admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-01-31 05:43:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,934 Commits 28 Branches 179 Tags
main
Commit Graph

3934 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cameron
9a3e0a845d fix(java): Disable overwriting exclusions (#10088) 2026-01-30 13:15:38 +00:00
Teppei Fukuda
65e151fab0 refactor(rust): use txtar format for cargo analyzer test data (#10104) 2026-01-30 12:13:18 +00:00
Ashwani Kumar Kamal
1a72b326bb feat(python): add pylock.toml (PEP 751) parser (#9632) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2026-01-30 11:01:47 +00:00
dependabot[bot]
cc64eebbd0 chore(deps): bump the aws group across 1 directory with 6 updates (#10068) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-30 10:57:22 +00:00
Teppei Fukuda
b9a8d2d80a fix(server): exclude JavaDB and CheckBundle from /version endpoint (#10100) 2026-01-30 10:48:49 +00:00
Aqua Security automated builds
8fb9191a07 release: v0.69.0 [main] (#9886) v0.69.0 2026-01-30 09:18:25 +00:00
Nikita Pivkin
ba9feb66bf chore: bump trivy-checks to v2 (#9875) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-30 08:02:58 +00:00
dependabot[bot]
f00f8de637 chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-30 06:54:43 +00:00
Riolku
036c05b9a1 fix(repo): return a nil interface for gitAuth if missing (#10097) 2026-01-30 06:53:14 +00:00
DmitriyLewen
2933b01cd5 fix(java): correctly inherit properties from parent fields for pom.xml files (#9111) 2026-01-30 06:34:59 +00:00
Czékus Máté
47d3103c50 fix(rust): implement version inheritance for Cargo mono repos (#10011) 
Signed-off-by: Máté Czékus <mate@picloud.hu>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2026-01-29 10:51:02 +00:00
DmitriyLewen
676709de44 feat(activestate): add support ActiveState images (#10081) 2026-01-29 06:42:32 +00:00
Alessio Greggi
f809066b07 feat(vex): support per-repo tls configuration (#10030) 
Signed-off-by: Alessio Greggi <alessio.greggi@suse.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2026-01-24 03:59:56 +00:00
Teppei Fukuda
f97ac7e112 refactor: allow per-request transport options override (#10083) 2026-01-23 10:23:33 +00:00
dependabot[bot]
8b46122869 chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-23 08:59:06 +00:00
dependabot[bot]
5d76153a23 chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-23 08:58:25 +00:00
DmitriyLewen
b9415a309c fix(java): correctly propagate repositories from upper POMs to dependencies (#10077) 2026-01-22 08:15:38 +00:00
Teppei Fukuda
31c4780f72 feat(rocky): enable modular package vulnerability detection (#10069) 2026-01-22 06:21:21 +00:00
dependabot[bot]
8025e90505 chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 05:50:01 +00:00
DmitriyLewen
bf860cd552 docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070) 2026-01-20 09:40:00 +00:00
Teppei Fukuda
fe7d20a31c feat(report): add Trivy version to JSON output (#10065) 2026-01-20 09:36:33 +00:00
Czékus Máté
d2dc46ad60 fix(rust): add cargo workspace members glob support (#10032) 
Signed-off-by: Máté Czékus <mate@picloud.hu>
 2026-01-20 06:27:38 +00:00
Teppei Fukuda
195382400f feat: add AnalyzedBy field to track which analyzer detected packages (#10059) 2026-01-19 13:17:32 +00:00
DmitriyLewen
c233735b02 fix: use canonical SPDX license IDs from embeded licenses.json (#10053) 2026-01-19 09:31:30 +00:00
Pierre Riteau
5bb654074e docs: fix link to Docker Image Specification (#10057) 2026-01-19 05:43:59 +00:00
Murat Aslan
34baef28ec feat(secret): add detection for Symfony default secret key (#9892) 
Co-authored-by: Murat Aslan <murataslan1@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2026-01-16 09:53:18 +00:00
Nikita Pivkin
56029517d6 refactor(misconf): move common logic to base value and simplify typed values (#9986) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-16 05:03:13 +00:00
DmitriyLewen
809db46231 fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880) 
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2026-01-15 07:31:21 +00:00
Nikita Pivkin
5fced3ae49 feat(misconf): use Terraform plan configuration to partially restore schema (#9623) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-14 19:47:56 +00:00
Nikita Pivkin
b06ef6d270 feat(misconf): add action block to Terraform schema (#10035) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-14 19:45:48 +00:00
Nikita Pivkin
ac061f8e88 fix(misconf): correct typos in block and attribute names (#9993) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-14 19:45:31 +00:00
Nikita Pivkin
8c23bfd871 test(misconf): simplify test values using *Test helpers (#9985) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-14 19:44:33 +00:00
Nikita Pivkin
a0ecc8e926 fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-14 19:44:08 +00:00
Nikita Pivkin
92d3465cee feat(misconf): support for ARM resources defined as an object (#9959) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-14 19:43:44 +00:00
Nikita Pivkin
37b5da895b feat(misconf): support for azurerm_*_web_app (#9944) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-14 19:43:04 +00:00
DmitriyLewen
51f5412ba7 test: migrate private test helpers to export_test.go convention (#10043) 2026-01-14 09:32:42 +00:00
dependabot[bot]
c3373b16c8 chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-14 09:03:21 +00:00
DmitriyLewen
cdb28eeeb1 fix(secret): improve word boundary detection for Hugging Face tokens (#10046) 2026-01-14 07:32:29 +00:00
DmitriyLewen
3c0ab97e10 fix(go): use ldflags version for all pseudo-versions (#10037) 2026-01-13 10:45:18 +00:00
Nikita Pivkin
f0e23ead66 chore: switch to ID from AVDID in internal and user-facing fields (#9655) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-13 07:58:01 +00:00
Nikita Pivkin
6462dc8a58 refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2026-01-13 07:57:18 +00:00
Teppei Fukuda
4e06c3df5b fix: move enum into items for array-type fields in JSON Schema (#10039) 2026-01-13 07:50:07 +00:00
DmitriyLewen
c5b8fef197 docs: fix incorrect documentation URLs (#10038) 2026-01-13 06:31:59 +00:00
Teppei Fukuda
07ff7885df feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033) 2026-01-12 11:08:05 +00:00
Andre Oganesian
7f71b577a0 fix(docker): fix non-det scan results for images with embedded SBOM (#9866) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2026-01-12 10:10:07 +00:00
dependabot[bot]
60eb3f0a2f chore(deps): bump the github-actions group with 11 updates (#10001) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-05 11:02:40 +00:00
Christian Dupuis
08a3f92ab6 test: fix assertion after 2026 roll over (#10002) 2026-01-05 06:51:30 +00:00
amitbhardwaj
b46cde0ebe fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-12-29 07:27:06 +00:00
DmitriyLewen
11dd3fac38 fix(license): normalize licenses for PostAnalyzers (#9941) 2025-12-29 06:27:04 +00:00
DmitriyLewen
b64d5adc6b feat(nodejs): parse licenses from package-lock.json file (#9983) 2025-12-29 05:57:06 +00:00