[8.x](backport #2660) build(deps): Bump github.com/aquasecurity/trivy from 0.55.2 to 0.57.0 in the trivy group

[mergify]

Bumps the trivy group with 1 update: github.com/aquasecurity/trivy.

Updates github.com/aquasecurity/trivy from 0.55.2 to 0.57.0

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.56.2

Changelog

• f2252c833d4dee18546577f0c32ceb83c8bf20ae release: v0.56.2 [release/v0.56] (#7694)
• f6700ec10e819fb2fc0573782e87d2d31d2c50f1 fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702)
• 25d2540f12272603bf27eb67f4b3fba52b1ddab8 fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)

v0.56.1

Changelog

• 95dbf1152b2049a6ae2ae90a507630df01798bf1 release: v0.56.1 [release/v0.56] (#7648)
• 5dbdadfe4578288d5c3f2a5b625fff4a3580f8c5 fix(db): fix javadb downloading error handling [backport: release/v0.56] (#7646)

v0.56.0

⚡Release highlights and summary⚡

👉aquasecurity/trivy#7640

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0560-2024-10-03

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.57.0 (2024-10-31)

⚠ BREAKING CHANGES

• k8s: support k8s multi container (#7444)

Features

• add end of life date for Ubuntu 24.10 (#7787) (ad3c09e)
• cli: add trivy auth (#7664) (27117f8)
• cli: error out when ignore file cannot be found (#7624) (cb0b3a9)
• cli: rename trivy auth to trivy registry (#7727) (633a7ab)
• cyclonedx: add file checksums to CycloneDX reports (#7507) (c225883)
• db: append errors (#7843) (5e78b6c)
• misconf: export unresolvable field of IaC types to Rego (#7765) (9514148)
• misconf: public network support for Azure Storage Account (#7601) (ad91412)
• misconf: Show misconfig ID in output (#7762) (f75c0d1)
• misconf: ssl_mode support for GCP SQL DB instance (#7564) (2eaa17e)
• parser: ignore white space in pom.xml files (#7747) (a7baa93)
• report: update gitlab template to populate operating_system value (#7735) (c0d79fa)

Bug Fixes

• cli: clean --all deletes only relevant dirs (#7704) (672e886)
• cli: add config name to skip-policy-update alias (#7820) (b661d68)
• db: fix javadb downloading error handling (#7642) (2c87f0c)
• enable usestdlibvars linter (#7770) (57e24aa)
• go: Do not trim v prefix from versions in Go Mod Analyzer (#7733) (e872ec0)
• helm: properly handle multiple archived dependencies (#7782) (6fab88d)
• java: correctly inherit version and scope from upper/root depManagement and dependencies into parents (#7541) (778df82)
• k8s: skip resources without misconfigs (#7797) (7882776)
• k8s: support k8s multi container (#7444) (c434775)
• k8s: support kubernetes v1.31 (#7810) (7a4f4d8)
• license: fix license normalization for Universal Permissive License (#7766) (f6acdf7)
• misconf: change default ACL of digitalocean_spaces_bucket to private (#7577) (9da84f5)
• misconf: check if property is not nil before conversion (#7578) (c8c14d3)
• misconf: fix for Azure Storage Account network acls adaptation (#7602) (35fd018)
• misconf: properly expand dynamic blocks (#7612) (8d5dbc9)
• redhat: include arch in PURL qualifiers (#7654) (a585e95)
• repo: git clone output to Stderr (#7561) (fdf203c)
• report: Fix invalid URI in SARIF report (#7645) (015bb88)
• sbom: add options for DBs in private registries (#7660) (1f2e91b)
• sbom: use Annotation instead of AttributionTexts for SPDX formats (#7811) (f2bb9c6)

0.56.0 (2024-10-03)

Features

... (truncated)

Commits

• efec326 release: v0.57.0 [main] (#7710)
• 7632625 chore: lint errors.Join (#7845)
• 5e78b6c feat(db): append errors (#7843)
• dc44946 docs(java): add info about supported scopes (#7842)
• 7654b2e docs: add example of creating whitelist of checks (#7821)
• 194d4ab chore(deps): Bump trivy-checks (#7819)
• e872ec0 fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)
• 7882776 fix(k8s): skip resources without misconfigs (#7797)
• f2bb9c6 fix(sbom): use Annotation instead of AttributionTexts for SPDX formats...
• b661d68 fix(cli): add config name to skip-policy-update alias (#7820)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

This is an automatic backport of pull request #2660 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of f562589 has failed:

On branch mergify/bp/8.x/pr-2660
Your branch is up to date with 'origin/8.x'.

You are currently cherry-picking commit f562589a.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   internal/vulnerability/runner.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   go.mod
	both modified:   go.sum

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b mergify/bp/8.x/pr-2660 upstream/mergify/bp/8.x/pr-2660
git merge upstream/8.x
git push upstream mergify/bp/8.x/pr-2660