v0.52.0 #6838
aqua-bot
announced in
Announcements
v0.52.0
#6838
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
📑 Table of Contents
pnpm
lockfile v9 support 🔍requirements.txt
files📍requirements.txt
Files ✨🚀 What's new? 🚀
🔌 Plugin Index 🔍
The plugin index is now available. Users can discover, install, and manage Trivy plugins from the central index.
Usage:
Anyone can easily create a plugin and publish it via the index.
See here for more details.
🔕 Advanced VEX Relationship Support 👪
Trivy has enhanced its VEX support by improving the handling of subcomponents in OpenVEX and relationships in CSAF. This feature allows for more granularly filtering of scan results by excluding vulnerabilities for specific packages or modules within a larger component.
Previously, support for subcomponents and relationships was limited. With this new version, Trivy can more effectively utilize VEX documents during scans. By internally constructing a dependency tree and applying VEX relationships to it, Trivy enables more accurate and granular vulnerability filtering.
For example, you can now apply a VEX document that addresses vulnerabilities in a Go binary and its dependent modules to a container image.
This example applies a VEX statement suppressing the vulnerability CVE-2024-22189 in the
github.com/quic-go/quic-go
Go module, which is a dependency of thegithub.com/coredns/coredns
Go module, to thecoredns/coredns:1.11.1
container image. This VEX document can be re-used when scanning other container images.Note: This is just an example, and the VEX statement mentioned is not actually valid.
See here for more details.
🧩 Julia Language Support 🪼
This version introduces support for analyzing Julia language projects, enabling the generation of SBOMs for Julia dependencies. Note that vulnerability scanning is not supported.
See here for more details.
Thanks to @Octogonapus
📦
pnpm
lockfile v9 support 🔍Trivy now supports
pnpm
lockfile v9. This enhancement allows you to correctly scan lock files of any version ofpnpm
as of today.🐍 Support for Line Numbers for
requirements.txt
files📍Trivy now supports line numbers for dependencies in
requirements.txt
files.Example:
🐍 Support for License Detection for
requirements.txt
Files ✨Trivy now supports license detection for
requirements.txt
files by parsingMETADATA
files insite-packages
directory.To detect
site-packages
directory, Trivy uses venv or path to the Python binary.Read more here.
🧀 Added support for modules from OpenTofu registry👨🏼⚖️
Trivy is now able to resolve any Terraform modules from an OpenTofu compatible registry.
📎Support for symlinks inside Helm archives 📕
Trivy can now properly scan any symlinks that might be present within archives. One example of this is the presence of symlinks within a Helm archive.
🍎 Support for deprecating misconfiguration checks 🙇♂️
We've now added the ability in checks to be deprecated as and when they are no longer relevant. By default now Trivy will ignore any checks that are marked as deprecated but if you still wish to include them for any reason, you can do so by passing in the
--include-deprecated-checks
flag. A custom check can also be deprecated, see an example below👷♂️ Notable Fixes 🛠️
version
part has prefix #6702Beta Was this translation helpful? Give feedback.
All reactions