release: v0.52.0 [main]

[aqua-bot]

🤖 I have created a release beep boop

0.52.0 (2024-06-03)

Features

• Add Julia language analyzer support (#5635) (fecafb1)
• add support for plugin index (#6674) (26faf8f)
• misconf: Add support for deprecating a check (#6664) (88702cf)
• misconf: add Terraform 'removed' block to schema (#6640) (b7a0a13)
• misconf: register builtin Rego funcs from trivy-checks (#6616) (7c22ee3)
• misconf: resolve tf module from OpenTofu compatible registry (#6743) (ac74520)
• misconf: support for VPC resources for inbound/outbound rules (#6779) (349caf9)
• misconf: support symlinks inside of Helm archives (#6621) (4eae37c)
• nodejs: add v9 pnpm lock file support (#6617) (1e08648)
• plugin: specify plugin version (#6683) (d6dc567)
• python: add license support for requirement.txt files (#6782) (29615be)
• python: add line number support for requirement.txt files (#6729) (2bc54ad)
• report: Include licenses and secrets filtered by rego to ModifiedFindings (#6483) (fa3cf99)
• vex: improve relationship support in CSAF VEX (#6735) (a447f6b)
• vex: support non-root components for products in OpenVEX (#6728) (9515695)

Bug Fixes

• clean up golangci lint configuration (#6797) (62de6f3)
• cli: always output fatal errors to stderr (#6827) (c2b9132)
• close APKINDEX archive file (#6672) (5caf437)
• close settings.xml (#6768) (9c3e895)
• close testfile (#6830) (aa0c413)
• conda: add support pip deps for environment.yml files (#6675) (150a773)
• go: add only non-empty root modules for gobinaries (#6710) (c96f2a5)
• go: include only .version|.ver (no prefixes) ldflags for gobinaries (#6705) (afb4f9d)
• Golang version parsing from binaries w/GOEXPERIMENT (#6696) (696f2ae)
• include packages unless it is not needed (#6765) (56dbe1f)
• misconf: don't shift ignore rule related to code (#6708) (39a746c)
• misconf: skip Rego errors with a nil location (#6638) (a2c522d)
• misconf: skip Rego errors with a nil location (#6666) (a126e10)
• node-collector high and critical cves (#6707) (ff32deb)
• plugin: initialize logger (#6836) (728e77a)
• python: add package name and version validation for requirements.txt files. (#6804) (ea3a124)
• report: hide empty tables if all vulns has been filtered (#6352) (3d388d8)
• sbom: fix panic for convert mode when scanning json file derived from sbom file (#6808) (f92ea09)
• use of specified context to obtain cluster name (#6645) (39ebed4)

Performance Improvements

• misconf: parse rego input once (#6615) (67c6b1d)

---

This PR was generated with Release Please. See documentation.

[knqyf263]

I'll be leading this release.

• v0.52.0: @knqyf263
• v0.53.0: @chen-keinan
• v0.54.0: @simar7
• v0.55.0: @DmitriyLewen
• v0.56.0: @nikpivkin

[knqyf263]

@chen-keinan @simar7 Please update release notes.
#6811

@DmitriyLewen @nikpivkin Starting from this release, I'd like you guys to also write release notes. Please write release notes for any features you have implemented.
#6811

## :emoji1: Title :emoji2:

Summary

Usage (if possible)

The past release notes will help you to understand it.

[knqyf263]

@chen-keinan @simar7 @nikpivkin Please approve this release PR if you guys don't have any other commits you want to add in v0.52.0.
https://github.com/aquasecurity/trivy/milestone/34

@DmitriyLewen After we merge #6782, I'll request your review.

[simar7]

[knqyf263]

@aquasecurity/trivy aquasecurity/trivy-plugin-aqua#791 is a blocker now. The maintainer of trivy-plugin-aqua will merge the PR on June 2nd. We'll probably cut v0.52.0 on June 3rd.

[knqyf263]

Looks like we're ready

[knqyf263]

👀
https://github.com/aquasecurity/trivy/actions/runs/9345795993/job/25719349277

[knqyf263]

🎉
#6838