v0.27.3

What's Changed

🐛 Notable Fixes 🐛

• fix: bump helm to v3.18.4 by @simar7 in #2647
• fix: correct predicate logic to allow whitelisted ConfigMaps by @nikpivkin in #2631
• fix: Deletion of scanjob before ttl expires by @tom1299 in #2632
• fix(deploy): remove hardcoded namespace from pvc-template by @SamuelWy in #2646
• fix: add ubi9 images for nightly testing by @simar7 in #2650

New Contributors

• @SamuelWy made their first contribution in #2646

Full Changelog: v0.27.2...v0.27.3

v0.27.2

What's Changed

🐛 Notable Fixes 🐛

• fix(ci): use multiline syntax to print logs on failure by @nikpivkin in #2637

📝 Documentation && Miscellaneous 🔧

• chore: update UBI to version 9.6-1750782676 by @afdesk in #2625
• chore: bump up some deps by @afdesk in #2618
• chore: use a correct default repo for node-collector by @afdesk in #2619
• docs: fix typo in RELEASING.md for Helm chart file name by @nikpivkin in #2642
• chore: bump up UBI version to 9.6-1751286687 by @afdesk in #2643

👒 Dependencies 👒

• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot in #2630

Full Changelog: v0.27.1...v0.27.2

v0.27.1

What's Changed

📝 Documentation && Miscellaneous 🔧

• chore: bump helm chart version by @simar7 in #2605
• chore: bump up Go version to 1.24.4 by @afdesk in #2608
• chore: show log on scan jobs by @afdesk in #2591
• docs: add a note about valid time units by @afdesk in #2606

Full Changelog: v0.27.0...v0.27.1

v0.27.0

What's Changed

✨ Notable Changes ✨

• feat: add using Trivy config files by @afdesk in #2529
• feat: copying over original alternate store writing to rebased main branch by @mleykin-squarespace in #2578
• feat: Add ability to control scanJobsInSameNamespace in the helm chart by @dcoppa in #2564
• feat: Provide credentials in imagePullSecret without global access by @maltemorgenstern in #2161

🐛 Notable Fixes 🐛

• perf: skip ConfigMap reading from cache by @afdesk in #2551
• fix: enable staticcheck linters by @mmorel-35 in #2560
• fix: enable errorlint linters by @mmorel-35 in #2561
• fix(policy): remove oci artifact construction at startup by @tanderson in #2569
• fix: enable contextcheck and usetesting linters by @mmorel-35 in #2562
• fix: enable more revive rules by @mmorel-35 in #2581
• fix: enable nolintlint linter by @mmorel-35 in #2583
• fix: enable more go-critic rules by @mmorel-35 in #2582
• fix: login private registry instead of download JavaDB by @afdesk in #2590
• fix(ci): remove unneeded delete cluster command by @afdesk in #2598

📝 Documentation && Miscellaneous 🔧

• chore(deps): bump golangci-lint to v2.1.2 by @simar7 in #2558
• chore: bumps up UBI to version 9 by @afdesk in #2567
• chore(deps): bump golangci-lint to v2.1.6 by @mmorel-35 in #2559

👒 Dependencies 👒

• build(deps): bump the github-actions group across 1 directory with 5 updates by @dependabot in #2537
• build(deps): bump the common group across 1 directory with 5 updates by @dependabot in #2580

New Contributors

• @mmorel-35 made their first contribution in #2559
• @tanderson made their first contribution in #2569
• @mleykin-squarespace made their first contribution in #2578
• @dcoppa made their first contribution in #2564

Full Changelog: v0.26.1...v0.27.0

v0.26.1

What's Changed

🐛 Notable Fixes 🐛

• fix(policy): show passed checks by @afdesk in #2542

📝 Documentation && Miscellaneous 🔧

• chore(deps): Update deps for trivy patch release by @simar7 in #2547
• docs(helm): Add trivy.existingSecret to README by @peschmae in #2533
• docs: update trivy fs source by @emmanuel-ferdman in #2521

