aquasecurity · afdesk · Oct 17, 2025 · Oct 17, 2025
@@ -152,7 +152,7 @@ Keeps security report resources updated
 | trivy.image.pullPolicy | string | `"IfNotPresent"` | pullPolicy is the imge pull policy used for trivy image , valid values are (Always, Never, IfNotPresent) |
 | trivy.image.registry | string | `"mirror.gcr.io"` | registry of the Trivy image |
 | trivy.image.repository | string | `"aquasec/trivy"` | repository of the Trivy image |
-| trivy.image.tag | string | `"0.67.0"` | tag version of the Trivy image |
+| trivy.image.tag | string | `"0.67.2"` | tag version of the Trivy image |
 | trivy.imageScanCacheDir | string | `"/tmp/trivy/.cache"` | imageScanCacheDir the flag to set custom path for trivy image scan `cache-dir` parameter. Only applicable in image scan mode. |
 | trivy.includeDevDeps | bool | `false` | includeDevDeps include development dependencies in the report (supported: npm, yarn) (default: false) note: this flag is only applicable when trivy.command is set to filesystem |
 | trivy.insecureRegistries | object | `{}` | The registry to which insecure connections are allowed. There can be multiple registries with different keys. |

@@ -360,7 +360,7 @@ trivy:
     # -- repository of the Trivy image
     repository: aquasec/trivy
     # -- tag version of the Trivy image
-    tag: 0.67.0
+    tag: 0.67.2
     # -- imagePullSecret is the secret name to be used when pulling trivy image from private registries example : reg-secret
     # It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace
     imagePullSecret: ~

@@ -3047,7 +3047,7 @@ metadata:
     app.kubernetes.io/managed-by: kubectl
 data:
   trivy.repository: "mirror.gcr.io/aquasec/trivy"
-  trivy.tag: "0.67.0"
+  trivy.tag: "0.67.2"
   trivy.imagePullPolicy: "IfNotPresent"
   trivy.additionalVulnerabilityReportFields: ""
   trivy.severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"

@@ -44,7 +44,7 @@ report:
   scanner:
     name: Trivy
     vendor: Aqua Security
-    version: 0.67.0
+    version: 0.67.2
   summary:
     criticalCount: 0
     highCount: 4

@@ -34,7 +34,7 @@ report:
   scanner:
     name: Trivy 
     vendor: Aqua Security
-    version: '0.67.0'
+    version: '0.67.2'
   summary:
     criticalCount: 2
     highCount: 0

@@ -39,7 +39,7 @@ report:
   scanner:
     name: Trivy
     vendor: Aqua Security
-    version: 0.67.0
+    version: 0.67.2
   secrets:
   - category: Stripe
     match: 'publishable_key: *****'

@@ -404,7 +404,7 @@ report:
   scanner:
     name: Trivy
     vendor: Aqua Security
-    version: '0.67.0'
+    version: '0.67.2'
   summary:
     criticalCount: 0
     highCount: 0

@@ -176,7 +176,7 @@ report:
   scanner:
     name: Trivy
     vendor: Aqua Security
-    version: '0.67.0'
+    version: '0.67.2'
   summary:
     criticalCount: 1
     highCount: 0

@@ -162,7 +162,7 @@ report:
   scanner:
     name: Trivy
     vendor: Aqua Security
-    version: 0.67.0
+    version: 0.67.2
   summary:
     componentsCount: 5
     dependenciesCount: 5

@@ -41,7 +41,7 @@ report:
   scanner:
     name: Trivy
     vendor: Aqua Security
-    version: 0.67.0
+    version: 0.67.2
   summary:
     criticalCount: 2
     highCount: 0

