2.27.0

What's Changed

• ROX-12238: Add node analysis package by @jvdm in #911
• Do not analyze language vulns unless the feature is enabled by @jvdm in #924
• Refactor common detection function to its own package by @jvdm in #926
• Update style checks by @RTann in #902
• Statically build scanner by @connorgorman in #918
• CI: Continue even with GitHub comment error by @RTann in #933
• Copy over stackrox/stackrox#3032 by @RTann in #931
• ROX-12226: Fetch RHELv2 unpatched CVE components resolution status and store them in scanner db by @daynewlee in #935
• Minor updates for #911 by @RTann in #936
• Bump google.golang.org/api from 0.95.0 to 0.96.0 by @dependabot in #938
• Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 by @dependabot in #932
• Fix local deployment by @RTann in #942
• RHBA-2022:5747 CVSSv3 update by @RTann in #939
• Update docker-entrypoint.sh to match latest version by @RTann in #940
• Update go.mods to 1.18 by @RTann in #944
• ROX-12556: Always initialize from scratch by @RTann in #941
• ROX-12735: add automation to enter new community PRs to OSS Triage board automatically by @tommartensen in #946
• update .editorconfig for protobufs by @RTann in #945
• Bump cloud.google.com/go/storage from 1.26.0 to 1.27.0 by @dependabot in #948
• Bump google.golang.org/api from 0.96.0 to 0.98.0 by @dependabot in #949
• Bump github.com/quay/goval-parser from 0.8.7 to 0.8.8 by @dependabot in #950
• Update stackrox/stackrox dependency by @RTann in #947
• fix resolution state for packages with modules by @RTann in #937
• fix tag used for hourly CI runs by @RTann in #954
• Use http consts for HTTP methods by @dhaus67 in #958
• Update stackrox dependency by @RTann in #959
• Use ROX_SCANNER_DB_INIT env var in ScannerDB initContainer by @RTann in #960
• Bump github.com/containers/image/v5 from 5.20.0 to 5.23.0 by @dependabot in #962
• Update osrelease and redhatrelease detectors to detect Rocky Linux as… by @msierks in #745
• Pass correct arguments to tar when creating db bundle by @vladbologa in #964
• CI: Fix missing CLUSTER_NAME by @gavin-stackrox in #972
• Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @dependabot in #969
• Bump github.com/opencontainers/image-spec from 1.1.0-rc1 to 1.1.0-rc2 by @dependabot in #970
• Bump google.golang.org/grpc from 1.49.0 to 1.50.0 by @dependabot in #971
• Update github.com/knqyf263/go-rpm-version dependency by @RTann in #976
• Bump google.golang.org/api from 0.98.0 to 0.99.0 by @dependabot in #978
• ROX-12577 Scanner: load Istio dump by @daynewlee in #955
• e2e: Update (asp|dot)net fixedby version by @RTann in #982
• ROX-12350: Detect CVE-2022-22978 by @RTann in #930
• CI: gate "upload-db-dump" for tag by @RTann in #979
• CI: Cleanup dangling processes by @RTann in #980
• Bump hashstructure to v2 by @RTann in #977
• Deprecate RHELv2PackageInfo by @RTann in #928
• Bump google.golang.org/grpc from 1.50.0 to 1.50.1 by @dependabot in #985
• Bump google.golang.org/api from 0.99.0 to 0.100.0 by @dependabot in #986
• Make gRPC service structs forward-compatible by embedding Unimplemented.. types by @misberner in #987
• Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in #990
• Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in #988
• ROX-10613: Use ubi-minimal for scanner-db by @janisz in #956
• Bump google.golang.org/api from 0.100.0 to 0.101.0 by @dependabot in #989
• fix E2E tests based on vuln updates by @RTann in #991
• Replace uses of *zip.ReadCloser with *zip.Reader when Close is not used by @RTann in #992
• Bump GKE provisioning timeout by @RTann in #995
• e2e: Test openssl vulns in RHEL 9 by @RTann in #998
• manually add CVE-2022-3602 and CVE-2022-3786 for ubuntu:22.04 by @RTann in #997
• ROX-13136: Added suport for ubuntu 22.10 by @ksurabhi91 in #996
• CI: Switch to containerd for k8s v1.23 support by @RTann in #1002
• Replace CVE-2022-3602 and CVE-2022-3786 with RHSA-2022:7288 for RHEL 9 and rescore CVE-2022-3602 by @RTann in #1001
• manually add CVE-2022-3602 and CVE-2022-3786 for ubuntu:22.10 by @RTann in #1000
• ROX-13348: Update offline dump source by @RTann in #1005
• Bump google.golang.org/api from 0.101.0 to 0.103.0 by @dependabot in #1007
• Bump github.com/ckaznocha/protoc-gen-lint from 0.2.4 to 0.3.0 by @dependabot in #1009
• Bump cloud.google.com/go/storage from 1.27.0 to 1.28.0 by @dependabot in #1008
• Bump ubi8-minimal from 8.6 to 8.7 by @janisz in #1010
• ROX-13435: fix RHELv2 updates by @RTann in #1012
• e2e: update fixedBy version for freetype in RHEL 8 by @RTann in #1011
• Add Istio request handler and business logics for fetching Istio CVEs by @daynewlee in #984
• Remove TODO in ubuntu:22.04 E2E test by @RTann in #1003
• Minor update for Istio scanning by @daynewlee in #1013
• ROX-12784: fix unpatched OpenShift 4 vulnerability detection by @RTann in #1006
• Generate new genesis dump by @RTann in #1015

