/trivy/issues/6948)) ([0af5730](https://github.com/afdesk/trivy/commit/0af5730cbe56686417389c2fad643c1bdbb33999)) +* include packages unless it is not needed ([#6765](https://github.com/afdesk/trivy/issues/6765)) ([56dbe1f](https://github.com/afdesk/trivy/commit/56dbe1f6768fe67fbc1153b74fde0f83eaa1b281)) +* increase the default buffer size for scanning dpkg status files by 2 times ([#6298](https://github.com/afdesk/trivy/issues/6298)) ([3177924](https://github.com/afdesk/trivy/commit/317792433e4e961441f772c6bd22d63873a8c986)) +* **java:** add only valid libs from `pom.properties` files from `jars` ([#6164](https://github.com/afdesk/trivy/issues/6164)) ([8221473](https://github.com/afdesk/trivy/commit/82214736a943f61c173902808f2887a660543fe2)) +* **java:** avoid panic if deps from `pom` in `it` dir are not found ([#7245](https://github.com/afdesk/trivy/issues/7245)) ([4e54a7e](https://github.com/afdesk/trivy/commit/4e54a7e84c33c1be80c52c6db78c634bc3911715)) +* **java:** don't ignore runtime scope for pom.xml files ([#6223](https://github.com/afdesk/trivy/issues/6223)) ([c4b5ab7](https://github.com/afdesk/trivy/commit/c4b5ab7881c1538d32d87ac21e67e3586e207cd7)) +* **java:** parse modules from `pom.xml` files once ([#6312](https://github.com/afdesk/trivy/issues/6312)) ([7c409fd](https://github.com/afdesk/trivy/commit/7c409fd270bd71a24da8a06d7be2aa9f5a70321f)) +* **java:** Return error when trying to find a remote pom to avoid segfault ([#7275](https://github.com/afdesk/trivy/issues/7275)) ([49d5270](https://github.com/afdesk/trivy/commit/49d5270163e305f88fedcf50412973736e69dc69)) +* **java:** update logic to detect `pom.xml` file snapshot artifacts from remote repositories ([#6412](https://github.com/afdesk/trivy/issues/6412)) ([34ab09d](https://github.com/afdesk/trivy/commit/34ab09d559bf9bee6f39fd8fce10d36fd6759681)) +* **java:** use `dependencyManagement` from root/child pom's for dependencies from parents ([#7497](https://github.com/afdesk/trivy/issues/7497)) ([5442949](https://github.com/afdesk/trivy/commit/54429497e7d6a87eac236771d4efb8a5a7faaac5)) +* **java:** use `go-mvn-version` to remove `Package` duplicates ([#7088](https://github.com/afdesk/trivy/issues/7088)) ([a7a304d](https://github.com/afdesk/trivy/commit/a7a304d53e1ce230f881c28c4f35885774cf3b9a)) +* k8s summary separate infra and user finding results ([#6120](https://github.com/afdesk/trivy/issues/6120)) ([dc76c6e](https://github.com/afdesk/trivy/commit/dc76c6e4f4df67f5bf01ead2b18e2f98e853ca61)) +* **license:** add FilePath to results to allow for license path filtering via trivyignore file ([#6215](https://github.com/afdesk/trivy/issues/6215)) ([04535b5](https://github.com/afdesk/trivy/commit/04535b554ab239b30543ae6514b677d416785ca1)) +* **license:** add license handling to JUnit template ([#7409](https://github.com/afdesk/trivy/issues/7409)) ([f80183c](https://github.com/afdesk/trivy/commit/f80183c1139b21bb95bc64e216358f4a76001a65)) +* **license:** reorder logic of how python package licenses are acquired ([#6220](https://github.com/afdesk/trivy/issues/6220)) ([56cedc0](https://github.com/afdesk/trivy/commit/56cedc0d6795ed34c3fd1a9b10880678c9a709d1)) +* **license:** return license separation using separators `,`, `or`, etc. ([#6916](https://github.com/afdesk/trivy/issues/6916)) ([52f7aa5](https://github.com/afdesk/trivy/commit/52f7aa54b520a90a19736703f8ea63cc20fab104)) +* **license:** stop