<revisionlist>
<revision rev="1" vrev="1">
<srcmd5>ef19a10645920f2c04f13e6df974b769</srcmd5>
<version>0.9.2</version>
<time>1603203193</time>
<user>dimstar_suse</user>
<comment>add to factory please</comment>
<requestid>842569</requestid>
</revision>
<revision rev="2" vrev="1">
<srcmd5>f587c67db7e8de7f3f5fbac71f54ffec</srcmd5>
<version>0.12.0</version>
<time>1603284013</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>843194</requestid>
</revision>
<revision rev="3" vrev="2">
<srcmd5>e7311df79f571a1e649732bdf147f30f</srcmd5>
<version>0.12.0</version>
<time>1603979539</time>
<user>dimstar_suse</user>
<comment>- revert _service and build changes in last update to use
the proper macros
- set VERSION parameter properly (jsc#CAPS-105)
- remove update-end-of-life-dates.patch
- Require golang >= 1.15 to fix EINTR read issues (jsc#CAPS-170)
- add update-end-of-life-dates.patch</comment>
<requestid>844854</requestid>
</revision>
<revision rev="4" vrev="3">
<srcmd5>36d75130225803be0c01eba3a3ba5ac5</srcmd5>
<version>0.12.0</version>
<time>1604702737</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>846494</requestid>
</revision>
<revision rev="5" vrev="1">
<srcmd5>4bdaeebcafba5677fe43e0040783376e</srcmd5>
<version>0.13.0</version>
<time>1606649270</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.13.0:
* fix(oracle): handle ksplice advisories (#745)
* fix: version comparison (#740)
* updated Readme.md (#737)
* Add suse sles 15.2 to the EOL list as well (#734)
* Update README.md (#731)
* Warn when a user attempts to use trivy without a detectable lockfile (#729)
* Add back support for FreeBSD & OpenBSD (#728)
* Add support for ppc64le architecture (#724)
* Skip packages from unsupported repository (remi) (#695)
* Skip downloading DB if a remote DB is not updated (#717)
* Sunsetting VendorVectors (#718)
* Add GitHub Container Registry to README (#712)
* update BUG_REPORT.md using H2 instead of bold formatting (#714)
* fix(ci/deb): do not remove old packages for EOL versions (#706)
* Add linter check support (#679)
* Optimize images (#696)
* Update triage.md (#701)
- remove 0001-Add-suse-sles-15.2-to-the-EOL-list-as-well.patch (merged)</comment>
<requestid>851108</requestid>
</revision>
<revision rev="6" vrev="1">
<srcmd5>da80bcc1993961330dfccc63f5e92dbe</srcmd5>
<version>0.15.0</version>
<time>1611068504</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>861707</requestid>
</revision>
<revision rev="7" vrev="1">
<srcmd5>a037ba664bb66f5e1735521aa696d618</srcmd5>
<version>0.17.2</version>
<time>1621269904</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.17.2:
* Upgrade fanal dependency (#976)
* docs: mention upx binaries (#974)
* Upgrade alpine to fix git and libcurl vulnerabilities in trivy docker image scan (#971)
* fix(fs): skip dirs (#969)
* chore(ci): replace GITHUB_TOKEN with ORG_GITHUB_TOKEN (#965)
* chore(ci): clone trivy-repo after releasing binaries (#963)
* docs: add golang support (#962)
* fix(table): skip zero vulnerabilities on java (#961)
* chore(ci): create a release discussion (#959)
* feat(go): support binary scan (#948)
* feat(java): support GitLab Advisory Database (#917)
* feat: show help message when the context's deadline passes (#955)
* chore(mkdocs): replace github token (#954)
* Update SARIF report template (#935)
* Update install docs to make commands consistent (#933)
* Docker multi-platform image build with `buildx`, using Goreleaser (#915)
* Fix JUnit template for AWS CodeBuild compatibility (#904)
* break(cli): use StringSliceFlag for skip-dirs/files (#916)
* docs: add white logo (#914)
* add package name in ruleID (#913)
* feat: gh-action for stale issues (#908)
* chore(triage): add lifecycle/active label (#909)
* feat: publish helm repository (#888)
* Fix Documentation Typo (#901)
* docs: migrate README to MkDocs (#884)
* refactor(internal): export internal packages (#887)
* feat: support plugins (#878)
* chore(ci): deploy dev docs only for the main branch (#882)
