chore(deps): update trivy_operator

This MR contains the following updates:

Package	Update	Change
ghcr.io/aquasecurity/node-collector	minor	0.2.2 -> 0.3.1
ghcr.io/aquasecurity/trivy (source)	minor	0.51.4 -> 0.53.0
ghcr.io/aquasecurity/trivy-operator	minor	0.21.1 -> 0.22.0
trivy-operator	minor	0.23.1 -> 0.24.0 EDIT 0.24.1

---

Release Notes

aquasecurity/trivy (ghcr.io/aquasecurity/trivy)

v0.53.0

Compare Source

⚠ BREAKING CHANGES

• k8s: node-collector dynamic commands support (#​6861)
• add clean subcommand (#​6993)
• aws: Remove aws subcommand (#​6995)

Features

• add clean subcommand (#​6993) (8d0ae1f)
• Add local ImageID to SARIF metadata (#​6522) (f144e91)
• add memory cache backend (#​7048) (55ccd06)
• aws: Remove aws subcommand (#​6995) (979e118)
• conda: add licenses support for environment.yml files (#​6953) (654217a)
• dart: use first version of constraint for dependencies using SDK version (#​6239) (042d6b0)
• image: Set User-Agent header for Trivy container registry requests (#​6868) (9b31697)
• java: add support for maven-metadata.xml files for remote snapshot repositories. (#​6950) (1f8fca1)
• java: add support for sbt projects using sbt-dependency-lock (#​6882) (f18d035)
• k8s: node-collector dynamic commands support (#​6861) (8d618e4)
• misconf: add metadata to Cloud schema (#​6831) (02d5404)
• misconf: add support for AWS::EC2::SecurityGroupIngress/Egress (#​6755) (55fa610)
• misconf: API Gateway V1 support for CloudFormation (#​6874) (8491469)
• misconf: support of selectors for all providers for Rego (#​6905) (bc3741a)
• php: add installed.json file support (#​4865) (edc556b)
• plugin: add support for nested archives (#​6845) (622c67b)
• sbom: migrate to CycloneDX v1.6 (#​6903) (09e50ce)

Bug Fixes

• c: don't skip conan files from file-patterns and scan .conan2 cache dir (#​6949) (38b35dd)
• cli: show info message only when --scanners is available (#​7032) (e9fc3e3)
• cyclonedx: trim non-URL info for advisory.url (#​6952) (417212e)
• debian: take installed files from the origin layer (#​6849) (089b953)
• image: parse image.inspect.Created field only for non-empty values (#​6948) (0af5730)
• license: return license separation using separators ,, or, etc. (#​6916) (52f7aa5)
• misconf: fix caching of modules in subdirectories (#​6814) (0bcfedb)
• misconf: fix parsing of engine links and frameworks (#​6937) (ec68c9a)
• misconf: handle source prefix to ignore (#​6945) (c3192f0)
• misconf: parsing numbers without fraction as int (#​6834) (8141a13)
• nodejs: fix infinite loop when package link from package-lock.json file is broken (#​6858) (cf5aa33)
• nodejs: fix infinity loops for pnpm with cyclic imports (#​6857) (7d083bc)
• plugin: respect --insecure (#​7022) (3d02a31)
• purl: add missed os types (#​6955) (2d85a00)
• python: compare pkg names from poetry.lock and pyproject.toml in lowercase (#​6852) (faa9d92)
• sbom: don't overwrite srcEpoch when decoding SBOM files (#​6866) (04af59c)
• sbom: fix panic when scanning SBOM file without root component into SBOM format (#​7051) (3d4ae8b)
• sbom: take pkg name from purl for maven pkgs (#​7008) (a76e328)
• sbom: use purl for bitnami pkg names (#​6982) (7eabb92)
• sbom: use package UIDs for uniqueness (#​7042) (14d71ba)
• secret: Asymmetric Private Key shouldn't start with space (#​6867) (bb26445)
• suse: Add SLES 15.6 and Leap 15.6 (#​6964) (5ee4e9d)
• use embedded when command path not found (#​7037) (137c916)

v0.52.2

Compare Source

Changelog

• 8709d4f release: v0.52.2 [release/v0.52] (#​6896)
• a4b8ad7 ci: use ubuntu-latest-m runner [backport: release/v0.52] (#​6933)
• 2b711bc chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#​6919)
• 191d31e test: bump docker API to 1.45 [backport: release/v0.52] (#​6922)
• 3f5874c ci: bump github.com/goreleaser/goreleaser to v2.0.0 [backport: release/v0.52] (#​6893)
• 8f8c76a fix(debian): take installed files from the origin layer [backport: release/v0.52] (#​6892)