spliting a long license text ([#7336](https://github.com/afdesk/trivy/issues/7336)) ([4926da7](https://github.com/afdesk/trivy/commit/4926da79de901fba73819d71845ec0355b68ae0f)) +* logger initialization before flags parsing ([#7372](https://github.com/afdesk/trivy/issues/7372)) ([c929290](https://github.com/afdesk/trivy/commit/c929290c3c0e4e91337264d69e75ccb60522bc65)) +* **misconf:** avoid panic if the scheme is not valid ([#6496](https://github.com/afdesk/trivy/issues/6496)) ([4337068](https://github.com/afdesk/trivy/commit/433706820834548132f4f1aba41a7208143cfab2)) +* **misconf:** change default TLS values for the Azure storage account ([#7345](https://github.com/afdesk/trivy/issues/7345)) ([aadb090](https://github.com/afdesk/trivy/commit/aadb09078843250c66087f46db9a2aa48094a118)) +* **misconf:** clear location URI for SARIF ([#6405](https://github.com/afdesk/trivy/issues/6405)) ([712dcd3](https://github.com/afdesk/trivy/commit/712dcd30077dfdf7a5449d635ee38fff5165c422)) +* **misconf:** do not evaluate TF when a load error occurs ([#7109](https://github.com/afdesk/trivy/issues/7109)) ([f27c236](https://github.com/afdesk/trivy/commit/f27c236d6e155cb366aeef619b6ea96d20fb93da)) +* **misconf:** do not filter Terraform plan JSON by name ([#7406](https://github.com/afdesk/trivy/issues/7406)) ([9d7264a](https://github.com/afdesk/trivy/commit/9d7264af8e85bcc0dba600b8366d0470d455251c)) +* **misconf:** do not recreate filesystem map ([#7416](https://github.com/afdesk/trivy/issues/7416)) ([3a5d091](https://github.com/afdesk/trivy/commit/3a5d091759564496992a83fb2015a21c84a22213)) +* **misconf:** do not register Rego libs in checks registry ([#7420](https://github.com/afdesk/trivy/issues/7420)) ([a5aa63e](https://github.com/afdesk/trivy/commit/a5aa63eff7e229744090f9ad300c1bec3259397e)) +* **misconf:** do not set default value for default_cache_behavior ([#7234](https://github.com/afdesk/trivy/issues/7234)) ([f0ed5e4](https://github.com/afdesk/trivy/commit/f0ed5e4ced7e60af35c88d5d084aa4b7237f4973)) +* **misconf:** do not use semver for parsing tf module versions ([#6614](https://github.com/afdesk/trivy/issues/6614)) ([9c794c0](https://github.com/afdesk/trivy/commit/9c794c0ffc8d31c82cad3cbd593eb03e689cf583)) +* **misconf:** don't shift ignore rule related to code ([#6708](https://github.com/afdesk/trivy/issues/6708)) ([39a746c](https://github.com/afdesk/trivy/commit/39a746c77837f873e87b81be40676818030f44c5)) +* **misconf:** Escape template value correctly ([#6292](https://github.com/afdesk/trivy/issues/6292)) ([1c49a16](https://github.com/afdesk/trivy/commit/1c49a16c65ecc63a24d9957174ca91d088855a2a)) +* **misconf:** fix caching of modules in subdirectories ([#6814](https://github.com/afdesk/trivy/issues/6814)) ([0bcfedb](https://github.com/afdesk/trivy/commit/0bcfedbcaa9bbe30ee5ecade5b98e9ce3cc54c9b)) +* **misconf:** fix infer type for null value ([#7424](https://github.com/afdesk/trivy/issues/7424)) ([0cac3ac](https://github.com/afdesk/trivy/commit/0cac3ac7075017628a21a7990941df04cbc16dbe)) +* **misconf:** Fix logging typo ([#7473](https://github.com/afdesk/trivy/issues/7473)) ([56db43c](https://github.com/afdesk/trivy/commit/56db43c24f4f6be92891be85faaf9492cad516ac)) +* **misconf:** fix parsing of engine links and