New Contributors

• @peschmae made their first contribution in #2533
• @emmanuel-ferdman made their first contribution in #2521

Full Changelog: v0.26.0...v0.26.1

v0.26.0

What's Changed

🐛 Notable Fixes 🐛

• fix(config): correct init policy loader by @afdesk in #2487
• fix: skip excluded images in client server mode by @pascal-hofmann in #2516
• fix(misconfig): ordering policies for hash by @afdesk in #2520

📝 Documentation && Miscellaneous 🔧

• chore: bump up base alpine image to 3.20.6 by @rgoltz in #2481
• chore(test): update images for integration tests by @afdesk in #2482
• chore(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.27.0 - resolve CVE-2025-22868 by @rgoltz in #2480
• chore(deps): Bump trivy-* deps by @simar7 in #2507
• docs: change docs about ttl for scanned reports by @iamhalje in #2503
• chore: improve cache for policies by @afdesk in #2526
• chore(deps): bump up Trivy versions to v0.62.0 by @afdesk in #2528
• chore(ci): Free up space to build by @simar7 in #2539
• chore(ci): Free up additional space by @simar7 in #2543
• chore(ci): Clear up space prior to build by @simar7 in #2544

👒 Dependencies 👒

• build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #2495
• build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot in #2497
• build(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.27 by @dependabot in #2498
• build(deps): bump github.com/containerd/containerd/v2 from 2.0.2 to 2.0.4 by @dependabot in #2499
• build(deps): bump the k8s group across 1 directory with 2 updates by @dependabot in #2512
• build(deps): bump the common group across 1 directory with 6 updates by @dependabot in #2513

New Contributors

• @rgoltz made their first contribution in #2481
• @iamhalje made their first contribution in #2503
• @pascal-hofmann made their first contribution in #2516

Full Changelog: v0.25.0...v0.26.0

v0.25.0

What's Changed

🐛 Notable Fixes 🐛

• fix: using trivyoperator namespace for custom checks by @afdesk in #2440
• fix(test): correct assertion and clean up test cases for eval policies by @afdesk in #2458
• fix: parseImageRef tag absence issue when digest in imageRef by @danchenko-dmitry in #2418
• fix(helm): use map for scanJobAffinity in the Helm Chart by @afdesk in #2469

📝 Documentation && Miscellaneous 🔧

• chore: Update CODEOWNERS by @simar7 in #2467
• chore: bump up Trivy version to v0.60.0 by @afdesk in #2476

👒 Dependencies 👒

• build(deps): bump the common group across 1 directory with 5 updates by @dependabot in #2466
• build(deps): bump the github-actions group with 3 updates by @dependabot in #2463
• build(deps): bump the k8s group with 6 updates by @dependabot in #2461
• build(deps): bump the common group across 1 directory with 4 updates by @dependabot in #2478

New Contributors

• @danchenko-dmitry made their first contribution in #2418

Full Changelog: v0.24.1...v0.25.0

v0.24.1

What's Changed

✨ Notable Changes ✨

• feat: host aliases helm by @Kouzi99 in #2397

🐛 Notable Fixes 🐛

• fix(ci): update python action for Helm chart testing by @afdesk in #2424
• fix: update default values for configmap by @afdesk in #2439
• fix: sync stdout buffer to file by @daanschipper in #2191

📝 Documentation && Miscellaneous 🔧

• docs: correct example ConfigMap for custom policy by @nikpivkin in #2445

👒 Dependencies 👒

• build(deps): bump sigs.k8s.io/controller-runtime from 0.20.0 to 0.20.1 by @dependabot in #2404
• build(deps): bump actions/setup-python from 5.3.0 to 5.4.0 by @dependabot in #2433

New Contributors

• @nikpivkin made their first contribution in #2445
• @daanschipper made their first contribution in #2191
• @Kouzi99 made their first contribution in #2397

