aquasecurity-trivy

mirror of https://github.com/aquasecurity/trivy.git synced 2026-01-31 13:53:14 +08:00

Author	SHA1	Message	Date
DmitriyLewen	51f5412ba7	test: migrate private test helpers to `export_test.go` convention (#10043 )	2026-01-14 09:32:42 +00:00
DmitriyLewen	11dd3fac38	fix(license): normalize licenses for PostAnalyzers (#9941 )	2025-12-29 06:27:04 +00:00
Teppei Fukuda	93915dc97a	refactor: add xslices.Map and replace lo.Map usages (#9984 )	2025-12-26 08:07:03 +00:00
Thomas Grininger	e1f3f28ae4	feat(image): add Sigstore bundle SBOM support (#9516 ) Co-authored-by: knqyf263 <knqyf263@gmail.com>	2025-11-25 06:10:06 +00:00
Teppei Fukuda	d8eaaeb611	feat(sbom): add support for SPDX attestations (#9829 )	2025-11-21 08:44:54 +00:00
Teppei Fukuda	d020f2690e	feat(report): add image reference to report metadata (#9729 )	2025-10-31 07:26:39 +00:00
DmitriyLewen	fb0593bee6	fix(sbom): don’t panic on SBOM format if scanned CycloneDX file has empty metadata (#9562 )	2025-10-28 06:22:24 +00:00
DmitriyLewen	2c43425e05	fix(sbom): add `buildInfo` info as properties (#9683 )	2025-10-20 06:00:39 +00:00
DmitriyLewen	7422cc7168	fix(vex): don't use reused BOM (#9604 )	2025-10-08 09:45:43 +00:00
Teppei Fukuda	aff03ebab2	feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2025-09-20 14:26:53 +00:00
DmitriyLewen	46ab76a5af	fix(cyclonedx): handle multiple license types (#9378 )	2025-09-01 12:10:14 +00:00
Ivo Šmíd	aa7cf4387c	fix(sbom): add support for `file` component type of `CycloneDX` (#9372 ) Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2025-09-01 08:33:46 +00:00
Teppei Fukuda	d2d0ec2b6d	chore: add modernize tool integration for code modernization (#9251 ) Co-authored-by: knqyf263 <knqyf263@users.noreply.github.com>	2025-07-29 07:13:54 +00:00
Teppei Fukuda	aa944cc6da	fix(sbom): merge in-graph and out-of-graph OS packages in scan results (#9194 )	2025-07-16 11:57:44 +00:00
Mattias Andersson	12d6706961	feat(sbom): add SHA-512 hash support for CycloneDX SBOM (#9126 )	2025-07-03 06:24:57 +00:00
DmitriyLewen	143da88dd8	fix(sbom): use correct field for licenses in CycloneDX reports (#9057 )	2025-07-01 12:28:33 +00:00
K	41d0f949c8	feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019 ) Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2025-06-27 07:33:58 +00:00
Teppei Fukuda	198789a07b	fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034 )	2025-06-16 04:55:30 +00:00
Nikita Pivkin	454b894098	refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2025-06-09 10:01:53 +00:00
Teppei Fukuda	0229eb70ab	refactor(license): simplify compound license scanning (#8896 )	2025-05-21 11:23:49 +00:00
Matthieu MOREL	3b1426a676	chore: enable staticcheck (#8815 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2025-05-07 06:15:35 +00:00
Matthieu MOREL	a19e0aa1ba	fix: octalLiteral from go-critic (#8811 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2025-05-05 13:49:07 +00:00
Matthieu MOREL	6562082e28	fix: unused-parameter rule from revive (#8794 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2025-04-30 09:17:24 +00:00
Teppei Fukuda	c80310d769	refactor: rename scanner to service (#8584 )	2025-03-23 23:47:03 +00:00
Teppei Fukuda	529957eac1	feat: replace TinyGo with standard Go for WebAssembly modules (#8496 )	2025-03-07 10:10:15 +00:00
Teppei Fukuda	fe09410ed4	chore: replace deprecated tenv linter with usetesting (#8504 )	2025-03-06 12:26:20 +00:00
DmitriyLewen	e5072f1eef	fix(spdx): save text licenses into `otherLicenses` without normalize (#8502 ) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>	2025-03-06 11:52:01 +00:00
DmitriyLewen	85cca8c07a	fix(sbom): improve logic for binding direct dependency to parent component (#8489 )	2025-03-05 09:08:46 +00:00
Thomas Grininger	4820eb70fc	feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254 )	2025-02-27 07:21:09 +00:00
Itay Shakury	49456ba841	fix: update all documentation links (#8045 ) Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2025-02-26 10:41:46 +00:00
DmitriyLewen	72ea4b0632	fix(spdx): init `pkgFilePaths` map for all formats (#8380 )	2025-02-17 07:10:22 +00:00
Matthieu MOREL	60491f8a7e	chore: enable int-conversion from perfsprint (#8194 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2025-01-27 20:38:55 +00:00
DmitriyLewen	aec8885bc7	fix(spdx): use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX (#8077 )	2025-01-27 07:28:59 +00:00
DmitriyLewen	735335f08f	fix(sbom): attach nested packages to Application (#8144 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2024-12-24 07:28:35 +00:00
DmitriyLewen	7558df7c22	fix(sbom): use root package for `unknown` dependencies (if exists) (#8104 )	2024-12-23 06:14:57 +00:00
DmitriyLewen	d622ca2b1f	feat: add `workspaceRelationship` (#7889 )	2024-11-29 04:49:41 +00:00
Teppei Fukuda	06279924ca	refactor(sbom): simplify relationship generation (#7985 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-11-28 10:51:04 +00:00
Rutam Prita Mishra	e872ec006c	fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733 ) Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2024-10-31 06:03:22 +00:00
DmitriyLewen	f2bb9c6227	fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811 )	2024-10-30 10:32:40 +00:00
afdesk	5dd94ebc1f	fix(sbom): export bom-ref when converting a package to a component (#7340 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: amf <amf@macbook.local> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2024-09-19 05:17:42 +00:00
DmitriyLewen	aeb7039d7c	fix(sbom): parse type `framework` as `library` when unmarshalling `CycloneDX` files (#7527 )	2024-09-18 06:08:12 +00:00
Pierre Baumard	6472e3c9da	feat(license): improve license normalization (#7131 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2024-09-11 06:47:50 +00:00
DmitriyLewen	c96dcdd440	fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats (#7403 )	2024-08-29 10:35:48 +00:00
DmitriyLewen	4a2f492c6e	feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257 ) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>	2024-07-30 07:05:00 +00:00
Teppei Fukuda	88ba46047c	feat(vex): VEX Repository support (#7206 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2024-07-25 12:18:37 +00:00
DmitriyLewen	efb1f69383	feat(sbom): add vulnerability support for SPDX formats (#7213 )	2024-07-25 07:49:20 +00:00
DmitriyLewen	266d9b1f4b	refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074 )	2024-07-03 04:24:33 +00:00
DmitriyLewen	3d4ae8b5be	fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051 )	2024-06-28 09:45:06 +00:00
Teppei Fukuda	14d71ba63c	fix(sbom): use package UIDs for uniqueness (#7042 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-06-28 08:52:19 +00:00
DmitriyLewen	a76e3286c4	fix(sbom): take pkg name from `purl` for maven pkgs (#7008 )	2024-06-26 06:18:20 +00:00

1 2 3 4

156 Commits