frameworks ([#6937](https://github.com/afdesk/trivy/issues/6937)) ([ec68c9a](https://github.com/afdesk/trivy/commit/ec68c9ab4580d057720179173d58734402c92af4)) +* **misconf:** handle source prefix to ignore ([#6945](https://github.com/afdesk/trivy/issues/6945)) ([c3192f0](https://github.com/afdesk/trivy/commit/c3192f061d7e84eaf38df8df7c879dc00b4ca137)) +* **misconf:** init frameworks before updating them ([#7376](https://github.com/afdesk/trivy/issues/7376)) ([b65b32d](https://github.com/afdesk/trivy/commit/b65b32ddfa6fc62ac81ad9fa580e1f5a327864f5)) +* **misconf:** load cached tf modules ([#6607](https://github.com/afdesk/trivy/issues/6607)) ([7a25dad](https://github.com/afdesk/trivy/commit/7a25dadb44a57a1099227cde44e1732f25409cea)) +* **misconf:** load only submodule if it is specified in source ([#7112](https://github.com/afdesk/trivy/issues/7112)) ([a4180bd](https://github.com/afdesk/trivy/commit/a4180bddd43d86e479edf0afe0c362021d071482)) +* **misconf:** Parse JSON k8s manifests properly ([#6490](https://github.com/afdesk/trivy/issues/6490)) ([9b7d713](https://github.com/afdesk/trivy/commit/9b7d7132b750f3ee0e824179b7fe2ea0cb0916ed)) +* **misconf:** parsing numbers without fraction as int ([#6834](https://github.com/afdesk/trivy/issues/6834)) ([8141a13](https://github.com/afdesk/trivy/commit/8141a137ba50b553a9da877d95c7ccb491d041c6)) +* **misconf:** skip Rego errors with a nil location ([#6638](https://github.com/afdesk/trivy/issues/6638)) ([a2c522d](https://github.com/afdesk/trivy/commit/a2c522ddb229f049999c4ce74ef75a0e0f9fdc62)) +* **misconf:** skip Rego errors with a nil location ([#6666](https://github.com/afdesk/trivy/issues/6666)) ([a126e10](https://github.com/afdesk/trivy/commit/a126e1075a44ef0e40c0dc1e214d1c5955f80242)) +* **misconf:** support deprecating for Go checks ([#7377](https://github.com/afdesk/trivy/issues/7377)) ([2a6c7ab](https://github.com/afdesk/trivy/commit/2a6c7ab3b338ce4a8f99d6ac3508c2531dcbe812)) +* **misconf:** use module to log when metadata retrieval fails ([#7405](https://github.com/afdesk/trivy/issues/7405)) ([0799770](https://github.com/afdesk/trivy/commit/0799770b8827a8276ad0d6d9ac7e0381c286757c)) +* **misconf:** wrap Azure PortRange in iac types ([#7357](https://github.com/afdesk/trivy/issues/7357)) ([c5c62d5](https://github.com/afdesk/trivy/commit/c5c62d5ff05420321f9cdbfb93e2591e0866a342)) +* node-collector high and critical cves ([#6707](https://github.com/afdesk/trivy/issues/6707)) ([ff32deb](https://github.com/afdesk/trivy/commit/ff32deb7bf9163c06963f557228260b3b8c161ed)) +* **nodejs:** add name validation for package name from `package.json` ([#6268](https://github.com/afdesk/trivy/issues/6268)) ([12c5bf0](https://github.com/afdesk/trivy/commit/12c5bf0805753c8d68423a06920f184f2fd55772)) +* **nodejs:** add support for parsing `workspaces` from `package.json` as an object ([#6231](https://github.com/afdesk/trivy/issues/6231)) ([f85c9fa](https://github.com/afdesk/trivy/commit/f85c9fac6f522d9a5f139e7de9bc7b5037692877)) +* **nodejs:** check all `importers` to detect dev deps from pnpm-lock.yaml file ([#7387](https://github.com/afdesk/trivy/issues/7387)) ([fd9ed3a](https://github.com/afdesk/trivy/commit/fd9ed3a330bc66e229bcbdc262dc296a3bf01f54)) +* **nodejs:** detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` ([#7110](https://github.com/afdesk/trivy/issues/7110)) ([54bb8bd](https://github.com/afdesk/trivy/commit/54bb8bdfb934d114b5570005853bf4bc0d40c609)) +* **nodejs:** fix