New Contributors

• @tommartensen made their first contribution in #946
• @dhaus67 made their first contribution in #958
• @msierks made their first contribution in #745
• @ksurabhi91 made their first contribution in #996

Full Changelog: 2.26...2.27.0

2.26.2

Full Changelog: 2.26.1...2.26.2

2.25.5

What's Changed

• Empty Commit by @RTann in #993

Full Changelog: 2.25.4...2.25.5

2.26.1

Full Changelog: 2.26.0...2.26.1

2.26.0

What's Changed

• New Genesis Dump 2022-07-07 by @RTann in #809
• Don't use Circle context with docker.io creds by @connorgorman in #810
• stop pushing to stackrox.io by @RTann in #811
• update scripts by @RTann in #812
• ROX-11081: Migrate generate-genesis-dump to OSCI by @RTann in #801
• fix CI scripts by @RTann in #816
• fix git tag command by @RTann in #817
• ROX-11082, ROX-11083: Migrate diff dumps to OSCI by @RTann in #813
• Update tag used for building in OSCI by @RTann in #820
• Bump google.golang.org/api from 0.86.0 to 0.87.0 by @dependabot in #822
• Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #823
• Check for release in CI by @RTann in #824
• Separate non-slim and slim Dockerfiles by @RTann in #803
• Replace JOB_SPEC checks with CLONEREFS_OPTIONS by @RTann in #825
• Allow configuration re-application by @RTann in #826
• ROX-11402: Migrate DB integration tests to OSCI by @RTann in #827
• OSCI Slack fix by @RTann in #829
• OSCI fix Slack again by @RTann in #830
• Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 by @dependabot in #833
• Bump google.golang.org/api from 0.87.0 to 0.88.0 by @dependabot in #832
• ROX-11842: Migrate DB dump to OSCI by @RTann in #828
• Bump github.com/golangci/golangci-lint from 1.46.2 to 1.47.1 in /tools/linters by @dependabot in #831
• Remove CCI unit-tests, style-checks, and db-integration-tests from build steps by @RTann in #834
• ROX-11895: Migrate build and push to OSCI by @RTann in #835
• update scanner ci image by @RTann in #837
• Add retry function by @RTann in #838
• ROX-11084, ROX-11085: Migrate upload dumps for embedding and downstream to OSCI by @RTann in #819
• upload-db-dump executable by @RTann in #839
• remove gcr image by @RTann in #840
• Update hub-comment call by @RTann in #841
• update hub comment by @RTann in #843
• Remove everything except hourlies from CCI by @RTann in #842
• Bye bye CircleCI by @RTann in #844
• update e2e tests based on latest vuln updates by @RTann in #845
• Bump github.com/golangci/golangci-lint from 1.47.1 to 1.47.2 in /tools/linters by @dependabot in #848
• Bump google.golang.org/api from 0.88.0 to 0.89.0 by @dependabot in #849
• Bump cloud.google.com/go/storage from 1.23.0 to 1.24.0 by @dependabot in #850
• add pipefail to tests by @RTann in #853
• add nightly tests by @RTann in #854
• Misc OSCI mod updates by @RTann in #855
• Set GKE zone upon teardown by @RTann in #852
