mergem

.github/CODEOWNERS

@@ -1,15 +1,22 @@
 # Global
 *   @knqyf263
 
+# SBOM/Vulnerability scanning
+pkg/dependency/  @knqyf263 @DmitriyLewen
+pkg/fanal/       @knqyf263 @DmitriyLewen
+pkg/sbom/        @knqyf263 @DmitriyLewen
+pkg/scanner/     @knqyf263 @DmitriyLewen
+
 # Misconfiguration scanning
-docs/docs/scanner/misconfiguration  @knqyf263 @simar7
-docs/docs/target/aws.md             @knqyf263 @simar7
-pkg/fanal/analyzer/config           @knqyf263 @simar7
-pkg/cloud                           @knqyf263 @simar7
+docs/docs/scanner/misconfiguration/  @simar7 @nikpivkin
+docs/docs/target/aws.md              @simar7 @nikpivkin
+pkg/fanal/analyzer/config/           @simar7 @nikpivkin
+pkg/cloud/                           @simar7 @nikpivkin
+pkg/iac/                             @simar7 @nikpivkin
 
 # Helm chart
 helm/trivy/ @chen-keinan
 
 # Kubernetes scanning
-pkg/k8s/                @josedonizetti @chen-keinan @knqyf263
-docs/docs/kubernetes/   @josedonizetti @chen-keinan @knqyf263
+pkg/k8s/                         @chen-keinan
+docs/docs/target/kubernetes.md   @chen-keinan

.github/DISCUSSION_TEMPLATE/adopters.yml

@@ -1,35 +1,47 @@
-title: "<company name> "
+title: "<company name>"
 labels: ["adopters"]
 body:
-  - type: checkboxes
+  - type: textarea
+    id: info
     attributes:
-      label: Please select all the scan targets that you are using
-      options:
-        - label: Container Images
-        - label: Filesystem
-        - label: Git Repository
-        - label: Virtual Machine Images
-        - label: Kubernetes
-        - label: AWS
+      label: "[Optional] How do you use Trivy?"
+    validations:
+      required: false
+  - type: textarea
+    id: info
+    attributes:
+      label: "[Optional] Can you provide us with a quote on your favourite part of Trivy? This may be used on the trivy.dev website, posted on Twitter (@AquaTrivy) or similar marketing material."
     validations:
       required: false
   - type: checkboxes
     attributes:
-      label: Which scanners are you using on those scan targets?
+      label: "[Optional] Which targets are you scanning with Trivy?"
       options:
-        - label: OS packages and software dependencies in use (SBOM)
-        - label: Known vulnerabilities (CVEs)
-        - label: IaC issues and misconfigurations
-        - label: Sensitive information and secrets
-        - label: Software licenses
+        - label: "Container Image"
+        - label: "Filesystem"
+        - label: "Git Repository"
+        - label: "Virtual Machine Image"
+        - label: "Kubernetes"
+        - label: "AWS"
+        - label: "SBOM"
     validations:
       required: false
-  - type: textarea
-    id: info
+  - type: checkboxes
+    attributes:
+      label: "[Optional] What kind of issues are scanning with Trivy?"
+      options:
+        - label: "Software Bill of Materials (SBOM)"
+        - label: "Known vulnerabilities (CVEs)"
+        - label: "IaC issues and misconfigurations"
+        - label: "Sensitive information and secrets"
+        - label: "Software licenses"
+  - type: markdown
     attributes:
-      label: "Additional Information"
-      description: "Please tell us more about your use case of Trivy -- anything that you would like to share 🎉"
       value: |
-        ...
-    validations:
-      required: false
+        ## Get in touch
+        We are always looking for 
+        * User feedback
+        * Collaboration with other companies and organisations
+        * Or just to have a chat with you about trivy. 
+        If any of this interests you or your marketing team, please reach out at: [email protected]
+        We would love to hear from you!

