chore(deps): bump github.com/aquasecurity/trivy from 0.50.1 to 0.51.1

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.50.1 to 0.51.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.51.1

Changelog

• 8016b821a fix(fs): handle default skip dirs properly (#6628)
• 7a25dadb4 fix(misconf): load cached tf modules (#6607)
• 9c794c0ff fix(misconf): do not use semver for parsing tf module versions (#6614)

v0.51.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#6622

Changelog

• 14c1024b4 refactor: move setting scanners when using compliance reports to flag parsing (#6619)
• 998f75043 feat: introduce package UIDs for improved vulnerability mapping (#6583)
• 770b14113 perf(misconf): Improve cause performance (#6586)
• 3ccb1a0f1 docs: trivy-k8s new experiance remove un-used section (#6608)
• 58cfd1b07 chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible (#6612)
• 715963d75 docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)
• 37da98df4 feat(misconf): Use updated terminology for misconfiguration checks (#6476)
• cdee7030a chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 (#6593)
• 6a2225b42 docs: use generic link from trivy-repo (#6606)
• a2a02de7c docs: update trivy k8s with new experience (#6465)
• e739ab850 feat: support --skip-images scanning flag (#6334)
• c6d5d856c BREAKING: add support for k8s disable-node-collector flag (#6311)
• 194a81468 chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 (#6601)
• 03830c50c chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 (#6599)
• 8e814fa23 chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#6597)
• 2dc76ba78 chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#6588)
• c17176ba9 chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 (#6595)
• bce70af36 chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 (#6596)
• 4369a19af feat: add ubuntu 23.10 and 24.04 support (#6573)
• 5566548b7 chore(deps): bump azure/setup-helm from 3.5 to 4 (#6590)
• a8af76a47 chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#6587)
• c8ed432f2 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.24.6 to 1.27.4 (#6598)
• 551a46efc docs(go): add stdlib (#6580)
• 261649b11 chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.16 (#6592)
• acfddd457 chore(deps): bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 (#6600)
• 419e3d202 feat(go): parse main mod version from build info settings (#6564)
• f0961d54f feat: respect custom exit code from plugin (#6584)
• a5d485cf8 docs: add asdf and mise installation method (#6063)
• 29b8faf5f feat(vuln): Handle scanning conan v2.x lockfiles (#6357)
• e3bef0201 feat: add support environment.yaml files (#6569)
• 916f6c66f fix: close plugin.yaml (#6577)
• 8e6cd0e91 fix: trivy k8s avoid deleting non-default node collector namespace (#6559)
• 060d0bb64 BREAKING: support exclude kinds/namespaces and include kinds/namespaces (#6323)
• 2d090ef2d feat(go): add main module (#6574)
• 6343e4fc7 feat: add relationships (#6563)
• a018ee1f9 ci: disable Go cache for reusable-release.yaml (#6572)
• 5da053f30 docs: mention --show-suppressed is available in table (#6571)
• 3d66cb8d8 chore: fix sqlite to support loong64 (#6511)

... (truncated)

Commits

• 8016b82 fix(fs): handle default skip dirs properly (#6628)
• 7a25dad fix(misconf): load cached tf modules (#6607)
• 9c794c0 fix(misconf): do not use semver for parsing tf module versions (#6614)
• 14c1024 refactor: move setting scanners when using compliance reports to flag parsing...
• 998f750 feat: introduce package UIDs for improved vulnerability mapping (#6583)
• 770b141 perf(misconf): Improve cause performance (#6586)
• 3ccb1a0 docs: trivy-k8s new experiance remove un-used section (#6608)
• 58cfd1b chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2...
• 715963d docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)
• 37da98d feat(misconf): Use updated terminology for misconfiguration checks (#6476)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
github.com/aquasecurity/trivy	[>= 0.50.2.a, < 0.50.3]
github.com/aquasecurity/trivy	[< 0.51, > 0.50.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[MaineK00n]

Detecting Vulnerabilities in Standard Packages for Go Binaries

[servers.pseudo]
type = "pseudo"
lockfiles = ["integration/data/lockfile/gobinary"]

before

$ vuls scan
...
Scan Summary
================
pseudo	pseudo	0 installed, 0 updatable	1 libs





