{
  "version": "https://jsonfeed.org/version/1.1",
  "title": "SCA Tools Feed - Trivy",
  "feed_url": "https://tmyymmt.github.io/sca-tools-feed/feeds/trivy.json",
  "items": [
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.72.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.72.0",
      "title": "[Trivy] v0.72.0",
      "content_text": "## ⚡ Highlights ⚡\r\n👉 https://github.com/aquasecurity/trivy/discussions/10907\r\n\r\n## Changelog\r\nhttps://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0720-2026-06-30",
      "date_published": "2026-06-30T09:34:06Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.72.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.71.2",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.71.2",
      "title": "[Trivy] v0.71.2",
      "content_text": "## Changelog\n* 055a5c8a53bfd61f7a8e276a5b2f0c3fc1673420 release: v0.71.2 [release/v0.71] (#10871)\n* 875328a4138f26e8559cfee80adaef82b6693076 fix(deps): bump alpine to 3.24.1 [backport: release/v0.71] (#10870)\n* 998f7b3c3f3c9de2132bc4358970eeafbd797fba chore(deps): bump the common group with 4 updates [backport: release/v0.71] (#10867)\n\n",
      "date_published": "2026-06-19T10:37:28Z",
      "tags": [
        "feature"
      ],
      "_tool_id": "trivy",
      "_version": "v0.71.2"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.71.1",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.71.1",
      "title": "[Trivy] v0.71.1",
      "content_text": "## Changelog\n* 164b383121351c2d49c5d354c2245719d972752b release: v0.71.1 [release/v0.71] (#10818)\n* a72d9a4d997c25fbb6534e231b4e206c9b202b31 fix(oci): validate artifact filename\n* 3dd98471dfbbc4a95edd5cd866468d3a8c87fd17 fix: forward ospkg detector options through ospkg.NewScanner [backport: release/v0.71] (#10825)\n* a62cbe40a240d3a3f568401b8a5f86e14114e371 fix(vex): load VEX documents from within the repository directory [backport: release/v0.71] (#10821)\n* 43d1d2628725e913db110b89419f0bebd36f58a8 fix: surface the original analysis error instead of context cancellation [backport: release/v0.71] (#10812)\n* ac7696c7b50d633183ce2ff44898d4b5c6eae565 ci: expect GitHub App bot as backport PR author [backport: release/v0.71] (#10815)\n\n",
      "date_published": "2026-06-15T09:12:47Z",
      "tags": [
        "bugfix"
      ],
      "_tool_id": "trivy",
      "_version": "v0.71.1"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.71.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.71.0",
      "title": "[Trivy] v0.71.0",
      "content_text": "## ⚡ Highlights ⚡\r\n👉 https://github.com/aquasecurity/trivy/discussions/10767\r\n\r\n## Changelog\r\nhttps://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0710-2026-06-01",
      "date_published": "2026-06-01T13:49:26Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.71.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.70.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.70.0",
      "title": "[Trivy] v0.70.0",
      "content_text": "## ⚡ Highlights ⚡\r\n👉 https://github.com/aquasecurity/trivy/discussions/10546\r\n\r\n## Changelog\r\nhttps://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16",
      "date_published": "2026-04-17T06:50:02Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.70.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.69.3",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.69.3",
      "title": "[Trivy] v0.69.3",
      "content_text": "## Changelog\n* 6fb20c8edd70745d6b34bff0387b53b03c8a760a release: v0.69.3 [release/v0.69] (#10293)\n* dabefec57d099184bc8bd268dea23cd5d502f9cc fix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#10291)\n\n",
      "date_published": "2026-03-03T13:14:48Z",
      "tags": [
        "feature"
      ],
      "_tool_id": "trivy",
      "_version": "v0.69.3"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.69.2",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.69.2",
      "title": "[Trivy] v0.69.2",
      "content_text": "## Changelog\n* cfa322ed23f2e33ef1632ae3a5a8c7172f06a5c3 release: v0.69.2 [release/v0.69] (#10266)\n* 86debce0f4897e9501368fe0611c5ae472a141eb fix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#10267)\n* cf3d4cd6a8bdf5b5b1d701f591bd8aaabd2c7c27 fix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#10264)\n* 6dfd3b078b95d30e812e04f13fd1cac7e08f9b4e ci: remove apidiff workflow\n\n",
      "date_published": "2026-03-01T19:14:14Z",
      "tags": [
        "feature"
      ],
      "_tool_id": "trivy",
      "_version": "v0.69.2"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.26.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.26.0",
