0.55.0 (2024-09-03)
- cli: delete deprecated SBOM flags (#7266)
- cli: delete deprecated SBOM flags (#7266) (7024572)
- go: use
toolchain
asstdlib
version forgo.mod
files (#7163) (2d80769) - java: add
test
scope support forpom.xml
files (#7414) (2d97700) - misconf: Add support for using spec from on-disk bundle (#7179) (be86126)
- misconf: ignore duplicate checks (#7317) (9ef05fc)
- misconf: iterator argument support for dynamic blocks (#7236) (fe92072)
- misconf: port and protocol support for EC2 networks (#7146) (98e136e)
- misconf: scanning support for YAML and JSON (#7311) (efdbd8f)
- misconf: support for ignore by nested attributes (#7205) (44e4686)
- misconf: support for policy and bucket grants (#7284) (a817fae)
- misconf: variable support for Terraform Plan (#7228) (db2c955)
- python: use minimum version for pip packages (#7348) (e9b43f8)
- report: export modified findings in JSON (#7383) (7aea79d)
- sbom: set User-Agent header on requests to Rekor (#7396) (af1d257)
- server: add internal
--path-prefix
flag for client/server mode (#7321) (24a4563) - server: Make Trivy Server Multiplexer Exported (#7389) (4c6e8ca)
- vm: Support direct filesystem (#7058) (45b3f34)
- vm: support the Ext2/Ext3 filesystems (#6983) (35c60f0)
- vuln: Add
--detection-priority
flag for accuracy tuning (#7288) (fd8348d)
- aws: handle ECR repositories in different regions (#6217) (feaef96)
- flag: incorrect behavior for deprected flag
--clear-cache
(#7281) (2a0e529) - helm: explicitly define
kind
andapiVersion
ofvolumeClaimTemplate
element (#7362) (da4ebfa) - java: Return error when trying to find a remote pom to avoid segfault (#7275) (49d5270)
- license: add license handling to JUnit template (#7409) (f80183c)
- logger initialization before flags parsing (#7372) (c929290)
- misconf: change default TLS values for the Azure storage account (#7345) (aadb090)
- misconf: do not filter Terraform plan JSON by name (#7406) (9d7264a)
- misconf: do not recreate filesystem map (#7416) (3a5d091)
- misconf: do not register Rego libs in checks registry (#7420) (a5aa63e)
- misconf: do not set default value for default_cache_behavior (#7234) (f0ed5e4)
- misconf: fix infer type for null value (#7424) (0cac3ac)
- misconf: init frameworks before updating them (#7376) (b65b32d)
- misconf: load only submodule if it is specified in source (#7112) (a4180bd)
- misconf: support deprecating for Go checks (#7377) (2a6c7ab)
- misconf: use module to log when metadata retrieval fails (#7405) (0799770)
- misconf: wrap Azure PortRange in iac types (#7357) (c5c62d5)
- nodejs: check all
importers
to detect dev deps from pnpm-lock.yaml file (#7387) (fd9ed3a) - plugin: do not call GitHub content API for releases and tags (#7274) (b3ee6da)
- report: escape
Message
field inasff.tpl
template (#7401) (dd9733e) - safely check if the directory exists (#7353) (05a8297)
- sbom: use
NOASSERTION
for licenses fields in SPDX formats (#7403) (c96dcdd) - secret: use
.eyJ
keyword for JWT secret (#7410) (bf64003) - secret: use only line with secret for long secret lines (#7412) (391448a)
- terraform: add aws_region name to presets (#7184) (bb2e26a)
- misconf: do not convert contents of a YAML file to string (#7292) (85dadf5)
- misconf: optimize work with context (#6968) (2b6d8d9)
- misconf: use json.Valid to check validity of JSON (#7308) (c766831)
0.54.0 (2024-07-30)
- add
log.FilePath()
function for logger (#7080) (1f5f348) - add openSUSE tumbleweed detection and scanning (#6965) (17b5dbf)
- cli: rename
--vuln-type
flag to--pkg-types
