Skip to content

v0.49.0

Compare
Choose a tag to compare
@aqua-bot aqua-bot released this 01 Feb 09:37
· 696 commits to main since this release
729a051

⚡Release highlights and summary⚡

👉 #6033

Changelog

  • 729a051 fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)
  • 884745b chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029)
  • 59e5433 fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)
  • 5924c02 feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)
  • 4df9363 docs: add note about Bun (#6001)
  • 70dd572 fix(report): use AWS_REGION env for secrets in asff template (#6011)
  • 13f797f fix: check returned error before deferring f.Close() (#6007)
  • adfde63 feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)
  • e2eb70e feat(vuln): enable --vex for all targets (#5992)
  • f9da021 docs: update link to data sources (#6000)
  • b4b90cf feat(java): add support for line numbers for pom.xml files (#5991)
  • fb36c4e refactor(sbom): use new metadata.tools struct for CycloneDX (#5981)
  • f6be42b docs: Update troubleshooting guide with image not found error (#5983)
  • bb6caea style: update band logos (#5968)
  • 189a46a chore(deps): Update misconfig deps (#5956)
  • 91a2547 docs: update cosign tutorial and commands, update kyverno policy (#5929)
  • a96f66f docs: update command to scan go binary (#5969)
  • 2212d14 fix: handle non-parsable images names (#5965)
  • 7cad04b chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693)
  • fbc1a83 fix(amazon): save system files for pkgs containing amzn in src (#5951)
  • 260aa28 fix(alpine): Add EOL support for alpine 3.19. (#5938)
  • 2c9d7c6 feat: allow end-users to adjust K8S client QPS and burst (#5910)
  • ffe2ca7 chore(deps): bump go-ebs-file (#5934)
  • f90d4ee fix(nodejs): find licenses for packages with slash (#5836)
  • c75143f fix(sbom): use group field for pom.xml and nodejs files for CycloneDX reports (#5922)
  • a3fac90 fix: ignore no init containers (#5939)
  • b1b4734 docs: Fix documentation of ecosystem (#5940)
  • a2b6549 docs(misconf): multiple ignores in comment (#5926)
  • ae134a9 fix(secret): find aws secrets ending with a comma or dot (#5921)
  • c8c55fe chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885)
  • 4d2e785 docs: ✨ Updated ecosystem docs with reference to new community app (#5918)
  • 7895657 fix(java): don't remove excluded deps from upper pom's (#5838)
  • 37e7e3e fix(java): check if a version exists when determining GAV by file name for jar files (#5630)
  • d0c81e2 feat(vex): add PURL matching for CSAF VEX (#5890)
  • 958e1f1 fix(secret): AWS Secret Access Key must include only secrets with aws text. (#5901)
  • 56c4e24 revert(report): don't escape new line characters for sarif format (#5897)
  • 92d9b3d docs: improve filter by rego (#5402)
  • a626cdf chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)
  • 47b6c28 docs: add_scan2html_to_trivy_ecosystem (#5875)
  • 0ebb6c4 fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)
  • c47ed0d feat(vex): Add support for CSAF format (#5535)
  • 2cdd65d chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880)
  • cba67d1 chore(deps): bump actions/setup-go from 4 to 5 (#5845)
  • d990e70 chore(deps): bump actions/stale from 8 to 9 (#5846)
  • c72dfbf chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853)
  • 1218984 chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847)
  • 682210a chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854)
  • e1a60cc chore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849)
  • b508414 chore(deps): bump actions/setup-python from 4 to 5 (#5848)
  • df3e90a feat(python): parse licenses from dist-info folder (#4724)
  • fa2e883 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852)
  • 30eff9c feat(nodejs): add yarn alias support (#5818)
  • 013df4c chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850)
  • b1489f3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856)
  • 7f2e422 chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)
  • da597c4 refactor: propagate time through context values (#5858)
  • 1607eee refactor: move PkgRef under PkgIdentifier (#5831)
  • b3d516e fix(cyclonedx): fix unmarshal for licenses (#5828)
  • c17b660 chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)
  • 1f0d629 feat(vuln): include pkg identifier on detected vulnerabilities (#5439)