v0.33.2

What's Changed

• fix(oval): add pseudo server type in NewOVALClient by @MaineK00n in #2254
• chore(deps): bump the others group with 3 updates by @dependabot in #2252
• chore(deps): bump the vuls group across 1 directory with 7 updates by @dependabot in #2258
• chore(deps): bump the trivy group with 2 updates by @dependabot in #2257

Full Changelog: v0.33.1...v0.33.2

v0.33.1

What's Changed

• feat!(contrib/trivy): delete image tag from server name when scanning by trivy by @sadayuki-matsuno in #2250

Full Changelog: v0.33.0...v0.33.1

v0.33.0

What's Changed

• fix(cmd/discover): fix ping options for windows by @MaineK00n in #2211
• fix(scanner): scan lockfiles by @MaineK00n in #2206
• feat(ubuntu): add 25.04 plucky by @MaineK00n in #2210
• feat(detector/vuls2): should download db when the schema versions are different by @MaineK00n in #2212
• fix(detector/vuls2): get metadata after opening db by @MaineK00n in #2214
• chore(deps): bump github.com/MaineK00n/vuls2 by @MaineK00n in #2215
• chore(ci): update dependabot.yml to group dependencies by @shino in #2216
• chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot in #2194
• chore(deps): bump github.com/open-policy-agent/opa from 1.2.0 to 1.4.0 in the go_modules group across 1 directory by @dependabot in #2200
• chore(deps): bump github.com/aquasecurity/trivy from 0.61.0 to 0.62.1 in the trivy group by @dependabot in #2221
• chore(deps): update tablewriter to v1.0.7 by @shino in #2228
• refactor(scanner/redhatbase): strictly parse updatable package line by @MaineK00n in #2218
• chore(deps): bump the others group across 1 directory with 6 updates by @dependabot in #2229
• chore(deps): bump the trivy group with 2 updates by @dependabot in #2224
• feat(os): add rhel-10 eol by @MaineK00n in #2230
• chore(ci): add group all for docker by @MaineK00n in #2232
• fix(integration): correct the wrong submodule hash by @shino in #2233
• chore(deps): bump the others group with 3 updates by @dependabot in #2234
• fix(scanner/windows): print debug log in detect by @MaineK00n in #2237
• fix(scanner/windows): allow only cab file scan for offline scan by @MaineK00n in #2236
• feat(detector/vuls2): add ignore vulnerability pattern by @MaineK00n in #2239
• feat(reporter): add row separator for --format-list by @MaineK00n in #2241
• chore(deps): bump the all group across 1 directory with 8 updates by @dependabot in #2227
• chore(deps): bump the all group with 2 updates by @dependabot in #2235
• feat(server): open db before starting server by @MaineK00n in #2244
• feat(detector/cve): support paloalto and cisco by @MaineK00n in #2240
• chore(deps): bump the others group across 1 directory with 8 updates by @dependabot in #2243
• fix(detector/vuls2): filter VulnerabilityData by Root ID by @MaineK00n in #2247
• feat!(detector): detect oracle and alpine with vuls2 by @MaineK00n in #2157
• chore(deps): bump the others group with 5 updates by @dependabot in #2245
• fix(subcmds/saas): remove timestamped directory in results-dir by @FutureHirai in #2248
• chore(deps): update dictionaries by @shino in #2249

New Contributors

• @FutureHirai made their first contribution in #2248

Full Changelog: v0.32.0...v0.33.0

v0.32.0

What's Changed

• fix(detector/vuls2): fix cvss v3.1 vector check by @MaineK00n in #2204
• chore(deps): bump github.com/MaineK00n/vuls2 by @MaineK00n in #2197
• Create scorecard.yml by @kotakanbe in #2203
• fix(detector/vuls2): fix postConvert by @MaineK00n in #2205

Full Changelog: v0.31.1...v0.32.0

v0.31.1

What's Changed

• fix(ci/goreleaser): set id-token to none for all jobs by @MaineK00n in #2202

Full Changelog: v0.31.0...v0.31.1

v0.31.0

What's Changed

• chore(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.27 by @dependabot in #2151
• fix(scanner/redhatbase): fix cmd in scanUpdatablePackages by @MaineK00n in #2156
• chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot in #2152
• chore(actions): Adjust GitHub Actions permissions (write for release, read-only for others) by @kotakanbe in #2154
• chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @MaineK00n in #2160
• fix(actions): Add security-events write permission to CodeQL results upload by @kotakanbe in #2162
• chore(deps): bump github.com/aquasecurity/trivy from 0.60.0 to 0.61.0 by @dependabot in #2163
• fix(report): Refactor SBOM generation: split functions, improve PURL logic, set OS as root by @kl-sinclair in #2171
• chore(deps): bump golangci/golangci-lint-action from 6 to 7 by @dependabot in #2166
• chore(deps): Pin GitHub Actions and Docker image, configure Dependabot by @kotakanbe in #2159
• fix(report): skip empty properties in OS package SBOM components by @kl-sinclair in #2181
• fix(report): omit empty CWE and rating fields in CycloneDX SBOM by @kl-sinclair in #2182
• feat(detector/vuls2): open with Read Only Mode by @MaineK00n in #2180
• fix(cmd/saas): add timeout option by @wadda0714 in #2183
• chore(deps): bump golang.org/x/text from 0.23.0 to 0.24.0 by @dependabot in #2167
• chore(deps): bump the aws group with 4 updates by @dependabot in #2170
• chore(deps): bump docker/setup-buildx-action from afeb29a6e0d7d6258844ecabe6eba67d13443680 to 941183f0a080fa6be59a9e3d3f4108c19a528204 by @dependabot in #2174
• chore(deps): bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 by @dependabot in #2177
• chore(deps): bump docker/build-push-action from 84ad562665bb303b549fec655d1b64f9945f3f91 to 88844b95d8cbbb41035fa9c94e5967a33b92db78 by @dependabot in #2175
• chore(deps): bump github/codeql-action from e0ea141027937784e3c10ed1679e503fcc2245bc to 45775bd8235c68ba998cffa5171334d58593da47 by @dependabot in #2176
• chore(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 by @dependabot in #2169
• chore(deps): bump the go_modules group across 1 directory with 2 updates by @dependabot in #2179
• feat!(detector): timeout can be set, default is no timeout by @MaineK00n in #2185
• feat(detector/vuls2): fill cvss v4.0 by @MaineK00n in #2186
• chore(deps): bump github.com/kotakanbe/go-pingscanner by @MaineK00n in #2201
• feat(ci): support signed release by @kotakanbe in #2184

Full Changelog: v0.30.0...v0.31.0

v0.30.0

What's Changed

• fix(models/cvecontents): a little more accurate sort by @shino in #2122
• chore(ci): review of build flags, increase of runner storage by @MaineK00n in #2123
• feat(scanner/python/uv): add python uv/poetry-v2 support along with updating trivy to 0.59.1 by @dependabot in #2118
• chore(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 by @dependabot in #2125
• chore(deps): bump golang.org/x/text from 0.21.0 to 0.22.0 by @dependabot in #2126
• chore(deps): bump go.etcd.io/bbolt from 1.3.11 to 1.4.0 by @dependabot in #2128
• chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot in #2129
• chore(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.27.0 by @dependabot in #2133
• chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @dependabot in #2136
• chore(deps): bump github.com/gosnmp/gosnmp from 1.38.0 to 1.39.0 by @dependabot in #2137
• chore(deps): bump github.com/aquasecurity/trivy from 0.59.1 to 0.60.0 by @dependabot in #2140
• chore(deps): bump golang.org/x/text from 0.22.0 to 0.23.0 by @dependabot in #2141
• chore(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 by @dependabot in #2143
• chore(deps): bump golang.org/x/net from 0.34.0 to 0.36.0 by @dependabot in #2146
• chore(deps): bump the aws group across 1 directory with 4 updates by @dependabot in #2149
• feat!(deps): bump vuls dictionary libs by @MaineK00n in #2150

Full Changelog: v0.29.0...v0.30.0

v0.29.0

Changelog

• 4e3ee6a feat(contrib/trivy-to-vuls): add version in LibraryFixedIns (#2121)
• fd2f946 add libraryPkg version (#2120)
• 1638c4b chore(deps): bump the aws group across 1 directory with 5 updates (#2119)
• 80b17a3 chore(deps): bump github.com/samber/lo from 1.47.0 to 1.49.1 (#2117)
• ea6384c chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/storage/azblob (#2115)
• f9d176e fix(cmd/discover): add vuls2 section to the generated config.toml (#2113)
• c6779e4 chore(deps): bump the aws group with 5 updates (#2104)
• 8443175 chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (#2109)
• ee34c84 chore(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#2103)
• e89fc33 feat(detector): use vuls2 for RedHat, CentOS, Alma and Rocky (#2106)
• 40e36cc fix(reporter/http): read response body (#2108)
• 0ec945d fix(scanner/redhatbase): support for empty release in rpm -qa (#2101)
• d3bf2a6 chore(deps): bump the aws group across 1 directory with 5 updates (#2102)
• 98351be chore(deps): bump github.com/aquasecurity/trivy from 0.57.1 to 0.58.1 (#2100)

v0.28.1

What's Changed

• feat(config/os): update eol by @MaineK00n in #2085
• fix(detector/gost/ubuntu): detection logic when esm etc. are mixed by @MaineK00n in #2090
• chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2 by @dependabot in #2089
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.70.0 to 1.71.0 in the aws group by @dependabot in #2078
• chore(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0 by @dependabot in #2080
• chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0 by @dependabot in #2088
• chore(deps): bump golang.org/x/text from 0.20.0 to 0.21.0 by @dependabot in #2081
• fix(scanner/redhatbase): don't return error when parse failure of source file by @shino in #2092
• fix(scanner/suse): skip table header in zypper -q lu by @MaineK00n in #2093

Full Changelog: v0.28.0...v0.28.1

v0.28.0

What's Changed

• feat(contrib/snmp2cpe): add --port/-P option by @MaineK00n in #2046
• feat(scanner/windows): support Windows 11 24H2 by @MaineK00n in #2051
• fix(gost/windows): ignore other products that do not have KBs by @MaineK00n in #2054
• chore(deps): bump github.com/aquasecurity/trivy from 0.56.1 to 0.56.2 by @dependabot in #2049
• chore(deps): bump the aws group across 1 directory with 5 updates by @dependabot in #2052
• feat(ubuntu): add 24.10 oracular by @MaineK00n in #2055
• chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 by @dependabot in #2058
• chore(deps): bump github.com/aquasecurity/trivy from 0.56.2 to 0.57.0 by @dependabot in #2057
• chore(deps): bump the aws group across 1 directory with 5 updates by @dependabot in #2060
• feat(scanner/windows): add Windows Server 2025 and 2022, 23H2 by @MaineK00n in #2059
• feat(oval/oracle): ignore fips patched version for non fips package versions by @wagde-orca in #2047
• chore(deps): bump golang.org/x/text from 0.19.0 to 0.20.0 by @dependabot in #2061
• chore(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 by @dependabot in #2063
• fix(scanner/debian): fill kernel version from kernel package by @MaineK00n in #2064
• feat(scanner): skip SSH configuration validation when ssh-key(scan|gen) failed by @MaineK00n in #2065
• chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/storage/azblob from 1.4.1 to 1.5.0 by @dependabot in #2068
• chore(deps): bump the aws group across 1 directory with 5 updates by @dependabot in #2069
• chore(deps): bump github.com/aquasecurity/trivy from 0.57.0 to 0.57.1 by @dependabot in #2067
• refactor: remove old buildtag by @MaineK00n in #2072
• feat!(scanner/rpm): change queryformat (add sourcerpm) by @MaineK00n in #2074
• chore(deps): bump the aws group with 5 updates by @dependabot in #2073

Full Changelog: v0.27.0...v0.28.0