gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-20 14:22:50 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,744 Commits 29 Branches 178 Tags
cbed239f3990f5d366c4604a0f57f7785e7e9ec5
Commit Graph

3744 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aqua Security automated builds
cbed239f39 release: v0.67.1 [release/v0.67] (#9614) v0.67.1 2025-10-09 10:55:07 +00:00
Aqua Security automated builds
1a840935bb fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#9631) 
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-10-09 10:32:28 +00:00
Aqua Security automated builds
3bc1490c8c fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#9629) 
Co-authored-by: Ori <59772293+orizerah@users.noreply.github.com>
 2025-10-09 07:59:51 +00:00
Aqua Security automated builds
542eee7c38 fix: add buildInfo for BlobInfo in rpc package [backport: release/v0.67] (#9615) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-10-08 12:22:15 +00:00
Aqua Security automated builds
f65dd05309 fix(vex): don't use reused BOM [backport: release/v0.67] (#9612) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2025-10-08 10:58:02 +00:00
Aqua Security automated builds
adeb362424 release: v0.67.0 [main] (#9432) v0.67.0 2025-09-30 07:19:04 +00:00
DmitriyLewen
78f0d4ae03 fix(vex): don't suppress vulns for packages with infinity loop (#9465) 2025-09-30 06:41:10 +00:00
DmitriyLewen
fa6f1bfecf fix(aws): use BuildableClient insead of xhttp.Client (#9436) 2025-09-30 05:54:12 +00:00
Nikita Pivkin
e7c16a756c refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (#9282) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2025-09-30 03:33:52 +00:00
Nikita Pivkin
c446a5c1c7 docs: clarify inline ignore limitations for resource-less checks (#9537) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-30 01:56:24 +00:00
afdesk
c0c7a6bf1b fix(k8s): disable parallel traversal with fs cache for k8s images (#9534) 2025-09-30 01:44:51 +00:00
Nikita Pivkin
bfd2f6ba69 fix(misconf): handle tofu files in module detection (#9486) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-29 14:41:59 +00:00
DmitriyLewen
e4af279b29 feat(seal): add seal support (#9370) 2025-09-29 08:44:40 +00:00
Nikita Pivkin
e149094f9b docs: fix modules path and update code example (#9539) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-26 15:13:33 +00:00
Teppei Fukuda
a4cbd6a138 fix: close file descriptors and pipes on error paths (#9536) 
Co-authored-by: knqyf263 <knqyf263@users.noreply.github.com>
 2025-09-26 12:31:59 +00:00
Teppei Fukuda
eba48afd58 feat: add documentation URL for database lock errors (#9531) 2025-09-26 08:25:44 +00:00
tom1299
92ebc7e4d7 fix(db): Dowload database when missing but metadata still exists (#9393) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-09-26 07:35:03 +00:00
Nikita Pivkin
42b3bf37bb feat(cloudformation): support default values and list results in Fn::FindInMap (#9515) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-25 09:24:16 +00:00
Nikita Pivkin
8e40d27a43 fix(misconf): unmark cty values before access (#9495) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-24 20:21:07 +00:00
Teppei Fukuda
7b663d86ca feat(cli): change --list-all-pkgs default to true (#9510) 2025-09-24 10:06:39 +00:00
DmitriyLewen
404abb3d91 fix(nodejs): parse workspaces as objects for package-lock.json files (#9518) 2025-09-24 08:04:23 +00:00
Nikita Pivkin
352855ef64 refactor(fs): use underlyingPath to determine virtual files more reliably (#9302) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-23 14:36:35 +00:00
Teppei Fukuda
d57b1606c9 refactor: remove google/wire dependency and implement manual DI (#9509) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2025-09-23 13:02:11 +00:00
dependabot[bot]
