Security update for trivy (moderate)

An update that fixes three vulnerabilities is now available.

Description:

This update for trivy fixes the following issues:

Update to version 0.30.4:

• fix: remove the first arg when running as a plugin (#2595)
• fix: k8s controlplaner scanning (#2593)
• fix(vuln): GitLab report template (#2578)

Update to version 0.30.3:

• fix(server): use a new db worker for hot updates (#2581)
• docs: add trivy with download-db-only flag to Air-Gapped Environment
  (#2583)
• docs: split commands to download db for different versions of oras
  (#2582)
• feat(report): export exitcode for license checks (#2564)
• fix: cli can use lowercase for severities (#2565)
• fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)
• fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)
• fix: enable some features of the wasm runtime (#2575)
• fix(k8s): no error logged if trivy can’t get docker image in kubernetes
  mode (#2521)
• docs(sbom): improve sbom attestation documentation (#2566)

Update to version 0.30.2:

• fix(report): show the summary without results (#2548)
• fix(cli): replace ‘-’ to ‘_’ for env vars (#2561)

Update to version 0.30.1:

• chore: remove a test repository (#2551)
• fix(license): lazy loading of classifiers (#2547)
• fix: CVE-2022-1996 in Trivy (#2499)
• docs(sbom): add sbom attestation (#2527)
• feat(rocky): set Rocky Linux 9 EOL (#2543)
• docs: add attributes to the video tag to autoplay demo videos (#2538)
• fix: yaml files with non-string chart name (#2534)
• fix: skip dirs (#2530)
• feat(repo): add support for branch, commit, & tag (#2494)
• fix: remove auto configure environment variables via viper (#2526)

Update to version 0.30.0:

• fix: separating multiple licenses from one line in dpkg copyright files
  (#2508)
• fix: change a capital letter for plugin uninstall subcommand (#2519)
• fix: k8s hide empty report when scanning resource (#2517)
• refactor: fix comments (#2516)
• fix: scan vendor dir (#2515)
• feat: Add support for license scanning (#2418)
• chore: add owners for secret scanning (#2485)
• fix: remove dependency-tree flag for image subcommand (#2492)
• fix(k8s): add shorthand for k8s namespace flag (#2495)
• docs: add information about using multiple servers to troubleshooting
  (#2498)
• ci: add pushing canary build images to registries (#2428)
• feat(dotnet): add support for .Net core .deps.json files (#2487)
• feat(amazon): add support for 2022 version (#2429)
• Type correction bitnami chart (#2415)
• docs: add config file and update CLI references (#2489)
• feat: add support for flag groups (#2488)
• refactor: move from urfave/cli to spf13/cobra (#2458)
• fix: Fix secrets output not containing file/lines (#2467)
• fix: clear output with modules (#2478)
• docs(cbl): distroless 1.0 supported (#2473)
• fix: Fix example dockerfile rego policy (#2460)
• fix(config): add helm to list of config analyzers (#2457)
• feat: k8s resouces scan (#2395)
• feat(sbom): add cyclonedx sbom scan (#2203)
• docs: remove links to removed content (#2431)
• ci: added rpm build for rhel 9 (#2437)
• fix(secret): remove space from asymmetric private key (#2434)
• test(integration): fix golden files for debian 9 (#2435)
• fix(cli): fix version string in docs link when secret scanning is
  enabled (#2422)
• refactor: move CycloneDX marshaling (#2420)
• docs(nodejs): add docs about pnpm support (#2423)
• docs: improve k8s usage documentation (#2425)
• feat: Make secrets scanning output consistant (#2410)
• ci: create canary build after main branch changes (#1638)
• fix(misconf): skip broken scans (#2396)
• feat(nodejs): add pnpm support (#2414)
• fix: Fix false positive for use of COS images (#2413)
• eliminate nerdctl dependency (#2412)
• Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)
• fix(go): no cast to lowercase go package names (#2401)
• BREAKING(sbom): change ‘trivy sbom’ to scan SBOM (#2408)
• fix(server): hot update the db from custom repository (#2406)
• feat: added license parser for dpkg (#2381)
• fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key
  (#2400)
• feat: extract stripe publishable and secret keys (#2392)
• feat: rbac support k8s sub-command (#2339)
• feat(ruby): drop platform strings from dependency versions bundled with
  bundler v2 (#2390)
• docs: Updating README with new CLI command (#2359)
• fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug
  (#2383)
• chore: add integration label and merge security label (#2316)

Update to version 0.29.2:

• chore: skip Visual Studio Code project folder (#2379)
• fix(helm): handle charts with templated names (#2374)
• docs: redirect operator docs to trivy-operator repo (#2372)
• fix(secret): use secret result when determining Failed status (#2370)
• try removing libdb-dev
• run integration tests in fanal
• use same testing images in fanal
• feat(helm): add support for trivy dbRepository (#2345)
• fix: Fix failing test due to deref lint issue
• test: Fix broken test
• fix: Fix makefile when no previous named ref is visible in a shallow
  clone
• chore: Fix linting issues in fanal
• refactor: Fix fanal import paths and remove dotfiles

