Skip to content

1.65.0
Compare
Choose a tag to compare
@schnatterer schnatterer released this 06 Jun 15:59
· 110 commits to develop since this release
1.65.0
This tag was signed with the committer’s verified signature.
schnatterer
GPG key ID: 1E32F54EDA5F06AA
Learn about vigilant mode.
bf50262
This commit was signed with the committer’s verified signature.
schnatterer
GPG key ID: 1E32F54EDA5F06AA
Learn about vigilant mode.

Changed

  • findVulnerabilitiesWithTrivy #107
    • Switch from using allowlist param to built-in .trivyignore file. Advantage: More declarative.
      Fewer things in Jenkinsfile. Local trivy scans pick up allowlist as well.
    • Updated Trivy default to 0.41.0 from 0.15.0.
      • Trivy 0.20.0 introduced a JSON schema (see here)
      • findVulnerabilitiesWithTrivy code can now only parse the new one
      • findVulnerabilitiesWithTrivy returns the new schema
    • These are somewhat breaking changes, which will likely not affect anyone. So we dared to make them. Make sure to
      • not use allowlist, if so migrate to .trivyignore
      • not pin the trivyVersion, or update to trivy >= 0.20.0
      • if you parsed the result of findVulnerabilitiesWithTrivy make sure to migrate to new schema,
        e.g. VulnerabilityID moved to .Results[].Vulnerabilities[].VulnerabilityID
Assets 2
Loading