* add MkDocs implementation (#870)</comment>
<requestid>893510</requestid>
</revision>
<revision rev="8" vrev="1">
<srcmd5>359f3eec11d24fd85af1af071c213117</srcmd5>
<version>0.18.3</version>
<time>1623098706</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.18.3:
* chore(ci): change to more granular tokens (#1014)
* chore(ci): add Go scanning and update dependencies (#1001)
* docs: Add HIGH severity to Trivy command in GitLab CI example to match comment (#1013)
* fix(image): disable go.sum scanning (#1007)
* fix(gomod): handle go.sum with an empty line (#1006)
* feat: prepare for config scanning (#1005)
* Clarify that dev dependencies are excluded (#986)
* Include target value in Sarif template ruleID (#991)
* chore(mkdocs): allow workflow_dispatch (#989)
* fix(vuln) unique vulnerabilities from different data sources (#984)
* feat(go): added support of gomod analyzer (#978)</comment>
<requestid>898184</requestid>
</revision>
<revision rev="9" vrev="2">
<srcmd5>1eadb782378b60a83b0df35a68bd32ae</srcmd5>
<version>0.18.3</version>
<time>1624136576</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>900585</requestid>
</revision>
<revision rev="10" vrev="1">
<srcmd5>7b9764506f3f4363cac4cc0f60c283ed</srcmd5>
<version>0.20.2</version>
<time>1636577208</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.20.2:
* docs: update builtin.md (#1335)
* chore: fix issues with Homebrew formula (#1329)
* chore: bump GoReleaser to v0.183.0 (#1328)
* docs: update iac.md for a typo (#1326)
* docs: typo fix (#1308)
* Add new networking API features to Ingress (#1262)
* chore(release): bump up GoReleaser to v0.182.1 (#1299)
* fix(yarn): support quoted version (#1298)
* feat(custom-forward): Forward the extended advisory data (#1247)
* feat(javascript) : Initialize npm driver for javascript packages (#1289)
* fix(cli): fix incorrect comparision of DB metadata type. (#1286)
* docs: add footer to readme (#1281)
* feat(report): add package path (#1274)
* feat(command): add rootfs command (#1271)
* fix: update fanal (#1272)
* feat(commands): remove deprecated options (#1270)
* Aggregate jar result for table (#1269)
* BREAKING(report): migrate to new json schema (#1265)
* feat: improve --skip-dirs and --skip-files (#1249)
* fix(gobinary): skip large files (#1259)
* Disable library analyzer for OS only scan type (#1191)
* chore: update trivy version (#1252)
* refactor: move from io/ioutil to io and os package (#1245)
* fix: brew test command (#1253)
* fix:added layer info in packages (#1248)
* fix(go/binary): improve debug messages (#1244)
* Update db.go (#1199)
* fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243)
* feat(debian): support the versions that reached EOL (#1237)</comment>
<requestid>930653</requestid>
</revision>
<revision rev="11" vrev="1">
<srcmd5>45d908ae577b9744050e032c73afb5d2</srcmd5>
<version>0.21.1</version>
<time>1638740780</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.21.1:
* chore(mod): tidy (#1415)
* fix(rpc): fix nil layer transmit (#1410)
* Lang advisory order (#1409)
* chore: add support for s390x arch (#1304)
* fix(chart): ingress helm manifest-update trivy image (#1323)
* docs: Add comparison for cfsec (#1388)
* remove: delete unused functions in utils package (#1379)
* fix(sarif): fix validation errors (#1376)
* docs: add Bitbucket Pipelines (#1374)
* docs: add community integrations (#1361)
* Use a stable SARIF identifier (#1230)
* fix(python): fix parsing of requirements.txt with hash checking mode available in pip since version 8.0
* feat(iac): Add line information (#1366)
* feat(cloudformation): Adding support for cfsec IaC scanning (#1360)
* chore: send debug and info logs to stdout in install.sh, not stderr. (#1264)
* Update containerd to v1.5.7 and docker-cli to v20.10.9 (#1356)
* chore: update SBOM generation (#1349)</comment>
<requestid>935778</requestid>
</revision>
<revision rev="12" vrev="1">
<srcmd5>25331e648d633623b6514e96d12dfaba</srcmd5>
<version>0.21.3</version>