Full Changelog: v0.24.0...v0.24.1

v0.24.0

What's Changed

✨ Notable Changes ✨

• feat: Add extraEnv option to Helm chart by @gnadaban in #2288

🐛 Notable Fixes 🐛

• fix: Missing credentials for downloading the java-db from private registry by @tom1299 in #2353
• fix: config insecure when pull policy by @tranthang2404 in #2228
• fix: add TRIVY_JAVA_DB_REPOSITORY to trivy configmap by @louzadod in #2272
• chore: bump up Trivy version to fix CVE-2025-21613 and CVE-2025-21614 by @afdesk in #2371
• fix: scanjob.customVolumesMount is not applied to the Built-Job by @takutakahashi in #2241
• fix: set follow to false when retrieving logs by @jrhunger in #2286
• fix: return the image manifest digest instead of image id by @dkulchinsky in #2399

📝 Documentation && Miscellaneous 🔧

• chore: bump up Trivy to v0.58.0 by @afdesk in #2350
• docs: Fix mage build command by @tom1299 in #2332
• chore: disable stale bot by @itaysk in #2382
• chore: bump up k8s deps to version 1.32 by @afdesk in #2391
• chore(lint): Add support for linter in mage by @simar7 in #2392
• chore: bump up Trivy version to v0.59.1 by @afdesk in #2406

👒 Dependencies 👒

• build(deps): bump k8s.io/apiextensions-apiserver from 0.31.0 to 0.31.3 by @dependabot in #2324
• build(deps): bump sigs.k8s.io/controller-runtime from 0.19.1 to 0.19.2 by @dependabot in #2329
• build(deps): bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by @dependabot in #2327
• build(deps): bump aquaproj/aqua-installer from 3.0.2 to 3.1.0 by @dependabot in #2326
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.20.0 to 2.22.0 by @dependabot in #2328
• build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #2277
• build(deps): bump actions/setup-python from 5.1.1 to 5.3.0 by @dependabot in #2298
• build(deps): bump engineerd/setup-kind from 0.5.0 to 0.6.2 by @dependabot in #2305
• build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in #2276
• build(deps): bump golang.org/x/text from 0.19.0 to 0.21.0 by @dependabot in #2355
• build(deps): bump golang.org/x/net from 0.30.0 to 0.32.0 by @dependabot in #2354
• build(deps): bump codecov/codecov-action from 4 to 5 by @dependabot in #2337
• build(deps): bump helm/kind-action from 1.10.0 to 1.11.0 by @dependabot in #2357
• build(deps): bump golang.org/x/net from 0.32.0 to 0.34.0 by @dependabot in #2370
• build(deps): bump helm/kind-action from 1.11.0 to 1.12.0 by @dependabot in #2363
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.2 by @dependabot in #2374
• build(deps): bump sigs.k8s.io/controller-runtime from 0.19.2 to 0.19.4 by @dependabot in #2373
• build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 by @dependabot in #2388
• build(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 by @dependabot in #2387
• build(deps): bump aquaproj/aqua-installer from 3.1.0 to 3.1.1 by @dependabot in #2400
• build(deps): bump actions/setup-python from 5.3.0 to 5.4.0 by @dependabot in #2414

New Contributors

• @tom1299 made their first contribution in #2332
• @tranthang2404 made their first contribution in #2228
• @louzadod made their first contribution in #2272
• @takutakahashi made their first contribution in #2241
• @gnadaban made their first contribution in #2288
• @itaysk made their first contribution in #2382

Full Changelog: v0.23.0...v0.24.0

v0.23.0

Changelog

✨ Notable Changes ✨

• 693908e: feat: add options to Helm chart to load Trivy config from custom configmap or secret (#2174) (@kimdre)
• fadc65c: feat: add package purl in vuln report (#2311) (@hown3d)

