gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 07:40:48 -08:00
Code Issues Packages Projects Releases Wiki Activity
2,568 Commits 29 Branches 177 Tags
bb6caea5cbe83dfdf1812814730dc65aa08ea785
Commit Graph

228 Commits

Author SHA1 Message Date
dependabot[bot]
7cad04bdf1 chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-17 09:00:37 +00:00
dependabot[bot]
cba67d1f06 chore(deps): bump actions/setup-go from 4 to 5 (#5845) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-05 16:31:44 +00:00
dependabot[bot]
d990e702a2 chore(deps): bump actions/stale from 8 to 9 (#5846) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-05 12:35:25 +00:00
dependabot[bot]
121898423b chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-05 12:31:32 +00:00
dependabot[bot]
b508414ca2 chore(deps): bump actions/setup-python from 4 to 5 (#5848) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-04 19:01:57 +00:00
dependabot[bot]
f2aa9bf3eb chore(deps): bump sigstore/cosign-installer from 4a861528be5e691840a69536975ada1d4c30349d to 1fc5bd396d372bee37d608f955b336615edf79c8 (#5696) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 07:18:38 +00:00
dependabot[bot]
6d7e2f8116 chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 (#5694) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 07:18:17 +00:00
dependabot[bot]
176627192f chore(deps): bump actions/github-script from 6 to 7 (#5697) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 10:29:43 +00:00
dependabot[bot]
7ee854767e chore(deps): bump easimon/maximize-build-space from 8 to 9 (#5695) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 10:28:13 +00:00
Teppei Fukuda
075d8f6286 chore: bump Go to 1.21 (#5662) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-11-28 04:01:54 +00:00
Anais Urlichs
edad5f6902 docs: update adopters discussion template (#5632) 
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
 2023-11-27 01:29:32 +00:00
Nikita Pivkin
df47073fa4 ci: use maximize build space for K8s tests (#5387) 2023-11-06 03:25:58 +00:00
dependabot[bot]
2e10cd2eba chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-02 03:52:43 +00:00
dependabot[bot]
13df746527 chore(deps): bump docker/build-push-action from 4 to 5 (#5500) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-02 01:55:00 +00:00
dependabot[bot]
9a6e125c78 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-02 01:09:38 +00:00
DmitriyLewen
013d901993 docs: fix error when installing PyYAML for gh pages (#5462) 2023-10-28 03:32:13 +00:00
DmitriyLewen
6c12f04286 test: use maximize build space for VM tests (#5362) 2023-10-13 01:42:57 +00:00
DmitriyLewen
91841f59ba ci: add workflow to check Go versions of dependencies (#5340) 2023-10-09 11:04:09 +00:00
DmitriyLewen
03b6787c44 ci: check only PR's in actions/stale (#5337) 2023-10-05 07:36:02 +00:00
Itay Shakury
e6d5889ed4 chore: update adopters template (#5330) 2023-10-04 12:13:20 +00:00
Teppei Fukuda
74dbd8a1fd ci: do not trigger tests on the push event (#5313) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-10-03 11:10:05 +00:00
dependabot[bot]
6c74ee11f0 chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-03 09:01:37 +00:00
dependabot[bot]
6119878de1 chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-03 08:25:12 +00:00
dependabot[bot]
a346587b8d chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.3.1...v3.3.2)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 15:54:49 +00:00
dependabot[bot]
f6cd21c873 chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3.6.0...v4.1.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 08:31:07 +00:00
dependabot[bot]
eb60e9f3c0 chore(deps): bump docker/login-action from 2 to 3 (#5291) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 05:20:14 +00:00
simar7
0c08dde015 chore: Add line numbers for lint output (#5247) 
* fix(github): Add line numbers for lint output

* correctional message check

* update messaging
 2023-09-28 07:12:47 +00:00
DmitriyLewen
559c0f30b1 chore: enable more linters (#5228) 
* chore: enable more linters

* fix typos

* ci: add `verbose` option in linter action

* ci: remove `verbose` option in linter action
 2023-09-26 06:20:54 +00:00
Nikita Pivkin
2baad46189 ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236) 
* chore: replace brews.tap with brews.repository

* ci: bump GoReleaser from 1.16.2 to 1.20.0
 2023-09-25 19:08:53 +00:00
DmitriyLewen
2e6662060e ci: auto apply labels (#5200) 
* add label for mage file. Create workflow.

