v0.49.0
⚡Release highlights and summary⚡
👉 #6033
Changelog
- 729a051 fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)
- 884745b chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029)
- 59e5433 fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)
- 5924c02 feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)
- 4df9363 docs: add note about Bun (#6001)
- 70dd572 fix(report): use
AWS_REGION
env for secrets inasff
template (#6011) - 13f797f fix: check returned error before deferring f.Close() (#6007)
- adfde63 feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)
- e2eb70e feat(vuln): enable
--vex
for all targets (#5992) - f9da021 docs: update link to data sources (#6000)
- b4b90cf feat(java): add support for line numbers for pom.xml files (#5991)
- fb36c4e refactor(sbom): use new
metadata.tools
struct for CycloneDX (#5981) - f6be42b docs: Update troubleshooting guide with image not found error (#5983)
- bb6caea style: update band logos (#5968)
- 189a46a chore(deps): Update misconfig deps (#5956)
- 91a2547 docs: update cosign tutorial and commands, update kyverno policy (#5929)
- a96f66f docs: update command to scan go binary (#5969)
- 2212d14 fix: handle non-parsable images names (#5965)
- 7cad04b chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693)
- fbc1a83 fix(amazon): save system files for pkgs containing
amzn
in src (#5951) - 260aa28 fix(alpine): Add EOL support for alpine 3.19. (#5938)
- 2c9d7c6 feat: allow end-users to adjust K8S client QPS and burst (#5910)
- ffe2ca7 chore(deps): bump go-ebs-file (#5934)
- f90d4ee fix(nodejs): find licenses for packages with slash (#5836)
- c75143f fix(sbom): use
group
field for pom.xml and nodejs files for CycloneDX reports (#5922) - a3fac90 fix: ignore no init containers (#5939)
- b1b4734 docs: Fix documentation of ecosystem (#5940)
- a2b6549 docs(misconf): multiple ignores in comment (#5926)
- ae134a9 fix(secret): find aws secrets ending with a comma or dot (#5921)
- c8c55fe chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885)
- 4d2e785 docs: ✨ Updated ecosystem docs with reference to new community app (#5918)
- 7895657 fix(java): don't remove excluded deps from upper pom's (#5838)
- 37e7e3e fix(java): check if a version exists when determining GAV by file name for
jar
files (#5630) - d0c81e2 feat(vex): add PURL matching for CSAF VEX (#5890)
- 958e1f1 fix(secret):
AWS Secret Access Key
must include only secrets withaws
text. (#5901) - 56c4e24 revert(report): don't escape new line characters for sarif format (#5897)
- 92d9b3d docs: improve filter by rego (#5402)
- a626cdf chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)
- 47b6c28 docs: add_scan2html_to_trivy_ecosystem (#5875)
- 0ebb6c4 fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)
- c47ed0d feat(vex): Add support for CSAF format (#5535)
- 2cdd65d chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880)
- cba67d1 chore(deps): bump actions/setup-go from 4 to 5 (#5845)
- d990e70 chore(deps): bump actions/stale from 8 to 9 (#5846)
- c72dfbf chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853)
- 1218984 chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847)
- 682210a chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854)
- e1a60cc chore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849)
- b508414 chore(deps): bump actions/setup-python from 4 to 5 (#5848)
- df3e90a feat(python): parse licenses from dist-info folder (#4724)
- fa2e883 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852)
- 30eff9c feat(nodejs): add yarn alias support (#5818)
- 013df4c chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850)
- b1489f3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856)
- 7f2e422 chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)
- da597c4 refactor: propagate time through context values (#5858)
- 1607eee refactor: move PkgRef under PkgIdentifier (#5831)
- b3d516e fix(cyclonedx): fix unmarshal for licenses (#5828)
- c17b660 chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)
- 1f0d629 feat(vuln): include pkg identifier on detected vulnerabilities (#5439)