v0.46.1

Changelog

• 27a3e55 fix(java): download java-db once (#5442)
• d223732 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)

v0.46.0

⚡Release highlights and summary⚡

👉 #5377

Changelog

• cbbd1ce feat(k8s): add support for vulnerability detection (#5268)
• 24a0d92 fix(python): override BOM in requirements.txt files (#5375)
• 0c3e2f0 docs: add kbom documentation (#5363)
• 6c12f04 test: use maximize build space for VM tests (#5362)
• c413422 chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
• 20ab703 fix(report): add escaping quotes in misconfig Title for asff template (#5351)
• 91841f5 ci: add workflow to check Go versions of dependencies (#5340)
• 57ba05c chore(deps): Upgrade defsec to v0.93.1 (#5348)
• fef3ed4 chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)
• ced54ac fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)
• 2798df9 fix: add config files to FS for post-analyzers (#5333)
• af485b3 fix: fix MIME warnings after updating to Go 1.20 (#5336)
• 008babf build: fix a compile error with Go 1.21 (#5339)
• 00d9c46 feat: added Metadata into the k8s resource's scan report (#5322)
• 03b6787 ci: check only PR's in actions/stale (#5337)
• e6d5889 chore: update adopters template (#5330)
• 74dbd8a ci: do not trigger tests on the push event (#5313)
• 393bfdc fix(sbom): use PURL or Group and Name in case of Java (#5154)
• 76eb8a5 docs: add buildkite repository to ecosystem page (#5316)
• 6c74ee1 chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)
• 6119878 chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)
• a346587 chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)
• 7e613cc chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)
• f05bc4b chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)
• 3be5e6b chore: enable go-critic (#5302)
• f6cd21c chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)
• f7b9751 chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)
• 18d1687 close java-db client (#5273)
• eb60e9f chore(deps): bump docker/login-action from 2 to 3 (#5291)
• 5a92055 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)
• 46afe65 chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)
• 0bf2a11 chore(deps): bump github.com/opencontainers/image-spec (#5295)
• 23b5fec fix(report): removes git::http from uri in sarif (#5244)
• 4f1d576 Improve the meaning of sentence (#5301)
• 6ab2bdf chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)
• 4217cff chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)
• 1840584 add app nil check (#5274)
• c5ae9f2 typo: in secret.md (#5281)
• 562723f docs: add info about github format (#5265)
• 3dd5b1e feat(dotnet): add license support for NuGet (#5217)
• 5c18475 docs: correctly export variables (#5260)
• 0c08dde chore: Add line numbers for lint output (#5247)
• 0ccbb4f chore(cli): disable java-db flags in server mode (#5263)
• 908a491 feat(db): allow passing registry options (#5226)
• 5b4652d chore(deps): Bump up defsec to v0.93.0 (#5253)
• faf8d49 refactor(purl): use TypeApk from purl (#5232)
• 559c0f3 chore: enable more linters (#5228)
• 2baad46 ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236)
• df2bff9 Fix typo on ide.md (#5239)
• 44656f2 refactor: use defined types (#5225)
• 37af529 fix(purl): skip local Go packages (#5190)
• eea3320 docs: update info about license scanning in Yarn projects (#5207)
• 2e66620 ci: auto apply labels (#5200)
• 49680dc fix link (#5203)

v0.45.1

Changelog

• daae882 fix(purl): handle rust types (#5186)
• 81240cf chore: auto-close issues (#5177)
• bd0accd chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)
• ecee794 fix(k8s): kbom support addons labels (#5178)
• 9ebc25d test: validate SPDX with the JSON schema (#5124)
• 9a49a37 chore: bump trivy-kubernetes-latest (#5161)
• ad1dc63 docs: add 'Signature Verification' guide (#4731)
• 7c68d4a docs: add image-scanner-with-trivy for ecosystem (#5159)
• ed49609 fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)
• 1953972 chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)
• c751601 Update filtering.md (#5131)
• ccc6d7c chore(deps): bump sigstore/cosign-installer (#5104)
• 48cbf45 chore(deps): bump github.com/cyphar/filepath-securejoin (#5143)
• a9c2c74 chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103)
• 120ac68 chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105)
• 41eaa78 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126)
• 932f927 chaging adopters discussion tempalte (#5091)
• db31333 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092)
• 8c0b7d6 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094)
• c61c664 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095)
• a99944c chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097)
• 9fc844e chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098)
• c504f8b chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106)

