aquasecurity-trivy

mirror of https://github.com/aquasecurity/trivy.git synced 2026-01-31 13:53:14 +08:00

Author	SHA1	Message	Date
Alessio Greggi	f809066b07	feat(vex): support per-repo tls configuration (#10030 ) Signed-off-by: Alessio Greggi <alessio.greggi@suse.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2026-01-24 03:59:56 +00:00
Teppei Fukuda	93915dc97a	refactor: add xslices.Map and replace lo.Map usages (#9984 )	2025-12-26 08:07:03 +00:00
DmitriyLewen	c274f5b986	fix(vex): use a separate `visited` set for each DFS path (#9760 )	2025-12-01 08:02:39 +00:00
DmitriyLewen	7422cc7168	fix(vex): don't use reused BOM (#9604 )	2025-10-08 09:45:43 +00:00
DmitriyLewen	78f0d4ae03	fix(vex): don't suppress vulns for packages with infinity loop (#9465 )	2025-09-30 06:41:10 +00:00
Teppei Fukuda	aff03ebab2	feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2025-09-20 14:26:53 +00:00
DmitriyLewen	e97af9806a	fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858 )	2025-05-13 06:40:15 +00:00
Matthieu MOREL	3b1426a676	chore: enable staticcheck (#8815 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2025-05-07 06:15:35 +00:00
Matthieu MOREL	a19e0aa1ba	fix: octalLiteral from go-critic (#8811 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2025-05-05 13:49:07 +00:00
Matthieu MOREL	6562082e28	fix: unused-parameter rule from revive (#8794 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2025-04-30 09:17:24 +00:00
Matthieu MOREL	43350dd9b4	fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2025-04-30 06:24:09 +00:00
Teppei Fukuda	529957eac1	feat: replace TinyGo with standard Go for WebAssembly modules (#8496 )	2025-03-07 10:10:15 +00:00
Teppei Fukuda	fe09410ed4	chore: replace deprecated tenv linter with usetesting (#8504 )	2025-03-06 12:26:20 +00:00
Teppei Fukuda	1f85b27773	refactor(vex): improve SBOM reference handling with project standards (#8457 )	2025-03-03 12:57:13 +00:00
Thomas Grininger	4820eb70fc	feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254 )	2025-02-27 07:21:09 +00:00
Thiha Min Thant	53d12bc3b9	chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992 ) Signed-off-by: Thiha Min Thant <thihaminthant20@gmail.com>	2024-11-25 17:02:29 +00:00
DmitriyLewen	5448ba2a5c	feat(go): construct dependencies of `go.mod` main module in the parser (#7977 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2024-11-22 12:06:33 +00:00
Teppei Fukuda	7632625be2	chore: lint `errors.Join` (#7845 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-10-31 12:08:47 +00:00
Rutam Prita Mishra	e872ec006c	fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733 ) Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2024-10-31 06:03:22 +00:00
Teppei Fukuda	c2fd2e0d89	feat(vex): retrieve VEX attestations from OCI registries (#7249 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-07-30 08:02:20 +00:00
Teppei Fukuda	88ba46047c	feat(vex): VEX Repository support (#7206 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2024-07-25 12:18:37 +00:00
Teppei Fukuda	a447f6ba94	feat(vex): improve relationship support in CSAF VEX (#6735 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-05-28 10:51:07 +00:00
Matthieu MOREL	48bdc6e734	ci(deps): fix gci and gofmt in ".*_test.go$" (#6721 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2024-05-22 02:55:16 +00:00
Teppei Fukuda	9515695d45	feat(vex): support non-root components for products in OpenVEX (#6728 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2024-05-21 10:00:51 +00:00
Teppei Fukuda	6a72dd47ae	refactor: move artifact types under artifact package to avoid import cycles (#6652 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-05-09 16:18:37 +00:00
Teppei Fukuda	94d6e8ced6	refactor: replace zap with slog (#6466 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io> Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>	2024-04-11 18:59:09 +00:00
Teppei Fukuda	c4022d61b3	feat(vex): consider root component for relationships (#6313 ) Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2024-03-19 00:51:18 +00:00
Teppei Fukuda	8fcef352b3	refactor(sbom): add intermediate representation for BOM (#6240 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2024-03-12 06:56:10 +00:00
Juan Ariza Toledano	9c5e5a04ee	fix(vex): CSAF filtering should consider relationships (#5923 ) Signed-off-by: juan131 <jariza@vmware.com> Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>	2024-02-22 10:23:11 +00:00
Teppei Fukuda	3c1601b6cb	feat(vuln): show suppressed vulnerabilities in table (#6084 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2024-02-13 12:35:06 +00:00
DmitriyLewen	6ccc0a554b	fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2024-02-06 11:09:53 +00:00
Teppei Fukuda	d0c81e23c4	feat(vex): add PURL matching for CSAF VEX (#5890 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-01-10 06:37:19 +00:00
Juan Ariza Toledano	c47ed0d816	feat(vex): Add support for CSAF format (#5535 ) Signed-off-by: juan131 <jariza@vmware.com> Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2024-01-06 10:48:39 +00:00
Teppei Fukuda	1607eee77c	refactor: move PkgRef under PkgIdentifier (#5831 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2023-12-29 06:52:36 +00:00
Juan Ariza Toledano	1f0d6290c3	feat(vuln): include pkg identifier on detected vulnerabilities (#5439 ) Signed-off-by: juan131 <jariza@vmware.com> Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2023-12-27 07:54:56 +00:00
Teppei Fukuda	3be5e6b242	chore: enable go-critic (#5302 ) * chore: enable gocritic Signed-off-by: knqyf263 <knqyf263@gmail.com> * refactor: fix lint issues Signed-off-by: knqyf263 <knqyf263@gmail.com> * test: return true for latest versions Signed-off-by: knqyf263 <knqyf263@gmail.com> * chore(lint): enforce map and slice styles Signed-off-by: knqyf263 <knqyf263@gmail.com> --------- Signed-off-by: knqyf263 <knqyf263@gmail.com>	2023-10-02 08:33:21 +00:00
Teppei Fukuda	49fdd584ba	feat: PURL matching with qualifiers in OpenVEX (#5061 ) * feat: PURL match in OpenVEX * test: fix fixture * Update docs/docs/supply-chain/vex.md Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> * docs: add a comment about overriding statements --------- Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2023-08-30 07:48:32 +00:00
chenk	85c681d443	feat: kbom and cyclonedx v1.5 spec support (#4708 ) * feat: kbom and cyclonedx v1.5 spec support Signed-off-by: chenk <hen.keinan@gmail.com> * feat: kbom and cyclonedx v1.5 spec support Signed-off-by: chenk <hen.keinan@gmail.com> * feat: kbom and cyclonedx v1.5 spec support Signed-off-by: chenk <hen.keinan@gmail.com> * feat: feat: kbom and cyclonedx 1.5 spec support Signed-off-by: chenk <hen.keinan@gmail.com> * fix: unmarshal bom on v1.5 return invalid specification version Signed-off-by: chenk <hen.keinan@gmail.com> * feat: cyclonedx-1.5 spec support Signed-off-by: chenk <hen.keinan@gmail.com> --------- Signed-off-by: chenk <hen.keinan@gmail.com>	2023-06-25 13:47:06 +00:00
Teppei Fukuda	11a5b91a1a	feat(sbom): add VEX support (#4053 )	2023-04-27 10:21:06 +03:00

39 Commits