Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

release: v0.54.0 [main] #54

Closed
wants to merge 1 commit into from
Closed

Conversation

knqyf263
Copy link
Owner

@knqyf263 knqyf263 commented Jun 5, 2024

🤖 I have created a release beep boop

0.54.0 (2024-07-08)

⚠ BREAKING CHANGES

  • k8s: node-collector dynamic commands support (#6861)
  • add clean subcommand (#6993)
  • aws: Remove aws subcommand (#6995)

Features

  • add log.FilePath() function for logger (#7080) (1f5f348)
  • add clean subcommand (#6993) (8d0ae1f)
  • Add flag to configure node-collector image ref (#5710) (2569575)
  • add info log message about dev deps suppression (#6211) (7cb6c02)
  • Add Julia language analyzer support (#5635) (fecafb1)
  • Add local ImageID to SARIF metadata (#6522) (f144e91)
  • add memory cache backend (#7048) (55ccd06)
  • add relationships (#6563) (6343e4f)
  • add support environment.yaml files (#6569) (e3bef02)
  • add support for plugin index (#6674) (26faf8f)
  • add ubuntu 23.10 and 24.04 support (#6573) (4369a19)
  • allow end-users to adjust K8S client QPS and burst (#5910) (2c9d7c6)
  • aws: apply filter options to result (#6367) (09e37b7)
  • aws: quiet flag support (#6331) (87a9aa6)
  • aws: Remove aws subcommand (#6995) (979e118)
  • c: add license support for conan lock files (#6329) (5dd9bd4)
  • cloudformation: add support for logging and endpoint access for EKS (#6440) (86714bf)
  • cloudformation: inline ignore support for YAML templates (#6358) (df024e8)
  • conda: add licenses support for environment.yml files (#6953) (654217a)
  • dart: use first version of constraint for dependencies using SDK version (#6239) (042d6b0)
  • filter k8s core components vuln results (#5713) (0ff5f96)
  • go: add main module (#6574) (2d090ef)
  • go: parse main mod version from build info settings (#6564) (419e3d2)
  • go: parse main module of go binary files (#6530) (e32215c)
  • image: customer podman host or socket option (#6256) (9d2057a)
  • image: goversion as stdlib (#6277) (d82d6cb)
  • image: Set User-Agent header for Trivy container registry requests (#6868) (9b31697)
  • introduce package UIDs for improved vulnerability mapping (#6583) (998f750)
  • java: add dependency location support for gradle files (#6083) (535b5a9)
  • java: add support for maven-metadata.xml files for remote snapshot repositories. (#6950) (1f8fca1)
  • java: add support for fetching packages from repos mentioned in pom.xml (#6171) (ce81c05)
  • java: add support for line numbers for pom.xml files (#5991) (b4b90cf)
  • java: add support for sbt projects using sbt-dependency-lock (#6882) (f18d035)
  • java: add support licenses and graph for gradle lock files (#6140) (f6c5d58)
  • java: mark dependencies from maven-invoker-plugin integration tests pom.xml files as Dev (#6213) (617c3e3)
  • k8s: node-collector dynamic commands support (#6861) (8d618e4)
  • k8s: rancher rke2 version support (#5988) (cf0f0d0)
  • misconf: Add --misconfig-scanners option (#5670) (b5874e3)
  • misconf: add helm-api-version and helm-kube-version flag (#6332) (53517d6)
  • misconf: add metadata to Cloud schema (#6831) (02d5404)
  • misconf: Add support for --cf-params for CFT (#5507) (e3c28f8)
  • misconf: add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) (55fa610)
  • misconf: Add support for deprecating a check (#6664) (88702cf)
