{"affected":[{"ecosystem_specific":{"binaries":[{"trivy":"0.28.0-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"trivy","purl":"pkg:rpm/suse/trivy&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.28.0-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"trivy":"0.28.0-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"trivy","purl":"pkg:rpm/opensuse/trivy&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.28.0-bp154.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for trivy fixes the following issues:\n\ntrivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946):\n\n* fix: remove Highlighted from json output (#2131)\n* fix: remove trivy-kubernetes replace (#2132)\n* docs: Add Operator docs under Kubernetes section (#2111)\n* fix(k8s): security-checks panic (#2127)\n* ci: added k8s scope (#2130)\n* docs: Update misconfig output in examples (#2128)\n* fix(misconf): Fix coloured output in Goland terminal (#2126)\n* docs(secret): Fix default value of --security-checks in docs (#2107)\n* refactor(report): move colorize function from trivy-db (#2122)\n* feat: k8s resource scanning (#2118)\n* chore: add CODEOWNERS (#2121)\n* feat(image): add `--server` option for remote scans (#1871)\n* refactor: k8s (#2116)\n* refactor: export useful APIs (#2108)\n* docs: fix k8s doc (#2114)\n* feat(kubernetes): Add report flag for summary (#2112)\n* fix: Remove problematic advanced rego policies (#2113)\n* feat(misconf): Add special output format for misconfigurations (#2100)\n* feat:  add k8s subcommand (#2065)\n* chore: fix make lint version (#2102)\n* fix(java): handle relative pom modules (#2101)\n* fix(misconf): Add missing links for non-rego misconfig results (#2094)\n* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)\n* chore(deps): bump trivy-issue-action to v0.0.4 (#2091)\n* chore(deps): bump github.com/twitchtv/twirp (#2077)\n* chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074)\n* chore(os): updated fanal version and alpine distroless test (#2086)\n* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075)\n* chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076)\n* feat(report): add support for SPDX (#2059)\n* chore(deps): bump actions/setup-go from 2 to 3 (#2073)\n* chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071)\n* chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069)\n* chore(deps): bump actions/stale from 4 to 5 (#2070)\n* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072)\n* chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#2079)\n* chore: app version 0.27.0 (#2046)\n* fix(misconf): added to skip conf files if their scanning is not enabled (#2066)\n* docs(secret) fix rule path in docs (#2061)\n* docs: change from go.sum to go.mod (#2056)\n\nUpdate to version 0.27.1:\n\n* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (#1926)\n* refactor(fs): scanner options (#2050)\n* feat(secret): truncate long line (#2052)\n* docs: fix a broken bullets (#2042)\n* feat(ubuntu): add 22.04 approx eol date (#2044)\n* docs: update installation.md (#2027)\n* docs: add Containerfile (#2032)\n\nUpdate to version 0.27.0:\n\n* fix(go): fixed panic to scan gomod without version (#2038)\n* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)\n* feat(secret): support enable rules (#2035)\n* chore: app version 26.0 (#2030)\n* docs(secret): add a demo movie (#2031)\n* feat: support cache TTL in Redis (#2021)\n* fix(go): skip system installed binaries (#2028)\n* fix(go): check if go.sum is nil (#2029)\n* feat: add secret scanning (#1901)\n* chore: gh publish only with push the tag release (#2025)\n* fix(fs): ignore permission errors (#2022)\n* test(mod): using correct module inside test go.mod (#2020)\n* feat(server): re-add proxy support for client/server communications (#1995)\n* fix(report): truncate a description before escaping in ASFF template (#2004)\n* fix(cloudformation): correct margin removal for empty lines (#2002)\n* fix(template): correct check of old sarif template files (#2003)\n\nUpdate to version 0.26.0:\n\n* feat(alpine): warn mixing versions (#2000)\n* Update ASFF template (#1914)\n* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)\n* chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)\n* test(go): add integration tests for gomod (#1989)\n* fix(python): fixed panic when scan .egg archive (#1992)\n* fix(go): set correct go modules type (#1990)\n* feat(alpine): support apk repositories (#1987)\n* docs: add CBL-Mariner (#1982)\n* docs(go): fix version (#1986)\n* feat(go): support go.mod in Go 1.17+ (#1985)\n* ci: fix URLs in the PR template (#1972)\n* ci: add semantic pull requests check (#1968)\n* docs(issue): added docs for wrong detection issues (#1961)\n\nUpdate to version 0.25.4:\n\n* docs: move CONTRIBUTING.md to docs (#1971)\n* refactor(table): use file name instead package path (#1966)\n* fix(sbom): add --db-repository (#1964)\n* feat(table): add PkgPath in table result (#1960)\n* fix(pom): merge multiple pom imports in a good manner (#1959)\n\nUpdate to version 0.25.3:\n\n* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)\n* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)\n* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)\n* feat(jar): allow setting Maven Central URL using environment variable (#1939)\n* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)\n* chore(chart): remove version comments (#1933)\n\nUpdate to version 0.25.2:\n\n* fix(downloadDB): add flag to server command (#1942)\n\nUpdate to version 0.25.1:\n\n* fix(misconf): update defsec to resolve panics (#1935)\n* chore(deps): bump github.com/docker/docker (#1924)\n* docs: restructure the documentation (#1887)\n* chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)\n* chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)\n* chore(deps): bump actions/checkout from 2 to 3 (#1916)\n* chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921)\n* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)\n* chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)\n* chore(deps): bump golang from 1.17 to 1.18.0 (#1915)\n* Add trivy horizontal logo (#1932)\n* chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)\n* chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925)\n* chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)\n* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)\n\nUpdate to version 0.25.0:\n\n* docs(filter vulnerabilities): fix link (#1880)\n* feat(template) Add misconfigurations to gitlab codequality report (#1756)\n* fix(rpc): add PkgPath field to client / server mode (#1643)\n* fix(vulnerabilities): fixed trivy-db vulns (#1883)\n* feat(cache): remove temporary cache after filesystem scanning (#1868)\n* feat(sbom): add a dedicated sbom command (#1799)\n* feat(cyclonedx): add vulnerabilities (#1832)\n* fix(option): hide false warning about remote options (#1865)\n* chore: bump up Go to 1.18 (#1862)\n* feat(filesystem): scan in client/server mode (#1829)\n* refactor(template): remove unused test (#1861)\n* fix(cli): json format for trivy version (#1854)\n* docs: change URL for tfsec-checks (#1857)\n","id":"openSUSE-SU-2022:10022-1","modified":"2022-06-21T16:01:17Z","published":"2022-06-21T16:01:17Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43ATI5PP2NX5LEC336CTPYZBZIQPNK2B/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199760"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23648"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-28946"}],"related":["CVE-2022-23648","CVE-2022-28946"],"summary":"Security update for trivy","upstream":["CVE-2022-23648","CVE-2022-28946"]}