Releases: aquasecurity/trivy-operator
Releases · aquasecurity/trivy-operator
v0.30.1
What's Changed
🐛 Notable Fixes 🐛
📝 Documentation && Miscellaneous 🔧
- chore: bump up KinD and K8s versions by @afdesk in #2802
- chore(deps): bump up cloudflare/circl to version 1.6.3 by @afdesk in #2900
- chore: bump up Trivy to version v0.69.2 by @afdesk in #2905
- chore: bump up Trivy to version v0.69.3 by @afdesk in #2918
👒 Dependencies 👒
- build(deps): bump ubi9/ubi-minimal from
759f5f4toc7d4414in /build/trivy-operator by @dependabot[bot] in #2892 - build(deps): bump github.com/onsi/gomega from 1.39.0 to 1.39.1 in the common group by @dependabot[bot] in #2876
- build(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 in the golang group by @dependabot[bot] in #2877
- build(deps): bump github.com/google/go-containerregistry from 0.20.7 to 0.21.0 in the common group by @dependabot[bot] in #2894
- build(deps): bump github.com/aquasecurity/trivy from 0.69.1 to 0.69.2 in the aqua group by @dependabot[bot] in #2909
New Contributors
Full Changelog: v0.30.0...v0.30.1
Contributors
sbreitf1, afdesk, and dependabot
Assets 20
- 501 Bytes
2026-03-13T00:57:23Z - 3.21 KB
2026-03-13T00:57:24Z - 96 Bytes
2026-03-13T00:57:24Z - 40.1 MB
2026-03-13T00:57:21Z - 3.21 KB
2026-03-13T00:57:23Z - 96 Bytes
2026-03-13T00:57:23Z - 38.7 MB
2026-03-13T00:57:21Z - 3.21 KB
2026-03-13T00:57:23Z - 96 Bytes
2026-03-13T00:57:23Z - 38.3 MB
2026-03-13T00:57:22Z -
2026-03-10T17:53:04Z -
2026-03-10T17:53:04Z - Loading
v0.30.0
What's Changed
✨ Notable Changes ✨
- feat: add support for custom Trivy ignore file by @afdesk in #2750
- feat: automatically roll deployment in helm chart on configmap change by @jensloe-nhn in #2760
🐛 Notable Fixes 🐛
- fix(ci): clean up space for e2e tests by @afdesk in #2776
- fix: print logs if any error appears by @afdesk in #2725
- fix: Add config file volume to client server mode by @bh-tt in #2751
- fix: prefer vendor score if both nvd and vendor cvss v3 scores exist by @afdesk in #2774
- fix: error "creating secret used by scan job failed: /sbom-k8s-cluste… by @dcoppa in #2759
- fix: validation SBOM reports by @afdesk in #2792
- fix: always generate the compliance report by @afdesk in #2804
- fix: delete completed scan jobs in any case by @afdesk in #2788
- fix: avoid re-mounting GCR volume with credentials by @afdesk in #2801
- fix: use login to private registry by @afdesk in #2595
- fix: alternateReportStorage PVC no longer ignores namespace from values.yaml by @ml-qc in #2864
📝 Documentation && Miscellaneous 🔧
- chore: bump up Trivy to version v0.67.0 by @afdesk in #2764
- chore: bump up inderect deps to fix vulns by @afdesk in #2805
- chore: enable non-interactively mode for UBI9 image by @afdesk in #2814
- chore: bump up x/crypto to v0.45.0 by @afdesk in #2821
- chore: image apk upgrade optimization by @daanschipper in #2826
- chore(ubi9): update metadata for UBI9 image by @afdesk in #2846
- chore: bump up Trivy to version v0.69.0 by @afdesk in #2870
- chore: bump up Trivy to version v0.69.1 by @afdesk in #2875
- ci: added extra_file LICENSE for Dockerfile.ubi9 by @afdesk in #2879
- chore: bump up go-git deps to fix CVE-2026-25934 by @afdesk in #2882
👒 Dependencies 👒
- build(deps): bump ubi9/ubi-minimal from
7c5495dto34880b6in /build/trivy-operator by @dependabot[bot] in #2784 - build(deps): bump alpine from 3.22.1 to 3.22.2 in /build/trivy-operator by @dependabot[bot] in #2778
- build(deps): bump ubi9/ubi-minimal from
34880b6to61d5ad4in /build/trivy-operator by @dependabot[bot] in #2816 - build(deps): bump ubi9/ubi-minimal from
61d5ad4to6fc28bcin /build/trivy-operator by @dependabot[bot] in #2832 - build(deps): bump alpine from 3.22.2 to 3.23.0 in /build/trivy-operator by @dependabot[bot] in #2833
- build(deps): bump alpine from 3.23.0 to 3.23.3 in /build/trivy-operator by @dependabot[bot] in #2866
- build(deps): bump ubi9/ubi-minimal from
6fc28bctobb08f23in /build/trivy-operator by @dependabot[bot] in #2862 - build(deps): bump golang.org/x/text from 0.31.0 to 0.32.0 in the golang group by @dependabot[bot] in #2844
- build(deps): bump ubi9/ubi-minimal from
bb08f23toecd4751in /build/trivy-operator by @dependabot[bot] in #2873 - build(deps): bump ubi9/ubi-minimal from
ecd4751to759f5f4in /build/trivy-operator by @dependabot[bot] in #2874 - build(deps): bump the common group across 1 directory with 4 updates by @dependabot[bot] in #2872
