Sourced from github.com/aquasecurity/trivy's releases.

v0.42.0

Changelog

• 854b63940 chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
• 59e1a8664 chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
• 9ef01133c feat: add SBOM analyzer (#4210)
• dadd1e10c fix(sbom): update logic for work with files in spdx format (#4513)
• 1a658210a feat: azure workload identity support (#4489)
• 411862c90 feat(ubuntu): add eol date for 18.04 ESM (#4524)
• 62a1aaf03 fix(misconf): Update required extensions for terraformplan (#4523)
• 48b2e15c2 refactor(cyclonedx): add intermediate representation (#4490)
• c15f269a9 fix(misconf): Remove debug print while scanning (#4521)
• b6ee08e55 fix(java): remove duplicates of jar libs (#4515)
• d4740401a fix(java): fix overwriting project props in pom.xml (#4498)
• 4cf2f94d0 docs: Update compilation instructions (#4512)
• 18ce1c336 fix(nodejs): update logic for parsing pnpm lock files (#4502)
• 87eed38c6 fix(secret): remove aws-account-id rule (#4494)
• b0c591ef6 feat(oci): add support for referencing an input image by digest (#4470)
• b84b5ecfc chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#4338)
• 305255a49 docs: fixed the format (#4503)
• d586de585 fix(java): add support of * for exclusions for pom.xml files (#4501)
• de6eef3b0 feat: adding issue template for documentation (#4453)
• 83a9c4a4c docs: switch glad to ghsa for Go (#4493)
• 537272257 chore(deps): Update defsec to v0.89.0 (#4474)
• 6fcd1538d feat(misconf): Add terraformplan support (#4342)
• 72e302cf8 feat(debian): add digests for dpkg (#4445)
• 7e99d08a1 chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#4478)
• 12a1789be feat(k8s): exclude node scanning by node labels (#4459)
• 919e8c92b docs: add info about multi-line mode for regexp from custom secret rules (#4159)
• 50fe43f14 feat(cli): convert JSON reports into a different format (#4452)
• 09db1d438 feat(image): add logic to guess base layer for docker-cis scan (#4344)
• 3f0721ff6 fix(cyclonedx): set original names for packages (#4306)
• 0ef0dadb1 feat: group subcommands (#4449)
• 3a7717fde feat(cli): add retry to cache operations (#4189)
• 63cfb2714 fix(vuln): report architecture for apk packages (#4247)
• e1361368a refactor: enable cases where return values are not needed in pipeline (#4443)
• 29b5f7e8e fix(image): resolve scan deadlock when error occurs in slow mode (#4336)
• 92ed344e8 docs(misconf): Update docs for kubernetes file patterns (#4435)
• 16af41be1 test: k8s integration tests (#4423)
• cab8569cd feat(redhat): add package digest for rpm (#4410)
• 92f9e98d0 feat(misconf): Add --reset-policy-bundle for policy bundle (#4167)
• 33fb04763 fix: typo (#4431)
• 8b162f287 add user instruction to imgconf (#4429)
• 3b7c9198d fix(k8s): add image sources (#4411)
• c75d35ff6 docs(scanning): Add versioning banner (#4415)
• d298415c0 feat(cli): add mage command to update golden integration test files (#4380)
• 1a56295ff feat: node-collector custom namespace support (#4407)
• 864ad10a3 chore(deps): bump owenrumney/go-sarif from v2.1.3 to v2.2.0 (#4378)
• 7a20d9622 refactor(sbom): use multiline json for spdx-json format (#4404)
• ea5fd75ff fix(ubuntu): add EOL date for Ubuntu 23.04 (#4347)
• 56a01ec6f refactor: code-optimization (#4214)

... (truncated)

• 854b639 chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
• 59e1a86 chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
• 9ef0113 feat: add SBOM analyzer (#4210)
• dadd1e1 fix(sbom): update logic for work with files in spdx format (#4513)
• 1a65821 feat: azure workload identity support (#4489)
• 411862c feat(ubuntu): add eol date for 18.04 ESM (#4524)
• 62a1aaf fix(misconf): Update required extensions for terraformplan (#4523)
• 48b2e15 refactor(cyclonedx): add intermediate representation (#4490)
• c15f269 fix(misconf): Remove debug print while scanning (#4521)
• b6ee08e fix(java): remove duplicates of jar libs (#4515)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)