v0.17.0 #966
aqua-bot
announced in
Announcements
v0.17.0
#966
Replies: 3 comments 8 replies
-
|
I hope you enjoy this release! ⚡️ |
Beta Was this translation helpful? Give feedback.
6 replies
-
|
Very nice! The go binary detection, does it handle stripped binaries as well or is the metadata required? :) |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Great! 👍 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
💔 BREAKING CHANGES 💔
Change the way
--skip-dirsand--skip-filesare specifiedBefore: comma-separated
After: repeat options
🚀 What's new? 🚀
Support JAR/WAR/EAR files ☕
Trivy looks for all Java archives such as JAR, WAR, and EAR on container images and filesystems to detect vulnerabilities. Be aware that Trivy may be calling HTTP API to detect artifactId and groupId from those files. In other words, it doesn't work under air-gapped environment.Also, they take time, and as a result, your scan may time out. In that case, increase the value of the --timeout option.
Currently, even if the
--skip-dirsor--skip-filesoption is specified, all Java archives are detected. If your scan target has a lot of JAR/WAR/EAR files, it will take a long time.--skip-dirsand--skip-fileswill be improved in the near future.Support Go binaries 🦍
Trivy looks for all binaries built by Go on container images and filesystems to detect known vulnerabilities. It works properly even if your image is built on scratch and
go.sumis not present in the container image.go.sumwill be also supported shortly.Go scanning currently depends on GitLab Community Advisories. After integrating The Go Vulnerability Database into Trivy DB, the accuracy would be even better. Watch this issue.
Support plugins 🔌
Trivy provides a plugin feature to allow others to extend the Trivy CLI without the need to change the Trivy code base.
You will find an example here.
For more detail: https://aquasecurity.github.io/trivy/v0.17.0/plugins/
Support Sprig functions in template
Sprig functions can be used in custom templates.
For more detai: https://aquasecurity.github.io/trivy/v0.17.0/examples/report/#custom-template
Publish official images in ECR Public Gallery
Official images are available in ECR Public Gallery now.
https://gallery.ecr.aws/aquasecurity/trivy
Publish arm64 images
In addition to amd64 images, arm64 images are published now.
Publish Apple M1 binary 🍎
trivy_0.17.0_macOS-ARM64.tar.gzis available now.Publish Helm Chart ☸️
For more detail: https://aquasecurity.github.io/trivy/v0.17.0/installation/#helm
Release the document site 📝
https://aquasecurity.github.io/trivy/latest/
🐞 Bug fixes 🐛
Fix compatibility for Jenkins xunit plugin (#820)
Remove SARIF helpUri if empty (#845)
Allow the latest tag (#864)
Add package name in ruleID (#913)
Fix JUnit template for AWS CodeBuild compatibility (#904)
Changelog
https://github.com/aquasecurity/trivy/releases/tag/v0.17.0
Docker images
docker pull aquasec/trivy:0.17.0docker pull ghcr.io/aquasecurity/trivy:0.17.0docker pull public.ecr.aws/aquasecurity/trivy:0.17.0docker pull aquasec/trivy:latestdocker pull ghcr.io/aquasecurity/trivy:latestdocker pull public.ecr.aws/aquasecurity/trivy:latestThis discussion was created from the release v0.17.0.
Beta Was this translation helpful? Give feedback.
All reactions