Update to version 0.29.1:

• fix(report): add required fields to the SARIF template (#2341)
• chore: fix spelling errors (#2352)
• Omit Remediation if PrimaryURL is empty (#2006)
• docs(repo): Link to installation documentation in readme shows 404
  (#2348)
• feat(alma): support for scanning of modular packages for AlmaLinux
  (#2347)

Update to version 0.29.0:

• fix(lang): fix dependency graph in client server mode (#2336)
• feat: allow expiration date for .trivyignore entries (#2332)
• feat(lang): add dependency origin graph (#1970)
• docs: update nix installation info (#2331)
• feat: add rbac scanning support (#2328)
• refactor: move WordPress module to another repository (#2329)
• ci: add support for ppc64le (#2281)
• feat: add support for WASM modules (#2195)
• feat(secret): show recommendation for slow scanning (#2051)
• fix(flag): remove --clear-cache flag client mode (#2301)
• fix(java): added check for looping for variable evaluation in pom file
  (#2322)
• BREAKING(k8s): change CLI API (#2186)
• feat(alpine): add Alpine Linux 3.16 (#2319)
• ci: add go mod tidy check (#2314)
• chore: run go mod tidy (#2313)
• fix: do not exit if one resource is not found (#2311)
• feat(cli): use stderr for all log messages (resolve #381) (#2289)
• test: replace deprecated subcommand client in integration tests (#2308)
• feat: add support for containerd (#2305)
• fix(kubernetes): Support floats in manifest yaml (#2297)
• docs(kubernetes): dead links (#2307)
• chore: add license label (#2304)
• feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)
• feat(helm): add pod annotations (#2272)
• refactor: do not import defsec in fanal types package (#2292)
• feat(report): Add misconfiguration support to ASFF report template
  (#2285)
• test: use images in GHCR (#2275)
• feat(helm): support pod annotations (#2265)
• feat(misconf): Helm chart scanning (#2269)
• docs: Update custom rego policy docs to reflect latest defsec/fanal
  changes (#2267)
• fix: mask redis credentials when logging (#2264)
• refactor: extract commands Runner interface (#2147)
• docs: update operator release (#2263)
• feat(redhat): added architecture check (#2172)
• docs: updating links in the docs to work again (#2256)
• docs: fix readme (#2251)
• fix: fixed incorrect CycloneDX output format (#2255)
• refactor(deps): move dependencies to package (#2189)
• fix(report): change github format version to required (#2229)
• docs: update readme (#2110)
• docs: added information about choosing advisory database (#2212)
• chore: update trivy-kubernetes (#2224)
• docs: clarifying parts of the k8s docs and updating links (#2222)
• fix(k8s): timeout error logging (#2179)
• chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)
• feat(k8s): add --context flag (#2171)
• fix(k8s): properly instantiate TableWriter (#2175)
• test: fixed integration tests after updating testcontainers to v0.13.0
  (#2208)
• chore: update labels (#2197)
• fix(report): fixed panic if all misconf reports were removed in filter
  (#2188)
• feat(k8s): scan secrets (#2178)
• feat(report): GitHub Dependency Snapshots support (#1522)
• feat(db): added insecure skip tls verify to download trivy db (#2140)
• fix(redhat): always use vulns with fixed version if there is one (#2165)
• chore(redhat): Add support for Red Hat UBI 9. (#2183)
• fix(k8s): update trivy-kubernetes (#2163)
• fix misconfig start line for code quality tpl (#2181)
• fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)
• docs(vuln): Include GitLab 15.0 integration (#2153)
• docs: fix the operator version (#2167)
• fix(k8s): summary report when when only vulns exit (#2146)
• chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives
  in ksv038) (#2156)
• perf(misconf): Improve performance when scanning very large files (#2152)
• docs(misconf): Update examples and docs to refer to builtin/defsec
  instead of appshield (#2150)
• chore(deps): Update fanal (for less verbose code in misconf results)
  (#2151)
• docs: fixed installation instruction for rhel/centos (#2143)

Update to version 0.28.0 (boo#1199760, CVE-2022-28946):

