diff --git a/UPSTREAM_PROJECTS.yaml b/UPSTREAM_PROJECTS.yaml index ea8f9cfd79..9ebd919673 100644 --- a/UPSTREAM_PROJECTS.yaml +++ b/UPSTREAM_PROJECTS.yaml @@ -25,7 +25,7 @@ projects: repos: - name: trivy versions: - - tag: v0.56.2 + - tag: v0.57.1 go_version: "1.22" - org: aws repos: diff --git a/projects/aquasecurity/trivy/ATTRIBUTION.txt b/projects/aquasecurity/trivy/ATTRIBUTION.txt index 56cfc35a08..cb53b0cdba 100644 --- a/projects/aquasecurity/trivy/ATTRIBUTION.txt +++ b/projects/aquasecurity/trivy/ATTRIBUTION.txt @@ -29,7 +29,7 @@ https://github.com/aquasecurity/go-pep440-version ** github.com/aquasecurity/go-version/pkg; version v0.0.0-20240603093900-cf8a8d29271d -- https://github.com/aquasecurity/go-version -** github.com/aquasecurity/trivy; version v0.56.2 -- +** github.com/aquasecurity/trivy; version v0.57.1 -- https://github.com/aquasecurity/trivy ** github.com/aquasecurity/trivy-db/pkg; version v0.0.0-20240910133327-7e0f4d2ed4c1 -- @@ -38,10 +38,10 @@ https://github.com/aquasecurity/trivy-db ** github.com/aquasecurity/trivy-java-db/pkg; version v0.0.0-20240109071736-184bd7481d48 -- https://github.com/aquasecurity/trivy-java-db -** github.com/aquasecurity/trivy-kubernetes; version v0.6.7-0.20240707095038-0300bc49b68b -- +** github.com/aquasecurity/trivy-kubernetes; version v0.6.7-0.20241029051843-2606b7e0f0b4 -- https://github.com/aquasecurity/trivy-kubernetes -** github.com/aws/aws-sdk-go; version v1.54.6 -- +** github.com/aws/aws-sdk-go; version v1.55.5 -- https://github.com/aws/aws-sdk-go ** github.com/aws/aws-sdk-go-v2; version v1.31.0 -- @@ -491,25 +491,25 @@ https://gopkg.in/yaml.v2 ** helm.sh/helm/v3; version v3.16.1 -- https://github.com/helm/helm -** k8s.io/api; version v0.31.0 -- +** k8s.io/api; version v0.31.2 -- https://github.com/kubernetes/api ** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.31.0 -- https://github.com/kubernetes/apiextensions-apiserver -** k8s.io/apimachinery/pkg; version v0.31.0 -- +** k8s.io/apimachinery/pkg; version v0.31.2 -- https://github.com/kubernetes/apimachinery ** k8s.io/apiserver/pkg/endpoints/deprecation; version v0.31.0 -- https://github.com/kubernetes/apiserver -** k8s.io/cli-runtime/pkg; version v0.31.0 -- +** k8s.io/cli-runtime/pkg; version v0.31.2 -- https://github.com/kubernetes/cli-runtime -** k8s.io/client-go; version v0.31.0 -- +** k8s.io/client-go; version v0.31.2 -- https://github.com/kubernetes/client-go -** k8s.io/component-base/version; version v0.31.0 -- +** k8s.io/component-base/version; version v0.31.2 -- https://github.com/kubernetes/component-base ** k8s.io/klog/v2; version v2.130.1 -- @@ -521,7 +521,7 @@ https://github.com/kubernetes/kube-openapi ** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20240228011516-70dd3763d340 -- https://github.com/kubernetes/kube-openapi -** k8s.io/kubectl/pkg; version v0.31.0 -- +** k8s.io/kubectl/pkg; version v0.31.2 -- https://github.com/kubernetes/kubectl ** k8s.io/utils; version v0.0.0-20240711033017-18e509b52bc8 -- @@ -1594,7 +1594,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/aws/aws-sdk-go/internal/sync/singleflight; version v1.54.6 -- +** github.com/aws/aws-sdk-go/internal/sync/singleflight; version v1.55.5 -- https://github.com/aws/aws-sdk-go ** github.com/liggitt/tabwriter; version v0.0.0-20181228230101-89fcab3d43de -- @@ -1615,10 +1615,10 @@ https://golang.org/x/exp ** golang.org/x/oauth2; version v0.21.0 -- https://golang.org/x/oauth2 -** k8s.io/apimachinery/third_party/forked/golang; version v0.31.0 -- +** k8s.io/apimachinery/third_party/forked/golang; version v0.31.2 -- https://github.com/kubernetes/apimachinery -** k8s.io/client-go/third_party/forked/golang/template; version v0.31.0 -- +** k8s.io/client-go/third_party/forked/golang/template; version v0.31.2 -- https://github.com/kubernetes/client-go Copyright (c) 2009 The Go Authors. All rights reserved. @@ -2687,10 +2687,10 @@ https://golang.org/x/net ** golang.org/x/sync; version v0.8.0 -- https://golang.org/x/sync -** golang.org/x/sys; version v0.25.0 -- +** golang.org/x/sys; version v0.26.0 -- https://golang.org/x/sys -** golang.org/x/term; version v0.24.0 -- +** golang.org/x/term; version v0.25.0 -- https://golang.org/x/term ** golang.org/x/text; version v0.18.0 -- @@ -2926,7 +2926,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** mvdan.cc/sh/v3; version v3.8.0 -- +** mvdan.cc/sh/v3; version v3.10.0 -- https://github.com/mvdan/sh Copyright (c) 2016, Daniel Martí. All rights reserved. @@ -3088,7 +3088,7 @@ Copyright (c) 2015 Martin Atkins https://github.com/aquasecurity/table Copyright (c) 2022 Aqua Security -** github.com/aquasecurity/trivy-checks; version v1.1.0 -- +** github.com/aquasecurity/trivy-checks; version v1.2.2 -- https://github.com/aquasecurity/trivy-checks Copyright (c) 2024 Aqua Security diff --git a/projects/aquasecurity/trivy/CHECKSUMS b/projects/aquasecurity/trivy/CHECKSUMS index daf8c606f1..8c1b94169b 100644 --- a/projects/aquasecurity/trivy/CHECKSUMS +++ b/projects/aquasecurity/trivy/CHECKSUMS @@ -1,2 +1,2 @@ -fc13c860512e95c0bce78dc5e8a6b4c83baa0bf72a3f170f8691634487cf19b7 _output/bin/trivy/linux-amd64/trivy -0a7c8a64e7dc25192c749c66a0f9a0bbbcfd02304d985f623261ed433973982b _output/bin/trivy/linux-arm64/trivy +d8d8d689ecbaf179e8b314ef2ef2a0778f8656d45c67b37200e54855e03983bd _output/bin/trivy/linux-amd64/trivy +04aa80dc3dc5f80c2fad532b795b4954675f0e816c92f799455b56ffc0945890 _output/bin/trivy/linux-arm64/trivy diff --git a/projects/aquasecurity/trivy/GIT_TAG b/projects/aquasecurity/trivy/GIT_TAG index df8473fbd1..9ed446c981 100644 --- a/projects/aquasecurity/trivy/GIT_TAG +++ b/projects/aquasecurity/trivy/GIT_TAG @@ -1 +1 @@ -v0.56.2 +v0.57.1 diff --git a/projects/aquasecurity/trivy/README.md b/projects/aquasecurity/trivy/README.md index 4dfdc99bf6..59c3f59721 100644 --- a/projects/aquasecurity/trivy/README.md +++ b/projects/aquasecurity/trivy/README.md @@ -1,5 +1,5 @@ ## **trivy** -![Version](https://img.shields.io/badge/version-v0.56.2-blue) +![Version](https://img.shields.io/badge/version-v0.57.1-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiMVBvZE5FTEtYaVpuWUJ3eGd2Tis1dHAxT0ZKcXBuWkNVUmpjL0pRVnduRUl2Qm1XZ29xbHBENU5wVGM3TzVTTXhFTS83VUtrWGdCVU9lVkVxSmFhUnBFPSIsIml2UGFyYW1ldGVyU3BlYyI6IkQzTU9tSEd0YWZDc0NVYkIiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [Trivy](https://github.com/aquasecurity/trivy/) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack. Trivy also scans hardcoded secrets like passwords, API keys and tokens.