infinite loop when package link from `package-lock.json` file is broken ([#6858](https://github.com/afdesk/trivy/issues/6858)) ([cf5aa33](https://github.com/afdesk/trivy/commit/cf5aa336e660e4c98481ebf8d15dd4e54c38581e)) +* **nodejs:** fix infinity loops for `pnpm` with cyclic imports ([#6857](https://github.com/afdesk/trivy/issues/6857)) ([7d083bc](https://github.com/afdesk/trivy/commit/7d083bc890eccc3bf32765c6d7e922cab2e2ef94)) +* **nodejs:** merge `Indirect`, `Dev`, `ExternalReferences` fields for same deps from `package-lock.json` files v2 or later ([#6356](https://github.com/afdesk/trivy/issues/6356)) ([258d153](https://github.com/afdesk/trivy/commit/258d1534614a98811de657eb196051728529defd)) +* **oracle:** Update EOL date for Oracle 7 ([#7480](https://github.com/afdesk/trivy/issues/7480)) ([dd0a64a](https://github.com/afdesk/trivy/commit/dd0a64a1cf0cd76e6f81e3ff55fa6ccb95ce3c3d)) +* **plugin:** do not call GitHub content API for releases and tags ([#7274](https://github.com/afdesk/trivy/issues/7274)) ([b3ee6da](https://github.com/afdesk/trivy/commit/b3ee6dac269bd7847674f3ce985a5ff7f8f0ba38)) +* **plugin:** initialize logger ([#6836](https://github.com/afdesk/trivy/issues/6836)) ([728e77a](https://github.com/afdesk/trivy/commit/728e77a7261dc3fcda1e61e79be066c789bbba0c)) +* **plugin:** respect `--insecure` ([#7022](https://github.com/afdesk/trivy/issues/7022)) ([3d02a31](https://github.com/afdesk/trivy/commit/3d02a31b44924f9e2495aae087f7ca9de3314db4)) +* Printf format err ([#6198](https://github.com/afdesk/trivy/issues/6198)) ([876ab84](https://github.com/afdesk/trivy/commit/876ab84b364238fbae9b53c9d9676873c6b89b4b)) +* **purl:** add missed os types ([#6955](https://github.com/afdesk/trivy/issues/6955)) ([2d85a00](https://github.com/afdesk/trivy/commit/2d85a003b22298d1101f84559f7c6b470f2b3909)) +* **python:** add package name and version validation for `requirements.txt` files. ([#6804](https://github.com/afdesk/trivy/issues/6804)) ([ea3a124](https://github.com/afdesk/trivy/commit/ea3a124fc7162c30c7f1a59bdb28db0b3c8bb86d)) +* **python:** compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase ([#6852](https://github.com/afdesk/trivy/issues/6852)) ([faa9d92](https://github.com/afdesk/trivy/commit/faa9d92cfeb8d924deda2dac583b6c97099c08d9)) +* **report:** change a receiver of MarshalJSON ([#7483](https://github.com/afdesk/trivy/issues/7483)) ([927c6e0](https://github.com/afdesk/trivy/commit/927c6e0c9d4d4a3f1be00f0f661c1d18325d9440)) +* **report:** don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used ([#6348](https://github.com/afdesk/trivy/issues/6348)) ([1870f28](https://github.com/afdesk/trivy/commit/1870f28461c0faa9c1cf2a7b1d756356a16af4fc)) +* **report:** escape `Message` field in `asff.tpl` template ([#7401](https://github.com/afdesk/trivy/issues/7401)) ([dd9733e](https://github.com/afdesk/trivy/commit/dd9733e950d3127aa2ac90c45ec7e2b88a2b47ca)) +* **report:** fix error with unmarshal of `ExperimentalModifiedFindings` ([#7463](https://github.com/afdesk/trivy/issues/7463)) ([7ff9aff](https://github.com/afdesk/trivy/commit/7ff9aff2739b2eee4a98175b98914795e4077060)) +* **report:** hide empty table when all secrets/license/misconfigs are