gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,556 Commits 29 Branches 177 Tags
e1beba2f2979b3a7ae04919d4c57c8f8fa381844
Commit Graph

826 Commits

Author SHA1 Message Date
dependabot[bot]
c72dfbfbb0 chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-05 12:31:33 +00:00
dependabot[bot]
682210ac64 chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-04 19:10:54 +00:00
dependabot[bot]
fa2e88360b chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-04 09:29:08 +00:00
dependabot[bot]
013df4c6b8 chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-04 05:12:39 +00:00
dependabot[bot]
b1489f3485 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-03 11:53:52 +00:00
dependabot[bot]
7f2e4223ff chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-03 11:43:57 +00:00
dependabot[bot]
c17b6603db chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-29 05:26:15 +00:00
Nikita Pivkin
4cdff0e573 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from v1.116.0 to v1.134.0 (#5822) 2023-12-26 12:09:43 +00:00
dependabot[bot]
be969d4136 chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 (#5809) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-25 06:13:16 +00:00
dependabot[bot]
81748f5ad0 chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 (#5805) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-19 07:59:21 +00:00
Nikita Pivkin
ba825b2ae1 chore(deps): bump trivy-iac to v0.7.1 (#5797) 2023-12-18 12:31:07 +00:00
Juan Ariza Toledano
abf227e06e fix(bitnami): use a different comparer for detecting vulnerabilities (#5633) 
Signed-off-by: juan131 <jariza@vmware.com>
 2023-12-17 10:27:19 +00:00
dependabot[bot]
6080e245ce chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 (#5717) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 09:38:17 +00:00
dependabot[bot]
e27ec3261e chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 (#5701) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 08:52:06 +00:00
Teppei Fukuda
99c04c4383 feat(report): output plugin (#4863) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-12-04 11:04:43 +00:00
dependabot[bot]
49e83a6ad2 chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#5704) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 10:36:06 +00:00
dependabot[bot]
af32cb310a chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 (#5699) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 10:32:05 +00:00
chenk
256957523a feat: Add flag to configure node-collector image ref (#5710) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-12-04 10:25:12 +00:00
dependabot[bot]
c0610097a6 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 (#5702) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 09:46:51 +00:00
dependabot[bot]
aedbd85d6e chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 (#5698) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 03:38:34 +00:00
dependabot[bot]
e018b9c423 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 (#5706) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 03:37:58 +00:00
Teppei Fukuda
075d8f6286 chore: bump Go to 1.21 (#5662) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-11-28 04:01:54 +00:00
simar7
372efc9ec7 chore(deps): Bump up trivy misconf deps (#5656) 2023-11-28 00:47:23 +00:00
DmitriyLewen
ad977a4256 fix(nodejs): support protocols for dependency section in yarn.lock files (#5612) 2023-11-22 01:44:45 +00:00
chenk
d9d7f3f190 chore: bump node-collector v0.0.9 (#5591) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-11-16 00:48:56 +00:00
simar7
e3c28f8ee3 feat(misconf): Add support for --cf-params for CFT (#5507) 
Signed-off-by: Simar <simar@linux.com>
Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io>
 2023-11-15 07:04:22 +00:00
dependabot[bot]
2310f0dd69 chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#5543) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-14 07:50:00 +00:00
DmitriyLewen
cb241a8007 fix(sbom): add FilesAnalyzed and PackageVerificationCode fields for SPDX (#5533) 2023-11-09 09:25:27 +00:00
simar7
e7f6a5c805 refactor(misconf): Update refactored dependencies (#5245) 
Signed-off-by: Simar <simar@linux.com>
 2023-11-09 02:24:52 +00:00
chenk
91fc8dac92 fix: trivy k8s parse ecr image with arn (#5537) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-11-09 01:05:45 +00:00
dependabot[bot]
fdb3a15b2d chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-03 23:58:20 +00:00
dependabot[bot]
d0d956fdc1 chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-11-03 01:38:04 +00:00
dependabot[bot]
474167c47e chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-11-03 01:36:27 +00:00
dependabot[bot]
b0141cfbaa chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-02 01:52:57 +00:00
dependabot[bot]
6e5927266c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-02 01:09:25 +00:00
chenk
f3de7bc3be feat: scan vulns on k8s core component apps (#5418) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-11-01 09:31:48 +00:00
DmitriyLewen
e2fb3dd58f fix(java): fix infinite loop when relativePath field points to pom.xml being scanned (#5470) 2023-10-31 01:47:58 +00:00
dependabot[bot]
3e833be7d8 chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-31 01:46:24 +00:00
dependabot[bot]
57fa701a87 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-26 00:42:55 +00:00
Erick Redwine
e5317c7bc2 fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393) 2023-10-19 03:29:54 +00:00
Sylvain Baubeau
9fba79f0b6 chore(deps): move to aws-sdk-go-v2 (#5381) 2023-10-18 14:21:56 +00:00
Teppei Fukuda
cbbd1ce1f0 feat(k8s): add support for vulnerability detection (#5268) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-10-14 12:32:55 +00:00
DmitriyLewen
24a0d92145 fix(python): override BOM in requirements.txt files (#5375) 2023-10-14 08:37:32 +00:00
dependabot[bot]
c4134224a2 chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-12 15:45:22 +00:00
simar7
57ba05c766 chore(deps): Upgrade defsec to v0.93.1 (#5348) 2023-10-08 12:40:21 +00:00
DmitriyLewen
af485b33fd fix: fix MIME warnings after updating to Go 1.20 (#5336) 2023-10-05 12:58:40 +00:00
Teppei Fukuda
008babfb8b build: fix a compile error with Go 1.21 (#5339) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-10-05 10:06:32 +00:00
dependabot[bot]
7e613cc5f7 chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 15:45:32 +00:00
dependabot[bot]
f05bc4be4f chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 15:45:07 +00:00
Teppei Fukuda
3be5e6b242 chore: enable go-critic (#5302) 
* chore: enable gocritic

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* refactor: fix lint issues

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* test: return true for latest versions

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* chore(lint): enforce map and slice styles

Signed-off-by: knqyf263 <knqyf263@gmail.com>

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-10-02 08:33:21 +00:00