      "title": "[Trivy] v0.26.0",
      "content_text": "## Changelog\n* a0047a79 feat(alpine): warn mixing versions (#2000)\n* d786655a Update ASFF template (#1914)\n* a02cf651 chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)\n* 613e38cc chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)\n* 3b6d65be test(go): add integration tests for gomod (#1989)\n* 22f5b938 fix(python): fixed panic when scan .egg archive (#1992)\n* 485637c2 fix(go): set correct go modules type (#1990)\n* 6fdb554a feat(alpine): support apk repositories (#1987)\n* d9bddb90 docs: add CBL-Mariner (#1982)\n* 1cf1873f docs(go): fix version (#1986)\n* d77dbe8a feat(go): support go.mod in Go 1.17+ (#1985)\n* 32bd1e48 ci: fix URLs in the PR template (#1972)\n* 94a5a180 ci: add semantic pull requests check (#1968)\n* 72d94b21 docs(issue): added docs for wrong detection issues (#1961)\n\n",
      "date_published": "2022-04-15T21:41:49Z",
      "tags": [
        "security"
      ],
      "_tool_id": "trivy",
      "_version": "v0.26.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.4",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.4",
      "title": "[Trivy] v0.25.4",
      "content_text": "## Changelog\n* b4a7d6a8 docs: move CONTRIBUTING.md to docs (#1971)\n* 0127c1d3 refactor(table): use file name instead package path (#1966)\n* a92da722 fix(sbom): add --db-repository (#1964)\n* b0f3864e feat(table): add PkgPath in table result (#1960)\n* 0b1d32c1 fix(pom): merge multiple pom imports in a good manner (#1959)\n\n",
      "date_published": "2022-04-11T16:29:57Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.25.4"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.3",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.3",
      "title": "[Trivy] v0.25.3",
      "content_text": "## Changelog\n* d4e3df81 fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)\n* 7e48cc1f fix(misconf): update BurntSushi/toml for fix runtime error (#1948)\n* c9efa8c4 fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)\n* 52b71542 feat(jar): allow setting Maven Central URL using environment variable (#1939)\n* 21f7a41b chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)\n* ff2b3d17 chore(chart): remove version comments (#1933)\n\n",
      "date_published": "2022-04-06T07:16:49Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.25.3"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.2",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.2",
      "title": "[Trivy] v0.25.2",
      "content_text": "## Changelog\n* 9c19298f fix(downloadDB): add flag to server command (#1942)\n\n",
      "date_published": "2022-04-05T10:27:43Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.25.2"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.1",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.1",
      "title": "[Trivy] v0.25.1",
      "content_text": "## Changelog\n* aa3d6966 fix(misconf): update defsec to resolve panics (#1935)\n* 31e76699 chore(deps): bump github.com/docker/docker (#1924)\n* 4ca35b26 docs: restructure the documentation (#1887)\n* 8da45480 chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)\n* 76e9d7eb chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)\n* 2b217a3b chore(deps): bump actions/checkout from 2 to 3 (#1916)\n* 902aa8ce chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921)\n* 60b19e5e chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)\n* 58aab679 chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)\n* 209b9cc2 chore(deps): bump golang from 1.17 to 1.18.0 (#1915)\n* bfb931d4 Add trivy horizontal logo (#1932)\n* ae86a5b1 chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)\n* 1a23039e chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925)\n* 56498ca1 chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)\n* 02105678 feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)\n\n",
      "date_published": "2022-04-04T21:55:13Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.25.1"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.25.0",
      "title": "[Trivy] v0.25.0",
      "content_text": "## Changelog\n* 4470a181 docs(filter vulnerabilities): fix link (#1880)\n* cb171ead feat(template) Add misconfigurations to gitlab codequality report (#1756)\n* 36e24b18 fix(rpc): add PkgPath field to client / server mode (#1643)\n* 88311745 fix(vulnerabilities): fixed trivy-db vulns (#1883)\n* 9154b819 feat(cache): remove temporary cache after filesystem scanning (#1868)\n* f36d9b6f feat(sbom): add a dedicated sbom command (#1799)\n* 7a148089 feat(cyclonedx): add vulnerabilities (#1832)\n* df80fd31 fix(option): hide false warning about remote options (#1865)\n* 88ebc075 chore: bump up Go to 1.18 (#1862)\n* d6418cf0 feat(filesystem): scan in client/server mode (#1829)\n* 12d0317a refactor(template): remove unused test (#1861)\n* c3aca152 fix(cli): json format for trivy version (#1854)\n* b2b68951 docs: change URL for tfsec-checks (#1857)\n\n",
