From a6a601337af9bea5d0d08fe428002ae8d0df07d8 Mon Sep 17 00:00:00 2001 From: Daniel Goldman Date: Wed, 18 Dec 2024 22:37:59 -0500 Subject: [PATCH] add to changelog --- docs/notes/2.25.x.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/notes/2.25.x.md b/docs/notes/2.25.x.md index 19d43735c2d..c95070e7e95 100644 --- a/docs/notes/2.25.x.md +++ b/docs/notes/2.25.x.md @@ -51,6 +51,8 @@ Previously we did ad-hoc coercion of some field values, so that, e.g., you could Fixed an error which was caused when the same tool appeaed in both the `--docker-tools` and `--docker-optional-tools` options. +Run [Trivy](https://github.com/aquasecurity/trivy) on Dockerfiles to scan for vulnerable packages. + #### Helm Strict adherence to the [schema of Helm OCI registry configuration](https://www.pantsbuild.org/2.25/reference/subsystems/helm#registries) is now required. @@ -58,6 +60,8 @@ Previously we did ad-hoc coercion of some field values, so that, e.g., you could The `helm_infer.external_docker_images` glob syntax has been generalized. In addition to `*`, you can now use Python [fnmatch](https://docs.python.org/3/library/fnmatch.html) to construct matterns like `quay.io/*`. +Run [Trivy](https://github.com/aquasecurity/trivy) on Helm Charts and deployments to scan for misconfigurations. + #### Python The AWS Lambda backend now provides built-in complete platforms for the Python 3.13 runtime. @@ -72,6 +76,10 @@ The default version of the [Pex](https://docs.pex-tool.org/) tool has been updat The previously deprecated `[shell-setup].tailor` option has now been removed. See [`[shell-setup].tailor_sources`](https://www.pantsbuild.org/2.25/reference/subsystems/shell-setup#tailor_sources) and [`[shell-setup].tailor_shunit2_tests`](https://www.pantsbuild.org/2.25/reference/subsystems/shell#tailor_shunit2_tests) to update. +#### Terraform + +Run [Trivy](https://github.com/aquasecurity/trivy) on Terraform modules and deployments to scan for misconfigurations. + ### Plugin API changes The version of Python used by Pants itself is now [3.11](https://docs.python.org/3/whatsnew/3.11.html) (up from 3.9).