flag (#7104) (7cbdb0a) - mariner: Add support for Azure Linux (#7186) (5cbc452)
- misconf: enabled China configuration for ACRs (#7156) (d1ec89d)
- nodejs: add license parser to pnpm analyser (#7036) (03ac93d)
- sbom: add image labels into
SPDX
andCycloneDX
reports (#7257) (4a2f492) - sbom: add vulnerability support for SPDX formats (#7213) (efb1f69)
- share build-in rules (#7207) (bff317c)
- vex: retrieve VEX attestations from OCI registries (#7249) (c2fd2e0)
- vex: VEX Repository support (#7206) (88ba460)
- vuln: add
--pkg-relationships
(#7237) (5c37361)
- Add dependencyManagement exclusions to the child exclusions (#6969) (dc68a66)
- add missing platform and type to spec (#7149) (c8a7abd)
- cli: error on missing config file (#7154) (7fa5e7d)
- close file when failed to open gzip (#7164) (2a577a7)
- dotnet: don't include non-runtime libraries into report for
*.deps.json
files (#7039) (5bc662b) - dotnet: show
nuget package dir not found
log only when checkingnuget
packages (#7194) (d76feba) - ignore nodes when listing permission is not allowed (#7107) (25f8143)
- java: avoid panic if deps from
pom
init
dir are not found (#7245) (4e54a7e) - java: use
go-mvn-version
to removePackage
duplicates (#7088) (a7a304d) - misconf: do not evaluate TF when a load error occurs (#7109) (f27c236)
- nodejs: detect direct dependencies when using
latest
version for filesyarn.lock
+package.json
(#7110) (54bb8bd) - report: hide empty table when all secrets/license/misconfigs are ignored (#7171) (c3036de)
- secret: skip regular strings contain secret patterns (#7182) (174b1e3)
- secret: trim excessively long lines (#7192) (92b13be)
- secret: update length of
hugging-face-access-token
(#7216) (8c87194) - server: pass license categories to options (#7203) (9d52018)
0.53.0 (2024-07-01)
- k8s: node-collector dynamic commands support (#6861)
- add clean subcommand (#6993)
- aws: Remove aws subcommand (#6995)
- add clean subcommand (#6993) (8d0ae1f)
- Add local ImageID to SARIF metadata (#6522) (f144e91)
- add memory cache backend (#7048) (55ccd06)
- aws: Remove aws subcommand (#6995) (979e118)
- conda: add licenses support for
environment.yml
files (#6953) (654217a) - dart: use first version of constraint for dependencies using SDK version (#6239) (042d6b0)
- image: Set User-Agent header for Trivy container registry requests (#6868) (9b31697)
- java: add support for
maven-metadata.xml
files for remote snapshot repositories. (#6950) (1f8fca1) - java: add support for sbt projects using sbt-dependency-lock (#6882) (f18d035)
- k8s: node-collector dynamic commands support (#6861) (8d618e4)
- misconf: add metadata to Cloud schema (#6831) (02d5404)
- misconf: add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) (55fa610)
- misconf: API Gateway V1 support for CloudFormation (#6874) (8491469)
- misconf: support of selectors for all providers for Rego (#6905) (bc3741a)
- php: add installed.json file support (#4865) (edc556b)
- plugin: add support for nested archives (#6845) (622c67b)
- sbom: migrate to
CycloneDX v1.6
(#6903) (09e50ce)
- c: don't skip conan files from
file-patterns
and scan.conan2
cache dir (#6949) (38b35dd) - cli: show info message only when --scanners is available (#7032) (e9fc3e3)
- cyclonedx: trim non-URL info for
advisory.url
(#6952) (417212e) - debian: take installed files from the origin layer (#6849) (089b953)
- image: parse
image.inspect.Created
field only for non-empty values (#6948) (0af5730) - license: return license separation using separators
,
,or