<time>1640108441</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.21.3:
* fix(docs): typo (#1488)
* feat(plugin): Add option to update plugin (#1462)
* fix: fixed skipFiles/skipDirs flags for relative path (#1482)
* feat (plugin): add list and info command for plugin (#1452)
* fix: set up a vulnerability severity (#1458)
* chore: add arm64 deb package (#1480)
* Link to trivy tutorial on Semaphore (#1449)
* refactor(helm): externalize env vars to configMap (#1345)
* docs: provide more information on scanning Google's GCR (#1426)
* docs(misconfiguration): added instruction for misconfiguration detection (#1428)
* Update git-repository.md (#1430)
* fix(hooks): exclude unrelated lib types from system files filtering (#1431)
* chore: run `go fmt` (#1429)
* fix(sarif): change `help` field in the sarif template. (#1423)
* Update fanal with cfsec version update (#1425)
* Replace deprecated option in goreleaser (#1406)
* feat(alpine): support 3.15 (#1422)
* chore: test the helm chart in the PR and used the commit hash (#1414)
* chore(deps): bump alpine from 3.14 to 3.15.0 (#1417)
* chore(release): add ubuntu older versions to deploy script (#1416)</comment>
<requestid>941786</requestid>
</revision>
<revision rev="13" vrev="1">
<srcmd5>0604ee904bb62a2bb78be6f4d8dca4ac</srcmd5>
<version>0.22.0</version>
<time>1640693827</time>
<user>dimstar_suse</user>
<comment>Update to version 0.22.0:
* fix(java/pom): ignore unsupported requirements (#1514)
* feat(cli): warning for root command (#1516)
* BREAKING: disable JAR detection in fs/repo scanning (#1512)
* feat(scan): support --offline-scan option (#1511)
* fix: improve memory usage (#1509)
* feat(java): support pom.xml (#1501)
* docs: fixing rust link to security advisory (#1504)
* Add missing IacMetdata (#1505)
* feat(jar): add file path (#1498)
* feat(rpm): support NDB (#1497)
* feat: added misconfiguration field for html.tpl (#1444)</comment>
<requestid>942895</requestid>
</revision>
<revision rev="14" vrev="2">
<srcmd5>4e8b7ae3dc0c79c7798845071418baf7</srcmd5>
<version>0.22.0</version>
<time>1641480668</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.22.0 (jsc#SLE-18339):</comment>
<requestid>944093</requestid>
</revision>
<revision rev="15" vrev="1">
<srcmd5>945ccd2aa0538f9f7f93579ae9b3cb69</srcmd5>
<version>0.23.0</version>
<time>1643731187</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>950418</requestid>
</revision>
<revision rev="16" vrev="1">
<srcmd5>ac590a525e78fe870dc4a5ecf4c9bec2</srcmd5>
<version>0.24.2</version>
<time>1646349574</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>959290</requestid>
</revision>
<revision rev="17" vrev="1">
<srcmd5>ca259a7f00ec1999ff861d891a2cc089</srcmd5>
<version>0.24.3</version>
<time>1647532911</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>962469</requestid>
</revision>
<revision rev="18" vrev="1">
<srcmd5>c17a7c8e330a3cacb154dd967b52c990</srcmd5>
<version>0.24.4</version>
<time>1647889895</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>963467</requestid>
</revision>
<revision rev="19" vrev="2">
<srcmd5>fdfed5ed4dfb70ef92eff8ace8ffbf1a</srcmd5>
<version>0.24.4</version>
<time>1647974418</time>
<user>dimstar_suse</user>
<comment>- tie to go.17 as 1.18 became available</comment>
<requestid>963901</requestid>
</revision>
<revision rev="20" vrev="1">
<srcmd5>bf1d083851c12cb85820e6424ada3684</srcmd5>
<version>0.25.0</version>
<time>1648841772</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>966387</requestid>
</revision>
<revision rev="21" vrev="1">
<srcmd5>5a52c27add0ac7f02dcfba641d6557dc</srcmd5>
<version>0.25.3</version>
<time>1649450739</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>967695</requestid>
</revision>
<revision rev="22" vrev="1">
<srcmd5>753f810506e1c07aa0d45702141b1a8d</srcmd5>
<version>0.26.0</version>
<time>1650355108</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>970622</requestid>
</revision>
<revision rev="23" vrev="1">
<srcmd5>f9786adfb131782ef6ca2b1a0b69c047</srcmd5>