      "date_published": "2022-03-31T11:39:16Z",
      "tags": [
        "bugfix"
      ],
      "_tool_id": "trivy",
      "_version": "v0.25.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.4",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.4",
      "title": "[Trivy] v0.24.4",
      "content_text": "## Changelog\n* 06659f15 fix(docker): Getting images without a tag (#1852)\n* a91cc50d docs(gitlab-ci): Use environment variables TRIVY_CACHE_DIR and TRIVY_NO_PROGRESS (#1801)\n\n",
      "date_published": "2022-03-17T19:49:15Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.24.4"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.3",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.3",
      "title": "[Trivy] v0.24.3",
      "content_text": "## Changelog\n* 4b8bf874 chore(issue labels): added new labels (#1839)\n* 5040caef refactor: clarify db update warning messages (#1808)\n* 28cd5a55 chore(ci): change trivy vulnerability scan for every day  (#1838)\n* b2f554eb feat(helm): make Trivy service name configurable (#1825)\n* 7a44a7a3 chore(deps): updated sprig to version v3.2.2. (#1814)\n* 18842fbe chore(deps): updated testcontainers-go to version v0.12.0 (#1822)\n* 12ca3ca6 docs: add packages.config for .NET (#1823)\n* 728a3db6 build: sign container image (#1668)\n* 4e7b5ca3 chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.4.0 to 0.5.0 (#1778)\n* 0fca2cda docs: fix Installation documentation (#1804)\n* e50839bb fix(report): ensure json report got a final new line (#1797)\n* f95a0f0d fix(terraform): resolve panics in defsec (#1811)\n* e5bf3d1e feat(docker): Label images based on OCI image spec (#1793)\n* 2193fb3c fix(helm): indentation for ServiceAccount annotations (#1795)\n* bbccb5a6 fix(hcl): fix panic in hcl2json (#1791)\n* a625455f chore(helm): remove psp from helm manifest (#1315)\n* 7e69f482 build: Replace `make protoc` with `for loop` to return an error (#1655)\n* f6c986b6 fix: ASFF template to match ASFF schema (#1685)\n* aab6f0bf feat(helm): Add support for server token (#1734)\n\n",
      "date_published": "2022-03-16T13:29:58Z",
      "tags": [
        "security"
      ],
      "_tool_id": "trivy",
      "_version": "v0.24.3"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.2",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.2",
      "title": "[Trivy] v0.24.2",
      "content_text": "## Changelog\n\neebf9c8f fix(pom): keep an order of dependencies (#1784)\n971092b8 chore: bump up Go to 1.17 (#1781)\n2f2d8222 chore(deps): bump actions/setup-python from 2 to 3 (#1776)\na2afd6e6 chore(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (#1777)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.24.2`\n- `docker pull ghcr.io/aquasecurity/trivy:0.24.2`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.24.2`\n",
      "date_published": "2022-03-03T10:52:56Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.24.2"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.1",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.1",
      "title": "[Trivy] v0.24.1",
      "content_text": "## Changelog\n\na423b993 fix(python): correct handling pip package names with a hyphen (#1771)\na069ad78 doc(docker): fix command to run trivy with docker on linux (#1761)\n015055e1 feat(helm): Add support for custom labels (#1767)\ncbaa3639 chore(helm): bump chart to trivy 0.24.0 (#1762)\nbec02f09 docs: remove erroneous command (#1763)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.24.1`\n- `docker pull ghcr.io/aquasecurity/trivy:0.24.1`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.24.1`\n",
      "date_published": "2022-02-27T16:04:56Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.24.1"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.24.0",
      "title": "[Trivy] v0.24.0",