@@ -117,10 +117,10 @@ spec:
           emptyDir: { }
       initContainers:
         # The trivy-get-binary init container is used to copy out the trivy executable
-        # binary from the upstream Trivy container image, i.e. aquasec/trivy:0.67.0,
+        # binary from the upstream Trivy container image, i.e. aquasec/trivy:0.67.2,
         # to a shared emptyDir volume.
         - name: trivy-get-binary
-          image: aquasec/trivy:0.67.0
+          image: aquasec/trivy:0.67.2
           command:
             - cp
             - -v
@@ -135,7 +135,7 @@ spec:
         # This won't be required once Trivy supports ClientServer mode
         # for the fs subcommand.
         - name: trivy-download-db
-          image: aquasec/trivy:0.67.0
+          image: aquasec/trivy:0.67.2
           command:
             - /var/trivy-operator/trivy
             - --download-db-only

@@ -167,7 +167,7 @@ spec:
           emptyDir: { }
       initContainers:
         - name: trivy-get-binary
-          image: aquasec/trivy:0.67.0
+          image: aquasec/trivy:0.67.2
           command:
             - cp
             - -v
@@ -177,7 +177,7 @@ spec:
             - name: scan-volume
               mountPath: /var/trivy-operator
         - name: trivy-download-db
-          image: aquasec/trivy:0.67.0
+          image: aquasec/trivy:0.67.2
           command:
             - /var/trivy-operator/trivy
             - --download-db-only

@@ -45,7 +45,7 @@ report:
   scanner:
     name: Trivy
     vendor: Aqua Security
-    version: 0.67.0
+    version: 0.67.2
   summary:
     criticalCount: 0
     highCount: 0

@@ -5,7 +5,7 @@ go 1.25
 require (
 	github.com/CycloneDX/cyclonedx-go v0.9.2
 	github.com/aquasecurity/go-version v0.0.1
-	github.com/aquasecurity/trivy v0.67.0
+	github.com/aquasecurity/trivy v0.67.2
 	github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169
 	github.com/aquasecurity/trivy-kubernetes v0.9.1
 	github.com/aws/aws-sdk-go-v2 v1.39.2

@@ -183,8 +183,8 @@ github.com/aquasecurity/testdocker v0.0.0-20250616060700-ba6845ac6d17 h1:/xWTD1Y
 github.com/aquasecurity/testdocker v0.0.0-20250616060700-ba6845ac6d17/go.mod h1:6kYuX29QyBWHJejvbKkA4yzz8EUX/Fn+GmQ09JAZ5lY=
 github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
 github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
-github.com/aquasecurity/trivy v0.67.0 h1:aRzrsWu6RL7tm978uGpQtA2Z2Imx6gsMiod86qEvEhk=
-github.com/aquasecurity/trivy v0.67.0/go.mod h1:jz7tY/h1pvocQyGoDpPyOECgwSigVvKNCiXmeWFlJIM=
+github.com/aquasecurity/trivy v0.67.2 h1:Y/lWulURavDuXuU0YmExzho7IDhQe6b/RgNwrKPO2P8=
+github.com/aquasecurity/trivy v0.67.2/go.mod h1:jz7tY/h1pvocQyGoDpPyOECgwSigVvKNCiXmeWFlJIM=
 github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169 h1:TckzIxUX7lZaU9f2lNxCN0noYYP8fzmSQf6a4JdV83w=
 github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169/go.mod h1:nT69xgRcBD4NlHwTBpWMYirpK5/Zpl8M+XDOgmjMn2k=
 github.com/aquasecurity/trivy-db v0.0.0-20250929072116-eba1ced2340a h1:Wmvjq3zQGsZ8Wlqh75zvujh7LZNTXU4YoEf8tyL1LoM=

@@ -776,7 +776,7 @@ func TestPlugin_Init(t *testing.T) {
 			},
 			Data: map[string]string{
 				"trivy.repository":                DefaultImageRepository,
-				"trivy.tag":                       "0.67.0",
+				"trivy.tag":                       "0.67.2",
 				"trivy.severity":                  DefaultSeverity,
 				"trivy.slow":                      "true",
 				"trivy.mode":                      string(Standalone),