To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

$ cat results/2024-05-10T14-41-34+0900/pseudo.json | jq .libraries[0].Libs[]
{
  "Name": "golang.org/x/text",
  "Version": "v0.3.2",
  "PURL": "pkg:golang/golang.org/x/text@v0.3.2",
  "FilePath": "",
  "Digest": ""
}

$ vuls report
...
===============
Total: 3 (Critical:0 High:3 Medium:0 Low:0 ?:0)
3/3 Fixed, 0 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
0 installed, 1 libs

+----------------+------+--------+-----+-----------+---------+-------------------+
|     CVE-ID     | CVSS | ATTACK | POC |   ALERT   |  FIXED  |     PACKAGES      |
+----------------+------+--------+-----+-----------+---------+-------------------+
| CVE-2020-14040 |  8.9 |  AV:N  |     |           |   fixed | golang.org/x/text |
+----------------+------+--------+-----+-----------+---------+-------------------+
| CVE-2021-38561 |  8.9 |  AV:N  |     |           |   fixed | golang.org/x/text |
+----------------+------+--------+-----+-----------+---------+-------------------+
| CVE-2022-32149 |  8.9 |  AV:N  |     |           |   fixed | golang.org/x/text |
+----------------+------+--------+-----+-----------+---------+-------------------+

after

$ vuls scan
...
Scan Summary
================
pseudo	pseudo	0 installed, 0 updatable	3 libs





To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

$ cat results/2024-05-10T14-41-39+0900/pseudo.json | jq .libraries[0].Libs[]
{
  "Name": "example",
  "Version": "",
  "PURL": "pkg:golang/example",
  "FilePath": "",
  "Digest": ""
}
{
  "Name": "golang.org/x/text",
  "Version": "v0.3.2",
  "PURL": "pkg:golang/golang.org/x/text@v0.3.2",
  "FilePath": "",
  "Digest": ""
}
{
  "Name": "stdlib",
  "Version": "1.17",
  "PURL": "pkg:golang/stdlib@1.17",
  "FilePath": "",
  "Digest": ""
}

$ vuls report
...
pseudo (pseudo)
===============
Total: 63 (Critical:3 High:41 Medium:18 Low:1 ?:0)
63/63 Fixed, 8 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
0 installed, 3 libs

+----------------+------+--------+-----+-----------+---------+-------------------+
|     CVE-ID     | CVSS | ATTACK | POC |   ALERT   |  FIXED  |     PACKAGES      |
+----------------+------+--------+-----+-----------+---------+-------------------+
| CVE-2022-23806 | 10.0 |  AV:N  |     |           |   fixed | stdlib            |
+----------------+------+--------+-----+-----------+---------+-------------------+
| CVE-2023-24538 | 10.0 |  AV:N  |     |           |   fixed | stdlib            |
+----------------+------+--------+-----+-----------+---------+-------------------+
| CVE-2023-24540 | 10.0 |  AV:N  |     |           |   fixed | stdlib            |
+----------------+------+--------+-----+-----------+---------+-------------------+
| CVE-2020-14040 |  8.9 |  AV:N  |     |           |   fixed | golang.org/x/text |
+----------------+------+--------+-----+-----------+---------+-------------------+
| CVE-2021-38561 |  8.9 |  AV:N  |     |           |   fixed | golang.org/x/text |
+----------------+------+--------+-----+-----------+---------+-------------------+
| CVE-2021-39293 |  8.9 |  AV:N  |     |           |   fixed | stdlib            |
+----------------+------+--------+-----+-----------+---------+-------------------+
...

Conan v2.x Lockfile Support

[servers.pseudo]
type = "pseudo"
lockfiles = ["integration/data/lockfile/conan-v2/conan.lock"]

before

$ vuls scan
...
Scan Summary
================
pseudo	pseudo	0 installed, 0 updatable





To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

after

$ vuls scan
...
Scan Summary
================
pseudo	pseudo	0 installed, 0 updatable	2 libs





To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

[shino]

Perfect!