331cf5d4a4 chore(deps): bump the aws group with 6 updates (#9481) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-23 12:47:01 +00:00
dependabot[bot]
366910bc58 chore(deps): bump the common group across 1 directory with 24 updates (#9507) 
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-23 05:15:47 +00:00
Nikita Pivkin
267a9700fa fix(misconf): wrap legacy ENV values in quotes to preserve spaces (#9497) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2025-09-22 11:58:47 +00:00
DmitriyLewen
842ebdcb4a docs: move info about detection priority into coverage section (#9469) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2025-09-22 11:48:39 +00:00
amitbhardwaj
6d562a3b48 feat(sbom): added support for CoreOS (#9448) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-09-22 06:46:45 +00:00
Nikita Pivkin
c9388069a4 fix(misconf): strip build metadata suffixes from image history (#9498) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-22 06:46:14 +00:00
Teppei Fukuda
aff03ebab2 feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-09-20 14:26:53 +00:00
matt-andersen
8b2575bd27 docs: Fix typo in terraform docs (#9492) 2025-09-18 10:59:36 +00:00
Chanho Lee
cb25a07450 feat(redhat): add os-release detection for RHEL-based images (#9458) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-09-15 10:59:48 +00:00
Teppei Fukuda
8dce58c684 ci(deps): add 3-day cooldown period for Dependabot updates (#9475) 2025-09-15 09:06:44 +00:00
Teppei Fukuda
788f6faffb refactor: migrate from go-json-experiment to encoding/json/v2 (#9422) 
Co-authored-by: knqyf263 <knqyf263@users.noreply.github.com>
Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-15 08:46:44 +00:00
DmitriyLewen
1ff9ac7948 fix(vuln): compare nuget package names in lower case (#9456) 2025-09-15 07:21:06 +00:00
Owen Rumney
78a70e2cfd chore: Update release flow to include chocolatey (#9460) 2025-09-09 18:11:14 +00:00
Itay Shakury
ea0ff34d38 docs: document eol supportability (#9434) 2025-09-09 17:21:25 +00:00
DmitriyLewen
4a2be6b48c docs(report): add nuanses about secret/license scanner in summary table (#9442) 2025-09-08 08:56:47 +00:00
Teppei Fukuda
4359fe06a0 ci: use environment variables in GitHub Actions for improved security (#9433) 2025-09-05 07:24:31 +00:00
jdesouza
2185c7816a chore: bump Go to 1.24.7 (#9435) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2025-09-04 18:04:43 +00:00
amitbhardwaj
4517e8c0ef fix(nodejs): use snapshot string as Package.ID for pnpm packages (#9330) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2025-09-04 04:52:26 +00:00
Aqua Security automated builds
a70d8e70a8 ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (#9425) 
Co-authored-by: GitHub Actions <actions@github.com>
 2025-09-02 18:13:15 +00:00
Aqua Security automated builds
7bcb181268 release: v0.66.0 [main] (#9289) v0.66.0 2025-09-02 16:42:22 +00:00
dependabot[bot]
21258954d2 chore(deps): bump the aws group with 7 updates (#9419) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-02 07:47:44 +00:00
Nikita Pivkin
29e9ff7e14 refactor(secret): clarify secret scanner messages (#9409) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-09-02 06:03:07 +00:00
DmitriyLewen
46ab76a5af fix(cyclonedx): handle multiple license types (#9378) 2025-09-01 12:10:14 +00:00
DmitriyLewen
1ac9b1f07c fix(repo): sanitize git repo URL before inserting into report metadata (#9391) 2025-09-01 11:09:02 +00:00
Teppei Fukuda
6fa3849c10 test: add HTTP basic authentication to git test server (#9407) 2025-09-01 09:42:41 +00:00
Ivo Šmíd
aa7cf4387c fix(sbom): add support for file component type of CycloneDX (#9372) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-09-01 08:33:46 +00:00
Nikita Pivkin
81d94253c8 fix(misconf): ensure module source is known (#9404) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-08-30 00:53:23 +00:00