@@ -80,7 +80,7 @@ func (p *plugin) Init(ctx trivyoperator.PluginContext) error {
 	return ctx.EnsureConfig(trivyoperator.PluginConfig{
 		Data: map[string]string{
 			keyTrivyImageRepository:           DefaultImageRepository,
-			keyTrivyImageTag:                  "0.67.0",
+			keyTrivyImageTag:                  "0.67.2",
 			KeyTrivySeverity:                  DefaultSeverity,
 			keyTrivySlow:                      "true",
 			keyTrivyMode:                      string(Standalone),

@@ -6082,7 +6082,7 @@ default ignore = false`,
 			},
 			config: map[string]string{
 				"trivy.repository":                "docker.io/aquasec/trivy",
-				"trivy.tag":                       "0.67.0",
+				"trivy.tag":                       "0.67.2",
 				"trivy.mode":                      string(trivy.Standalone),
 				"trivy.dbRepository":              trivy.DefaultDBRepository,
 				"trivy.javaDbRepository":          trivy.DefaultJavaDBRepository,
@@ -6122,7 +6122,7 @@ default ignore = false`,
 				InitContainers: []corev1.Container{
 					{
 						Name:                     "00000000-0000-0000-0000-000000000001",
-						Image:                    "docker.io/aquasec/trivy:0.67.0",
+						Image:                    "docker.io/aquasec/trivy:0.67.2",
 						ImagePullPolicy:          corev1.PullIfNotPresent,
 						TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
 						Env: []corev1.EnvVar{
@@ -6212,7 +6212,7 @@ default ignore = false`,
 				Containers: []corev1.Container{
 					{
 						Name:                     "nginx",
-						Image:                    "docker.io/aquasec/trivy:0.67.0",
+						Image:                    "docker.io/aquasec/trivy:0.67.2",
 						ImagePullPolicy:          corev1.PullIfNotPresent,
 						TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
 						Env: []corev1.EnvVar{
@@ -6369,7 +6369,7 @@ default ignore = false`,
 			},
 			config: map[string]string{
 				"trivy.repository":                "docker.io/aquasec/trivy",
-				"trivy.tag":                       "0.67.0",
+				"trivy.tag":                       "0.67.2",
 				"trivy.mode":                      string(trivy.Standalone),
 				"trivy.dbRepository":              trivy.DefaultDBRepository,
 				"trivy.javaDbRepository":          trivy.DefaultJavaDBRepository,
@@ -6426,7 +6426,7 @@ default ignore = false`,
 				InitContainers: []corev1.Container{
 					{
 						Name:                     "00000000-0000-0000-0000-000000000001",
-						Image:                    "docker.io/aquasec/trivy:0.67.0",
+						Image:                    "docker.io/aquasec/trivy:0.67.2",
 						ImagePullPolicy:          corev1.PullIfNotPresent,
 						TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
 						Env: []corev1.EnvVar{
@@ -6523,7 +6523,7 @@ default ignore = false`,
 				Containers: []corev1.Container{
 					{
 						Name:                     "nginx",
-						Image:                    "docker.io/aquasec/trivy:0.67.0",
+						Image:                    "docker.io/aquasec/trivy:0.67.2",
 						ImagePullPolicy:          corev1.PullIfNotPresent,
 						TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
 						Env: []corev1.EnvVar{

@@ -234,7 +234,7 @@ func TestStreamReportToFile(t *testing.T) {
 					Scanner: TestScanner{
 						Name:    "Trivy",
 						Vendor:  "Aqua Security",
-						Version: "v0.67.0",
+						Version: "v0.67.2",
 					},
 					Summary: TestSummary{
 						CriticalCount: 2,
@@ -406,7 +406,7 @@ func BenchmarkStreamReportToFile(b *testing.B) {
 			Scanner: TestScanner{
 				Name:    "Trivy",
 				Vendor:  "Aqua Security",
-				Version: "v0.67.0",
+				Version: "v0.67.2",
 			},
 			Summary: TestSummary{
 				MediumCount: 100,