🐛 Notable Fixes 🐛

• ac6de39: fix: fix check gcr service account (#2200) (@vadimceb)
• 7b0c518: fix: remove null checks values from ClusterComplianceReport in helm chart (#2168) (@verdel)
• 48d87f4: fix: vuln scan success criteria met (#2292) (@badgerspoke)

📝 Documentation 📝

• 96d4e72: docs: Grafana Dashboard - Add headless parameter to values.yaml (#2190) (@3xAG)
• 18e40db: docs: fix typo (#2235) (@pjonsson)

🔧 Miscellaneous 🔧

• 84422dc: chore: Update chart 0.24.1 (#2180) (@Dimonyga)
• 72ac532: chore: Use mirror.gcr.io instead ghcr.io as helm chart default (#2331) (@simar7)
• 763c60d: chore: bump up base alpine image to 3.20.3 (#2320) (@afdesk)
• 265309e: chore: bump up go version to 1.22.7 (#2319) (@afdesk)
• d4da6e5: chore: bump up kind for k8s v1.31 (#2318) (@afdesk)
• 6f3499c: chore: bump up trivy to v0.57.1 (#2301) (@afdesk)
• 5b2c1f7: chore: use mirror.gcr.io for trivy-check by default (#2321) (@afdesk)

👷 Other work 👷

• 3bbda93: platform and type - no metadata values (#2179) (@Dimonyga)
• 1880d76: - Updated cache.Options with a DefaultTransform function that removes managed fields and the "kubectl.kubernetes.io/last-applied-configuration" annotation from objects before storing them in the cache. (#2300) (@mjshastha)
• 81fdbc8: Add hashing for vulnKey. (#2183) (@kersten)
• 0f84528: Fix compliance typo (#2210) (@harryagstian)
• 41ff2ce: Update configuration.md, added sbom generation flag (#2163) (@Talbalash-legit)
• f8123a0: build(deps): bump actions/setup-python from 5.1.0 to 5.1.1 (#2185) (@dependabot[bot])
• 5b1ad3f: build(deps): bump aquaproj/aqua-installer from 3.0.1 to 3.0.2 (#2315) (@dependabot[bot])
• 5ddd8a4: build(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#2193) (@dependabot[bot])
• 8bd760f: build(deps): bump github.com/aws/aws-sdk-go from 1.54.15 to 1.54.19 (#2187) (@dependabot[bot])
• 3517ca4: build(deps): bump github.com/aws/aws-sdk-go from 1.54.19 to 1.54.20 (#2195) (@dependabot[bot])
• 2cd18ea: build(deps): bump github.com/aws/aws-sdk-go from 1.54.20 to 1.55.5 (#2215) (@dependabot[bot])
• df12b1e: build(deps): bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.15 (#2177) (@dependabot[bot])
• d5d7e3d: build(deps): bump github.com/google/go-containerregistry (#2186) (@dependabot[bot])
• ec3d7c7: build(deps): bump github.com/google/go-containerregistry (#2224) (@dependabot[bot])
• 8674c19: build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 (#2203) (@dependabot[bot])
• ca07821: build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#2223) (@dependabot[bot])
• d422d2e: build(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.0 (#2207) (@dependabot[bot])
• f02c74b: build(deps): bump github.com/onsi/gomega from 1.34.0 to 1.34.1 (#2214) (@dependabot[bot])
• 377ef08: build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#2176) (@dependabot[bot])
• 5e7eb45: build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#2222) (@dependabot[bot])
• 38e0674: build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#2213) (@dependabot[bot])
• c4de896: build(deps): bump k8s.io/cli-runtime from 0.30.2 to 0.30.3 (#2198) (@dependabot[bot])
• 523b723: build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#2225) (@dependabot[bot])
• 720a4e3: ci: bump GoReleaser up for private registry test (#2334) (@afdesk)
• 65f5425: ci: bump up GoReleaser to v2.4.8 (#2323) (@afdesk)
• f8e2cc2: refactor(misconf): Remove support for WARN in rego (#2317) (@simar7)