v0.67.0 #9550
aqua-bot
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
📑 Table of Contents
🚀 What's new? 🚀
📦 Show all pacakge information by default 🔄
The
--list-all-pkgsflag is now turned on by default. This ensures that Trivy includes all detected packages in JSON scan results by default. Users who prefer the old behavior can still set--list-all-pkgs=false.🌀 Preserve CycloneDX SBOM Structure 📑
When scanning CycloneDX SBOM for vulnerabilities and generating the results as CycloneDX SBOM with vulnerabilities, Trivy now preserves the original structure of the input SBOM (previously the some small differences could be observed).
Note that
--pkg-typesand--pkg-relationshipare not supported in CycloneDX to CycloneDX scans.⛑️ Improved Red Hat based OS detection 🐧
Trivy now also scans the /etc/os-release file to detect Red Hat–based operating systems.
This helps identify OS distributions that provide only this file (e.g. Calico images).
Thanks to @teddygood
☁️ Support CoreOS package detection 🚢
Trivy now detects CoreOS as well as its RPM packages.
Note that Vulnerability scanning is not available for this OS.
See more here
Thanks to @amitverse
🦭 Vulnerability detection for Seal Security packages 🔒
Trivy now supports vulnerability detection for Seal Security packages.
See more here
☁️ CloudFormation: Support Fn::FindInMap Enhancements 🗺️
Add support for Fn::FindInMap enhancements when scanning Cloud Formation templates for IaC misconfigurations.
🏎️ Performance 🏎️
👷♂️ Notable Fixes 🛠️
packages[].workspacesis object for package-lock.json files #9517IMDSto get credentials #9437Beta Was this translation helpful? Give feedback.
All reactions