v0.45.0

⚡Release highlights and summary⚡

👉 #5082

Changelog

• cdab67e docs: add Bitnami (#5078)
• 7acc5e8 feat(docker): add support for scanning Bitnami components (#5062)
• 9628b1c feat: add support for .trivyignore.yaml (#5070)
• 4547e27 fix(terraform): improve detection of terraform files (#4984)
• 0c8919e feat: filter artifacts on --exclude-owned flag (#5059)
• c04f234 fix(sbom): cyclonedx advisory should omit null value (#5041)
• f811ed2 build: maximize build space for build tests (#5072)
• 69ea5bf feat: improve kbom component name (#5058)
• 3715dcb fix(pom): add licenses for pom artifacts (#5071)
• 07f7e98 chore(deps): Update defsec to v0.92.0 (#5068)
• d4ca3cc chore: bump Go to 1.20 (#5067)
• 49fdd58 feat: PURL matching with qualifiers in OpenVEX (#5061)
• 4401998 feat(java): add graph support for pom.xml (#4902)
• 9c211d0 feat(swift): add vulns for cocoapods (#5037)
• 422fa41 fix: support image pull secret for additional workloads (#5052)
• 8e93386 fix: #5033 Superfluous double quote in html.tpl (#5036)
• 9345a98 docs(repo): update trivy repo usage and example (#5049)
• 5d8da70 perf: Optimize Dockerfile for reduced layers and size (#5038)
• 1be9da7 feat: scan K8s Resources Kind with --all-namespaces (#5043)
• 0e17d0b fix: vulnerability typo (#5044)
• d70fab2 docs: adding a terraform tutorial to the docs (#3708)
• 2fa264a feat(report): add licenses to sarif format (#4866)
• 07ddf47 feat(misconf): show the resource name in the report (#4806)
• 9de3606 chore: update alpine base images (#5015)
• ef70d20 feat: add Package.resolved swift files support (#4932)
• ec5d8be feat(nodejs): parse licenses in yarn projects (#4652)
• 3114c87 fix: k8s private registries support (#5021)
• 6d79f55 bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)
• 9ace591 feat(vuln): support last_affected field from osv (#4944)
• d442176 feat(server): add version endpoint (#4869)
• 63cd41d feat: k8s private registries support (#4987)
• cb16e23 fix(server): add indirect prop to package (#4974)
• a4e981b docs: add coverage (#4954)
• 6f03c79 feat(c): add location for lock file dependencies. (#4994)
• c748705 docs: adding blog post on ec2 (#4813)
• 4e1316c revert 32bit bins (#4977)
• fc959fc chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917)

v0.44.1

Changelog

• f105279 fix(report): return severity colors in table format (#4969)
• bc2b0ca build: maximize available disk space for release (#4937)
• 9493c6f test(cli): Fix assertion helptext (#4966)
• b0359de chore(deps): Bump defsec to v0.91.1 (#4965)
• d3a34e4 test: validate CycloneDX with the JSON schema (#4956)
• 798ef1b fix(server): add licenses to the Result message (#4955)
• e8cf281 fix(aws): resolve endpoint if endpoint is passed (#4925)
• f18b0db fix(sbom): move licenses to name field in Cyclonedx format (#4941)
• a796701 add only uniq deps in dependsOn (#4943)
• b544e0d use testify instead of gotest.tools (#4946)
• 067a0fc fix(nodejs): do not detect lock file in node_modules as an app (#4949)
• e6d7705 bump go-dep-parser (#4936)
• c584dc1 chore(deps): bump github.com/openvex/go-vex from 0.2.0 to 0.2.1 (#4914)
• 358d56b chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#4909)
• 17f3ea9 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#4912)
• 39ccbf7 test(aws): move part of unit tests to integration (#4884)
• 6d3ae3b docs(cli): update help string for file and dir skipping (#4872)
• 7d7a1ef chore(deps): bump sigstore/cosign-installer (#4910)
• fc74950 chore(deps): bump github.com/sosedoff/gitkit from 0.3.0 to 0.4.0 (#4916)
• b2a68bc chore(deps): bump k8s.io/api from 0.27.3 to 0.27.4 (#4918)
• e5c0c15 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (#4919)
• da37803 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#4913)
• 9744e64 chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 (#4915)
• 99eebc6 docs: update the discussion template (#4928)