v0.52.1

Compare Source

Changelog

• a3caf06 release: v0.52.1 [release/v0.52] (#​6877)
• 01dbb42 fix(nodejs): fix infinite loop when package link from package-lock.json file is broken [backport: release/v0.52] (#​6888)
• f186d22 fix(sbom): don't overwrite srcEpoch when decoding SBOM files [backport: release/v0.52] (#​6881)
• 093c0ae fix(python): compare pkg names from poetry.lock and pyproject.toml in lowercase [backport: release/v0.52] (#​6878)
• 6bfda76 Merge pull request #​6879 from aquasecurity/backport-pr-6864-to-release/v0.52
• 53850c8 docs: explain how VEX is applied (#​6864)
• 2211962 Merge pull request #​6875 from aquasecurity/backport-pr-6857-to-release/v0.52
• a614b69 fix(nodejs): fix infinity loops for pnpm with cyclic imports (#​6857)

v0.52.0

Compare Source

Features

• Add Julia language analyzer support (#​5635) (fecafb1)
• add support for plugin index (#​6674) (26faf8f)
• misconf: Add support for deprecating a check (#​6664) (88702cf)
• misconf: add Terraform 'removed' block to schema (#​6640) (b7a0a13)
• misconf: register builtin Rego funcs from trivy-checks (#​6616) (7c22ee3)
• misconf: resolve tf module from OpenTofu compatible registry (#​6743) (ac74520)
• misconf: support for VPC resources for inbound/outbound rules (#​6779) (349caf9)
• misconf: support symlinks inside of Helm archives (#​6621) (4eae37c)
• nodejs: add v9 pnpm lock file support (#​6617) (1e08648)
• plugin: specify plugin version (#​6683) (d6dc567)
• python: add license support for requirement.txt files (#​6782) (29615be)
• python: add line number support for requirement.txt files (#​6729) (2bc54ad)
• report: Include licenses and secrets filtered by rego to ModifiedFindings (#​6483) (fa3cf99)
• vex: improve relationship support in CSAF VEX (#​6735) (a447f6b)
• vex: support non-root components for products in OpenVEX (#​6728) (9515695)

Bug Fixes

• clean up golangci lint configuration (#​6797) (62de6f3)
• cli: always output fatal errors to stderr (#​6827) (c2b9132)
• close APKINDEX archive file (#​6672) (5caf437)
• close settings.xml (#​6768) (9c3e895)
• close testfile (#​6830) (aa0c413)
• conda: add support pip deps for environment.yml files (#​6675) (150a773)
• go: add only non-empty root modules for gobinaries (#​6710) (c96f2a5)
• go: include only .version|.ver (no prefixes) ldflags for gobinaries (#​6705) (afb4f9d)
• Golang version parsing from binaries w/GOEXPERIMENT (#​6696) (696f2ae)
• include packages unless it is not needed (#​6765) (56dbe1f)
• misconf: don't shift ignore rule related to code (#​6708) (39a746c)
• misconf: skip Rego errors with a nil location (#​6638) (a2c522d)
• misconf: skip Rego errors with a nil location (#​6666) (a126e10)
• node-collector high and critical cves (#​6707) (ff32deb)
• plugin: initialize logger (#​6836) (728e77a)
• python: add package name and version validation for requirements.txt files. (#​6804) (ea3a124)
• report: hide empty tables if all vulns has been filtered (#​6352) (3d388d8)
• sbom: fix panic for convert mode when scanning json file derived from sbom file (#​6808) (f92ea09)
• use of specified context to obtain cluster name (#​6645) (39ebed4)

Performance Improvements

• misconf: parse rego input once (#​6615) (67c6b1d)

aquasecurity/trivy-operator (ghcr.io/aquasecurity/trivy-operator)

v0.22.0

Compare Source

Ref to Release Notes #​2169

Changelog

✨ Notable Changes ✨

• 1d4ec56: feat: dynamic compliance reports (#​2160) (@​chen-keinan)

🐛 Notable Fixes 🐛

• ec93a42: fix: Prevent grouped vulnerability entries by including target and package path (#​2140) (@​kersten)
• 5d266cf: fix: helm param gcr service account auth (#​2108) (@​chen-keinan)
• 181ebae: fix: update olm defaults (#​2138) (@​chen-keinan)