      "content_text": "## Changelog\n\nd7f8b92a chore(deps): bump github.com/spf13/afero from 1.6.0 to 1.8.1 (#1708)\n59ea0d57 fix(option): warn list-all-pkgs only with the table format (#1755)\nc788676f feat(option): warn \"--list-all-pkgs\" with \"--format table\" (#1632)\n58ade462 feat(report): add support for CycloneDX (#1081)\n77cab6e0 chore(deps): update the defsec and tfsec versions (#1747)\n2ede15d3 fix(scanner): fix skip of language-specific files when scanning rootf… (#1751)\nd266c749 chore(deps): bump github.com/google/wire from 0.4.0 to 0.5.0 (#1712)\n4423396b feat(report): considering App.Writer when printing results (#1722)\n356ae30c chore(deps): replace `satori` version and skipping examples folder  (#1745)\n477dc7d5 build: add s390x container images (#1726)\n89b8d7ff feat(template) Add misconfigurations to junit report (#1724)\n219b71b4 chore(deps): bump github.com/twitchtv/twirp (#1709)\naa6e1eb6 feat(client): configure TLS InsecureSkipVerify for server connection (#1287)\nde6c3cbb fix(rpc): Supports RPC calls for new identifier CustomResource (#1605)\nb7d4d1ea chore(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 (#1705)\ne6c029d0 chore(deps): bump github.com/caarlos0/env/v6 from 6.0.0 to 6.9.1 (#1707)\nec6cb1a6 feat(helm): Parameterise ServiceAccount annotations (#1677)\n7dfc16cf chore(deps): bump github.com/hashicorp/go-getter from 1.5.2 to 1.5.11 (#1710)\n42d8fd66 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.3 to 3.0.8 (#1704)\nc3ef2035 chore(deps): bump github.com/open-policy-agent/opa from 0.36.1 to 0.37.2 (#1711)\n274103e8 chore(dependabot): enable gomod monthly (#1699)\ne618d83d fix(gitlab tpl): escape double quote (#1635)\n3b0b2ed4 build: Make `make protoc` be consistent (#1682)\n5c8d0983 feat(purl): add generate purl package utilities (#1574)\n11f4f811 refactor: move result structs under types (#1696)\n6db2092c feat(mariner): add support for CBL-Mariner 2.0 (#1694)\n8898bb09 docs(gitlab-ci): fix Script in GitLab CI Example #1688\n33d08337 chore: Upgrade helm chart version (#1683)\n13874d86 chore(mod): update Go dependencies (#1681)\nf26a06b9 docs: fix typos in markdown docs (#1674)\ne2821a4f docs: update documentation for image scanning of tar files to use a tag present on Docker Hub (#1671)\nef8a1afc fix(repo): --no-progress suppresses git output (#1669)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.24.0`\n- `docker pull ghcr.io/aquasecurity/trivy:0.24.0`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.24.0`\n",
      "date_published": "2022-02-23T12:43:55Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.24.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.23.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.23.0",
      "title": "[Trivy] v0.23.0",
      "content_text": "## Changelog\n\n449add24 docs: add ACR navigator (#1651)\ncb9afc84 fix: update example Rego files and docs (#1628)\n78b2b899 feat(option): show a link to GitHub Discussions for --light deprecation (#1650)\n52fd3c2e fix(sarif): fix the warning message (#1647)\n8d5882be refactor: migrate to prefixed buckets (#1644)\n84dd33f7 feat(mariner): add support for CBL-Mariner (#1640)\n9e903a1d docs: commercial use available (#1641)\nf4c746a2 feat: support azure acr (#1611)\n420f8ab1 feat(os-pkg): add data sources (#1636)\nd2827cba feat(redhat): support build info in RHEL (#807)\nce703ce4 fix: change links in pull_request_template to static URLs (#1634)\n50bb938a feat(lang-pkg): add data sources (#1625)\na31ddbe9 feat(detector): support custom detector (#1615)\n3a4e18ac docs(contribution): change role who should resolve comments (#1618)\n8ba68361 docs: add PR template (#1602)\nf5c55739 feat(rocky): support Rocky Linux (#1570)\neab2b425 Add the ability to set dockerhub credentials in the helm chart (#1569)\ncabd18da feat(cache): redis TLS support (#1297)\n02c3c365 feat(java): add support for PAR files (#1599)\n4f7b7683 refactor(rust): move rust-advisory-db to OSV (#1591)\nd754cb8c feat: log ignored vulnerabilities on debug (#1378)\na936e675 chore(mod): hcl2json deps update (#1585)\naf116d3c fix(rpm): do not ignore installed files via third-party rpm (#1594)\nb5073600 feat(fs): allow scanning a single file (#1578)\n7fcbf44b refactor(python): drop Safety DB (#1580)\n478d2799 feat: added insecure tls skip to scan git repo (#1528)\n33bd41b4 Supress git clone output (#1590)\n39a10089 fix(alma): skip modular package because MODULARITYLABEL is not set (#1588)\n37abd612 feat(photon os): added EOL dates check (#1587)\n78de33e8 docs: update supported os (#1586)\n22054626 BREAKING: remove root command (#1579)\n28ddcf1a docs: add Rust to Language-specific Packages Table (#1577)\ndf134c73 docs: update int doc for gitlab ci (#1575)\n8da20c8c BREAKING: migrate the sarif template to Go code (#1437)\n714b5ca2 refactor: remove unused field (#1567)\n51e152b0 chore(deps): bump helm/chart-testing-action from 2.1.0 to 2.2.0 (#1554)\n884daff4 docs: gitlab integration (#1381)\n2a8336b9 feat(alma): support AlmaLinux (#1238)\n1e171af1 docs: added note about default template path when Trivy installed using rpm (#1551)\ne65274e0 BREAKING: Trivy DB from GHCR (#1539)\ndb35450b feat(cli): Do not set default commands when a plugin is being run (#1549)\n24254d19 fix: add fingerprint field to codequality template (#1541)\n2ee07456 fix(image): correct handling of uncompressed layers (#1544)\n0aef82c5 chore: helm chart app version 0.22.0 (#1535)\n8b2a7997 test(integration): use fixtures (#1532)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.23.0`\n- `docker pull ghcr.io/aquasecurity/trivy:0.23.0`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.23.0`\n",
