chore(deps): update ghcr.io/aquasecurity/trivy docker tag to v0.54.0
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
ghcr.io/aquasecurity/trivy (source) | image-name | minor |
0.53.0 -> 0.54.0
|
Release Notes
aquasecurity/trivy (ghcr.io/aquasecurity/trivy)
v0.54.0
Features
- add
log.FilePath()
function for logger (#7080) (1f5f348) - add openSUSE tumbleweed detection and scanning (#6965) (17b5dbf)
-
cli: rename
--vuln-type
flag to--pkg-types
flag (#7104) (7cbdb0a) - mariner: Add support for Azure Linux (#7186) (5cbc452)
- misconf: enabled China configuration for ACRs (#7156) (d1ec89d)
- nodejs: add license parser to pnpm analyser (#7036) (03ac93d)
-
sbom: add image labels into
SPDX
andCycloneDX
reports (#7257) (4a2f492) - sbom: add vulnerability support for SPDX formats (#7213) (efb1f69)
- share build-in rules (#7207) (bff317c)
- vex: retrieve VEX attestations from OCI registries (#7249) (c2fd2e0)
- vex: VEX Repository support (#7206) (88ba460)
-
vuln: add
--pkg-relationships
(#7237) (5c37361)
Bug Fixes
- Add dependencyManagement exclusions to the child exclusions (#6969) (dc68a66)
- add missing platform and type to spec (#7149) (c8a7abd)
- cli: error on missing config file (#7154) (7fa5e7d)
- close file when failed to open gzip (#7164) (2a577a7)
-
dotnet: don't include non-runtime libraries into report for
*.deps.json
files (#7039) (5bc662b) -
dotnet: show
nuget package dir not found
log only when checkingnuget
packages (#7194) (d76feba) - ignore nodes when listing permission is not allowed (#7107) (25f8143)
-
java: avoid panic if deps from
pom
init
dir are not found (#7245) (4e54a7e) -
java: use
go-mvn-version
to removePackage
duplicates (#7088) (a7a304d) - misconf: do not evaluate TF when a load error occurs (#7109) (f27c236)
-
nodejs: detect direct dependencies when using
latest
version for filesyarn.lock
+package.json
(#7110) (54bb8bd) - report: hide empty table when all secrets/license/misconfigs are ignored (#7171) (c3036de)
- secret: skip regular strings contain secret patterns (#7182) (174b1e3)
- secret: trim excessively long lines (#7192) (92b13be)
-
secret: update length of
hugging-face-access-token
(#7216) (8c87194) - server: pass license categories to options (#7203) (9d52018)
Performance Improvements
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot. The local configuration can be found in the local Renovate Bot repository.