v0.2.0

Main Features

• Dramatically improve the scan speed on the first run 🎉🎉 🎉 🎉 🎉🎉 🎉 🎉
  • Previous version: ~ 10 min
  • New version: ~ 10 sec (Depending on the network)

Now, you don't need to use a cache in CI/CD. You can see an example.
https://github.com/aquasecurity/trivy-ci-test/commit/eb4d393a7178aea0118c6e9017269f258d6b3edf/checks?check_suite_id=311236898

New Features

• --light option
  • The lightweight DB doesn't contain vulnerability detail such as descriptions and references. Because of that, the size of the DB is smaller and the download is faster.
  • This option is useful when you don't need vulnerability details and is suitable for CI/CD. To find the additional information, you can search vulnerability details on the NVD website.
  • e.g. $ trivy --light alpine:3.10
• --download-db-only option (#172)
  • This option simply retrieves the vulnerability database without scanning.
  • Thanks to @miguelbernadi
• Enable environment variables (#220)
  • You can specify the options via environment variables
  • e.g. TRIVY_EXIT_CODE=1 trivy alpine:3.10
  • Thanks to @tboerger

Changelog

e371747 doc(README): fix missing Gitlab CI link section in ToC (#263)
514137e Merge pull request #253 from aquasecurity/remote_db
4f92d29 chore(makefile): add Makefile (#256)
8ea2e8c Add env variables for every flag (#220)
d1615bc typo fixed and GitHub Profile link added (#236)
76d920e Grammar (#232)
1f07220 docs: typo correction (#252)
f326beb Fixed broken link and some typos in Readme.md (#228)
e04e90f add new line at eof (#249)
d27eeb2 Add option to only download vulnerability database (#172)
62ea073 Enable shell autocompletion (#234)
187864a Added GitLab YML (#223)
a666c4a massage rubygems version to handle platforms (#230)
bda4ee0 add echo to CI gofmt step (#231)
63ed4eb Fixed Broken README links (#214)

Docker images

• docker pull docker.io/aquasec/trivy:0.2.0
• docker pull docker.io/aquasec/trivy:latest

v0.1.7

New feature

• Support new OSes
  • Amazon Linux
  • Google Distroless
• Support new build tool
  • Kaniko
• New options
  • --ignorefile
    • Specify the .trivyignore path
  • --timeout
    • Specify timeout
  • --template
    • The result can be exported to your template

Update

• Go version
  • 1.13
• Alpine version
  • 3.10

Changelog

d03a64c Update README (#224)
20babc4 Bump Go 1.13 (#218)
a6141ed CI/CD refactor (#209)
a12bb8d fix(db): introduce db schema version (#221)
5ae10e0 Dockerfile: Update runner base to alpine 3.10 (#199)
ff873a2 Support Amazon Linux (#182)
7ad94c3 Update .gitignore (#215)
f850984 test(integration): add integration tests (#201)
9334e60 Changed to be able to specify IgnoreFile as whitelist (#175)
f198b6e Check errors passed through by filepath.Walk (#208)
cb1870e Update README.md (#206)
384205a Remove extra double quote (#204)
d9e64d2 Updated README.md (#203)
5ccb0af Added Docker image badge & missing punctuation's (#189)
da621c3 Add timeout option (#143)
3a28576 added reference for LICENSE (#195)
dbb7a55 Check returned error before deferring file close (#197)
89f2d48 docs: minor tweak (#183)
f933ab4 Improve ubuntu install (#178)
af78d2f Update README.md - typo fix (#186)
0fff415 Support Kaniko (#171)
987538f Display an error message when rpm not found (#167)
2642020 Support distroless and ignore lock files under vendor dir (#166)
c4a2b76 Add rpm to the trivy image (#165)
339d0db Add template writer (#141)
43568cc Update xerrors version (#158)
fbd73f2 Modify cache-dir usage comment (#148)
4a21ad9 env (#154)
18de7e4 README.md is out of date (#145)
90e4c15 Add the RHEL8 support to rpm repository (#138)
4f57216 use COPY on dockerfile rather than add (#132)
e6b6830 fix typo in readme (#130)
4ce651c fix gofmt (#131)

Docker images

• docker pull docker.io/aquasec/trivy:0.1.7
• docker pull docker.io/aquasec/trivy:latest

v0.1.6

Changelog

ab8b73e Fix libraly cache directotry (#129)
a77984a Suppress log output when --quiet flag is on (#125)
31a1f59 Fix cannot found docker image (#123)
4ca73f0 Merge pull request #120 from aquasecurity/readme_migration
0909f94 Clarify migration instructions
d1c01c1 Small wording change
f8cdd60 Slight wording change
2e4b83b Add migration section on README

v0.1.5

Changelog

6fbcbb3 Merge pull request #119 from aquasecurity/transfer
a843682 Transfer repositoriy
0611bf9 Display a warning for OS that has reached EOL (#118)
9a9cb01 Add tests to utils (#116)
74a66fb Add data source (#117)
aedfd3b Fix README
a2e13bd Remove old results (#115)
a7d991f Reimplement --cache-dir option (#114)
11bc00d Revert "Allow user specified cache directory (#12)" (#111)
5005d79 Adding instructions for Install in Arch Linux (#107)
c2a05c7 use multiple ISSUE_TEMPLATE (#98)
51bbc1d [docker] Compress binary using upx (#97)
7b5e340 fix CircleCI link in README (#91)
52ab4e9 Add code snippet reminder on how to print distribution codename (#89)

v0.1.4

Changelog

9bfbff9 Embed trivy version in Docker (#88)
6af2d32 Support unusual YAML (#87)
75b944f update go.mod (#86)
bbb6719 feat: improve nvd update (#81)

v0.1.3

Changelog

6be2ebd Update manual installation
a4f1f25 remove nonsense struct tags (#76)
c29f6f5 Fix --skip-update (#70)
edb899b Update README
a8f7ece Update dependencies
ec1afc2 feat: add vulnerability type filter to get only os or packages vulnerabilities (#50)
f12284a Fix debug log (#65)

v0.1.2

Changelog

a9ff0b5 add -debug to ISSUE_TEMPLATE (#57)
0a271a0 Added alpine into dbnames (#55)
6fa78df auth for private docker registry from ENV vars (#52)
b62536f Added --only-update option (#43)
9741d4a Simpler Homebrew install instructions (#51)
68f326d feat: add --depth option to git clone (#46)

v0.1.1

Changelog

76ee729 Support Poetry (#49)
d31f090 add ISSUE_TEMPLATE.md (#48)
8d7c2e6 Fix yarn parser (#47)
9269a30 update readme (#42)

v0.1.0

Changelog

073b315 No error on unsupported OS (#40)
47c46fb Fix some typos in the README or improve phrasing (#38)
3957296 fixed cache bug (#36)
4383764 fix: unknown format case (#35)
e0ef056 Some code improvements. (#34)
d9cf2c4 Update JSON schema (#33)

v0.0.16

Changelog

58bf4b2 fix quiet bug (#32)