<version>0.27.0</version>
<time>1650996978</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>972935</requestid>
</revision>
<revision rev="24" vrev="1">
<srcmd5>569cdb78386f72aa700427d31802eddc</srcmd5>
<version>0.27.1</version>
<time>1651272367</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>973909</requestid>
</revision>
<revision rev="25" vrev="1">
<srcmd5>56cbe8ac1c88ac367360ccaeb1de8850</srcmd5>
<version>0.28.0</version>
<time>1653313916</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.28.0 (bsc#1199760, CVE-2022-28946):
* fix: remove Highlighted from json output (#2131)
* fix: remove trivy-kubernetes replace (#2132)
* docs: Add Operator docs under Kubernetes section (#2111)
* fix(k8s): security-checks panic (#2127)
* ci: added k8s scope (#2130)
* docs: Update misconfig output in examples (#2128)
* fix(misconf): Fix coloured output in Goland terminal (#2126)
* docs(secret): Fix default value of --security-checks in docs (#2107)
* refactor(report): move colorize function from trivy-db (#2122)
* feat: k8s resource scanning (#2118)
* chore: add CODEOWNERS (#2121)
* feat(image): add `--server` option for remote scans (#1871)
* refactor: k8s (#2116)
* refactor: export useful APIs (#2108)
* docs: fix k8s doc (#2114)
* feat(kubernetes): Add report flag for summary (#2112)
* fix: Remove problematic advanced rego policies (#2113)
* feat(misconf): Add special output format for misconfigurations (#2100)
* feat: add k8s subcommand (#2065)
* chore: fix make lint version (#2102)
* fix(java): handle relative pom modules (#2101)
* fix(misconf): Add missing links for non-rego misconfig results (#2094)
* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
* chore(deps): bump trivy-issue-action to v0.0.4 (#2091)
* chore(deps): bump github.com/twitchtv/twirp (#2077)
* chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074)
* chore(os): updated fanal version and alpine distroless test (#2086)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075)
* chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076)</comment>
<requestid>978633</requestid>
</revision>
<revision rev="26" vrev="1">
<srcmd5>2c4c1a951c9c69fd48a94c2d5c3d9ea6</srcmd5>
<version>0.29.1</version>
<time>1655972711</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>984654</requestid>
</revision>
<revision rev="27" vrev="1">
<srcmd5>dfa29646f17933a0d194a0a77263a9ef</srcmd5>
<version>0.29.2</version>
<time>1657281791</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.29.2:
* chore: skip Visual Studio Code project folder (#2379)
* fix(helm): handle charts with templated names (#2374)
* docs: redirect operator docs to trivy-operator repo (#2372)
* fix(secret): use secret result when determining Failed status (#2370)
* try removing libdb-dev
* run integration tests in fanal
* use same testing images in fanal
* feat(helm): add support for trivy dbRepository (#2345)
* fix: Fix failing test due to deref lint issue
* test: Fix broken test
* fix: Fix makefile when no previous named ref is visible in a shallow clone
* chore: Fix linting issues in fanal
* refactor: Fix fanal import paths and remove dotfiles
* chore: bump defsec version v0.68.1</comment>
<requestid>987818</requestid>
</revision>
<revision rev="28" vrev="1">
<srcmd5>1e24215f0125f1c5bf3afa7a02fad32c</srcmd5>
<version>0.30.0</version>
<time>1658243967</time>
<user>RBrownFactory</user>
<comment></comment>
<requestid>989979</requestid>
</revision>
<revision rev="29" vrev="1">
<srcmd5>1f694c9f0c74e960e6f0a6ecb0c40746</srcmd5>
<version>0.30.2</version>
<time>1658510431</time>
<user>RBrownFactory</user>
<comment></comment>
<requestid>990668</requestid>
</revision>
<revision rev="30" vrev="1">
<srcmd5>c54d9d5e39a211c87b7bef6cea2feaaf</srcmd5>
<version>0.30.4</version>
<time>1659034713</time>
<user>RBrownFactory</user>
<comment></comment>
<requestid>991385</requestid>
</revision>
<revision rev="31" vrev="1">
<srcmd5>3b2d2561904b83c755fc6bcbabea40f5</srcmd5>
<version>0.31.0</version>