, etc. (#6916) (52f7aa5) - misconf: fix caching of modules in subdirectories (#6814) (0bcfedb)
- misconf: fix parsing of engine links and frameworks (#6937) (ec68c9a)
- misconf: handle source prefix to ignore (#6945) (c3192f0)
- misconf: parsing numbers without fraction as int (#6834) (8141a13)
- nodejs: fix infinite loop when package link from
package-lock.json
file is broken (#6858) (cf5aa33) - nodejs: fix infinity loops for
pnpm
with cyclic imports (#6857) (7d083bc) - plugin: respect
--insecure
(#7022) (3d02a31) - purl: add missed os types (#6955) (2d85a00)
- python: compare pkg names from
poetry.lock
andpyproject.toml
in lowercase (#6852) (faa9d92) - sbom: don't overwrite
srcEpoch
when decoding SBOM files (#6866) (04af59c) - sbom: fix panic when scanning SBOM file without root component into SBOM format (#7051) (3d4ae8b)
- sbom: take pkg name from
purl
for maven pkgs (#7008) (a76e328) - sbom: use
purl
forbitnami
pkg names (#6982) (7eabb92) - sbom: use package UIDs for uniqueness (#7042) (14d71ba)
- secret:
Asymmetric Private Key
shouldn't start with space (#6867) (bb26445) - suse: Add SLES 15.6 and Leap 15.6 (#6964) (5ee4e9d)
- use embedded when command path not found (#7037) (137c916)
0.52.0 (2024-06-03)
- Add Julia language analyzer support (#5635) (fecafb1)
- add support for plugin index (#6674) (26faf8f)
- misconf: Add support for deprecating a check (#6664) (88702cf)
- misconf: add Terraform 'removed' block to schema (#6640) (b7a0a13)
- misconf: register builtin Rego funcs from trivy-checks (#6616) (7c22ee3)
- misconf: resolve tf module from OpenTofu compatible registry (#6743) (ac74520)
- misconf: support for VPC resources for inbound/outbound rules (#6779) (349caf9)
- misconf: support symlinks inside of Helm archives (#6621) (4eae37c)
- nodejs: add v9 pnpm lock file support (#6617) (1e08648)
- plugin: specify plugin version (#6683) (d6dc567)
- python: add license support for
requirement.txt
files (#6782) (29615be) - python: add line number support for
requirement.txt
files (#6729) (2bc54ad) - report: Include licenses and secrets filtered by rego to ModifiedFindings (#6483) (fa3cf99)
- vex: improve relationship support in CSAF VEX (#6735) (a447f6b)
- vex: support non-root components for products in OpenVEX (#6728) (9515695)
- clean up golangci lint configuration (#6797) (62de6f3)
- cli: always output fatal errors to stderr (#6827) (c2b9132)
- close APKINDEX archive file (#6672) (5caf437)
- close settings.xml (#6768) (9c3e895)
- close testfile (#6830) (aa0c413)
- conda: add support
pip
deps forenvironment.yml
files (#6675) (150a773) - go: add only non-empty root modules for
gobinaries
(#6710) (c96f2a5) - go: include only
.version
|.ver
(no prefixes) ldflags forgobinaries
(#6705) (afb4f9d) - Golang version parsing from binaries w/GOEXPERIMENT (#6696) (696f2ae)
- include packages unless it is not needed (#6765) (56dbe1f)
- misconf: don't shift ignore rule related to code (#6708) (39a746c)
- misconf: skip Rego errors with a nil location (#6638) (a2c522d)
- misconf: skip Rego errors with a nil location (#6666) (a126e10)
- node-collector high and critical cves (#6707) (ff32deb)
- plugin: initialize logger (#6836) (728e77a)
- python: add package name and version validation for
requirements.txt
files. (#6804) (ea3a124) - report: hide empty tables if all vulns has been filtered (#6352) (3d388d8)
- sbom: fix panic for
convert
mode when scanning json file derived from sbom file (#6808) (f92ea09) - use of specified context to obtain cluster name (#6645) (39ebed4)