📝 Documentation 📝

• 3448c9e: docs: add section on importing the Grafana dashboard using the Grafana Helm Chart (#​2155) (@​maritiren)

🔧 Miscellaneous 🔧

• 74a7d44: chore: bump github.com/hashicorp/go-getter-v1.7.5 (#​2162) (@​chen-keinan)
• d7f3484: chore: make operator policies-config optional (#​2152) (@​chen-keinan)

👷 Other work 👷

• 1c035b0: build(deps): bump github.com/aquasecurity/trivy from 0.52.0 to 0.52.2 (#​2149) (@​dependabot[bot])
• d135915: build(deps): bump github.com/aws/aws-sdk-go from 1.53.14 to 1.53.19 (#​2133) (@​dependabot[bot])
• 08afd7f: build(deps): bump github.com/aws/aws-sdk-go from 1.53.19 to 1.54.6 (#​2157) (@​dependabot[bot])
• d6632d9: build(deps): bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.11 (#​2164) (@​dependabot[bot])
• 19bf370: build(deps): bump github.com/google/go-containerregistry (#​2145) (@​dependabot[bot])
• 20acccc: build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 (#​2131) (@​dependabot[bot])
• 886550d: build(deps): bump golang.org/x/text from 0.15.0 to 0.16.0 (#​2129) (@​dependabot[bot])
• bb9a08d: build(deps): bump goreleaser/goreleaser-action from 5 to 6 (#​2128) (@​dependabot[bot])
• fbf4a75: build(deps): bump k8s.io/apiextensions-apiserver from 0.30.1 to 0.30.2 (#​2156) (@​dependabot[bot])
• 8bc9854: build(deps): bump k8s.io/cli-runtime from 0.30.1 to 0.30.2 (#​2148) (@​dependabot[bot])
• 2479a90: build(deps): bump k8s.io/client-go from 0.30.1 to 0.30.2 (#​2146) (@​dependabot[bot])
• d9924b1: build(deps): bump sigs.k8s.io/controller-runtime from 0.18.3 to 0.18.4 (#​2130) (@​dependabot[bot])
• af05935: fix typos (#​2154) (@​maritiren)

v0.21.3

Compare Source

Changelog

🐛 Notable Fixes 🐛

• de3ddf5: fix: failed to eval rego misconfig policy (#​2125) (@​chen-keinan)

👷 Other work 👷

• b45ed1e: Added target field to metrics (#​2122) (@​kersten)

v0.21.2

Compare Source

Changelog

🐛 Notable Fixes 🐛

• 20a8a5b: fix: Add scanJobAnnotations to the Job instead of just the Pod (#​2111) (@​darkhelmet)
• dcbb19a: fix: log failed container error (#​2112) (@​chen-keinan)
• f1dada8: fix: non completed containers with invalid stacktrace (#​2107) (@​chen-keinan)
• f222fef: fix: policies bundle insecure (#​2100) (@​chen-keinan)
• 4cde7c1: fix: set default value for useBuiltIntPolicies (#​2114) (@​chen-keinan)

🔧 Miscellaneous 🔧

• b4bab35: chore: bump trivy 0.52.0 (#​2115) (@​chen-keinan)

👷 Other work 👷

• f048e86: build(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#​2119) (@​dependabot[bot])
• 0babd17: build(deps): bump github.com/aquasecurity/trivy from 0.51.2 to 0.51.4 (#​2106) (@​dependabot[bot])
• ce31865: build(deps): bump github.com/aws/aws-sdk-go from 1.53.0 to 1.53.10 (#​2105) (@​dependabot[bot])
• 7dea6fd: build(deps): bump github.com/aws/aws-sdk-go from 1.53.10 to 1.53.14 (#​2118) (@​dependabot[bot])
• fc164c3: build(deps): bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (#​2102) (@​dependabot[bot])
• 7f90963: build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.3 to 2.19.0 (#​2103) (@​dependabot[bot])
• 12ebab1: build(deps): bump sigs.k8s.io/controller-runtime from 0.18.2 to 0.18.3 (#​2104) (@​dependabot[bot])

aquasecurity/helm-charts (trivy-operator)

v0.24.0

Compare Source

Keeps security report resources updated

v0.23.3

Compare Source

Keeps security report resources updated

v0.23.2

Compare Source

Keeps security report resources updated

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.