chore(deps): bump github.com/aquasecurity/trivy from 0.67.2 to 0.68.2

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.67.2 to 0.68.2.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.68.2

Changelog

• 0c40a8d4b9b943f1b679a20f8ba3cb61c94831de release: v0.68.2 [release/v0.68] (#9950)
• db2894561daa20301eb144cad467d75d8a3d2647 fix(deps): bump alpine from 3.22.1 to 3.23.0 [backport: release/v0.68] (#9949)

v0.68.1

👉 Trivy v0.68.1 release notes (click here)

[!NOTE]
v0.68.0 was skipped due to issues with the release.

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

🐳 Docker Install

• docker pull get.trivy.dev/image/trivy:0.68.1

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0680-2025-12-02

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.68.2 (2025-12-16)

Bug Fixes

• deps: bump alpine from 3.22.1 to 3.23.0 [backport: release/v0.68] (#9949) (db28945)

0.68.1 (2025-12-03)

Bug Fixes

• update cosing settings for GoReleaser after bumping cosing to v3 (#9863) (c7accc8)

0.68.0 (2025-12-02)

Features

• add ArtifactID field to uniquely identify scan targets (#9663) (84a7d9a)
• add ReportID field to scan reports (#9670) (fc976be)
• allow ignoring findings by type in Rego (#9578) (c638fc6)
• aws: Add support for dualstack ECR endpoints (#9862) (e74e2b1)
• cli: Add trivy cloud suppport (#9637) (8e6a7ff)
• db: enable concurrent access to vulnerability database (#9750) (d70d994)
• dotnet: add dependency graph support for .deps.json files (#9726) (18c0ee8)
• flag: add --cacert flag (#9781) (6048173)
• fs: change artifact type to repository when git info is detected (#9613) (cff91ac)
• image: add RepoTags support for Docker archives (#9690) (a9a3031)
• image: add Sigstore bundle SBOM support (#9516) (e1f3f28)
• image: pass global context to docker/podman image save func (#9733) (2690ac9)
• include registry and repository in artifact ID calculation (#9689) (758f271)
• java: add support remote repositories from settings.xml files (#9708) (eff52eb)
• license: use separate SPDX ids to ignore SPDX expressions (#9087) (012f3d7)
• misconf: add agentpools to azure container schema (#9714) (69f400c)
• misconf: Add RoleAssignments attribute (#9396) (3fb8703)
• misconf: Add support for configurable Rego error limit (#9657) (445cd2b)
• misconf: include map key in manifest snippet for diagnostics (#9681) (197c9e1)
• misconf: support https_traffic_only_enabled in Az storage account (#9784) (c8d5ab7)
• misconf: Update AppService schema (#9792) (c6d95d7)
• misconf: Update Azure Compute schema (#9675) (cb58bf6)
• misconf: Update Azure Container Schema (#9673) (43a7546)
• misconf: Update Azure network schema for new checks (#9791) (ea2dc58)
• misconf: Update azure storage schema (#9728) (c3bfecf)
• misconf: Update SecurityCenter schema (#9674) (58819c5)
• report: add fingerprint generation for vulnerabilities (#9794) (cbad9ca)
• report: add image reference to report metadata (#9729) (d020f26)
• report: switch ReportID from UUIDv4 to UUIDv7 (#9749) (6fb3fde)
• sbom: add support for SPDX attestations (#9829) (d8eaaeb)
• sbom: use SPDX license IDs list to validate SPDX IDs (#9569) (35db88c)

... (truncated)

Commits

• 0c40a8d release: v0.68.2 [release/v0.68] (#9950)
• db28945 fix(deps): bump alpine from 3.22.1 to 3.23.0 [backport: release/v0.68] (#...
• dc28f24 ci: enable check-latest for setup-go [backport: release/v0.68] (#9946)
• 96290ae release: v0.68.1 [main] (#9867)
• c7accc8 fix: update cosing settings for GoReleaser after bumping cosing to v3 (#9863)
• b503278 chore(deps): bump the testcontainers group with 2 updates (#9506)
• e0fa76d release: v0.68.0 [main] (#9549)
• e74e2b1 feat(aws): Add support for dualstack ECR endpoints (#9862)
• c274f5b fix(vex): use a separate visited set for each DFS path (#9760)
• 15a5465 docs: catch some missed docs -> guide (#9850)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codacy-production]

Codacy's Analysis Summary

0 new issue (≤ 1 medium issue)
0 new security issue (≤ 0 issue)
0 complexity
0 duplications

Review Pull Request in Codacy →

✨ AI Reviewer available: add the codacy-review label to get contextual insights without leaving GitHub.