v0.49.0 #6033
aqua-bot
announced in
Announcements
v0.49.0
#6033
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
🚀 What's new? 🚀
💱 VEX Support Extended Across All Targets 🎯
Trivy now enables the
--vex
flag for all scanning targets, broadening its vulnerability capabilities. This update allows users to leverage VEX information across various assets, including container images, improving the granularity and relevance of security insights.🌊 CSAF VEX Support 🐦
Trivy now supports the CSAF format for filtering vulnerabilities with the
--vex
flag, expanding its compatibility with various VEX formats, including OpenVEX and CycloneDX.Details
🐍 Python License Parsing Enhancement 📄
Trivy now parses new license-related fields from the .dist-info folder in Python projects, aligning with PEP-639's introduction of the License-File field. This update enhances license detection in Python packages by utilizing the specified license files, even when the license itself is not explicitly mentioned in the package metadata.
📑 Line Numbers for pom.xml in Trivy 📍
Trivy now supports line numbers for dependencies in pom.xml, enhancing the precision of Java project scans. This offers locations for its direct dependencies while modules and transitive dependencies do not have this detail.
Example:
🧶 Yarn Alias Support 👽
Trivy now supports Yarn aliases, enhancing its Node.js package scanning capabilities. This update allows for more accurate dependency tracking in projects using Yarn's alias feature.
Example
🦀 Rust Workspace Support 📦
Trivy now parses
workspace.members
in Cargo.toml for Rust projects, improving dependency analysis within Rust workspaces.Thanks to @anfedotoff
👾Aliases support for misconfig checks 👽
Misconfiguration rego checks can now be supplied with
aliases
. An example would be as such:This alias can be then used to ignore this check just like other properties.
🚀 Support EC2 launch templates for misconfig scans 💣
It's now possible to scan AWS IaC that includes launch templates. The templates will be rendered prior to evaluation so as to display correct misconfiguration results.
For instance, the following EC2 config with the launch template will now be evaluated including the launch template details. Previously this would lead to false positives.
This feature is supported for both CloudFormation and Terraform IaC scanning.
👷♂️ Notable Fixes 🛠️
Beta Was this translation helpful? Give feedback.
All reactions