v0.44.0

⚡Release highlights and summary⚡

👉 #4903

Changelog

• d19c7d9 feat(repo): support local repositories (#4890)
• 3c19761 bump go-dep-parser (#4893)
• e1c2a8c fix(misconf): add missing fields to proto (#4861)
• 8b8e0e8 fix: remove trivy-db package replacement (#4877)
• f9efe44 chore(test): bump the integration test timeout to 15m (#4880)
• 7271d68 chore(deps): Update defsec to v0.91.0 (#4886)
• c3bc67c chore: update CODEOWNERS (#4871)
• 232ba82 feat(vuln): support vulnerability status (#4867)
• 11618c9 feat(misconf): Support custom URLs for policy bundle (#4834)
• 0707569 refactor: replace with sortable packages (#4858)
• fbe1c9e docs: correct license scanning sample command (#4855)
• 20c2246 fix(report): close the file (#4842)
• 24a3e54 feat(nodejs): add support for include-dev-deps flag for yarn (#4812)
• a7bd7bb feat(misconf): Add support for independently enabling libraries (#4070)
• 4aa9ea0 feat(secret): add secret config file for cache calculation (#4837)
• 5d349d8 Fix a link in gitlab-ci.md (#4850)
• a61531c fix(flag): use globalstar to skip directories (#4854)
• 78cc209 chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849)
• 9399604 fix(license): using common way for splitting licenses (#4434)
• 3e2416d fix(containerd): Use img platform in exporter instead of strict host platform (#4477)
• ce77bb4 remove govulndb (#4783)
• c05caae fix(java): inherit licenses from parents (#4817)
• aca11b9 refactor: add allowed values for CLI flags (#4800)
• 4cecd17 add example regex to allow rules (#4827)
• 4bc8d29 feat(misconf): Support custom data for rego policies for cloud (#4745)
• 88243a0 docs: correcting the trivy k8s tutorial (#4815)
• 3c7d988 feat(cli): add --tf-exclude-downloaded-modules flag (#4810)
• fd0fd10 fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)
• d0d543b feat(misconf): enable --policy flag to accept directory and files both (#4777)
• b43a3e6 feat(python): add license fields (#4722)
• aef7b14 fix: support trivy k8s-version on k8s sub-command (#4786)

v0.43.1

Changelog

• 5d76aba chore(deps): Update defsec to v0.90.3 (#4793)
• fed446c chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#4752)
• df62927 chore(deps): bump alpine from 3.18.0 to 3.18.2 (#4748)
• 1b9b9a8 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 (#4758)
• 3c16ca8 docs(image): fix the comment on the soft/hard link (#4740)
• e5bee5c check Type when filling pkgs in vulns (#4776)
• 4b9f310 feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770)
• 8e7fb7c chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 (#4756)
• a9badea fix(rocky): add architectures support for advisories (#4691)
• f8ebccc chore(deps): bump github.com/opencontainers/image-spec (#4751)
• 1c81948 chore(deps): bump github.com/package-url/packageurl-go (#4754)
• 497cc10 chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (#4750)
• 065f0af chore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 (#4755)
• e260305 chore(deps): bump github.com/testcontainers/testcontainers-go (#4759)
• 0621402 fix: documentation about reseting trivy image (#4733)
• 798fdbc fix(suse): Add openSUSE Leap 15.5 eol date as well (#4744)
• 34a8929 fix: update Amazon Linux 1 EOL (#4761)