• Poll stackrox-io instead of rhacs-eng for E2E test images by @RTann in #858
• ROX-11630: Migrate vuln checks to OSCI by @RTann in #859
• Check for ELF executables and scripts that start with shebang by @connorgorman in #847
• Bump github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 in /tools/linters by @dependabot in #862
• Bump google.golang.org/api from 0.89.0 to 0.91.0 by @dependabot in #863
• ROX-11779: Deprecate Ubuntu 21.10 by @RTann in #857
• Update go-junit-report to v2.0.0 by @RTann in #864
• Push the nightly tag by @RTann in #866
• Ensure Scanner binary isn't "dirty" by @RTann in #869
• Update protobuf tooling by @misberner in #872
• Update clean_autogen_protos.py script by @misberner in #871
• Print the tag CI pushes by @RTann in #868
• Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #876
• Bump Scanner to UBI9 by @jvdm in #846
• Update insecure gRPC dial by @RTann in #865
• Bump CI images to latest scanner-test-0.3.45 by @jvdm in #879
• Update UID and PATH for generate-db-dump by @RTann in #878
• Bump google.golang.org/api from 0.91.0 to 0.93.0 by @dependabot in #881
• Bump cloud.google.com/go/storage from 1.24.0 to 1.25.0 by @dependabot in #880
• go1.19 style updates by @RTann in #884
• ROX-12036: Add Kubernetes CVE published time by @RTann in #883
• Enable local builds on M1 Macs with custom builder image by @vladbologa in #874
• ROX-11315: Enable RHEL9 scanning by @jvdm in #882
• update gomod to 1.17 by @RTann in #888
• Bump google.golang.org/api from 0.93.0 to 0.94.0 by @dependabot in #890
• Bump google.golang.org/grpc from 1.48.0 to 1.49.0 by @dependabot in #891
• ROX-12274: Update apollo-ci image by @roxbot in #886
• Bump Scanner deploy timeout in E2E tests by @RTann in #887
• ROX-12261: Add severity to node vulnerabilities by @RTann in #885
• Always run OSCI post test by @RTann in #896
• ROX-12238: Create interface for images files from tarutil by @jvdm in #898
• Bump cloud.google.com/go/storage from 1.25.0 to 1.26.0 by @dependabot in #900
• Bump github.com/quay/goval-parser from 0.8.6 to 0.8.7 by @dependabot in #901
• ROX-11315: Disable RHEL9 scanning by @jvdm in #903
• fix E2E test panic and test duplication by @RTann in #905
• Bump google.golang.org/api from 0.94.0 to 0.95.0 by @dependabot in #916
• Bump github.com/lib/pq from 1.10.6 to 1.10.7 by @dependabot in #915
• Add init-db resource specs for E2E tests by @RTann in #912
• ROX-12387: Prevent malformed k8s vuln update from hindering other k8s updates by @RTann in #914
• Update apollo-ci image by @roxbot in #913
• ROX-12424: Enable RHEL9 by @jvdm in #917
• Update E2E testCases usage by @RTann in #907
• ROX-12238: Isolate O.S. matchers to re-use by node scanning by @jvdm in #904
• Migrate to vuln_v2 table by @RTann in #908
• New Genesis Dump 2022-09-08 by @RTann in #925

