Prepare for v0.56.0 #7613
Closed
nikpivkin
started this conversation in
Development
Prepare for v0.56.0
#7613
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Draft to collaborate on v0.56.0
📑 Table of Contents
AVD-AWS-0089🧹AVD-AWS-0107andAVD-AWS-0105checks with AWS CIS Benchmarks 🤝🏻AVD-GCP-0015⚙️🚀 What's new? 🚀
📦 Support for multiple DB repositories for vulnerability and Java DB ↻
The
--db-repositoryand--java-db-repositoryflags can now take multiple values, improving reliability when downloading databases. Databases are downloaded in priority order until one is successful. An attempt to download from the next repository is only made if a temporary error is received (e.g. status 429 or 5xx).For example, downloading the vulnerability DB from another repository when receiving error code 429:
📜 License normalization has been greatly improved ⏫
Our license normalization takes into account more possible cases.
See here for more details.
Many thanks to @pbaumard.
🦎 Support for SUSE Linux Enterprise Micro 🌍
This release adds support for the SUSE Linux Enterprise Micro family, expanding Trivy's compatibility with this lightweight SUSE distribution. The update also improves how SUSE and openSUSE are handled within the package URL (purl) logic, aligning with standard expectations.
Thanks to @msmeissn for implementing this change.
🎩 Support for RPM Archives 🐧
This update introduces experimental support for scanning RPM archive files. Trivy can now analyze these archives for SBOM, expanding its utility in Red Hat-based environments. This feature is currently disabled by default but can be enabled with an environment variable,
TRIVY_EXPERIMENTAL_RPM_ARCHIVE.See here for more details.
🐍 Enhance secret scanning for Python binary files 🛠️
Recent incidents have shown that certain binary files, such as
.pycfiles, may contain valuable information for secret detection. And now Trivy can detect secrets in compiled Python.pycfiles.📝 Improve S3 server logging access detection for
AVD-AWS-0089🧹The
AVD-AWS-0089check reports the need to enable logging for buckets that do not log access to the server. Previously, we only identified such buckets by Canned ACL, which could lead to false positives. Now all possible ways of granting logging access are supported:📑 Align AVD-AWS-0107 and AVD-AWS-0105 checks with CIS Benchmarks 🤝🏻
AVD-AWS-0107 and AVD-AWS-0105 checks are now aligned with AWS CIS v1.2 and v1.4 benchmarks. The rules for triggering checks and their level of severity have changed. See more details.
⛁ ssl_mode support for GCP SQL DB instance in
AVD-GCP-0015⚙️The ssl_mode attribute has been added for the google_sql_database_instance resource to replace the deprecated
require_sslattribute, and since provider version 0.6.1 it has been removed. Support for this attribute has been added to theAVD-GCP-0015check.🍔
--skip-dirsand--skip-filesnow supports nested terraform modules 🍕Previously passing the
--skip-*flags would not result in skipping off the files and directories that were found within the nested terraform modules. This behavior has now been updated to include such nested modules and files. Furthermore, the filtering is done prior to evaluation of the checks, thereby reducing the evaluation time required to scan terraform modules.👷♂️ Notable Fixes 🛠️
DownloadedAtfortrivy-java-db#7592frameworktype as library #7432Beta Was this translation helpful? Give feedback.
All reactions