Releases: aquasecurity/trivy-action
Releases · aquasecurity/trivy-action
v0.36.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- chore(ci): update bump-trivy workflow by @DmitriyLewen in #546
- ci: use action.yaml as single source of truth for Trivy version by @nikpivkin in #552
- ci: replace peter-evans/create-pull-request with gh CLI by @nikpivkin in #550
- test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @nikpivkin in #555
- ci: add dependabot config by @nikpivkin in #556
- chore: add zizmor config by @nikpivkin in #557
- chore(deps): bump the actions group with 5 updates by @dependabot[bot] in #558
- fix: use portable shebang in entrypoint.sh by @Hayao0819 in #545
- Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @patrik-csak in #547
- Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @Aditya09-cse in #548
- chore: use GitHub Actions as git commit author in bump-trivy workflow by @nikpivkin in #561
- chore(deps): Update trivy to v0.70.0 by @Argon-DevOps-Mgt in #559
- chore: update action version to v0.36.0 in examples by @nikpivkin in #563
New Contributors
- @dependabot[bot] made their first contribution in #558
- @Hayao0819 made their first contribution in #545
- @patrik-csak made their first contribution in #547
- @Aditya09-cse made their first contribution in #548
- @Argon-DevOps-Mgt made their first contribution in #559
Full Changelog: v0.35.0...v0.36.0
Contributors
patrik-csak, dependabot, and 5 other contributors
Assets 3
Release: v0.35.0
Immutable
release. Only release title and notes can be modified.
This release is a duplicate of 0.35.0 which was not compromised.
As part of our response to the recent supply chain attack, we have migrated all tags to use the v prefix (e.g., v0.35.0 instead of 0.35.0). Going forward, all new releases will use the v prefix convention.
We have intentionally kept the 0.35.0 tag intact to avoid breaking existing workflows that depend on it.
If you are currently using 0.35.0, your workflows are safe — no action is required.
Release: 0.35.0
What's Changed
Full Changelog: 0.34.2...0.35.0
Contributors
aqua-bot
Assets 3
Release: v0.34.0
Immutable
release. Only release title and notes can be modified.
Full Changelog: v0.33.1...v0.34.0
Release: v0.33.1
Immutable
release. Only release title and notes can be modified.
What's Changed
- Update setup-trivy action to version v0.2.4 by @martincostello in #486
Full Changelog: v0.33.0...v0.33.1
Contributors
martincostello
Assets 3
Release: v0.33.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- Update dependencies in README by @ibakshay in #378
- doc: correct sbom fs scan by @yxtay in #458
- Pin actions/cache by SHA by @martincostello in #480
- chore(ci): Add oras to correctly setup sync jobs by @simar7 in #482
- chore(deps): Update trivy to v0.65.0 by @aqua-bot in #481
New Contributors
Full Changelog: v0.32.0...v0.33.0
Contributors
simar7, martincostello, and 3 other contributors
Assets 3
Release: v0.32.0
Immutable
release. Only release title and notes can be modified.
What's Changed
Full Changelog: v0.31.0...v0.32.0
Contributors
aqua-bot
Assets 3
Release: v0.31.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- docs: add info that
unix:/prefix is required fordocker-hostinput by @DmitriyLewen in #455 - Fix Trivy action inputs leaking between invocations (#422) by @rvesse in #454
- Pin aquasecuriy/setup-trivy to hash instead of tag by @lhotari in #456
- Bump Trivy version to fix GitHub actions by @maximmasiutin in #460
- refactor: use ubuntu 24.04 in example code by @simar7 in #465
- ci: fix workflow to bump Trivy by @nikpivkin in #466
- chore(deps): Update trivy to v0.63.0 by @aqua-bot in #467
New Contributors
- @lhotari made their first contribution in #456
- @maximmasiutin made their first contribution in #460
Full Changelog: v0.30.0...v0.31.0
Contributors
lhotari, simar7, and 5 other contributors
Assets 3
Release: v0.30.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- fix: Update default trivy version in README by @derrix060 in #444
- fix: typo in description of an input for action.yaml by @yutatokoi in #452
- Improve README/SBOM by @AB-xdev in #439
- chore: bump trivy to v0.60.0 by @nikpivkin in #453
New Contributors
- @derrix060 made their first contribution in #444
- @yutatokoi made their first contribution in #452
- @AB-xdev made their first contribution in #439
Full Changelog: v0.29.0...v0.30.0
Contributors
derrix060, AB-xdev, and 2 other contributors
Assets 3
Release: v0.29.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- feat: Allow skipping setup by @rvesse in #414
- Fix oras command not found in "Update Trivy Cache" action by @Tiryoh in #413
- Update README.md by @simar7 in #420
- feat: add token for
setup-trivyby @DmitriyLewen in #421 - fix: bump
setup-trivyand add newcontribdirectory path info by @DmitriyLewen in #424 - docs: remove ignore-unfixed from IaC scan example by @nikpivkin in #429
- chore(deps): Bump trivy to v0.57.1 by @simar7 in #434
New Contributors
Full Changelog: v0.28.0...v0.29.0
Contributors
simar7, rvesse, and 3 other contributors