      "date_published": "2022-01-31T14:47:54Z",
      "tags": [
        "bugfix"
      ],
      "_tool_id": "trivy",
      "_version": "v0.23.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.22.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.22.0",
      "title": "[Trivy] v0.22.0",
      "content_text": "## Changelog\n\n42f795fa fix(java/pom): ignore unsupported requirements (#1514)\n8f737cc6 feat(cli): warning for root command (#1516)\n76249bdc BREAKING: disable JAR detection in fs/repo scanning (#1512)\n59957d4c feat(scan): support --offline-scan option (#1511)\nda8b72d2 fix: improve memory usage (#1509)\nb713ad0f feat(java): support pom.xml (#1501)\n56115e9d docs: fixing rust link to security advisory (#1504)\n7f859afa Add missing IacMetdata (#1505)\n628a7964 feat(jar): add file path (#1498)\n82fba771 feat(rpm): support NDB (#1497)\nd5269da5 feat: added misconfiguration field for html.tpl (#1444)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.22.0`\n- `docker pull ghcr.io/aquasecurity/trivy:0.22.0`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.22.0`\n",
      "date_published": "2021-12-24T22:44:13Z",
      "tags": [
        "security"
      ],
      "_tool_id": "trivy",
      "_version": "v0.22.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.21.3",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.21.3",
      "title": "[Trivy] v0.21.3",
      "content_text": "## Changelog\n\n8e57dee8 fix(docs): typo (#1488)\n8bfbc84a feat(plugin): Add option to update plugin (#1462)\n1e811de2 fix: fixed skipFiles/skipDirs flags for relative path (#1482)\n8b5796f7 feat (plugin): add list and info command for plugin (#1452)\na2199bb4 fix: set up a vulnerability severity (#1458)\n279e76f7 chore: add arm64 deb package (#1480)\n52625908 Link to trivy tutorial on Semaphore (#1449)\nc275a841 refactor(helm): externalize env vars to configMap (#1345)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.21.3`\n- `docker pull ghcr.io/aquasecurity/trivy:0.21.3`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.21.3`\n",
      "date_published": "2021-12-20T09:12:59Z",
      "tags": [
        "security"
      ],
      "_tool_id": "trivy",
      "_version": "v0.21.3"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.21.2",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.21.2",
      "title": "[Trivy] v0.21.2",
      "content_text": "## Changelog\n\n7beed301 docs: provide more information on scanning Google's GCR (#1426)\nf50e1f42 docs(misconfiguration): added instruction for misconfiguration detection (#1428)\n3ae4de58 Update git-repository.md (#1430)\n6e35b8f5 fix(hooks): exclude unrelated lib types from system files filtering (#1431)\nbeb60b05 chore: run `go fmt` (#1429)\n582e7fd1 fix(sarif): change `help` field in the sarif template. (#1423)\n11bc2901 Update fanal with cfsec version update (#1425)\n392f6892 Replace deprecated option in goreleaser (#1406)\n101d5760 feat(alpine): support 3.15 (#1422)\nbd3ba68c chore: test the helm chart in the PR and used the commit hash (#1414)\n3860d6e4 chore(deps): bump alpine from 3.14 to 3.15.0 (#1417)\n4f82673a chore(release): add ubuntu older versions to deploy script (#1416)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.21.2`\n- `docker pull ghcr.io/aquasecurity/trivy:0.21.2`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.21.2`\n",
      "date_published": "2021-12-07T02:17:23Z",
      "tags": [
        "feature"
      ],
      "_tool_id": "trivy",
      "_version": "v0.21.2"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.21.1",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.21.1",
      "title": "[Trivy] v0.21.1",
      "content_text": "## Changelog\n\nb9a51de8 chore(mod): tidy (#1415)\n7f248341 fix(rpc): fix nil layer transmit (#1410)\naf3eaefd Lang advisory order (#1409)\n07c9200e chore: add support for s390x arch (#1304)\n8bc8a4ad fix(chart): ingress helm manifest-update trivy image (#1323)\n9076a49b docs: Add comparison for cfsec (#1388)\nbb316d93 remove: delete unused functions in utils package (#1379)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.21.1`\n- `docker pull ghcr.io/aquasecurity/trivy:0.21.1`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.21.1`\n",