ignored ([#7171](https://github.com/afdesk/trivy/issues/7171)) ([c3036de](https://github.com/afdesk/trivy/commit/c3036de6d7719323d306a9666ccc8d928d936f9a)) +* **report:** hide empty tables if all vulns has been filtered ([#6352](https://github.com/afdesk/trivy/issues/6352)) ([3d388d8](https://github.com/afdesk/trivy/commit/3d388d8552ef42d4d54176309a38c1879008527b)) +* safely check if the directory exists ([#7353](https://github.com/afdesk/trivy/issues/7353)) ([05a8297](https://github.com/afdesk/trivy/commit/05a829715f99cd90b122c64cd2f40157854e467b)) +* **sbom:** add check for `CreationInfo` to nil when detecting SPDX created using Trivy ([#6346](https://github.com/afdesk/trivy/issues/6346)) ([e866bd5](https://github.com/afdesk/trivy/commit/e866bd5b5d4a654c13436f516ef9c258a8367e86)) +* **sbom:** change error to warning for multiple OSes ([#6541](https://github.com/afdesk/trivy/issues/6541)) ([d2d4022](https://github.com/afdesk/trivy/commit/d2d4022ef36b0ccf583c9bf9436dfd75a742ee3d)) +* **sbom:** don't overwrite `srcEpoch` when decoding SBOM files ([#6866](https://github.com/afdesk/trivy/issues/6866)) ([04af59c](https://github.com/afdesk/trivy/commit/04af59c2906bcfc7f7970b4e8f45a90f04313170)) +* **sbom:** fix error when parent of SPDX Relationships is not a package. ([#6399](https://github.com/afdesk/trivy/issues/6399)) ([5f69937](https://github.com/afdesk/trivy/commit/5f69937cc6986912925a8a1b0801810ea850ba79)) +* **sbom:** fix panic for `convert` mode when scanning json file derived from sbom file ([#6808](https://github.com/afdesk/trivy/issues/6808)) ([f92ea09](https://github.com/afdesk/trivy/commit/f92ea096856c7c262b05bd4d31c62689ebafac82)) +* **sbom:** fix panic when scanning SBOM file without root component into SBOM format ([#7051](https://github.com/afdesk/trivy/issues/7051)) ([3d4ae8b](https://github.com/afdesk/trivy/commit/3d4ae8b5be94cd9b00badeece8d86c2258b2cd90)) +* **sbom:** skip executable file analysis if Rekor isn't a specified SBOM source ([#6163](https://github.com/afdesk/trivy/issues/6163)) ([7694df1](https://github.com/afdesk/trivy/commit/7694df11fbd04e705383e527b5841fcb9a383cd5)) +* **sbom:** take pkg name from `purl` for maven pkgs ([#7008](https://github.com/afdesk/trivy/issues/7008)) ([a76e328](https://github.com/afdesk/trivy/commit/a76e3286c413de3dec55394fb41dd627dfee37ae)) +* **sbom:** use `NOASSERTION` for licenses fields in SPDX formats ([#7403](https://github.com/afdesk/trivy/issues/7403)) ([c96dcdd](https://github.com/afdesk/trivy/commit/c96dcdd440a14cdd1b01ac473b2c15e4698e387b)) +* **sbom:** use `purl` for `bitnami` pkg names ([#6982](https://github.com/afdesk/trivy/issues/6982)) ([7eabb92](https://github.com/afdesk/trivy/commit/7eabb92ec2e617300433445718be07ac74956454)) +* **sbom:** use package UIDs for uniqueness ([#7042](https://github.com/afdesk/trivy/issues/7042)) ([14d71ba](https://github.com/afdesk/trivy/commit/14d71ba63c39e51dd4179ba2d6002b46e1816e90)) +* **secret:** `Asymmetric Private Key` shouldn't start with space ([#6867](https://github.com/afdesk/trivy/issues/6867)) ([bb26445](https://github.com/afdesk/trivy/commit/bb26445e3df198df77930329f532ac5ab7a67af2)) +* **secret:** convert severity for custom rules ([#6500](https://github.com/afdesk/trivy/issues/6500)) ([46d5aba](https://github.com/afdesk/trivy/commit/46d5abad42bd4c4b6127d5a5053867728d619098)) +* **secret:** skip