v0.43.0

⚡Release highlights and summary⚡

👉 #4741

Changelog

• 6008192 chore(deps): Update defsec to v0.90.1 (#4739)
• 73734ea feat(nodejs): support yarn workspaces (#4664)
• 22463ab feat(cli): add include-dev-deps flag (#4700)
• 790c805 fix(image): pass the secret scanner option to scan the img config (#4735)
• 86fec9c fix: scan job pod it not found on k8s-1.27.x (#4729)
• 26bc911 feat(docker): add support for mTLS authentication when connecting to registry (#4649)
• d699e8c chore(deps): Update defsec to v0.90.0 (#4723)
• 1777878 fix: skip scanning the gpg-pubkey package (#4720)
• 9be0825 Fix http registry oci pull (#4701)
• 5d73b47 feat(misconf): Support skipping services (#4686)
• 46e784c docs: fix supported modes for pubspec.lock files (#4713)
• 0f61a84 fix(misconf): disable the terraform plan analyzer for other scanners (#4714)
• 8a1aa44 clarifying a dir path is required for custom policies (#4716)
• fbab9ee chore: update alpine base images (#4715)
• f84417b fix last-history-created (#4697)
• 85c681d feat: kbom and cyclonedx v1.5 spec support (#4708)
• 46748ce docs: add information about Aqua (#4590)
• c6741bd fix: k8s escape resource filename on windows os (#4693)
• a21acc7 ci: ignore merge queue branches (#4696)
• 32a3a33 chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 (#4695)
• cbb47dc chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 (#4694)
• e3d10d2 feat: cyclondx sbom custom property support (#4688)
• e1770e0 ci: do not trigger tests in main (#4692)
• 337c0b7 add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690)
• 5ccee14 use group field for jar in cyclonedx (#4674)
• 96db52c feat(java): capture licenses from pom.xml (#4681)
• 3e902a5 feat(helm): make sessionAffinity configurable (#4623)
• 904f1cf fix: Show the correct URL of the secret scanning (#4682)
• 7d48c5d document expected file pattern definition format (#4654)
• dcc73e9 fix: format arg error (#4642)
• 35c4262 feat(k8s): cyclonedx kbom support (#4557)
• 0e01851 fix(nodejs): remove unused fields for the pnpm lockfile (#4630)
• 4d9b444 fix(vm): update ext4-filesystem parser for parse multi block extents (#4616)
• c29197a ci: update build IDs (#4641)
• d7637ad fix(debian): update EOL for Debian 12 (#4647)
• ef39eee chore(deps): bump go-containerregistry (#4639)
• 1ce8bb5 chore: unnecessary use of fmt.Sprintf (S1039) (#4637)
• bc9513f fix(db): change argument order in Exists query for JavaDB (#4595)
• aecd2f0 feat(aws): Add support to see successes in results (#4427)
• 2cbf402 chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4613)
• 0099b20 ci: do not trigger tests in main (#4614)
• a597a54 chore(deps): bump sigstore/cosign-installer (#4609)
• b453fbe chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 (#4608)
• 0e876d5 ci: bypass the required status checks (#4611)
• a4f27d2 ci: support merge queue (#3652)
• 9e6411e ci: matrix build for testing (#4587)
• ef6538a feat: trivy k8s private registry support (#4567)
• 139f3e1 docs: add general coverage page (#3859)
• 479cfdd chore: create SECURITY.md (#4601)

v0.42.1

Changelog

• 9a279fa ci: remove 32bit packages (#4585)
• d52b0b7 fix(misconf): deduplicate misconf results (#4588)
• 9b531fa fix(vm): support sector size of 4096 (#4564)
• 8ca1bfd fix(misconf): terraform relative paths (#4571)
• c20d466 fix(purl): skip unsupported library type (#4577)
• 52cbe79 fix(terraform): recursively detect all Root Modules (#4457)
• 4a5b915 fix(vm): support post analyzer for vm command (#4544)
• 56cdc55 fix(nodejs): change the type of the devDependencies field (#4560)
• 17d7536 fix(sbom): export empty dependencies in CycloneDX (#4568)
• 2796abe refactor: add composite fs for post-analyzers (#4556)
• 22a1573 chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4554)
• 4358665 chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#4526)
• 5081399 chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 (#4528)
• e1a3812 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 (#4529)
• 283eef6 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 (#4536)
• bbd7b98 chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 (#4549)
• 11c81bf chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#4532)
• 2d8d63e chore(deps): bump github.com/testcontainers/testcontainers-go (#4537)
• a46839b chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#4530)
• 19715f5 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4534)