<time>1660662499</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.31.0:
* fix(flag): add error when there are no supported security checks (#2713)
* fix(vuln): continue scanning when no vuln found in the first application (#2712)
* revert: add new classes for vulnerabilities (#2701)
* feat(secret): detect secrets removed or overwritten in upper layer (#2611)
* fix(cli): secret scanning perf link fix (#2607)
* chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650)
* feat: Add AWS Cloud scanning (#2493)
* docs: specify the type when verifying an attestation (#2697)
* docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690)
* fix(rpc): scanResponse rpc conversion for custom resources (#2692)
* feat(rust): Add support for cargo-auditable (#2675)
* feat: Support passing value overrides for configuration checks (#2679)
* feat(sbom): add support for scanning a sbom attestation (#2652)
* chore(image): skip symlinks and hardlinks from tar scan (#2634)
* fix(report): Update junit.tpl (#2677)
* fix(cyclonedx): add nil check to metadata.component (#2673)
* docs(secret): fix missing and broken links (#2674)
* refactor(cyclonedx): implement json.Unmarshaler (#2662)
* chore(deps): bump github.com/aquasecurity/table from 1.6.0 to 1.7.2 (#2643)
* chore(deps): bump github.com/Azure/go-autorest/autorest (#2642)
* feat(kubernetes): add option to specify kubeconfig file path (#2576)
* docs: follow Debian's "instructions to connect to a third-party repository" (#2511)
* chore(deps): bump github.com/google/licenseclassifier/v2 (#2644)
* chore(deps): bump github.com/samber/lo from 1.24.0 to 1.27.0 (#2645)
* chore(deps): bump github.com/Azure/go-autorest/autorest/adal (#2647)
* chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.8 to 3.1.0 (#2646)
* chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#2641)
* chore(deps): bump actions/cache from 3.0.4 to 3.0.5 (#2640)
* chore(deps): bump alpine from 3.16.0 to 3.16.1 (#2639)</comment>
<requestid>997334</requestid>
</revision>
<revision rev="32" vrev="1">
<srcmd5>acfe65d0e9c284fcc7cd29ea7a1a9edd</srcmd5>
<version>0.31.2</version>
<time>1660753008</time>
<user>RBrownFactory</user>
<comment>- Update to version 0.31.2:
* fix: Correctly handle recoverable AWS scanning errors (#2726)
* docs: Remove reference to SecurityAudit policy for AWS scanning (#2721)
- Update to version 0.31.1:
* fix: upgrade defsec to v0.71.7 for elb scan panic (#2720)</comment>
<requestid>997437</requestid>
</revision>
<revision rev="33" vrev="1">
<srcmd5>75c948547a7345f2858e59fbd192b6f0</srcmd5>
<version>0.31.3</version>
<time>1662405737</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.31.3:
* fix: handle empty OS family (#2768)
* fix: fix k8s summary report (#2777)
* fix: don't skip packages that don't contain vulns, when using --list-all-pkgs flag (#2767)
* chore: bump trivy-kubernetes (#2770)
* fix(secret): Consider secrets in rpc calls (#2753)
* fix(java): check depManagement from upper pom's (#2747)
* fix(php): skip `composer.lock` inside `vendor` folder (#2718)
* fix: fix k8s rbac filter (#2765)
* feat(misconf): skipping misconfigurations by AVD ID (#2743)
* chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741)
* docs: add MacPorts install instructions (#2727)
* docs: typo (#2730)</comment>
<requestid>1001263</requestid>
</revision>
<revision rev="34" vrev="1">
<srcmd5>8674d3b9097c620ba613452ee02b8bd4</srcmd5>
<version>0.32.0</version>
<time>1663596204</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.32.0:
* docs: add Rekor SBOM attestation scanning (#2893)
* chore: narrow the owner scope (#2894)
* fix: remove a patch number from the recommendation link (#2891)
* fix: enable parsing of UUID-only rekor entry ID (#2887)
* docs(sbom): add SPDX scanning (#2885)
* docs: restructure docs and add tutorials (#2883)
* feat(sbom): scan sbom attestation in the rekor record (#2699)
* feat(k8s): support outdated-api (#2877)
* chore(deps): bump github.com/moby/buildkit from 0.10.3 to 0.10.4 (#2815)