      "date_published": "2021-11-26T05:02:22Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.21.1"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.21.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.21.0",
      "title": "[Trivy] v0.21.0",
      "content_text": "## Changelog\n\nefdb29d fix(sarif): fix validation errors (#1376)\n9bcf9e7 docs: add Bitbucket Pipelines (#1374)\n3147097 docs: add community integrations (#1361)\n33f74b3 Use a stable SARIF identifier (#1230)\n5915ffb fix(python): fix parsing of requirements.txt with hash checking mode available in pip since version 8.0\nae4c42b feat(iac): Add line information (#1366)\n19747d0 feat(cloudformation): Adding support for cfsec IaC scanning (#1360)\nda45061 chore: send debug and info logs to stdout in install.sh, not stderr. (#1264)\ncb1a4ed Update containerd to v1.5.7 and docker-cli to v20.10.9 (#1356)\n69dae54 chore: update SBOM generation (#1349)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.21.0`\n- `docker pull ghcr.io/aquasecurity/trivy:0.21.0`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.21.0`\n",
      "date_published": "2021-11-15T15:18:58Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.21.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.20.2",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.20.2",
      "title": "[Trivy] v0.20.2",
      "content_text": "## Changelog\n\n5dc8cfe docs: update builtin.md (#1335)\n798b564 chore: fix issues with Homebrew formula (#1329)\n21bf5e5 chore: bump GoReleaser to v0.183.0 (#1328)\ne0f4ebd docs: update iac.md for a typo (#1326)\n23a9a5e docs: typo fix (#1308)\n1f5d17f Add new networking API features to Ingress (#1262)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.20.2`\n- `docker pull ghcr.io/aquasecurity/trivy:0.20.2`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.20.2`\n",
      "date_published": "2021-10-25T18:46:54Z",
      "tags": [
        "feature"
      ],
      "_tool_id": "trivy",
      "_version": "v0.20.2"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.20.1",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.20.1",
      "title": "[Trivy] v0.20.1",
      "content_text": "## Changelog\n\nbcfa028 chore(release): bump up GoReleaser to v0.182.1 (#1299)\n681ab1b fix(yarn): support quoted version (#1298)\n46051d5 feat(custom-forward): Forward the extended advisory data (#1247)\nd8d692b feat(javascript) : Initialize npm driver for javascript packages (#1289)\ncc344df fix(cli): fix incorrect comparision of DB metadata type. (#1286)\n0dec17f docs: add footer to readme (#1281)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.20.1`\n- `docker pull ghcr.io/aquasecurity/trivy:0.20.1`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.20.1`\n",
      "date_published": "2021-10-16T04:13:58Z",
      "tags": [
        "feature"
      ],
      "_tool_id": "trivy",
      "_version": "v0.20.1"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.20.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.20.0",
      "title": "[Trivy] v0.20.0",
      "content_text": "## Changelog\n\nf12446d feat(report): add package path (#1274)\n1c9ccb5 feat(command): add rootfs command (#1271)\na463e79 fix: update fanal (#1272)\ne0ca5ef feat(commands): remove deprecated options (#1270)\n1ebb329 Aggregate jar result for table (#1269)\nb37f682 BREAKING(report): migrate to new json schema (#1265)\nda90510 feat: improve --skip-dirs and --skip-files (#1249)\nbd57b4f fix(gobinary): skip large files (#1259)\n9027dc3 Disable library analyzer for OS only scan type (#1191)\n5750cc2 chore: update trivy version (#1252)\nbbcce9f refactor: move from io/ioutil to io and os package (#1245)\n6bcb4af fix: brew test command (#1253)\n8d13234 fix:added layer info in packages (#1248)\n982f35b fix(go/binary): improve debug messages (#1244)\n2e170cd Update db.go (#1199)\ncc6c67d fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243)\n669fd1f feat(debian): support the versions that reached EOL (#1237)\n8cd7de2 feat(alpine): support unfixed vulnerabilities (#1235)\n3bf3a46 feat(report): add image config (#1231)\n8edcc62 feat(nodejs): support package.json (#1225)\n31c45ff refactor: use testing DB instead of mock (#1234)\nd8cc8b5 feat(ruby): support gemspec (#1224)\ndbc7a83 feat(python): add packaging detector and respective hook (#1223)\n19c0b70 feat(license): Added support to new License field of go-dep-parser's library (#1167)\n9d61777 fix(oracle): handle