New Contributors

• @vladbologa made their first contribution in #874

Full Changelog: 2.25.0...2.26.0

2.25.3

What's Changed

• Update tests with latest data by @RTann in #920

Full Changelog: 2.25.1...2.25.3

2.25.2

What's Changed

• Update tests with latest data by @RTann in #920

Full Changelog: 2.25.1...2.25.2

2.25.1

Full Changelog: 2.25.0...2.25.1

2.25.0

What's Changed

• Update Debian name mappings by @RTann in #719
• Update ScannerDB image by @RTann in #705
• UBI 8.6 by @RTann in #722
• Create /docker-entrypoint-initdb.d in the scanner-db-slim container by @jvdm in #726
• Bump github.com/golangci/golangci-lint from 1.45.2 to 1.46.0 in /tools/linters by @dependabot in #724
• Bump google.golang.org/api from 0.78.0 to 0.79.0 by @dependabot in #725
• Remove non-existent image for now by @RTann in #728
• ROX-10924: Add automated tests for slim scanner by @RTann in #727
• ROX-9614: Add slim updater by @jvdm in #714
• fix: Remove path and use filepath by @jvdm in #732
• Add -trimpath to go build by @RTann in #730
• ROX-10959: Update builder image by @RTann in #731
• Add dependabot for docker images by @janisz in #733
• Bump github.com/golangci/golangci-lint from 1.46.0 to 1.46.2 in /tools/linters by @dependabot in #735
• Bump google.golang.org/api from 0.79.0 to 0.80.0 by @dependabot in #738
• Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #739
• Bump github.com/lib/pq from 1.10.5 to 1.10.6 by @dependabot in #737
• Bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #741
• ROX-10991: Fix block alignment for disk overflow by @RTann in #740
• Elf check shall not hide io error by @c-du in #742
• Do not attempt to retrieve ELF metadata for small files by @RTann in #744
• ROX-11056: Onboard style checks to OpenShift CI by @RTann in #749
• ROX-11078: add alpine:v3.16 support by @RTann in #750
• Bump github.com/hashicorp/go-version from 1.4.0 to 1.5.0 by @dependabot in #755
• Bump cloud.google.com/go/storage from 1.22.0 to 1.22.1 by @dependabot in #757
• Bump google.golang.org/api from 0.80.0 to 0.81.0 by @dependabot in #756
• ROX-11080: onboard unit-tests to OpenShift CI by @RTann in #754
• Remove Active Vuln mgmt feature flag by @RTann in #759
• Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #761
• Update apollo-ci image by @roxbot in #760
• Update BUILD_IMAGE_VERSION by @RTann in #763
• Bump google.golang.org/api from 0.81.0 to 0.83.0 by @dependabot in #768
• Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #769
• update ubuntu:22.04 test by @RTann in #765
• ROX-11037: Add manual entry for CVE-2017-5638 by @jvdm in #767
• Update apollo-ci image by @roxbot in #771
• Update apollo-ci image by @roxbot in #777
• Add OSCI build_root Dockerfile by @RTann in #778
• ROX-8603: update CVE link for Alpine by @daynewlee in #773
• Separate DB integration tests to a separate job by @RTann in #776
• Bump google.golang.org/api from 0.83.0 to 0.84.0 by @dependabot in #783
• ROX-11331: update nvdtools to fix cvss3 equation by @RTann in #770
• Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #785
• Bump google.golang.org/api from 0.84.0 to 0.85.0 by @dependabot in #787
• Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 by @dependabot in #786
• Add JUnit output to E2E test results by @RTann in #788
• Bump cloud.google.com/go/storage from 1.22.1 to 1.23.0 by @dependabot in #791
• Add JUnit output to unit-tests by @RTann in #789
• Remove DockerHub from pulls/push and style tests by @connorgorman in #790
• ROX-11335: Move Scanner DB secret out of main Scanner DB container by @RTann in #774
• Update dispatch.sh to require jobs to be defined in scripts/ci/jobs by @RTann in #794
• ROX-11519: Onboard E2E tests to OSCI by @RTann in #784
• ROX-9309: Require a password for any local connections to postgres by @RTann in #775
• ROX-10929: Add support for RHEL9 images by @jvdm in #752
• Bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 by @dependabot in #798
• Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 by @dependabot in #797
• Bump google.golang.org/api from 0.85.0 to 0.86.0 by @dependabot in #799
• Add runAsNonRoot to pod's security context by @RTann in #793
• ROX-11538, ROX-11539: Migrate slim and scale tests to OSCI by @RTann in #795
• chown nobody:nobody genesis_manifests.json by @RTann in #800
• use https instead of ssh for git by @RTann in #802
• Remove need for service account for StackRox GCP vuln source by @RTann in #804
• Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 by @dependabot in #806
• Bump E2E and Slim E2E test timeout by @RTann in #808
• Support stale Debian 9 vulns by @RTann in #807

New Contributors

• @janisz made their first contribution in #733
• @daynewlee made their first contribution in #773

Full Changelog: 2.24.0...2.25.0

2.24.1

What's Changed

• Update tests by @RTann in #781

Full Changelog: 2.24.0...2.24.1