* fix(c): support revisions in Conan parser (#2878)
* feat: dynamic links support for scan results (#2838)
* chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 (#2818)
* docs: update archlinux commands (#2876)
* feat(secret): add line from dockerfile where secret was added to secret result (#2780)
* feat(sbom): Add unmarshal for spdx (#2868)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#2827)
* fix: revert asff arn and add documentation (#2852)
* docs: batch-import-findings limit (#2851)
* chore(deps): bump golang from 1.19.0 to 1.19.1 (#2872)
* feat(sbom): Add marshal for spdx (#2867)
* build: checkout before setting up Go (#2873)
* chore: bump Go to 1.19 (#2861)
* docs: azure doc and trivy (#2869)
* fix: Scan tarr'd dependencies (#2857)
* chore(helm): helm test with ingress (#2630)
* feat(report): add secrets to sarif format (#2820)
* chore(deps): bump azure/setup-helm from 1.1 to 3.3 (#2807)
* refactor: add a new interface for initializing analyzers (#2835)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.77 to 1.44.92 (#2840)</comment>
<requestid>1004582</requestid>
</revision>
<revision rev="35" vrev="1">
<srcmd5>49852ab9ebe0603f24071f09c995b3a7</srcmd5>
<version>0.32.1</version>
<time>1664467980</time>
<user>RBrownFactory</user>
<comment>- Update to version 0.32.1:
* fix(java): use fields of dependency from dependencyManagement from upper pom.xml to parse deps (#2943)
* chore: expat lib and go binary deps vulns (#2940)
* wasm: Removes accidentally exported memory (#2950)
* fix(sbom): fix package name separation for gradle (#2906)
* docs(readme.md): fix broken integrations link (#2931)
* fix(image): handle images with single layer in rescan mergedLayers cache (#2927)
* fix(cli): split env values with ',' for slice flags (#2926)
* fix(cli): config/helm: also take into account files with `.yml` (#2928)
* fix(flag): add file-patterns flag for config subcommand (#2925)
* chore(deps): bump github.com/open-policy-agent/opa from 0.43.0 to 0.43.1 (#2902)</comment>
<requestid>1006699</requestid>
</revision>
<revision rev="36" vrev="1">
<srcmd5>5815d3b69b56e882fabe0a093fa9ee48</srcmd5>
<version>0.33.0</version>
<time>1666780315</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1031258</requestid>
</revision>
<revision rev="37" vrev="1">
<srcmd5>e489b5b644834a81b94cb1f832017211</srcmd5>
<version>0.34.0</version>
<time>1667825518</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1034128</requestid>
</revision>
<revision rev="38" vrev="1">
<srcmd5>2d959ef865e31d84612b80bb5c054ee0</srcmd5>
<version>0.35.0</version>
<time>1669630044</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1038587</requestid>
</revision>
<revision rev="39" vrev="1">
<srcmd5>eb936340e5564b06d5643f086d796f15</srcmd5>
<version>0.36.0</version>
<time>1672668133</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.36.0:
* docs: improve compliance docs (#3340)
* feat(deps): add yarn lock dependency tree (#3348)
* fix: compliance change id and title naming (#3349)
* feat: add support for mix.lock files for elixir language (#3328)
* feat: add k8s cis bench (#3315)
* test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322)
* revert: cache merged layers (#3334)
* feat(cyclonedx): add recommendation (#3336)
* feat(ubuntu): added support ubuntu ESM versions (#1893)
* fix: change logic to build relative paths for skip-dirs and skip-files (#3331)
* chore(deps): bump github.com/hashicorp/golang-lru from 0.5.4 to 2.0.1 (#3265)
* feat: Adding support for Windows testing (#3037)
* feat: add support for Alpine 3.17 (#3319)
* docs: change PodFile.lock to Podfile.lock (#3318)
* fix(sbom): support for the detection of old CycloneDX predicate type (#3316)
* feat(secret): Use .trivyignore for filtering secret scanning result (#3312)
* chore(go): remove experimental FS API usage in Wasm (#3299)
* ci: add workflow to add issues to roadmap project (#3292)
* fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275)
* chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#3250)
