Vuls

Changelog

• 087b620 chore(deps): bump github.com/aquasecurity/trivy from 0.55.2 to 0.56.1 (#2044)
• 7c749ea chore(deps): bump the aws group with 5 updates (#2043)
• 939299b chore(deps): bump golang.org/x/text from 0.18.0 to 0.19.0 (#2045)
• 3dd738d feat(detector/microsoft): set WindowsRoughMatch if KB or Version to be fixed is unknown (#2041)
• 80e417b refactor: use std slices, maps package (#2042)
• d5982a2 chore(deps): bump dictionary versions to latest ones (#2040)
• 0e21ce2 fix(detector/cpe): do not overwrite distro advisories (#2039)

What's Changed

• fix(trivy-to-vuls): remove cvss/severity duplicates, list all severities by @MaineK00n in #1929
• feat(reporter/s3): support minio by @MaineK00n in #1930
• feat(ci): group aws-sdk-go-v2 updates, check github actions update by @MaineK00n in #1941
• fix(redhat-based): collect running kernel packages by @MaineK00n in #1950
• fix(debian,ubuntu): collect running kernel source package by @MaineK00n in #1935
• fix(ci): Remove unused files to avoid disk full by @shino in #1957
• feat(config/os): add alpine 3.19, 3.20 EOL by @MaineK00n in #1965
• style(log): saas s3 upload error log by @futur

Changelog

• cb26be1 fix(ci): Remove unused files to avoid disk full (#1957)
• e1fab80 fix(debian,ubuntu): collect running kernel source package (#1935)
• 5af1a22 fix(redhat-based): collect running kernel packages (#1950)
• 0533069 chore(deps): bump docker/setup-buildx-action from 2 to 3 (#1955)
• 3e1f2bc chore(deps): bump docker/setup-qemu-action from 2 to 3 (#1954)
• 368c496 chore(deps): bump docker/metadata-action from 4 to 5 (#1953)
• a99e3af chore(deps): bump golangci/golangci-lint-action from 3 to 6 (#1952)
• 1769107

Changelog

• 6e0a0a9 fix(build): Remove unused files to avoid disk full

This release includes a bug fix and a few additional features.

New feature

• Now modularity label is added in the scan result for Red Hat like OSes
  • This fixed #1915
  • feat(scanner/redhat): each package has modularitylabel by @MaineK00n in #1381
• Vendor severity and every CVSS information are added to cveContents
  • This fixed #1919
  • Both detector and trivy-to-vuls command are changed in similar way
  • feat(detector, contrib/trivy-to-vuls): collect vendor severity and cvss by @MaineK00n in #1921

(Potential) Incompatibilities

• enabledDnfModules element no more exists in scanner results
  • By #1381

Changelog

• ef2be3d feat(detect/redhat): detect unpatched vulnerabilities with oval, stop using gost (#1907)
• 827f2cb chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#1910)
• 4cb4ec4 chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 (#1909)
• 81f3d5f chore(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10 (#1908)
• f3f6671 feat(ubuntu): add 24.04 noble (#1878)
• bca59ff chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#1903)
• 3f98fbc style(log) fix trivy scan page link (#1902)
• 73dc95f

Changelog

• e25ec99 chore(deps): bump github.com/aws/aws-sdk-go from 1.49.21 to 1.51.5 (#1881)
• 50580f6 feat(wpscan): support enterprise feature (#1875)
• 472df0e chore(deps): update dictionary modules (#1877)
• 7d5a47b chore(deps): bump github.com/docker/docker (#1880)
• 99cf9db feat(detector/library): update JAR-like files' Name/Version in library list (#1874)
• e1df74c fix(amazon): use major version for checking eol, security advisories (#1873)
• 426eb53 chore(deps): bump github.com/jackc/pgx/v5 from 5.5.1 to 5.5.4 (#1872)
• bda0

Caution

Version 0.25.0 is SKIPped. DON'T USE 0.25.0.

Highlights

• Trivy dependency is updated, 0.35.0 to 0.49.1

  • Dart's pubspec.lock, Elixir's mix.lock, Swift's Podfile.lock and Package.resolved are newly
    detected by lockfile scan, these can be auto detected (findLock = true)
  • Rust's binary can also be scanned as lockfile, but not auto detected
  • Related PRs
    • Update trivy from 0.35.0 to 0.49.1 by @shino in #1806
    • fix(detector): library.Scan move to detector by @MaineK00n in #1864
    • Avoid to use sync.Once inside trivy javadb Updater by @shino in #1859

• Add PURL (Package URL) in scan results

  • feat(PackageURL):add package URL fo

Changelog

• 18b4cbb Add 2 hour timeout

Changelog

• b9ebcf3 fix(scanner/windows): support when default shell is powershell (#1844)
• 7e91f5e fix(contrib/trivy): fix convert for src package (#1842)
• 76267a5 delete: cab validation (#1843)
• ea84385 fix(scanner/macos): remove unnecessary error check (#1836)
• d6589c2 chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1837)
• 6e07103 chore(deps): bump github.com/emersion/go-smtp from 0.20.1 to 0.20.2 (#1838)
• b7e5bb2 chore(deps): bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 (#1831)
• 91ed768 chore(d

What's Changed

• fix(scanner/redhat): do not make cache when offline of redhat fast by @MaineK00n in #1814
• chore(deps): bump dictionaries by @MaineK00n in #1815

Full Changelog: v0.24.7...v0.24.8