New Contributors
- @bh-tt made their first contribution in #2751
- @jensloe-nhn made their first contribution in #2760
- @ml-qc made their first contribution in #2864
Full Changelog: v0.29.0...v0.30.0
Contributors
dcoppa, daanschipper, and 5 other contributors
Assets 20
v0.29.0
What's Changed
✨ Notable Changes ✨
- feat(dev): add support for pprof by @simar7 in #2666
- feat(clientServer): add support for extraVolumes in trivy-server by @hichem-belhocine in #2738
- feat: add labels to operator resources by @cHiv0rz in #2667
🐛 Notable Fixes 🐛
- fix: Ensure configFile volume is mounted for initContainer by @bananasplit393 in #2713
- fix(helm): always attempt to create ServiceMonitor when it is enabled by @mdusher in #2745
- fix: add missing permission to get namespaces by @dcoppa in #2728
📝 Documentation && Miscellaneous 🔧
- chore: improve release notes by @simar7 in #2692
- chore: migrate to aws-go v2 by @afdesk in #2694
- chore: bump up Go to version 1.24.6 by @afdesk in #2700
- chore: bump up Trivy to version v0.66.0 by @afdesk in #2742
- chore: bump up common k8s deps by @afdesk in #2746
👒 Dependencies 👒
- build(deps): bump ubi9/ubi-minimal from
295f920toe6b39b0in /build/trivy-operator by @dependabot[bot] in #2696 - build(deps): bump ubi9/ubi-minimal from
e6b39b0to8d905a9in /build/trivy-operator by @dependabot[bot] in #2701 - build(deps): bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 by @dependabot[bot] in #2709
- build(deps): bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 by @dependabot[bot] in #2714
- build(deps): bump ubi9/ubi-minimal from
8d905a9to2f06ae0in /build/trivy-operator by @dependabot[bot] in #2719 - build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @dependabot[bot] in #2721
- build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.15 by @dependabot[bot] in #2729
- build(deps): bump ubi9/ubi-minimal from
2f06ae0to7c5495din /build/trivy-operator by @dependabot[bot] in #2753
New Contributors
- @bananasplit393 made their first contribution in #2713
- @hichem-belhocine made their first contribution in #2738
- @mdusher made their first contribution in #2745
- @cHiv0rz made their first contribution in #2667
Full Changelog: v0.28.0...v0.29.0
Contributors
dcoppa, simar7, and 6 other contributors
Assets 20
v0.28.0
What's Changed
✨ Notable Changes ✨
🐛 Notable Fixes 🐛
- fix: bump ubi9 image to latest release by @simar7 in #2651
- fix: correct output for uncompressed logs by @afdesk in #2652
- fix: Do not error out on invalid rego policies if any by @simar7 in #2670
📝 Documentation && Miscellaneous 🔧
- chore: bump up Trivy to version 0.64.1 by @afdesk in #2654
- chore: bump up UBI 9 version to 9.6-1752587672 by @afdesk in #2660
- chore: update for CVE-2025-6965 by @simar7 in #2678
- chore: bump up docker for CVE-2025-54388 by @simar7 in #2679
- chore: update ubi image by @simar7 in #2681
- chore: bump up Trivy to version 0.65.0 by @afdesk in #2686
👒 Dependencies 👒
- build(deps): bump ubi9/ubi-minimal from
0d7cfb0to295f920in /build/trivy-operator by @dependabot[bot] in #2688 - build(deps): bump alpine from 3.20.6 to 3.22.1 in /build/trivy-operator by @dependabot[bot] in #2687
New Contributors
Full Changelog: v0.27.3...v0.28.0
Contributors
cyrinux, simar7, and 2 other contributors
Assets 20
v0.27.3
What's Changed
🐛 Notable Fixes 🐛
- fix: bump helm to v3.18.4 by @simar7 in #2647
- fix: correct predicate logic to allow whitelisted ConfigMaps by @nikpivkin in #2631
- fix: Deletion of scanjob before ttl expires by @tom1299 in #2632
- fix(deploy): remove hardcoded namespace from pvc-template by @SamuelWy in #2646
- fix: add ubi9 images for nightly testing by @simar7 in #2650
New Contributors
Full Changelog: v0.27.2...v0.27.3
Contributors
simar7, tom1299, and 2 other contributors
Assets 20
v0.27.2
What's Changed
🐛 Notable Fixes 🐛
- fix(ci): use multiline syntax to print logs on failure by @nikpivkin in #2637
📝 Documentation && Miscellaneous 🔧
- chore: update UBI to version 9.6-1750782676 by @afdesk in #2625
- chore: bump up some deps by @afdesk in #2618
- chore: use a correct default repo for node-collector by @afdesk in #2619
- docs: fix typo in RELEASING.md for Helm chart file name by @nikpivkin in #2642
- chore: bump up UBI version to 9.6-1751286687 by @afdesk in #2643