  • misconf: add support for wildcard ignores (#6414) (8dd0fcd)
  • misconf: add support of buildkit instructions when building dockerfile from image config (#5990) (adfde63)
  • misconf: add Terraform 'removed' block to schema (#6640) (b7a0a13)
  • misconf: API Gateway V1 support for CloudFormation (#6874) (8491469)
  • misconf: Expose misconf engine debug logs with --debug option (#5550) (1336223)
  • misconf: loading embedded checks as a fallback (#6502) (12ec0df)
  • misconf: register builtin Rego funcs from trivy-checks (#6616) (7c22ee3)
  • misconf: resolve tf module from OpenTofu compatible registry (#6743) (ac74520)
  • misconf: support for VPC resources for inbound/outbound rules (#6779) (349caf9)
  • misconf: support of selectors for all providers for Rego (#6905) (bc3741a)
  • misconf: Support private registries for misconf check bundle (#6327) (f23ed77)
  • misconf: support symlinks inside of Helm archives (#6621) (4eae37c)
  • misconf: Use updated terminology for misconfiguration checks (#6476) (37da98d)
  • nodejs: add v9 pnpm lock file support (#6617) (1e08648)
  • nodejs: add yarn alias support (#5818) (30eff9c)
  • Packagesprops support (#5605) (16b757d)
  • php: add installed.json file support (#4865) (edc556b)
  • plugin: add support for nested archives (#6845) (622c67b)
  • plugin: specify plugin version (#6683) (d6dc567)
  • python: add license support for requirement.txt files (#6782) (29615be)
  • python: add line number support for requirement.txt files (#6729) (2bc54ad)
  • python: parse licenses from dist-info folder (#4724) (df3e90a)
  • report: Include licenses and secrets filtered by rego to ModifiedFindings (#6483) (fa3cf99)
  • report: output plugin (#4863) (99c04c4)
  • report: support for filtering licenses and secrets via rego policy files (#6004) (c6844a7)
  • respect custom exit code from plugin (#6584) (f0961d5)
  • rust: Support workspace.members parsing for Cargo.toml analysis (#5285) (5924c02)
  • sbom: migrate to CycloneDX v1.6 (#6903) (09e50ce)
  • sbom: Support license detection for SBOM scan (#6072) (eb3ceb3)
  • secret: add support of GitHub fine-grained tokens (#5740) (be1c554)
  • secret: added support of Docker registry credentials (#5720) (108a5b0)
  • secret: Support for detecting Hugging Face Access Tokens (#6236) (6639911)
  • set InstalledFiles for DEB and RPM packages (#5488) (44d0b28)
  • support --skip-images scanning flag (#6334) (e739ab8)
  • terraform: Add hyphen and non-ASCII support for domain names in credential extraction (#6108) (4a9ac6d)
  • terraform: ignore resources by nested attributes (#6302) (29dee32)
  • terraform: Terraform Plan snapshot scanning support (#6176) (9361cdb)
  • vex: add PURL matching for CSAF VEX (#5890) (d0c81e2)
  • vex: Add support for CSAF format (#5535) (c47ed0d)
  • vex: consider root component for relationships (#6313) (c4022d6)
  • vex: improve relationship support in CSAF VEX (#6735) (a447f6b)
  • vex: support non-root components for products in OpenVEX (#6728) (9515695)
  • vuln: enable --vex for all targets (#5992) (e2eb70e)
  • vuln: Handle scanning conan v2.x lockfiles (#6357) (29b8faf)
  • vuln: ignore vulnerabilities by PURL (#6178) (cd3e4bc)
  • vuln: include pkg identifier on detected vulnerabilities (#5439) (1f0d629)
  • vuln: remove duplicates in Fixed Version (#5596) (a54d1e9)
  • vuln: show suppressed vulnerabilities in table (#6084) (3c1601b)

