This update for trivy fixes the following issues:
Update to version 0.58.2 (
boo#1234512, CVE-2024-45337,
boo#1235265, CVE-2024-45338):
unknown
dependencies (if exists) [backport: release/v0.58] (#8156)golang.org/x/net
from v0.32.0
to v0.33.0
[backport: release/v0.58] (#8142)github.com/CycloneDX/cyclonedx-go
from v0.9.1
to v0.9.2
[backport: release/v0.58] (#8136)BLOW_UNKNOWN
error to download DBs [backport: release/v0.58] (#8121)project.*
props [backport: release/v0.58] (#8119)workspaceRelationship
(#7889)go.mod
main module in the parser (#7977)overview
page for others
(#7972)flavors
support (#7858)mirror.gcr.io
(#7953)UID
for removed packages (#7887)root/buildinfo/content_manifests/
contains files that are not contentSets
files (#7912)git@github.com
schema for misconfigs in sarif
report (#7898)containerd
image into archive and use in tests (#7816)chore: bump golangci-lint to v1.61.0 (#7853)
root/buildinfo/content_manifests/
contains files that are not contentSets
files [backport: release/v0.57] (#7939)errors.Join
(#7845)Annotation
instead of AttributionTexts
for SPDX
formats (#7811)EXCEPTIONS
for misconfiguration scanning (#7776)CycloneDX
reports (#7507)version
and scope
from upper/root depManagement
and dependencies
into parents (#7541)trivy auth
to trivy registry
(#7727)clean --all
deletes only relevant dirs (#7704)trivy auth
(#7664)git clone
output to Stderr (#7561)feat(cli): error out when ignore file cannot be found (#7624)
fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)
--skip-*
for all included modules (#7579)setup-go
(#7622)pom.xml
dependency versions can't be detected (#7520)save
and restore
cache actions (#7614)DownloadedAt
for trivy-java-db
(#7592)workflow_dispatch
trigger for test workflow. (#7606)integration
, VM
and module
tests (#7599)framework
as library
when unmarshalling CycloneDX
files (#7527).egg
and packaging
analyzers (#7514)dependencyManagement
from root/child pom's for dependencies from parents (#7497)CVE-2024-34155
, CVE-2024-34156
and CVE-2024-34158
in trivy.openvex.json
(#7510)test
scope for pom.xml
files (#7488)ExperimentalModifiedFindings
(#7463)toolchain
as stdlib
version for go.mod
files (#7163)test
scope support for pom.xml
files (#7414)kind
and apiVersion
of volumeClaimTemplate
element (#7362)importers
to detect dev deps from pnpm-lock.yaml file (#7387).eyJ
keyword for JWT secret (#7410)NOASSERTION
for licenses fields in SPDX formats (#7403)Message
field in asff.tpl
template (#7401)--path-prefix
flag for client/server mode (#7321)--detection-priority
flag for accuracy tuning (#7288)--clear-cache
(#7281)feat(vm): Support direct filesystem (#7058)