chore(deps): update trivy_operator
This MR contains the following updates:
Package | Update | Change |
---|---|---|
ghcr.io/aquasecurity/node-collector | minor |
0.2.2 -> 0.3.1
|
ghcr.io/aquasecurity/trivy (source) | minor |
0.51.4 -> 0.53.0
|
ghcr.io/aquasecurity/trivy-operator | minor |
0.21.1 -> 0.22.0
|
trivy-operator | minor |
0.23.1 -> 0.24.0 EDIT 0.24.1
|
Release Notes
aquasecurity/trivy (ghcr.io/aquasecurity/trivy)
v0.53.0
⚠ BREAKING CHANGES
- k8s: node-collector dynamic commands support (#6861)
- add clean subcommand (#6993)
- aws: Remove aws subcommand (#6995)
Features
- add clean subcommand (#6993) (8d0ae1f)
- Add local ImageID to SARIF metadata (#6522) (f144e91)
- add memory cache backend (#7048) (55ccd06)
- aws: Remove aws subcommand (#6995) (979e118)
-
conda: add licenses support for
environment.yml
files (#6953) (654217a) - dart: use first version of constraint for dependencies using SDK version (#6239) (042d6b0)
- image: Set User-Agent header for Trivy container registry requests (#6868) (9b31697)
-
java: add support for
maven-metadata.xml
files for remote snapshot repositories. (#6950) (1f8fca1) - java: add support for sbt projects using sbt-dependency-lock (#6882) (f18d035)
- k8s: node-collector dynamic commands support (#6861) (8d618e4)
- misconf: add metadata to Cloud schema (#6831) (02d5404)
- misconf: add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) (55fa610)
- misconf: API Gateway V1 support for CloudFormation (#6874) (8491469)
- misconf: support of selectors for all providers for Rego (#6905) (bc3741a)
- php: add installed.json file support (#4865) (edc556b)
- plugin: add support for nested archives (#6845) (622c67b)
-
sbom: migrate to
CycloneDX v1.6
(#6903) (09e50ce)
Bug Fixes
-
c: don't skip conan files from
file-patterns
and scan.conan2
cache dir (#6949) (38b35dd) - cli: show info message only when --scanners is available (#7032) (e9fc3e3)
-
cyclonedx: trim non-URL info for
advisory.url
(#6952) (417212e) - debian: take installed files from the origin layer (#6849) (089b953)
-
image: parse
image.inspect.Created
field only for non-empty values (#6948) (0af5730) -
license: return license separation using separators
,
,or
, etc. (#6916) (52f7aa5) - misconf: fix caching of modules in subdirectories (#6814) (0bcfedb)
- misconf: fix parsing of engine links and frameworks (#6937) (ec68c9a)
- misconf: handle source prefix to ignore (#6945) (c3192f0)
- misconf: parsing numbers without fraction as int (#6834) (8141a13)
-
nodejs: fix infinite loop when package link from
package-lock.json
file is broken (#6858) (cf5aa33) -
nodejs: fix infinity loops for
pnpm
with cyclic imports (#6857) (7d083bc) -
plugin: respect
--insecure
(#7022) (3d02a31) - purl: add missed os types (#6955) (2d85a00)
-
python: compare pkg names from
poetry.lock
andpyproject.toml
in lowercase (#6852) (faa9d92) -
sbom: don't overwrite
srcEpoch
when decoding SBOM files (#6866) (04af59c) - sbom: fix panic when scanning SBOM file without root component into SBOM format (#7051) (3d4ae8b)
-
sbom: take pkg name from
purl
for maven pkgs (#7008) (a76e328) -
sbom: use
purl
forbitnami
pkg names (#6982) (7eabb92) - sbom: use package UIDs for uniqueness (#7042) (14d71ba)
-
secret:
Asymmetric Private Key
shouldn't start with space (#6867) (bb26445) - suse: Add SLES 15.6 and Leap 15.6 (#6964) (5ee4e9d)
- use embedded when command path not found (#7037) (137c916)
v0.52.2
Changelog
-
8709d4f
release: v0.52.2 [release/v0.52] (#6896) -
a4b8ad7
ci: useubuntu-latest-m
runner [backport: release/v0.52] (#6933) -
2b711bc
chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#6919) -
191d31e
test: bump docker API to 1.45 [backport: release/v0.52] (#6922) -
3f5874c
ci: bumpgithub.com/goreleaser/goreleaser
tov2.0.0
[backport: release/v0.52] (#6893) -
8f8c76a
fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892)
v0.52.1
Changelog
-
a3caf06
release: v0.52.1 [release/v0.52] (#6877) -
01dbb42
fix(nodejs): fix infinite loop when package link frompackage-lock.json
file is broken [backport: release/v0.52] (#6888) -
f186d22
fix(sbom): don't overwritesrcEpoch
when decoding SBOM files [backport: release/v0.52] (#6881) -
093c0ae
fix(python): compare pkg names frompoetry.lock
andpyproject.toml
in lowercase [backport: release/v0.52] (#6878) -
6bfda76
Merge pull request #6879 from aquasecurity/backport-pr-6864-to-release/v0.52 -
53850c8
docs: explain how VEX is applied (#6864) -
2211962
Merge pull request #6875 from aquasecurity/backport-pr-6857-to-release/v0.52 -
a614b69
fix(nodejs): fix infinity loops forpnpm
with cyclic imports (#6857)
v0.52.0
Features
- Add Julia language analyzer support (#5635) (fecafb1)
- add support for plugin index (#6674) (26faf8f)
- misconf: Add support for deprecating a check (#6664) (88702cf)
- misconf: add Terraform 'removed' block to schema (#6640) (b7a0a13)
- misconf: register builtin Rego funcs from trivy-checks (#6616) (7c22ee3)
- misconf: resolve tf module from OpenTofu compatible registry (#6743) (ac74520)
- misconf: support for VPC resources for inbound/outbound rules (#6779) (349caf9)
- misconf: support symlinks inside of Helm archives (#6621) (4eae37c)
- nodejs: add v9 pnpm lock file support (#6617) (1e08648)
- plugin: specify plugin version (#6683) (d6dc567)
-
python: add license support for
requirement.txt
files (#6782) (29615be) -
python: add line number support for
requirement.txt
files (#6729) (2bc54ad) - report: Include licenses and secrets filtered by rego to ModifiedFindings (#6483) (fa3cf99)
- vex: improve relationship support in CSAF VEX (#6735) (a447f6b)
- vex: support non-root components for products in OpenVEX (#6728) (9515695)
Bug Fixes
- clean up golangci lint configuration (#6797) (62de6f3)
- cli: always output fatal errors to stderr (#6827) (c2b9132)
- close APKINDEX archive file (#6672) (5caf437)
- close settings.xml (#6768) (9c3e895)
- close testfile (#6830) (aa0c413)
-
conda: add support
pip
deps forenvironment.yml
files (#6675) (150a773) -
go: add only non-empty root modules for
gobinaries
(#6710) (c96f2a5) -
go: include only
.version
|.ver
(no prefixes) ldflags forgobinaries
(#6705) (afb4f9d) - Golang version parsing from binaries w/GOEXPERIMENT (#6696) (696f2ae)
- include packages unless it is not needed (#6765) (56dbe1f)
- misconf: don't shift ignore rule related to code (#6708) (39a746c)
- misconf: skip Rego errors with a nil location (#6638) (a2c522d)
- misconf: skip Rego errors with a nil location (#6666) (a126e10)
- node-collector high and critical cves (#6707) (ff32deb)
- plugin: initialize logger (#6836) (728e77a)
-
python: add package name and version validation for
requirements.txt
files. (#6804) (ea3a124) - report: hide empty tables if all vulns has been filtered (#6352) (3d388d8)
-
sbom: fix panic for
convert
mode when scanning json file derived from sbom file (#6808) (f92ea09) - use of specified context to obtain cluster name (#6645) (39ebed4)
Performance Improvements
aquasecurity/trivy-operator (ghcr.io/aquasecurity/trivy-operator)
v0.22.0
Ref to Release Notes #2169
Changelog
✨ Notable Changes ✨
-
1d4ec56
: feat: dynamic compliance reports (#2160) (@chen-keinan)