* feat(sbom): better support for third-party SBOMs (#3262)
* docs: add information about languages with support for dependency locations (#3306)
* feat(vm): add `region` option to vm scan to be able to scan any region's ami and ebs snapshots (#3284)
* chore(deps): bump github.com/Azure/azure-sdk-for-go from 66.0.0+incompatible to 67.1.0+incompatible (#3251)
* fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255)
* docs: remove comparisons (#3289)
* feat: add support for Wolfi Linux (#3215)
* ci: add go.mod to canary workflow (#3288)
* feat(python): skip dev dependencies (#3282)</comment>
<requestid>1046089</requestid>
</revision>
<revision rev="40" vrev="1">
<srcmd5>ee671e9e649cacfe09fe65a7b3c3b076</srcmd5>
<version>0.36.1</version>
<time>1672927298</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.36.1:
* fix(deps): fix errors on yarn.lock files that contain local file reference (#3384)
* feat(flag): early fail when the format is invalid (#3370)
* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.136 to 1.44.171 (#3366)
* docs(aws): fix broken links (#3374)
* chore(deps): bump actions/stale from 6 to 7 (#3360)
* chore(deps): bump helm/kind-action from 1.4.0 to 1.5.0 (#3359)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.6.0 to 0.7.0 (#2974)
* chore(deps): bump azure/setup-helm from 3.4 to 3.5 (#3358)
* chore(deps): bump github.com/moby/buildkit from 0.10.4 to 0.10.6 (#3173)
* chore(deps): bump goreleaser/goreleaser-action from 3 to 4 (#3357)
* chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.14 (#3367)
* chore(go): updates wazero to v1.0.0-pre.7 (#3355)
* chore(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 (#3362)
* chore(deps): bump actions/cache from 3.0.11 to 3.2.2 (#3356)</comment>
<requestid>1056176</requestid>
</revision>
<revision rev="41" vrev="1">
<srcmd5>4c9069496fb8154875bfc55cacf2ac7d</srcmd5>
<version>0.37.0</version>
<time>1675266002</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.37.0:
* fix(image): close layers (#3517)
* refactor: db client changed (#3515)
* feat(java): use trivy-java-db to get GAV (#3484)
* docs: add note about the limitation in Rekor (#3494)
* docs: aggregate targets (#3503)
* deps: updates wazero to 1.0.0-pre.8 (#3510)
* docs: add alma 9 and rocky 9 to supported os (#3513)
* chore(deps): bump defsec to v0.82.9 (#3512)
* chore: add missing target labels (#3504)
* docs: add java vulnerability page (#3429)
* feat(image): add support for Docker CIS Benchmark (#3496)
* feat(image): secret scanning on container image config (#3495)
* chore(deps): Upgrade defsec to v0.82.8 (#3488)
* feat(image): scan misconfigurations in image config (#3437)
* chore(helm): update Trivy from v0.30.4 to v0.36.1 (#3489)
* feat(k8s): add node info resource (#3482)
* perf(secret): optimize secret scanning memory usage (#3453)
* feat: support aliases in CLI flag, env and config (#3481)
* fix(k8s): migrate rbac k8s (#3459)
* feat(java): add implementationVendor and specificationVendor fields to detect GroupID from MANIFEST.MF (#3480)
* refactor: rename security-checks to scanners (#3467)
* chore: display the troubleshooting URL for the DB denial error (#3474)
* docs: yaml tabs to spaces, auto create namespace (#3469)
* docs: adding show-and-tell template to GH discussions (#3391)
* fix: Fix a temporary file leak in case of error (#3465)
* fix(test): sort cyclonedx components (#3468)
* docs: fixing spelling mistakes (#3462)
* ci: set paths triggering VM tests in PR (#3438)
* docs: typo in --skip-files (#3454)</comment>
<requestid>1062442</requestid>
</revision>
<revision rev="42" vrev="1">
<srcmd5>c5fc41c1b6715f2a463eb4ef3e84d2c4</srcmd5>
<version>0.37.1</version>
<time>1675357710</time>
<user>dimstar_suse</user>
<comment>- Update to version 0.37.1:
* fix(sbom): download the Java DB when generating SBOM (#3539)
* fix: use cgo free sqlite driver (#3521)
* ci: fix path to dist folder (#3527)</comment>
<requestid>1062489</requestid>
</revision>
</revisionlist>