Bug Fixes

  • add color for error inside of log message (#6493) (cfddfb3)
  • add context to target finding on k8s table view (#6099) (1b7e474)
  • alpine: Add EOL support for alpine 3.19. (#5938) (260aa28)
  • alpine: exclude empty licenses for apk packages (#6130) (aadbad1)
  • amazon: check only major version of AL to find advisories (#6295) (fb8c516)
  • amazon: save system files for pkgs containing amzn in src (#5951) (fbc1a83)
  • bitnami: use a different comparer for detecting vulnerabilities (#5633) (abf227e)
  • c: don't skip conan files from file-patterns and scan .conan2 cache dir (#6949) (38b35dd)
  • check returned error before deferring f.Close() (#6007) (13f797f)
  • check unescaped BomRef when matching PkgIdentifier (#6025) (6ccc0a5)
  • clean up golangci lint configuration (#6797) (62de6f3)
  • cli: always output fatal errors to stderr (#6827) (c2b9132)
  • cli: inconsistent behavior across CLI flags, environment variables, and config files (#5843) (59e5433)
  • cli: show info message only when --scanners is available (#7032) (e9fc3e3)
  • close APKINDEX archive file (#6672) (5caf437)
  • close plugin.yaml (#6577) (916f6c6)
  • close pom.xml (#6507) (a986199)
  • close settings.xml (#6768) (9c3e895)
  • close testfile (#6830) (aa0c413)
  • cloudformation: infer type after resolving a function (#6406) (6a2f6fd)
  • cloudformation: resolve DedicatedMasterEnabled parsing issue (#6439) (74e4c6e)
  • cloudformation: support of all SSE algorithms for s3 (#6270) (337cb75)
  • conda: add support pip deps for environment.yml files (#6675) (150a773)
  • cyclonedx: fix unmarshal for licenses (#5828) (b3d516e)
  • cyclonedx: move root component from scanned cyclonedx file to output cyclonedx file (#6113) (a813506)
  • cyclonedx: trim non-URL info for advisory.url (#6952) (417212e)
  • db: check schema version for image name only (#6410) (8baccd7)
  • db: use schema version as tag only for trivy-db and trivy-java-db registries by default (#6219) (96bd7ac)
  • debian: sort dpkg info before parsing due to exclude directories (#6551) (9aca98c)
  • debian: take installed files from the origin layer (#6849) (089b953)
  • fix cursor usage in Redis Clear function (#6056) (2900a21)
  • fs: handle default skip dirs properly (#6628) (8016b82)
  • go: add only non-empty root modules for gobinaries (#6710) (c96f2a5)
  • go: include only .version|.ver (no prefixes) ldflags for gobinaries (#6705) (afb4f9d)
  • Golang version parsing from binaries w/GOEXPERIMENT (#6696) (696f2ae)
  • handle non-parsable images names (#5965) (2212d14)
  • helm: scan the subcharts once (#6382) (f148eb1)
  • ignore no init containers (#5939) (a3fac90)
  • image: parse image.inspect.Created field only for non-empty values (#6948) (0af5730)
  • include packages unless it is not needed (#6765) (56dbe1f)
  • increase the default buffer size for scanning dpkg status files by 2 times (#6298) (3177924)
  • java: add only valid libs from pom.properties files from jars (#6164) (8221473)
  • java: check if a version exists when determining GAV by file name for jar files (#5630) (37e7e3e)
  • java: don't ignore runtime scope for pom.xml files (#6223) (c4b5ab7)
  • java: don't remove excluded deps from upper pom's (#5838) (7895657)
  • java: parse modules from pom.xml files once (#6312) (7c409fd)
  • java: recursive check all nested depManagements with import scope for pom.xml files (#5982) (729a051)
  • java: update logic to detect pom.xml file snapshot artifacts from remote repositories (#6412) (34ab09d)
  • k8s friendly error messages kbom non cluster scans (#5594) (2145464)
  • k8s summary separate infra and user finding results (#6120) (dc76c6e)
  • license: add FilePath to results to allow for license path filtering via trivyignore file (#6215) (04535b5)
  • license: reorder logic of how python package licenses are acquired (#6220) (56cedc0)
  • license: return license separation using separators ,, or, etc. (#6916) (52f7aa5)
  • misconf: add an image misconf to result (#5731) (a5342da)
  • misconf: avoid panic if the scheme is not valid (#6496) (4337068)
  • misconf: clear location URI for SARIF (#6405) (712dcd3)
  • misconf: do not use semver for parsing tf module versions (#6614) (9c794c0)
  • misconf: don't shift ignore rule related to code (#6708) (39a746c)
  • misconf: Escape template value correctly (#6292) (1c49a16)
  • misconf: fix caching of modules in subdirectories (#6814) (0bcfedb)
  • misconf: fix parsing of engine links and frameworks (#6937) (ec68c9a)
  • misconf: get user from Config.User (#6070) (7fec991)
  • misconf: handle source prefix to ignore (#6945) (c3192f0)
  • misconf: load cached tf modules (#6607) (7a25dad)
  • misconf: Parse JSON k8s manifests properly (#6490) (9b7d713)
  • misconf: parsing numbers without fraction as int (#6834) (8141a13)
  • misconf: skip Rego errors with a nil location (#6638) (a2c522d)
  • misconf: skip Rego errors with a nil location (#6666) (a126e10)
  • node-collector high and critical cves (#6707) (ff32deb)