* fix typo

* setup go and aqua tools

* set fetch-depth == 1
 2023-09-18 13:51:12 +00:00
Paternity Leave
81240cf080 chore: auto-close issues (#5177) 
* chore: auto close issues

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* chore: add state_reason

* docs: add a warning message about issues

Signed-off-by: knqyf263 <knqyf263@gmail.com>

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-09-14 06:19:59 +00:00
dependabot[bot]
ccc6d7cb2c chore(deps): bump sigstore/cosign-installer (#5104) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from a5d81fb6bdbcbb3d239e864d6552820420254494 to 4a861528be5e691840a69536975ada1d4c30349d.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](a5d81fb6bd...4a861528be)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-08 14:04:16 +00:00
dependabot[bot]
a9c2c74c55 chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103) 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3.6.0...v3.7.0)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-07 20:17:29 +00:00
dependabot[bot]
120ac68b5b chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105) 
Bumps [easimon/maximize-build-space](https://github.com/easimon/maximize-build-space) from 7 to 8.
- [Release notes](https://github.com/easimon/maximize-build-space/releases)
- [Changelog](https://github.com/easimon/maximize-build-space/blob/master/CHANGELOG.md)
- [Commits](https://github.com/easimon/maximize-build-space/compare/v7...v8)

---
updated-dependencies:
- dependency-name: easimon/maximize-build-space
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-07 20:16:13 +00:00
Anais Urlichs
932f927555 chaging adopters discussion tempalte (#5091) 
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
 2023-09-05 20:55:25 +00:00
dependabot[bot]
c504f8be44 chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3.5.3...v3.6.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-01 18:42:12 +00:00
Juan Ariza Toledano
7acc5e8312 feat(docker): add support for scanning Bitnami components (#5062) 
* feat(bitnami): add support for scanning Bitnami components

Signed-off-by: juan131 <jariza@vmware.com>

* chore(deps): bump packageurl-go

TypeBitnami is not included in v0.1.1

* feat(spdx): handle orphan packages

* fix: update Elastic SPDX

Signed-off-by: juan131 <jariza@vmware.com>

* Update pkg/fanal/analyzer/sbom/sbom.go

Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>

* fix: remove useless else

Signed-off-by: juan131 <jariza@vmware.com>

* call AnalysisResult.Sort()

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* delete app packages

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix: set the component path to packages

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: add a comment about continue

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* chore: bump trivy-db

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: add Bitnami

Signed-off-by: knqyf263 <knqyf263@gmail.com>

---------

Signed-off-by: juan131 <jariza@vmware.com>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2023-08-31 20:18:05 +00:00
Teppei Fukuda
f811ed2d48 build: maximize build space for build tests (#5072) 
* build: maximize build space for build tests

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* only for Linux

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* maximize first

Signed-off-by: knqyf263 <knqyf263@gmail.com>

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-08-31 09:02:18 +00:00
Teppei Fukuda
49fdd584ba feat: PURL matching with qualifiers in OpenVEX (#5061) 
* feat: PURL match in OpenVEX

* test: fix fixture

* Update docs/docs/supply-chain/vex.md

Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>

* docs: add a comment about overriding statements

---------

Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2023-08-30 07:48:32 +00:00
DmitriyLewen
ef70d20766 feat: add Package.resolved swift files support (#4932) 
* add Package.resolved files analyzer

* add Swift detector and integration test

* refactor after go-dep-parser changes

* bump go-dep-parser

* remove replaces

* use filePath for Required func

* add ID field
 2023-08-23 11:23:50 +00:00
DmitriyLewen
bc2b0ca6c3 build: maximize available disk space for release (#4937) 
* remove unneeded bins and archives

* use jlumbroso/free-disk-space

* remove repeating step

* use maximize-build-space

* build: remove unused step

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-08-09 18:18:15 +00:00
dependabot[bot]
358d56b6b5 chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#4909) 
Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](fa81e57adf...dda0770415)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-03 06:14:49 +00:00
dependabot[bot]
7d7a1ef54a chore(deps): bump sigstore/cosign-installer (#4910) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from ef0e9691595ea19ec990a46b1a591dcafe568f34 to a5d81fb6bdbcbb3d239e864d6552820420254494.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](ef0e969159...a5d81fb6bd)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-02 11:54:14 +00:00
Teppei Fukuda
99eebc6703 docs: update the discussion template (#4928) 2023-08-02 10:51:51 +00:00
Teppei Fukuda
c3bc67c89a chore: update CODEOWNERS (#4871) 
* Update CODEOWNERS

* Add simar7
 2023-07-27 07:05:15 +00:00
Alexandre
0621402bf7 fix: documentation about reseting trivy image (#4733) 2023-07-02 12:29:23 +00:00
Teppei Fukuda
a21acc7e08 ci: ignore merge queue branches (#4696) 2023-06-22 11:02:22 +00:00
dependabot[bot]
32a3a3311c chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 (#4695) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3.5.3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-22 10:56:11 +00:00
dependabot[bot]
cbb47dc7c4 chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 (#4694) 
Bumps [aquaproj/aqua-installer](https://github.com/aquaproj/aqua-installer) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/aquaproj/aqua-installer/releases)
- [Commits](https://github.com/aquaproj/aqua-installer/compare/v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: aquaproj/aqua-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-22 10:31:20 +00:00
Teppei Fukuda
e1770e046c ci: do not trigger tests in main (#4692) 2023-06-22 08:25:58 +00:00