gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-13 00:00:19 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,305 Commits 29 Branches 177 Tags
ca41a28641c99e8b4a8c6025a0c6e49a8ce62b65
Commit Graph

3305 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
fabio
ca41a28641 chore(secret): add reported issues related to secrets in junit template (#8193) 2025-01-13 06:13:58 +00:00
Nikita Pivkin
243e5a3af9 refactor: use trivy-checks/pkg/specs package (#8226) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-01-11 03:44:00 +00:00
Aqua Security automated builds
0aa2607cd8 ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-01-10 11:27:46 +00:00
Nikita Pivkin
23dc3a6753 fix(misconf): allow null values only for tf variables (#8112) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-01-10 01:52:51 +00:00
Nikita Pivkin
a0429f773b feat(misconf): support for ignoring by inline comments for Helm (#8138) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-01-10 01:37:49 +00:00
DmitriyLewen
f352f6b663 fix(redhat): check usr/share/buildinfo/ dir to detect content sets (#8222) 2025-01-09 12:45:45 +00:00
Chris Novakovic
f9a6a71927 chore(alpine): add EOL date for Alpine 3.21 (#8221) 2025-01-09 05:02:15 +00:00
jdesouza
670fbf2d81 fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207) 2025-01-08 06:27:07 +00:00
Nikita Pivkin
bbc5a85444 fix(misconf): disable git terminal prompt on tf module load (#8026) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-01-03 18:51:40 +00:00
Nikita Pivkin
70f3faa4b5 chore: remove aws iam related scripts (#8179) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-01-02 21:56:35 +00:00
amitbhardwaj
e8085bae3e docs: Updated JSON schema version 2 in the trivy documentation (#8188) 2024-12-28 17:28:42 +00:00
DmitriyLewen
4f111b9342 refactor(python): use once + debug for License acquired from METADATA... logs (#8175) 2024-12-25 06:17:08 +00:00
Nikita Pivkin
03db7fc1ba refactor: use slices package instead of custom function (#8172) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2024-12-25 05:28:37 +00:00
dependabot[bot]
eedefdddba chore(deps): bump the common group with 6 updates (#8162) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-24 16:39:44 +00:00
Nikita Pivkin
49c54b49c6 feat(python): add support for uv dev and optional dependencies (#8134) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2024-12-24 13:43:28 +00:00
Nikita Pivkin
774e04d19d feat(python): add support for poetry dev dependencies (#8152) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2024-12-24 12:12:39 +00:00
DmitriyLewen
735335f08f fix(sbom): attach nested packages to Application (#8144) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2024-12-24 07:28:35 +00:00
DmitriyLewen
9fd5cc5c00 docs(vex): use debian minor version in examples (#8166) 2024-12-24 06:41:30 +00:00
Teppei Fukuda
b5859d3fb5 refactor: add generic Set implementation (#8149) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-12-24 04:47:21 +00:00
dependabot[bot]
e6d0ba5cc9 chore(deps): bump the aws group across 1 directory with 6 updates (#8163) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-23 16:44:06 +00:00
Nikita Pivkin
a034d26443 fix(python): skip dev group's deps for poetry (#8106) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2024-12-23 06:20:15 +00:00
DmitriyLewen
7558df7c22 fix(sbom): use root package for unknown dependencies (if exists) (#8104) 2024-12-23 06:14:57 +00:00
DmitriyLewen
30c7cb1371 chore(deps): bump golang.org/x/net from v0.32.0 to v0.33.0 (#8140) 2024-12-20 06:44:54 +00:00
Teppei Fukuda
95f7a564e5 chore(vex): suppress CVE-2024-45338 (#8137) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-12-20 06:44:12 +00:00
Nikita Pivkin
c4a4a5fa97 feat(python): add support for uv (#8080) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2024-12-19 05:59:30 +00:00
dependabot[bot]
49f354085f chore(deps): bump the docker group across 1 directory with 3 updates (#8127) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-18 17:42:15 +00:00
dependabot[bot]
dcf28a1001 chore(deps): bump the common group across 1 directory with 14 updates (#8126) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-18 12:26:41 +00:00
Nikita Pivkin
e79e73d636 chore: bump go to 1.23.4 (#8123) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2024-12-18 09:49:47 +00:00
Nikita Pivkin
17827db6a9 test: set dummy value for NUGET_PACKAGES (#8107) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2024-12-16 13:00:10 +00:00
DmitriyLewen
f0b3a99bf2 chore(deps): bump github.com/CycloneDX/cyclonedx-go from v0.9.1 to v0.9.2 (#8105) 2024-12-16 11:09:33 +00:00
dependabot[bot]
e7507f0d34 chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-16 11:08:02 +00:00
Itay Shakury
2200f3846d fix: wasm module test (#8099) 2024-12-16 10:58:38 +00:00
jdesouza
d7ac286085 fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088) 2024-12-16 05:58:04 +00:00
Teppei Fukuda
328db73838 chore(vex): suppress CVE-2024-45337 (#8101) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-12-16 04:59:20 +00:00
DmitriyLewen
f5e429179d fix(license): always trim leading and trailing spaces for licenses (#8095) 2024-12-13 08:00:01 +00:00
Fabrizio Sestito
f9fceb58bf fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635) 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2024-12-11 16:39:06 +00:00
DmitriyLewen
4202c4ba0d fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063) 2024-12-10 07:22:30 +00:00
Matthieu MOREL
156a2aa4c4 fix: enable err-error and errorf rules from perfsprint linter (#7859) 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2024-12-10 07:03:43 +00:00
dependabot[bot]
e8b31bf003 chore(deps): bump the aws group across 1 directory with 6 updates (#8074) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-09 12:33:57 +00:00
Pierre Guilleminot
9bd6ed73e5 perf: avoid heap allocation in applier findPackage (#7883) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2024-12-09 12:28:09 +00:00
Sarthak Kumar Shailendra
2c41ac83a9 fix: Updated twitter icon (#7772) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2024-12-09 12:23:44 +00:00
afdesk
11dbf54884 docs(k8s): add a note about multi-container pods (#7815) 2024-12-09 12:12:47 +00:00
Teppei Fukuda
da17dc7278 feat: add --distro flag to manually specify OS distribution for vulnerability scanning (#8070) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2024-12-09 11:46:49 +00:00
DmitriyLewen
90f1d8d78a fix(oracle): add architectures support for advisories (#4809) 2024-12-09 11:43:40 +00:00
DmitriyLewen
51f2123c5c fix: handle BLOW_UNKNOWN error to download DBs (#8060) 2024-12-06 07:33:58 +00:00
Nikita Pivkin
ffe24e18dc feat(misconf): generate placeholders for random provider resources (#8051) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2024-12-06 02:06:26 +00:00
DmitriyLewen
fd07074e80 fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052) 2024-12-05 11:36:04 +00:00
DmitriyLewen
5e68bdc9d0 fix(flag): skip hidden flags for --generate-default-config command (#8046) 2024-12-05 11:22:50 +00:00
DmitriyLewen
9d9f80d979 fix(java): correctly overwrite version from depManagement if dependency uses project.* props (#8050) 2024-12-05 07:57:31 +00:00
Teppei Fukuda
73899610e8 feat(nodejs): respect peer dependencies for dependency tree (#7989) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2024-12-05 07:57:12 +00:00