Sourced from github.com/aquasecurity/trivy's releases.

v0.57.0

⚡Release highlights and summary⚡

👉aquasecurity/trivy#7857

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0570-2024-10-31

Sourced from github.com/aquasecurity/trivy's changelog.

0.57.0 (2024-10-31)

⚠ BREAKING CHANGES

• k8s: support k8s multi container (#7444)

Features

• add end of life date for Ubuntu 24.10 (#7787) (ad3c09e)
• cli: add trivy auth (#7664) (27117f8)
• cli: error out when ignore file cannot be found (#7624) (cb0b3a9)
• cli: rename trivy auth to trivy registry (#7727) (633a7ab)
• cyclonedx: add file checksums to CycloneDX reports (#7507) (c225883)
• db: append errors (#7843) (5e78b6c)
• misconf: export unresolvable field of IaC types to Rego (#7765) (9514148)
• misconf: public network support for Azure Storage Account (#7601) (ad91412)
• misconf: Show misconfig ID in output (#7762) (f75c0d1)
• misconf: ssl_mode support for GCP SQL DB instance (#7564) (2eaa17e)
• parser: ignore white space in pom.xml files (#7747) (a7baa93)
• report: update gitlab template to populate operating_system value (#7735) (c0d79fa)

Bug Fixes

• cli: clean --all deletes only relevant dirs (#7704) (672e886)
• cli: add config name to skip-policy-update alias (#7820) (b661d68)
• db: fix javadb downloading error handling (#7642) (2c87f0c)
• enable usestdlibvars linter (#7770) (57e24aa)
• go: Do not trim v prefix from versions in Go Mod Analyzer (#7733) (e872ec0)
• helm: properly handle multiple archived dependencies (#7782) (6fab88d)
• java: correctly inherit version and scope from upper/root depManagement and dependencies into parents (#7541) (778df82)
• k8s: skip resources without misconfigs (#7797) (7882776)
• k8s: support k8s multi container (#7444) (c434775)
• k8s: support kubernetes v1.31 (#7810) (7a4f4d8)
• license: fix license normalization for Universal Permissive License (#7766) (f6acdf7)
• misconf: change default ACL of digitalocean_spaces_bucket to private (#7577) (9da84f5)
• misconf: check if property is not nil before conversion (#7578) (c8c14d3)
• misconf: fix for Azure Storage Account network acls adaptation (#7602) (35fd018)
• misconf: properly expand dynamic blocks (#7612) (8d5dbc9)
• redhat: include arch in PURL qualifiers (#7654) (a585e95)
• repo: git clone output to Stderr (#7561) (fdf203c)
• report: Fix invalid URI in SARIF report (#7645) (015bb88)
• sbom: add options for DBs in private registries (#7660) (1f2e91b)
• sbom: use Annotation instead of AttributionTexts for SPDX formats (#7811) (f2bb9c6)

0.56.0 (2024-10-03)

Features

... (truncated)

• efec326 release: v0.57.0 [main] (#7710)
• 7632625 chore: lint errors.Join (#7845)
• 5e78b6c feat(db): append errors (#7843)
• dc44946 docs(java): add info about supported scopes (#7842)
• 7654b2e docs: add example of creating whitelist of checks (#7821)
• 194d4ab chore(deps): Bump trivy-checks (#7819)
• e872ec0 fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)
• 7882776 fix(k8s): skip resources without misconfigs (#7797)
• f2bb9c6 fix(sbom): use Annotation instead of AttributionTexts for SPDX formats...
• b661d68 fix(cli): add config name to skip-policy-update alias (#7820)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)