• fix: remove Highlighted from json output (#2131)
• fix: remove trivy-kubernetes replace (#2132)
• docs: Add Operator docs under Kubernetes section (#2111)
• fix(k8s): security-checks panic (#2127)
• ci: added k8s scope (#2130)
• docs: Update misconfig output in examples (#2128)
• fix(misconf): Fix coloured output in Goland terminal (#2126)
• docs(secret): Fix default value of --security-checks in docs (#2107)
• refactor(report): move colorize function from trivy-db (#2122)
• feat: k8s resource scanning (#2118)
• chore: add CODEOWNERS (#2121)
• feat(image): add --server option for remote scans (#1871)
• refactor: k8s (#2116)
• refactor: export useful APIs (#2108)
• docs: fix k8s doc (#2114)
• feat(kubernetes): Add report flag for summary (#2112)
• fix: Remove problematic advanced rego policies (#2113)
• feat(misconf): Add special output format for misconfigurations (#2100)
• feat: add k8s subcommand (#2065)
• chore: fix make lint version (#2102)
• fix(java): handle relative pom modules (#2101)
• fix(misconf): Add missing links for non-rego misconfig results (#2094)
• feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
• chore(os): updated fanal version and alpine distroless test (#2086)
• feat(report): add support for SPDX (#2059)
• chore: app version 0.27.0 (#2046)
• fix(misconf): added to skip conf files if their scanning is not enabled
  (#2066)
• docs(secret) fix rule path in docs (#2061)
• docs: change from go.sum to go.mod (#2056)

Update to version 0.27.1:

• refactor(fs): scanner options (#2050)
• feat(secret): truncate long line (#2052)
• docs: fix a broken bullets (#2042)
• feat(ubuntu): add 22.04 approx eol date (#2044)
• docs: update installation.md (#2027)
• docs: add Containerfile (#2032)

Update to version 0.27.0:

• fix(go): fixed panic to scan gomod without version (#2038)
• docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
• feat(secret): support enable rules (#2035)
• chore: app version 26.0 (#2030)
• docs(secret): add a demo movie (#2031)
• feat: support cache TTL in Redis (#2021)
• fix(go): skip system installed binaries (#2028)
• fix(go): check if go.sum is nil (#2029)
• feat: add secret scanning (#1901)
• chore: gh publish only with push the tag release (#2025)
• fix(fs): ignore permission errors (#2022)
• test(mod): using correct module inside test go.mod (#2020)
• feat(server): re-add proxy support for client/server communications
  (#1995)
• fix(report): truncate a description before escaping in ASFF template
  (#2004)
• fix(cloudformation): correct margin removal for empty lines (#2002)
• fix(template): correct check of old sarif template files (#2003)

Update to version 0.26.0:

• feat(alpine): warn mixing versions (#2000)
• Update ASFF template (#1914)
• chore(deps): replace containerd/containerd version to fix
  CVE-2022-23648 (#1994)
• test(go): add integration tests for gomod (#1989)
• fix(python): fixed panic when scan .egg archive (#1992)
• fix(go): set correct go modules type (#1990)
• feat(alpine): support apk repositories (#1987)
• docs: add CBL-Mariner (#1982)
• docs(go): fix version (#1986)
• feat(go): support go.mod in Go 1.17+ (#1985)
• ci: fix URLs in the PR template (#1972)
• ci: add semantic pull requests check (#1968)
• docs(issue): added docs for wrong detection issues (#1961)

Update to version 0.25.4:

• docs: move CONTRIBUTING.md to docs (#1971)
• refactor(table): use file name instead package path (#1966)
• fix(sbom): add --db-repository (#1964)
• feat(table): add PkgPath in table result (#1960)
• fix(pom): merge multiple pom imports in a good manner (#1959)

Update to version 0.25.3:

• fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands
  (#1956)
• fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
• fix(misconf): Update fanal/defsec to resolve missing metadata issues
  (#1947)
• feat(jar): allow setting Maven Central URL using environment variable
  (#1939)
• chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
• chore(chart): remove version comments (#1933)

Update to version 0.25.2:

• fix(downloadDB): add flag to server command (#1942)

Update to version 0.25.1:

• fix(misconf): update defsec to resolve panics (#1935)
• docs: restructure the documentation (#1887)
• Add trivy horizontal logo (#1932)
• feat(db): Add dbRepository flag to get advisory database from OCI
  registry (#1873)

• Buildrequire go1.18 as upstream says in go.mod

Update to version 0.25.0:

• docs(filter vulnerabilities): fix link (#1880)
• feat(template) Add misconfigurations to gitlab codequality report (#1756)
• fix(rpc): add PkgPath field to client / server mode (#1643)
• fix(vulnerabilities): fixed trivy-db vulns (#1883)
• feat(cache): remove temporary cache after filesystem scanning (#1868)
• feat(sbom): add a dedicated sbom command (#1799)
• feat(cyclonedx): add vulnerabilities (#1832)
• fix(option): hide false warning about remote options (#1865)
• feat(filesystem): scan in client/server mode (#1829)
• refactor(template): remove unused test (#1861)
• fix(cli): json format for trivy version (#1854)
• docs: change URL for tfsec-checks (#1857)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Backports SLE-15-SP3:

  zypper in -t patch openSUSE-2022-10094=1