👒 Dependencies 👒
- build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot in #2630
Full Changelog: v0.27.1...v0.27.2
Contributors
afdesk, dependabot, and nikpivkin
Assets 20
v0.27.1
Contributors
simar7 and afdesk
Assets 20
v0.27.0
What's Changed
✨ Notable Changes ✨
- feat: add using Trivy config files by @afdesk in #2529
- feat: copying over original alternate store writing to rebased main branch by @mleykin-squarespace in #2578
- feat: Add ability to control scanJobsInSameNamespace in the helm chart by @dcoppa in #2564
- feat: Provide credentials in imagePullSecret without global access by @maltemorgenstern in #2161
🐛 Notable Fixes 🐛
- perf: skip ConfigMap reading from cache by @afdesk in #2551
- fix: enable staticcheck linters by @mmorel-35 in #2560
- fix: enable errorlint linters by @mmorel-35 in #2561
- fix(policy): remove oci artifact construction at startup by @tanderson in #2569
- fix: enable contextcheck and usetesting linters by @mmorel-35 in #2562
- fix: enable more revive rules by @mmorel-35 in #2581
- fix: enable nolintlint linter by @mmorel-35 in #2583
- fix: enable more go-critic rules by @mmorel-35 in #2582
- fix: login private registry instead of download JavaDB by @afdesk in #2590
- fix(ci): remove unneeded delete cluster command by @afdesk in #2598
📝 Documentation && Miscellaneous 🔧
- chore(deps): bump golangci-lint to v2.1.2 by @simar7 in #2558
- chore: bumps up UBI to version 9 by @afdesk in #2567
- chore(deps): bump golangci-lint to v2.1.6 by @mmorel-35 in #2559
👒 Dependencies 👒
- build(deps): bump the github-actions group across 1 directory with 5 updates by @dependabot in #2537
- build(deps): bump the common group across 1 directory with 5 updates by @dependabot in #2580
New Contributors
- @mmorel-35 made their first contribution in #2559
- @tanderson made their first contribution in #2569
- @mleykin-squarespace made their first contribution in #2578
- @dcoppa made their first contribution in #2564
Full Changelog: v0.26.1...v0.27.0
Contributors
tanderson, dcoppa, and 6 other contributors
Assets 20
v0.26.1
What's Changed
🐛 Notable Fixes 🐛
📝 Documentation && Miscellaneous 🔧
- chore(deps): Update deps for trivy patch release by @simar7 in #2547
- docs(helm): Add trivy.existingSecret to README by @peschmae in #2533
- docs: update trivy fs source by @emmanuel-ferdman in #2521
New Contributors
- @peschmae made their first contribution in #2533
- @emmanuel-ferdman made their first contribution in #2521
Full Changelog: v0.26.0...v0.26.1
Contributors
peschmae, simar7, and 2 other contributors
Assets 20
v0.26.0
What's Changed
🐛 Notable Fixes 🐛
- fix(config): correct init policy loader by @afdesk in #2487
- fix: skip excluded images in client server mode by @pascal-hofmann in #2516
- fix(misconfig): ordering policies for hash by @afdesk in #2520
📝 Documentation && Miscellaneous 🔧
- chore: bump up base alpine image to 3.20.6 by @rgoltz in #2481
- chore(test): update images for integration tests by @afdesk in #2482
- chore(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.27.0 - resolve CVE-2025-22868 by @rgoltz in #2480
- chore(deps): Bump
trivy-*deps by @simar7 in #2507 - docs: change docs about ttl for scanned reports by @iamhalje in #2503
- chore: improve cache for policies by @afdesk in #2526
- chore(deps): bump up Trivy versions to v0.62.0 by @afdesk in #2528
- chore(ci): Free up space to build by @simar7 in #2539
- chore(ci): Free up additional space by @simar7 in #2543
- chore(ci): Clear up space prior to build by @simar7 in #2544
👒 Dependencies 👒
- build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #2495
- build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot in #2497
- build(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.27 by @dependabot in #2498
- build(deps): bump github.com/containerd/containerd/v2 from 2.0.2 to 2.0.4 by @dependabot in #2499
- build(deps): bump the k8s group across 1 directory with 2 updates by @dependabot in #2512
- build(deps): bump the common group across 1 directory with 6 updates by @dependabot in #2513
New Contributors
- @rgoltz made their first contribution in #2481
- @iamhalje made their first contribution in #2503
- @pascal-hofmann made their first contribution in #2516
Full Changelog: v0.25.0...v0.26.0
Contributors
simar7, pascal-hofmann, and 4 other contributors