regular strings contain secret patterns ([#7182](https://github.com/afdesk/trivy/issues/7182)) ([174b1e3](https://github.com/afdesk/trivy/commit/174b1e3515a6394cf8d523216d6267c1aefb820a)) +* **secret:** trim excessively long lines ([#7192](https://github.com/afdesk/trivy/issues/7192)) ([92b13be](https://github.com/afdesk/trivy/commit/92b13be668bd20f8e9dac2f0cb8e5a2708b9b3b5)) +* **secret:** update length of `hugging-face-access-token` ([#7216](https://github.com/afdesk/trivy/issues/7216)) ([8c87194](https://github.com/afdesk/trivy/commit/8c87194f0a6b194bc5d340c8a65bd99a3132d973)) +* **secret:** use `.eyJ` keyword for JWT secret ([#7410](https://github.com/afdesk/trivy/issues/7410)) ([bf64003](https://github.com/afdesk/trivy/commit/bf64003ac8b209f34b88f228918a96d4f9dac5e0)) +* **secret:** use only line with secret for long secret lines ([#7412](https://github.com/afdesk/trivy/issues/7412)) ([391448a](https://github.com/afdesk/trivy/commit/391448aba9fcb0a4138225e5ab305e4e6707c603)) +* **server:** add Locations for `Packages` in client/server mode ([#6366](https://github.com/afdesk/trivy/issues/6366)) ([a2482c1](https://github.com/afdesk/trivy/commit/a2482c14e12df8e242b83361a9a3379691f65d95)) +* **server:** pass license categories to options ([#7203](https://github.com/afdesk/trivy/issues/7203)) ([9d52018](https://github.com/afdesk/trivy/commit/9d5201808da89607ae43570bdf1f335b482a6b79)) +* **suse:** Add SLES 15.6 and Leap 15.6 ([#6964](https://github.com/afdesk/trivy/issues/6964)) ([5ee4e9d](https://github.com/afdesk/trivy/commit/5ee4e9d30ea814f60fd5705361cabf2e83a47a78)) +* **swift:** try to use branch to resolve version ([#6168](https://github.com/afdesk/trivy/issues/6168)) ([e787e1a](https://github.com/afdesk/trivy/commit/e787e1af01c326c339aa0726ccc567e97c1facfa)) +* **terraform:** add aws_region name to presets ([#7184](https://github.com/afdesk/trivy/issues/7184)) ([bb2e26a](https://github.com/afdesk/trivy/commit/bb2e26a0ab707b718f6a890cbc87e2492298b6e5)) +* **terraform:** Attribute and fileset fixes ([#6544](https://github.com/afdesk/trivy/issues/6544)) ([7c2017f](https://github.com/afdesk/trivy/commit/7c2017fa7ad43b310ce487072ace269ed72e8c4a)) +* **terraform:** do not re-expand dynamic blocks ([#6151](https://github.com/afdesk/trivy/issues/6151)) ([64926d8](https://github.com/afdesk/trivy/commit/64926d8423d1e69ab4bde51f1e59ed56960f9bcb)) +* **terraform:** ensure consistent path handling across OS ([#6161](https://github.com/afdesk/trivy/issues/6161)) ([327cf88](https://github.com/afdesk/trivy/commit/327cf88397a12809a7388928d6fc27a7e6bfe66d)) +* **terraform:** eval submodules ([#6411](https://github.com/afdesk/trivy/issues/6411)) ([13190e9](https://github.com/afdesk/trivy/commit/13190e92d9fea1277389fc09fba0418c05c5f44f)) +* **terraform:** fix policy document retrieval ([#6276](https://github.com/afdesk/trivy/issues/6276)) ([102b6df](https://github.com/afdesk/trivy/commit/102b6df7389f93229dfdb4463bb18986cb7ef432)) +* **terraform:** fix root module search ([#6160](https://github.com/afdesk/trivy/issues/6160)) ([1dfece8](https://github.com/afdesk/trivy/commit/1dfece89d0c7c8dec73b6e3be8e7fabf1fca4a39)) +* **terraform:** сhecking SSE encryption algorithm validity ([#6341](https://github.com/afdesk/trivy/issues/6341)) ([abd62ae](https://github.com/afdesk/trivy/commit/abd62ae74e6b3d7c785717643bb254ecfef0fdac)) +* trivy