🐛 Notable Fixes 🐛
-
ec93a42
: fix: Prevent grouped vulnerability entries by including target and package path (#2140) (@kersten) -
5d266cf
: fix: helm param gcr service account auth (#2108) (@chen-keinan) -
181ebae
: fix: update olm defaults (#2138) (@chen-keinan)
📝 Documentation 📝
-
3448c9e
: docs: add section on importing the Grafana dashboard using the Grafana Helm Chart (#2155) (@maritiren)
🔧 Miscellaneous 🔧
-
74a7d44
: chore: bump github.com/hashicorp/go-getter-v1.7.5 (#2162) (@chen-keinan) -
d7f3484
: chore: make operator policies-config optional (#2152) (@chen-keinan)
👷 Other work 👷
-
1c035b0
: build(deps): bump github.com/aquasecurity/trivy from 0.52.0 to 0.52.2 (#2149) (@dependabot[bot]) -
d135915
: build(deps): bump github.com/aws/aws-sdk-go from 1.53.14 to 1.53.19 (#2133) (@dependabot[bot]) -
08afd7f
: build(deps): bump github.com/aws/aws-sdk-go from 1.53.19 to 1.54.6 (#2157) (@dependabot[bot]) -
d6632d9
: build(deps): bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.11 (#2164) (@dependabot[bot]) -
19bf370
: build(deps): bump github.com/google/go-containerregistry (#2145) (@dependabot[bot]) -
20acccc
: build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 (#2131) (@dependabot[bot]) -
886550d
: build(deps): bump golang.org/x/text from 0.15.0 to 0.16.0 (#2129) (@dependabot[bot]) -
bb9a08d
: build(deps): bump goreleaser/goreleaser-action from 5 to 6 (#2128) (@dependabot[bot]) -
fbf4a75
: build(deps): bump k8s.io/apiextensions-apiserver from 0.30.1 to 0.30.2 (#2156) (@dependabot[bot]) -
8bc9854
: build(deps): bump k8s.io/cli-runtime from 0.30.1 to 0.30.2 (#2148) (@dependabot[bot]) -
2479a90
: build(deps): bump k8s.io/client-go from 0.30.1 to 0.30.2 (#2146) (@dependabot[bot]) -
d9924b1
: build(deps): bump sigs.k8s.io/controller-runtime from 0.18.3 to 0.18.4 (#2130) (@dependabot[bot]) -
af05935
: fix typos (#2154) (@maritiren)
v0.21.3
Changelog
🐛 Notable Fixes 🐛
-
de3ddf5
: fix: failed to eval rego misconfig policy (#2125) (@chen-keinan)
👷 Other work 👷
v0.21.2
Changelog
🐛 Notable Fixes 🐛
-
20a8a5b
: fix: Add scanJobAnnotations to the Job instead of just the Pod (#2111) (@darkhelmet) -
dcbb19a
: fix: log failed container error (#2112) (@chen-keinan) -
f1dada8
: fix: non completed containers with invalid stacktrace (#2107) (@chen-keinan) -
f222fef
: fix: policies bundle insecure (#2100) (@chen-keinan) -
4cde7c1
: fix: set default value for useBuiltIntPolicies (#2114) (@chen-keinan)
🔧 Miscellaneous 🔧
-
b4bab35
: chore: bump trivy 0.52.0 (#2115) (@chen-keinan)
👷 Other work 👷
-
f048e86
: build(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#2119) (@dependabot[bot]) -
0babd17
: build(deps): bump github.com/aquasecurity/trivy from 0.51.2 to 0.51.4 (#2106) (@dependabot[bot]) -
ce31865
: build(deps): bump github.com/aws/aws-sdk-go from 1.53.0 to 1.53.10 (#2105) (@dependabot[bot]) -
7dea6fd
: build(deps): bump github.com/aws/aws-sdk-go from 1.53.10 to 1.53.14 (#2118) (@dependabot[bot]) -
fc164c3
: build(deps): bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (#2102) (@dependabot[bot]) -
7f90963
: build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.3 to 2.19.0 (#2103) (@dependabot[bot]) -
12ebab1
: build(deps): bump sigs.k8s.io/controller-runtime from 0.18.2 to 0.18.3 (#2104) (@dependabot[bot])
aquasecurity/helm-charts (trivy-operator)
v0.24.0
Keeps security report resources updated
v0.23.3
Keeps security report resources updated
v0.23.2
Keeps security report resources updated
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Edited by Mathieu Parent