advisories contain ksplice versions (#1209)\n5d57dea fix(docs): remove OSVDB advisories (#1215)\nb595559 docs: fix typos in CONTRIBUTING.md (#1181)\nb1410b2 Update EOL of Debian 11 (#1180)\n0e777d3 fix(plugin): resolve a closure (#1207)\nb6d9c30 docs: fix typo (#1206)\n5160a2e fix(detector): change an argument for trivy-db getter (#1203)\n40ed227 chore(mod): update fanal (#1179)\n2a4400c Add license info to package data (#1176)\n82eb630 feat(nuget): support packages.config (#1095)\n4a8db20 feat(python): add support for requirements.txt (#1169)\n8db9b6a GitLab CI integration documentation (#1168)\nc159501 chore(gorelease) change goreleaser config to include template examples (#1138)\n76e63d1 chore(deps): bump dmnemec/copy_file_to_another_repo_action (#1153)\n79b6684 chore(deps): bump actions/stale from 3 to 4 (#1152)\n214fe82 feat(report): add end of service life flag to OS metadata (#1142)\nc489e31 chore: set up Dependabot for github-actions and docker (#1128)\nefd812c docs: fix typo (#1149)\n3a920dc docs: add some external links (#1147)\n7cb1598 chore (release): add ubuntu esm versions to deploy script (#1151)\n6a88002 docs(troubleshooting) add urls which are required to download vuls db (#1137)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.20.0`\n- `docker pull ghcr.io/aquasecurity/trivy:0.20.0`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.20.0`\n- `docker pull aquasec/trivy:latest`\n- `docker pull ghcr.io/aquasecurity/trivy:latest`\n- `docker pull public.ecr.aws/aquasecurity/trivy:latest`\n",
      "date_published": "2021-10-06T10:06:57Z",
      "tags": [
        "security"
      ],
      "_tool_id": "trivy",
      "_version": "v0.20.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.19.2",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.19.2",
      "title": "[Trivy] v0.19.2",
      "content_text": "## Changelog\n\nf3f3029 Updated the Alpine Image to 3.14 (latest) (#1130)\n0e52fde Added EOL for Ubuntu 21.10 (#1131)\n9b3fba0 fix(image): disabled scanning of config files within container images (#1133)\n1101634 docs: fixed typo (#1124)\n499b7a6 update cyclonedx github action to v0.3.0 (#1127)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.19.2`\n- `docker pull ghcr.io/aquasecurity/trivy:0.19.2`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.19.2`\n- `docker pull aquasec/trivy:latest`\n- `docker pull ghcr.io/aquasecurity/trivy:latest`\n- `docker pull public.ecr.aws/aquasecurity/trivy:latest`\n",
      "date_published": "2021-07-20T10:48:20Z",
      "tags": [
        "bugfix"
      ],
      "_tool_id": "trivy",
      "_version": "v0.19.2"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.19.1",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.19.1",
      "title": "[Trivy] v0.19.1",
      "content_text": "## Changelog\n\ncea9b0b fix(policy): fix panic on the first run (#1116)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.19.1`\n- `docker pull ghcr.io/aquasecurity/trivy:0.19.1`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.19.1`\n- `docker pull aquasec/trivy:latest`\n- `docker pull ghcr.io/aquasecurity/trivy:latest`\n- `docker pull public.ecr.aws/aquasecurity/trivy:latest`\n",
      "date_published": "2021-07-12T18:59:07Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.19.1"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.19.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.19.0",
      "title": "[Trivy] v0.19.0",
      "content_text": "## Changelog\n\ndea3428 docs(misconf): add comparison with Conftest and tfsec (#1111)\n47d600a feat(report): add schema version (#1110)\neae4baf fix(scan): change unknown os from info to debug (#1109)\n9e08bd4 docs: add misconfiguration (#1101)\nd9883e4 fix(config): rename include-successes with include-non-failures (#1107)\ne6f7e55 feat(config): support --trace (#1106)\n4b84e79 fix(policy): reduce the Internet access (#1105)\n05ae22a chore: bump golangci-lint to v1.41.1 (#1104)\na0e5c3a feat: support config scanning (#931)\n712f9eb feat(report): add artifact metadata (#1079)\n803b2f9 Generate SBOM (#1076)\n92f980f fix(db): multiple prefixed data sources (#1070)\n52e98f1 Add EOL date for Alpine 3.14 (#1072)\n6cd9a32 suse: mark sle 15.3 as maintained, add opensuse 15.3 (#1059)\n03a7366 docs: improve data sources (#1069)\na29d6d8 chore(label): add kind/security-advisory (#1068)\n2a08969 fix(asff): replace slice with substr (#1058)\n3a94b73 fix(helm-chart): parametrized ingress host path (#1049)\n41d000c feat: support Google Artifact Repository (#1055)\n78da283 Update ASFF template to use label for severity (#1047)\ne362843 BREAKING: migrate to a new JSON schema (#782)\n097b8d4 docs: Fix link to AWS Security Hub template (#1046)\n3b6122f refactor(server): support gzip (#1045)\nf75a369 chore(rpc): update protoc and twirp (#1044)\ne4c32cd Added support for list all packages flag in client (#1032)\nfb19abd chore: chart with 0.18.3 (#1033)\nd2afc20 feat: add gitlab codequality template (#895)\n43ff5f9 feat(plugin): add aqua plugin (#1029)\n5e6a50b fix(go): if patchedVersion is empty mark it as vulnerable (#1030)\n23b9533 docs(ubuntu): fix supported versions (#1028)\nd1f8cfc Support Ubuntu 21.04 (#1027)\naa2336b chore: remove codecov (#1016)\ne646172 fix typo on github-actions.md (#1022)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.19.0`\n- `docker pull ghcr.io/aquasecurity/trivy:0.19.0`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.19.0`\n- `docker pull aquasec/trivy:latest`\n- `docker pull ghcr.io/aquasecurity/trivy:latest`\n- `docker pull public.ecr.aws/aquasecurity/trivy:latest`\n",
      "date_published": "2021-07-12T11:03:10Z",
      "tags": [
        "security"
      ],
      "_tool_id": "trivy",
      "_version": "v0.19.0"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.18.3",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.18.3",
      "title": "[Trivy] v0.18.3",
      "content_text": "## Changelog\n\n85e45ca chore(ci): change to more granular tokens (#1014)\n9fa512a chore(ci): add Go scanning and update dependencies (#1001)\n349371b docs: Add HIGH severity to Trivy command in GitLab CI example to match comment (#1013)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.18.3`\n- `docker pull ghcr.io/aquasecurity/trivy:0.18.3`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.18.3`\n- `docker pull aquasec/trivy:latest`\n- `docker pull ghcr.io/aquasecurity/trivy:latest`\n- `docker pull public.ecr.aws/aquasecurity/trivy:latest`\n",
      "date_published": "2021-05-24T06:00:02Z",
      "tags": [
        "other"
      ],
      "_tool_id": "trivy",
      "_version": "v0.18.3"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.18.2",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.18.2",
      "title": "[Trivy] v0.18.2",
      "content_text": "## Changelog\n\n4446961 fix(image): disable go.sum scanning (#1007)\n04473ad fix(gomod): handle go.sum with an empty line (#1006)\n1b66b77 feat: prepare for config scanning (#1005)\n8fc6ea6 Clarify that dev dependencies are excluded (#986)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.18.2`\n- `docker pull ghcr.io/aquasecurity/trivy:0.18.2`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.18.2`\n- `docker pull aquasec/trivy:latest`\n- `docker pull ghcr.io/aquasecurity/trivy:latest`\n- `docker pull public.ecr.aws/aquasecurity/trivy:latest`\n",
      "date_published": "2021-05-20T07:35:11Z",
      "tags": [
        "feature"
      ],
      "_tool_id": "trivy",
      "_version": "v0.18.2"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.18.1",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.18.1",
      "title": "[Trivy] v0.18.1",
      "content_text": "## Changelog\n\neaf2da2 Include target value in Sarif template ruleID (#991)\n083c157 chore(mkdocs): allow workflow_dispatch (#989)\n\n\n## Docker images\n\n- `docker pull aquasec/trivy:0.18.1`\n- `docker pull ghcr.io/aquasecurity/trivy:0.18.1`\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.18.1`\n- `docker pull aquasec/trivy:latest`\n- `docker pull ghcr.io/aquasecurity/trivy:latest`\n- `docker pull public.ecr.aws/aquasecurity/trivy:latest`\n",
      "date_published": "2021-05-13T17:34:54Z",
      "tags": [
        "bugfix"
      ],
      "_tool_id": "trivy",
      "_version": "v0.18.1"
    },
    {
      "id": "https://github.com/aquasecurity/trivy/releases/tag/v0.18.0",
      "url": "https://github.com/aquasecurity/trivy/releases/tag/v0.18.0",
      "title": "[Trivy] v0.18.0",
      "content_text": "## Release Note\r\nhttps://github.com/aquasecurity/trivy/discussions/990\r\n\r\n## Changelog\r\n\r\ne26e39a fix(vuln) unique vulnerabilities from different data sources (#984)\r\n04e7cca feat(go): added support of gomod analyzer (#978)\r\n\r\n\r\n## Docker images\r\n\r\n- `docker pull aquasec/trivy:0.18.0`\r\n- `docker pull ghcr.io/aquasecurity/trivy:0.18.0`\r\n- `docker pull public.ecr.aws/aquasecurity/trivy:0.18.0`\r\n- `docker pull aquasec/trivy:latest`\r\n- `docker pull ghcr.io/aquasecurity/trivy:latest`\r\n- `docker pull public.ecr.aws/aquasecurity/trivy:latest`\r\n",
      "date_published": "2021-05-12T10:50:07Z",
      "tags": [
        "feature"
      ],
      "_tool_id": "trivy",
      "_version": "v0.18.0"
    }
  ]
}