.github/workflows/auto-close-issue.yaml

@@ -0,0 +1,46 @@
+name: Auto-close issues
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  close_issue:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Close issue if user does not have write or admin permissions
+        uses: actions/github-script@v7
+        with:
+          script: |
+            // Get the issue creator's username
+            const issueCreator = context.payload.issue.user.login;
+
+            // Check the user's permissions for the repository
+            const repoPermissions = await github.rest.repos.getCollaboratorPermissionLevel({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              username: issueCreator
+            });
+
+            const permission = repoPermissions.data.permission;
+
+            // If the user does not have write or admin permissions, leave a comment and close the issue
+            if (permission !== 'write' && permission !== 'admin') {
+              const commentBody = "Please see https://aquasecurity.github.io/trivy/latest/community/contribute/issue/";
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.payload.issue.number,
+                body: commentBody
+              });
+
+              await github.rest.issues.update({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.payload.issue.number,
+                state: 'closed',
+                state_reason: 'not_planned'
+              });
+
+              console.log(`Issue #${context.payload.issue.number} closed because ${issueCreator} does not have sufficient permissions.`);
+            }

.github/workflows/auto-update-labels.yaml

@@ -0,0 +1,30 @@
+name: Auto-update labels
+on:
+  push:
+    paths:
+      - 'misc/triage/labels.yaml'
+    branches:
+      - main
+
+jobs:
+  deploy:
+    name: Auto-update labels
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout main
+        uses: actions/[email protected]
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Install aqua tools
+        uses: aquaproj/[email protected]
+        with:
+          aqua_version: v1.25.0
+
+      - name: update labels
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: mage label

.github/workflows/canary.yaml

@@ -25,35 +25,35 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Restore Trivy binaries from cache
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.0
         with:
           path: dist/
           key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
 
         # Upload artifacts
       - name: Upload artifacts (trivy_Linux-64bit)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: trivy_Linux-64bit
           path: dist/trivy_*_Linux-64bit.tar.gz
           if-no-files-found: error
 
       - name: Upload artifacts (trivy_Linux-ARM64)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: trivy_Linux-ARM64
           path: dist/trivy_*_Linux-ARM64.tar.gz
           if-no-files-found: error
 
       - name: Upload artifacts (trivy_macOS-64bit)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: trivy_macOS-64bit
           path: dist/trivy_*_macOS-64bit.tar.gz
           if-no-files-found: error
 
       - name: Upload artifacts (trivy_macOS-ARM64)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: trivy_macOS-ARM64
           path: dist/trivy_*_macOS-ARM64.tar.gz

.github/workflows/mkdocs-dev.yaml

@@ -12,15 +12,16 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout main
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           fetch-depth: 0
           persist-credentials: true
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.x
       - name: Install dependencies
         run: |
+          python -m pip install --upgrade pip setuptools wheel
           pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git
           pip install -r docs/build/requirements.txt
         env:

.github/workflows/mkdocs-latest.yaml

@@ -14,15 +14,16 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout main
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           fetch-depth: 0
           persist-credentials: true
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.x
       - name: Install dependencies
         run: |
+          python -m pip install --upgrade pip setuptools wheel
           pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git
           pip install -r docs/build/requirements.txt
         env:

.github/workflows/publish-chart.yaml

@@ -22,22 +22,22 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           fetch-depth: 0
       - name: Install Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78
         with:
           version: v3.5.0
       - name: Set up python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.7
       - name: Setup Chart Linting
         id: lint
-        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992
       - name: Setup Kubernetes cluster (KIND)
-        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140
+        uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced
         with:
           version: ${{ env.KIND_VERSION }}
           image: ${{ env.KIND_IMAGE }}
@@ -55,7 +55,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           fetch-depth: 0
       - name: Install chart-releaser

.github/workflows/release.yaml

@@ -19,12 +19,12 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           fetch-depth: 0
 
       - name: Restore Trivy binaries from cache
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.0
         with:
           path: dist/
           key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
@@ -35,7 +35,7 @@ jobs:
           sudo apt-get -y install rpm reprepro createrepo-c distro-info
 
       - name: Checkout trivy-repo
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           repository: ${{ github.repository_owner }}/trivy-repo
           path: trivy-repo