k8s avoid deleting non-default node collector namespace ([#6559](https://github.com/afdesk/trivy/issues/6559)) ([8e6cd0e](https://github.com/afdesk/trivy/commit/8e6cd0e917fb54f72ca8054e2d94c3f53f764134)) +* typo ([#6283](https://github.com/afdesk/trivy/issues/6283)) ([1ba5b59](https://github.com/afdesk/trivy/commit/1ba5b59527d161b44830700b678229beb302c0ad)) +* typo function name and comment optimization ([#6200](https://github.com/afdesk/trivy/issues/6200)) ([3d2f583](https://github.com/afdesk/trivy/commit/3d2f583ecd712d4879d98ca24b9b30fbf540643e)) +* use `0600` perms for tmp files for post analyzers ([#6386](https://github.com/afdesk/trivy/issues/6386)) ([9d7f5c9](https://github.com/afdesk/trivy/commit/9d7f5c948e30af7b76cbe32b8e53070fb5bfd16b)) +* use embedded when command path not found ([#7037](https://github.com/afdesk/trivy/issues/7037)) ([137c916](https://github.com/afdesk/trivy/commit/137c9164238ffd989a0c5ed24f23a55bbf341f6e)) +* use of specified context to obtain cluster name ([#6645](https://github.com/afdesk/trivy/issues/6645)) ([39ebed4](https://github.com/afdesk/trivy/commit/39ebed45f8c218509d264bd3f3ca548fc33d2b3a)) +* **vex:** CSAF filtering should consider relationships ([#5923](https://github.com/afdesk/trivy/issues/5923)) ([9c5e5a0](https://github.com/afdesk/trivy/commit/9c5e5a04ee691f0f9ad064bd0cedec3b317f6bd8)) +* **vuln:** skip empty versions ([#6542](https://github.com/afdesk/trivy/issues/6542)) ([164b025](https://github.com/afdesk/trivy/commit/164b025413c5fb9c6759491e9a306b46b869be93)) + + +### Performance Improvements + +* **debian:** use `bytes.Index` in `emptyLineSplit` to cut allocation ([#7065](https://github.com/afdesk/trivy/issues/7065)) ([acbec05](https://github.com/afdesk/trivy/commit/acbec053c985388a26d899e73b4b7f5a6d1fa210)) +* **helm:** load in-memory files ([#6383](https://github.com/afdesk/trivy/issues/6383)) ([1a67472](https://github.com/afdesk/trivy/commit/1a67472d2bd6efaf0d0698365d877145f8bc7551)) +* **misconf:** do not convert contents of a YAML file to string ([#7292](https://github.com/afdesk/trivy/issues/7292)) ([85dadf5](https://github.com/afdesk/trivy/commit/85dadf56265647c000191561db10b08a4948c140)) +* **misconf:** Improve cause performance ([#6586](https://github.com/afdesk/trivy/issues/6586)) ([770b141](https://github.com/afdesk/trivy/commit/770b14113cbbaaf55ff26ac8ba160800951b4386)) +* **misconf:** optimize work with context ([#6968](https://github.com/afdesk/trivy/issues/6968)) ([2b6d8d9](https://github.com/afdesk/trivy/commit/2b6d8d9227fb6ecc9386a14333964c23c0370a52)) +* **misconf:** parse rego input once ([#6615](https://github.com/afdesk/trivy/issues/6615)) ([67c6b1d](https://github.com/afdesk/trivy/commit/67c6b1d473999003d682bdb42657bbf3a4a69a9c)) +* **misconf:** use json.Valid to check validity of JSON ([#7308](https://github.com/afdesk/trivy/issues/7308)) ([c766831](https://github.com/afdesk/trivy/commit/c766831069e188226efafeec184e41498685ed85)) + + +### Reverts + +* **java:** stop supporting of `test` scope for `pom.xml` files ([#7488](https://github.com/afdesk/trivy/issues/7488)) ([b0222fe](https://github.com/afdesk/trivy/commit/b0222feeb586ec59904bb321fda8f3f22496d07b)) + ## [0.55.0](https://github.com/aquasecurity/trivy/compare/v0.54.0...v0.55.0) (2024-09-03)