Releases: cloudogu/ces-build-lib
Releases · cloudogu/ces-build-lib
1.66.1
1.66.0
1.65.1: Merge pull request #108 from cloudogu/bugfix/trivy_scanning
Changed
findVulnerabilitiesWithTrivy
schema bug fix
The trivy output scheme is now interpreted correctly
Added additionalFlags
as parameter e.g. '--ingore-unfixed'
can be used now
1.65.0
Changed
findVulnerabilitiesWithTrivy
#107- Switch from using
allowlist
param to built-in.trivyignore
file. Advantage: More declarative.
Fewer things in Jenkinsfile. Local trivy scans pick up allowlist as well. - Updated Trivy default to 0.41.0 from 0.15.0.
- Trivy 0.20.0 introduced a JSON schema (see here)
findVulnerabilitiesWithTrivy
code can now only parse the new onefindVulnerabilitiesWithTrivy
returns the new schema
- These are somewhat breaking changes, which will likely not affect anyone. So we dared to make them. Make sure to
- not use
allowlist
, if so migrate to.trivyignore
- not pin the
trivyVersion
, or update to trivy >=0.20.0
- if you parsed the result of
findVulnerabilitiesWithTrivy
make sure to migrate to new schema,
e.g.VulnerabilityID
moved to.Results[].Vulnerabilities[].VulnerabilityID
- not use
- Switch from using