  • nodejs: add local packages support for pnpm-lock.yaml files (#6034) (4e962c0)
  • nodejs: add name validation for package name from package.json (#6268) (12c5bf0)
  • nodejs: add support for parsing workspaces from package.json as an object (#6231) (f85c9fa)
  • nodejs: find licenses for packages with slash (#5836) (f90d4ee)
  • nodejs: fix infinite loop when package link from package-lock.json file is broken (#6858) (cf5aa33)
  • nodejs: fix infinity loops for pnpm with cyclic imports (#6857) (7d083bc)
  • nodejs: merge Indirect, Dev, ExternalReferences fields for same deps from package-lock.json files v2 or later (#6356) (258d153)
  • nodejs: support protocols for dependency section in yarn.lock files (#5612) (ad977a4)
  • nodejs: use project dir when searching for workspaces for Yarn.lock files (#6102) (3ac6388)
  • plugin: initialize logger (#6836) (728e77a)
  • plugin: respect --insecure (#7022) (3d02a31)
  • Printf format err (#6198) (876ab84)
  • purl: add missed os types (#6955) (2d85a00)
  • python: add package name and version validation for requirements.txt files. (#6804) (ea3a124)
  • python: compare pkg names from poetry.lock and pyproject.toml in lowercase (#6852) (faa9d92)
  • report: don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (#6348) (1870f28)
  • report: don't mark misconfig passed tests as failed in junit.tpl (#5767) (be5a550)
  • report: fix error if miconfigs are empty (#5782) (c317fe8)
  • report: hide empty tables if all vulns has been filtered (#6352) (3d388d8)
  • report: update Gitlab template (#5721) (eb97419)
  • report: use AWS_REGION env for secrets in asff template (#6011) (70dd572)
  • report: use OS information for OS packages purl in github template (#5783) (6cc00c2)
  • report: use time.Time for CreatedAt (#5598) (ae4bcf6)
  • sbom: add check for CreationInfo to nil when detecting SPDX created using Trivy (#6346) (e866bd5)
  • sbom: change error to warning for multiple OSes (#6541) (d2d4022)
  • sbom: don't overwrite srcEpoch when decoding SBOM files (#6866) (04af59c)
  • sbom: fix error when parent of SPDX Relationships is not a package. (#6399) (5f69937)
  • sbom: fix panic for convert mode when scanning json file derived from sbom file (#6808) (f92ea09)
  • sbom: fix panic when scanning SBOM file without root component into SBOM format (#7051) (3d4ae8b)
  • sbom: skip executable file analysis if Rekor isn't a specified SBOM source (#6163) (7694df1)
  • sbom: take pkg name from purl for maven pkgs (#7008) (a76e328)
  • sbom: use group field for pom.xml and nodejs files for CycloneDX reports (#5922) (c75143f)
  • sbom: use purl for bitnami pkg names (#6982) (7eabb92)
  • sbom: use package UIDs for uniqueness (#7042) (14d71ba)
  • secret: Asymmetric Private Key shouldn't start with space (#6867) (bb26445)
  • secret: AWS Secret Access Key must include only secrets with aws text. (#5901) (958e1f1)
  • secret: add sec and space to secret prefix for aws-secret-access-key (#5647) (8ff574e)
  • secret: convert severity for custom rules (#6500) (46d5aba)
  • secret: exclude upper case before secret for alibaba-access-key-id (#5618) (b1dc60b)
  • secret: find aws secrets ending with a comma or dot (#5921) (ae134a9)
  • server: add Locations for Packages in client/server mode (#6366) (a2482c1)
  • suse: Add SLES 15.6 and Leap 15.6 (#6964) (5ee4e9d)
  • swift: try to use branch to resolve version (#6168) (e787e1a)
  • terraform: Attribute and fileset fixes (#6544) (7c2017f)
  • terraform: do not re-expand dynamic blocks (#6151) (64926d8)
  • terraform: ensure consistent path handling across OS (#6161) (327cf88)
  • terraform: eval submodules (#6411) (13190e9)
  • terraform: fix policy document retrieval (#6276) (102b6df)
  • terraform: fix root module search (#6160) (1dfece8)
  • terraform: сhecking SSE encryption algorithm validity (#6341) (abd62ae)
  • trivy k8s avoid deleting non-default node collector namespace (#6559) (8e6cd0e)
  • typo (#6283) (1ba5b59)
  • typo function name and comment optimization (#6200) (3d2f583)
  • use 0600 perms for tmp files for post analyzers (#6386) (9d7f5c9)
  • use embedded when command path not found (#7037) (137c916)
  • use of specified context to obtain cluster name (#6645) (39ebed4)
  • vex: CSAF filtering should consider relationships (#5923) (9c5e5a0)
  • vm: update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888) (0ebb6c4)
  • vuln: skip empty versions (#6542) (164b025)

Performance Improvements

Reverts

  • report: don't escape new line characters for sarif format (#5897) (56c4e24)

This PR was generated with Release Please. See documentation.

@knqyf263 knqyf263 changed the title release: v0.53.0 [main] release: v0.54.0 [main] Jul 8, 2024
@knqyf263 knqyf263 force-pushed the release-please--branches--main branch from 6ae84ec to 09f9614 Compare July 8, 2024 08:41
Copy link

github-actions bot commented Sep 7, 2024

This PR is stale because it has been labeled with inactivity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant