[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2022:10094-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":56,"epss":9,"epss_history":57,"metrics":58,"affected":59},"OPENSUSE-SU-2022:10094-1","Security update for trivy\n\nThis update for trivy fixes the following issues:\n\nUpdate to version 0.30.4:\n\n* fix: remove the first arg when running as a plugin (#2595)\n* fix: k8s controlplaner scanning (#2593)\n* fix(vuln): GitLab report template (#2578)\n\nUpdate to version 0.30.3:\n\n* fix(server): use a new db worker for hot updates (#2581)\n* docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583)\n* docs: split commands to download db for different versions of oras (#2582)\n* feat(report): export exitcode for license checks (#2564)\n* fix: cli can use lowercase for severities (#2565)\n* fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)\n* fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)\n* fix: enable some features of the wasm runtime (#2575)\n* fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521)\n* docs(sbom): improve sbom attestation documentation (#2566)\n\nUpdate to version 0.30.2:\n\n* fix(report): show the summary without results (#2548)\n* fix(cli): replace '-' to '_' for env vars (#2561)\n\nUpdate to version 0.30.1:\n\n* chore: remove a test repository (#2551)\n* fix(license): lazy loading of classifiers (#2547)\n* fix: CVE-2022-1996 in Trivy (#2499)\n* docs(sbom): add sbom attestation (#2527)\n* feat(rocky): set Rocky Linux 9 EOL (#2543)\n* docs: add attributes to the video tag to autoplay demo videos (#2538)\n* fix: yaml files with non-string chart name (#2534)\n* fix: skip dirs (#2530)\n* feat(repo): add support for branch, commit, & tag (#2494)\n* fix: remove auto configure environment variables via viper (#2526)\n\nUpdate to version 0.30.0:\n\n* fix: separating multiple licenses from one line in dpkg copyright files (#2508)\n* fix: change a capital letter for `plugin uninstall` subcommand (#2519)\n* fix: k8s hide empty report when scanning resource (#2517)\n* refactor: fix comments (#2516)\n* fix: scan vendor dir (#2515)\n* feat: Add support for license scanning (#2418)\n* chore: add owners for secret scanning (#2485)\n* fix: remove dependency-tree flag for image subcommand (#2492)\n* fix(k8s): add shorthand for k8s namespace flag (#2495)\n* docs: add information about using multiple servers to troubleshooting (#2498)\n* ci: add pushing canary build images to registries (#2428)\n* feat(dotnet): add support for .Net core .deps.json files (#2487)\n* feat(amazon): add support for 2022 version (#2429)\n* Type correction bitnami chart (#2415)\n* docs: add config file and update CLI references (#2489)\n* feat: add support for flag groups (#2488)\n* refactor: move from urfave/cli to spf13/cobra (#2458)\n* fix: Fix secrets output not containing file/lines (#2467)\n* fix: clear output with modules (#2478)\n* docs(cbl): distroless 1.0 supported (#2473)\n* fix: Fix example dockerfile rego policy (#2460)\n* fix(config): add helm to list of config analyzers (#2457)\n* feat: k8s resouces scan (#2395)\n* feat(sbom): add cyclonedx sbom scan (#2203)\n* docs: remove links to removed content (#2431)\n* ci: added rpm build for rhel 9 (#2437)\n* fix(secret): remove space from asymmetric private key (#2434)\n* test(integration): fix golden files for debian 9 (#2435)\n* fix(cli): fix version string in docs link when secret scanning is enabled (#2422)\n* refactor: move CycloneDX marshaling (#2420)\n* docs(nodejs): add docs about pnpm support (#2423)\n* docs: improve k8s usage documentation (#2425)\n* feat: Make secrets scanning output consistant (#2410)\n* ci: create canary build after main branch changes  (#1638)\n* fix(misconf): skip broken scans (#2396)\n* feat(nodejs): add pnpm support (#2414)\n* fix: Fix false positive for use of COS images (#2413)\n* eliminate nerdctl dependency (#2412)\n* Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)\n* fix(go): no cast to lowercase go package names (#2401)\n* BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408)\n* fix(server): hot update the db from custom repository (#2406)\n* feat: added license parser for dpkg (#2381)\n* fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400)\n* feat: extract stripe publishable and secret keys (#2392)\n* feat: rbac support k8s sub-command (#2339)\n* feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390)\n* docs: Updating README with new CLI command (#2359)\n* fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383)\n* chore: add integration label and merge security label (#2316)\n\nUpdate to version 0.29.2:\n\n* chore: skip Visual Studio Code project folder (#2379)\n* fix(helm): handle charts with templated names (#2374)\n* docs: redirect operator docs to trivy-operator repo (#2372)\n* fix(secret): use secret result when determining Failed status (#2370)\n* try removing libdb-dev\n* run integration tests in fanal\n* use same testing images in fanal\n* feat(helm): add support for trivy dbRepository (#2345)\n* fix: Fix failing test due to deref lint issue\n* test: Fix broken test\n* fix: Fix makefile when no previous named ref is visible in a shallow clone\n* chore: Fix linting issues in fanal\n* refactor: Fix fanal import paths and remove dotfiles\n\nUpdate to version 0.29.1:\n\n* fix(report): add required fields to the SARIF template (#2341)\n* chore: fix spelling errors (#2352)\n* Omit Remediation if PrimaryURL is empty (#2006)\n* docs(repo): Link to installation documentation in readme shows 404 (#2348)\n* feat(alma): support for scanning of modular packages for AlmaLinux (#2347)\n\nUpdate to version 0.29.0:\n\n* fix(lang): fix dependency graph in client server mode (#2336)\n* feat: allow expiration date for .trivyignore entries (#2332)\n* feat(lang): add dependency origin graph (#1970)\n* docs: update nix installation info (#2331)\n* feat: add rbac scanning support (#2328)\n* refactor: move WordPress module to another repository (#2329)\n* ci: add support for ppc64le (#2281)\n* feat: add support for WASM modules (#2195)\n* feat(secret): show recommendation for slow scanning (#2051)\n* fix(flag): remove --clear-cache flag client mode (#2301)\n* fix(java): added check for looping for variable evaluation in pom file (#2322)\n* BREAKING(k8s): change CLI API (#2186)\n* feat(alpine): add Alpine Linux 3.16 (#2319)\n* ci: add `go mod tidy` check (#2314)\n* chore: run `go mod tidy` (#2313)\n* fix: do not exit if one resource is not found (#2311)\n* feat(cli): use stderr for all log messages (resolve #381) (#2289)\n* test: replace deprecated subcommand client in integration tests (#2308)\n* feat: add support for containerd (#2305)\n* fix(kubernetes): Support floats in manifest yaml (#2297)\n* docs(kubernetes): dead links (#2307)\n* chore: add license label (#2304)\n* feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)\n* feat(helm): add pod annotations (#2272)\n* refactor: do not import defsec in fanal types package (#2292)\n* feat(report): Add misconfiguration support to ASFF report template (#2285)\n* test: use images in GHCR (#2275)\n* feat(helm): support pod annotations (#2265)\n* feat(misconf): Helm chart scanning (#2269)\n* docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267)\n* fix: mask redis credentials when logging (#2264)\n* refactor: extract commands Runner interface (#2147)\n* docs: update operator release (#2263)\n* feat(redhat): added architecture check (#2172)\n* docs: updating links in the docs to work again (#2256)\n* docs: fix readme (#2251)\n* fix: fixed incorrect CycloneDX output format (#2255)\n* refactor(deps): move dependencies to package (#2189)\n* fix(report): change github format version to required (#2229)\n* docs: update readme (#2110)\n* docs: added information about choosing advisory database (#2212)\n* chore: update trivy-kubernetes (#2224)\n* docs: clarifying parts of the k8s docs and updating links (#2222)\n* fix(k8s): timeout error logging (#2179)\n* chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)\n* feat(k8s): add --context flag (#2171)\n* fix(k8s): properly instantiate TableWriter (#2175)\n* test: fixed integration tests after updating testcontainers to v0.13.0 (#2208)\n* chore: update labels (#2197)\n* fix(report): fixed panic if all misconf reports were removed in filter (#2188)\n* feat(k8s): scan secrets (#2178)\n* feat(report): GitHub Dependency Snapshots support (#1522)\n* feat(db): added insecure skip tls verify to download trivy db (#2140)\n* fix(redhat): always use vulns with fixed version if there is one (#2165)\n* chore(redhat): Add support for Red Hat UBI 9. (#2183)\n* fix(k8s): update trivy-kubernetes (#2163)\n*  fix misconfig start line for code quality tpl (#2181)\n* fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)\n* docs(vuln): Include GitLab 15.0 integration (#2153)\n* docs: fix the operator version (#2167)\n* fix(k8s): summary report when when only vulns exit (#2146)\n* chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156)\n* perf(misconf): Improve performance when scanning very large files (#2152)\n* docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150)\n* chore(deps): Update fanal (for less verbose code in misconf results) (#2151)\n* docs: fixed installation instruction for rhel/centos (#2143)\n\nUpdate to version 0.28.0 (boo#1199760, CVE-2022-28946):\n\n* fix: remove Highlighted from json output (#2131)\n* fix: remove trivy-kubernetes replace (#2132)\n* docs: Add Operator docs under Kubernetes section (#2111)\n* fix(k8s): security-checks panic (#2127)\n* ci: added k8s scope (#2130)\n* docs: Update misconfig output in examples (#2128)\n* fix(misconf): Fix coloured output in Goland terminal (#2126)\n* docs(secret): Fix default value of --security-checks in docs (#2107)\n* refactor(report): move colorize function from trivy-db (#2122)\n* feat: k8s resource scanning (#2118)\n* chore: add CODEOWNERS (#2121)\n* feat(image): add `--server` option for remote scans (#1871)\n* refactor: k8s (#2116)\n* refactor: export useful APIs (#2108)\n* docs: fix k8s doc (#2114)\n* feat(kubernetes): Add report flag for summary (#2112)\n* fix: Remove problematic advanced rego policies (#2113)\n* feat(misconf): Add special output format for misconfigurations (#2100)\n* feat:  add k8s subcommand (#2065)\n* chore: fix make lint version (#2102)\n* fix(java): handle relative pom modules (#2101)\n* fix(misconf): Add missing links for non-rego misconfig results (#2094)\n* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)\n* chore(os): updated fanal version and alpine distroless test (#2086)\n* feat(report): add support for SPDX (#2059)\n* chore: app version 0.27.0 (#2046)\n* fix(misconf): added to skip conf files if their scanning is not enabled (#2066)\n* docs(secret) fix rule path in docs (#2061)\n* docs: change from go.sum to go.mod (#2056)\n\nUpdate to version 0.27.1:\n\n* refactor(fs): scanner options (#2050)\n* feat(secret): truncate long line (#2052)\n* docs: fix a broken bullets (#2042)\n* feat(ubuntu): add 22.04 approx eol date (#2044)\n* docs: update installation.md (#2027)\n* docs: add Containerfile (#2032)\n\nUpdate to version 0.27.0:\n\n* fix(go): fixed panic to scan gomod without version (#2038)\n* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)\n* feat(secret): support enable rules (#2035)\n* chore: app version 26.0 (#2030)\n* docs(secret): add a demo movie (#2031)\n* feat: support cache TTL in Redis (#2021)\n* fix(go): skip system installed binaries (#2028)\n* fix(go): check if go.sum is nil (#2029)\n* feat: add secret scanning (#1901)\n* chore: gh publish only with push the tag release (#2025)\n* fix(fs): ignore permission errors (#2022)\n* test(mod): using correct module inside test go.mod (#2020)\n* feat(server): re-add proxy support for client/server communications (#1995)\n* fix(report): truncate a description before escaping in ASFF template (#2004)\n* fix(cloudformation): correct margin removal for empty lines (#2002)\n* fix(template): correct check of old sarif template files (#2003)\n\nUpdate to version 0.26.0:\n\n* feat(alpine): warn mixing versions (#2000)\n* Update ASFF template (#1914)\n* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)\n* test(go): add integration tests for gomod (#1989)\n* fix(python): fixed panic when scan .egg archive (#1992)\n* fix(go): set correct go modules type (#1990)\n* feat(alpine): support apk repositories (#1987)\n* docs: add CBL-Mariner (#1982)\n* docs(go): fix version (#1986)\n* feat(go): support go.mod in Go 1.17+ (#1985)\n* ci: fix URLs in the PR template (#1972)\n* ci: add semantic pull requests check (#1968)\n* docs(issue): added docs for wrong detection issues (#1961)\n\nUpdate to version 0.25.4:\n\n* docs: move CONTRIBUTING.md to docs (#1971)\n* refactor(table): use file name instead package path (#1966)\n* fix(sbom): add --db-repository (#1964)\n* feat(table): add PkgPath in table result (#1960)\n* fix(pom): merge multiple pom imports in a good manner (#1959)\n\nUpdate to version 0.25.3:\n\n* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)\n* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)\n* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)\n* feat(jar): allow setting Maven Central URL using environment variable (#1939)\n* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)\n* chore(chart): remove version comments (#1933)\n\nUpdate to version 0.25.2:\n\n* fix(downloadDB): add flag to server command (#1942)\n\nUpdate to version 0.25.1:\n\n* fix(misconf): update defsec to resolve panics (#1935)\n* docs: restructure the documentation (#1887)\n* Add trivy horizontal logo (#1932)\n* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)\n\n- Buildrequire go1.18 as upstream says in go.mod\n\nUpdate to version 0.25.0:\n\n* docs(filter vulnerabilities): fix link (#1880)\n* feat(template) Add misconfigurations to gitlab codequality report (#1756)\n* fix(rpc): add PkgPath field to client / server mode (#1643)\n* fix(vulnerabilities): fixed trivy-db vulns (#1883)\n* feat(cache): remove temporary cache after filesystem scanning (#1868)\n* feat(sbom): add a dedicated sbom command (#1799)\n* feat(cyclonedx): add vulnerabilities (#1832)\n* fix(option): hide false warning about remote options (#1865)\n* feat(filesystem): scan in client/server mode (#1829)\n* refactor(template): remove unused test (#1861)\n* fix(cli): json format for trivy version (#1854)\n* docs: change URL for tfsec-checks (#1857)\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2022-1996",{"_key":17},"CVE-2022-23648",{"_key":19},"CVE-2022-28946",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2022-08-20T10:02:00Z","2026-02-04T03:36:31.781780Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,38,43,48,52],{"url":32,"sources":33,"tags":36},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TFXT5GO737TPBRXIUOZS7A3WOJKWSJAX/",[34,35],"osv_suse","osv_opensuse",[37],"Advisory",{"url":39,"sources":40,"tags":41},"https://bugzilla.suse.com/1199760",[34,35],[42],"REPORT",{"url":44,"sources":45,"tags":46},"https://www.suse.com/security/cve/CVE-2022-1996",[34,35],[47],"WEB",{"url":49,"sources":50,"tags":51},"https://www.suse.com/security/cve/CVE-2022-23648",[34,35],[47],{"url":53,"sources":54,"tags":55},"https://www.suse.com/security/cve/CVE-2022-28946",[34,35],[47],[],[],[],[60,73],{"ecosystem":61,"name":62,"vendor":63,"product":64,"cpe_part":9,"purl_type":65,"purl_namespace":63,"purl_name":64,"source":9,"versions":66},"openSUSE","trivy","opensuse","trivy&distro=openSUSE Leap 15.3","rpm",[67],{"version":68,"is_range":69,"range_type":70,"version_start":9,"version_start_type":9,"version_end":71,"version_end_type":72,"fixed_in":9},"lt0_30_4_bp153_8_1",true,"ecosystem","0.30.4-bp153.8.1","excluding",{"ecosystem":74,"name":62,"vendor":75,"product":76,"cpe_part":9,"purl_type":65,"purl_namespace":75,"purl_name":76,"source":9,"versions":77},"SUSE Linux Enterprise","suse","trivy&distro=SUSE Package Hub 15 SP3",[78],{"version":68,"is_range":69,"range_type":70,"version_start":9,"version_start_type":9,"version_end":71,"version_end_type":72,"fixed_in":9}]