v0.42.0

⚡Release highlights and summary⚡

👉 #4541

Changelog

• 854b639 chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
• 59e1a86 chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
• 9ef0113 feat: add SBOM analyzer (#4210)
• dadd1e1 fix(sbom): update logic for work with files in spdx format (#4513)
• 1a65821 feat: azure workload identity support (#4489)
• 411862c feat(ubuntu): add eol date for 18.04 ESM (#4524)
• 62a1aaf fix(misconf): Update required extensions for terraformplan (#4523)
• 48b2e15 refactor(cyclonedx): add intermediate representation (#4490)
• c15f269 fix(misconf): Remove debug print while scanning (#4521)
• b6ee08e fix(java): remove duplicates of jar libs (#4515)
• d474040 fix(java): fix overwriting project props in pom.xml (#4498)
• 4cf2f94 docs: Update compilation instructions (#4512)
• 18ce1c3 fix(nodejs): update logic for parsing pnpm lock files (#4502)
• 87eed38 fix(secret): remove aws-account-id rule (#4494)
• b0c591e feat(oci): add support for referencing an input image by digest (#4470)
• b84b5ec chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#4338)
• 305255a docs: fixed the format (#4503)
• d586de5 fix(java): add support of * for exclusions for pom.xml files (#4501)
• de6eef3 feat: adding issue template for documentation (#4453)
• 83a9c4a docs: switch glad to ghsa for Go (#4493)
• 5372722 chore(deps): Update defsec to v0.89.0 (#4474)
• 6fcd153 feat(misconf): Add terraformplan support (#4342)
• 72e302c feat(debian): add digests for dpkg (#4445)
• 7e99d08 chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#4478)
• 12a1789 feat(k8s): exclude node scanning by node labels (#4459)
• 919e8c9 docs: add info about multi-line mode for regexp from custom secret rules (#4159)
• 50fe43f feat(cli): convert JSON reports into a different format (#4452)
• 09db1d4 feat(image): add logic to guess base layer for docker-cis scan (#4344)
• 3f0721f fix(cyclonedx): set original names for packages (#4306)
• 0ef0dad feat: group subcommands (#4449)
• 3a7717f feat(cli): add retry to cache operations (#4189)
• 63cfb27 fix(vuln): report architecture for apk packages (#4247)
• e136136 refactor: enable cases where return values are not needed in pipeline (#4443)
• 29b5f7e fix(image): resolve scan deadlock when error occurs in slow mode (#4336)
• 92ed344 docs(misconf): Update docs for kubernetes file patterns (#4435)
• 16af41b test: k8s integration tests (#4423)
• cab8569 feat(redhat): add package digest for rpm (#4410)
• 92f9e98 feat(misconf): Add --reset-policy-bundle for policy bundle (#4167)
• 33fb047 fix: typo (#4431)
• 8b162f2 add user instruction to imgconf (#4429)
• 3b7c919 fix(k8s): add image sources (#4411)
• c75d35f docs(scanning): Add versioning banner (#4415)
• d298415 feat(cli): add mage command to update golden integration test files (#4380)
• 1a56295 feat: node-collector custom namespace support (#4407)
• 864ad10 chore(deps): bump owenrumney/go-sarif from v2.1.3 to v2.2.0 (#4378)
• 7a20d96 refactor(sbom): use multiline json for spdx-json format (#4404)
• ea5fd75 fix(ubuntu): add EOL date for Ubuntu 23.04 (#4347)
• 56a01ec refactor: code-optimization (#4214)
• 6a0e152 feat(image): Add image-src flag to specify which runtime(s) to use (#4047)
• 50c8b41 test: skip wrong update of test golden files (#4379)
• 51ca653 refactor: don't return error for package.json without version/name (#4377)
• e5e7ebc docs: cmd error (#4376)
• 6ee4960 test(cli): add test for config file and env combination (#2666)
• c067b02 fix(report): set a correct file location for license scan output (#4326)
• ff63748 ci: rpm repository for all versions and aarch64 (#4077)
• 0009b02 chore(alpine): Update Alpine to 3.18 (#4351)
• d61ae8c fix(alpine): add EOL date for Alpine 3.18 (#4308)
• 636ce80 chore(deps): bump github.com/docker/distribution (#4337)
• e859d10 feat: allow root break for mapfs (#4094)
• a6ef37f docs(misconf): Remove examples.md (#4256)
• dca8c03 fix(ubuntu): update eol dates for Ubuntu (#4258)
• b003f58 feat(alpine): add digests for apk packages (#4168)
• 86f0016 chore: add discussion templates (#4190)
• 2f318ce fix(terraform): Support tfvars (#4123)
• ec3906c chore: separate docs:generate (#4242)
• 37b25d2 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4246)
• 45d5edb refactor: define vulnerability scanner interfaces (#4117)
• 090a00e feat: unified k8s scan resources (#4188)
• f2188eb chore(deps): Update defsec to v0.88.1 (#4178)
• b79850f chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2 (#4141)
• 36acdfa chore: trivy bin ignore (#4212)
• 55fb723 feat(image): enforce image platform (#4083)
• 9c87cb2 chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.1.2 to 2.1.3 (#4143)
• 21cf179 chore(deps): bump github.com/docker/docker (#4144)
• fbf7a77 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.1 to 2.0.2 (#4146)
• 547391c chore(deps): bump aquaproj/aqua-installer from 2.0.2 to 2.1.1 (#4140)
• 882bfdd fix(ubuntu): fix version selection logic for ubuntu esm (#4171)
• 949cd10 chore(deps): bump github.com/samber/lo from 1.37.0 to 1.38.1 (#4147)
• 93bc162 chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#4145)
• 57993ef chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.3 (#4138)
• dc4baeb chore(deps): bump github.com/testcontainers/testcontainers-go (#4150)
• 25d0255 chore: install.sh support for windows (#4155)
• 73e5454 chore(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1 (#4166)
• 08de7c6 chore(deps): bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#4149)
• ade4730 docs: moving skipping files out of others (#4154)