* Tue Oct 15 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.14.1:
* fix: stop some log.Warn spam due parsing an empty string as a
CPE (#3330)
* chore(deps): update stereoscope to
1cc8a41d447d0d092699be2b700b8ba62e870434 (#3334)
* chore(deps): update stereoscope to
1cc8a41d447d0d092699be2b700b8ba62e870434 (#3332)
* chore(deps): update stereoscope to
93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 (#3331)
* chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3
(#3326)
* chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13
(#3327)
* chore(deps): update CPE dictionary index (#3323)
* fix: improve go binary semver extraction for traefik (#3325)
* chore(deps): update stereoscope to
92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 (#3322)
* chore(deps): update stereoscope to
c04af061af62ab3ba6ab6760613526eaa7fcb163 (#3319)
* chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1
to 4.7.0 (#3321)
* chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3
(#3314)
* shorten release docs (#3318)
* docs: clearer deprecation message for --file (#3310)
* [docs] Add mastodon link to README.md (#3306)
* chore(deps): update stereoscope to
5bc91bf166769e43d8d0f86c02e877c55eb04aed (#3313)
* chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#3312)
* chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12
(#3307)
* chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3308)
* chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1
(#3309)
* Wed Oct 09 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.14.0:
* feat: report unknowns in sbom (#2998)
* chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
(#3299)
* chore(deps): update stereoscope to
efa76446cc1c7e6c4117350943a2754b2453aec4 (#3301)
* chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0
(#3304)
* chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
* chore(deps): update CPE dictionary index (#3302)
* Fix: Parse package.json with non-standard fields in 'author'
section (#3300)
* chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11
(#3298)
* chore: add pull request template (#3294)
* chore(deps): update tools to latest versions (#3296)
* Track supporting DPKG evidence (#3228)
* Fix: make failed CPE validation correctly return error (#2762)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to
6.6.0 (#3293)
* feat: update haproxy classifier (#3277)
* chore(deps): update tools to latest versions (#3291)
* fix: don't use builtin scanner in licensecheck (#3290)
* chore(deps): update CPE dictionary index (#3288)
* chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10
(#3289)
* update redis classifier (#3281)
* fix: improve node classifier version matching (#3284)
* fix: update ruby classifier for -rc, -dev, etc. versions
(#3285)
* chore(deps): update CPE dictionary index (#3262)
* chore(deps): bump github.com/docker/docker (#3264)
* chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9
(#3275)
* chore(deps): update stereoscope to
dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
* chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
* add awaiting response management (#3272)
* fix: correct excluded mount point comparison to file paths
(#3269)
* Tue Sep 24 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.13.0:
* Add JVM cataloger (#3217)
* feat: classifier for Dart lang binaries (#3265)
* Add compliance policy for empty name and version (#3257)
* chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to
2.3.2 (#3254)
* chore(deps): bump peter-evans/create-pull-request from 7.0.3 to
7.0.5 (#3255)
* chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8
(#3256)
* chore(deps): update tools to latest versions (#3259)
* chore(deps): bump github.com/docker/docker (#3260)
* feat: add binary classifiers for lighttp, proftpd, zstd, xz,
gzip, jq, and sqlcipher (#3252)
* fix: capture-snippet.sh can handle leading whitespaces now
(#3249) (#3250)
* chore(deps): update tools to latest versions (#3251)
* chore(deps): update tools to latest versions (#3247)
* chore(deps): update tools to latest versions (#3243)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0
to 0.9.1 (#3242)
* chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7
(#3241)
* chore(deps): bump peter-evans/create-pull-request from 7.0.2 to
7.0.3 (#3240)
* chore(deps): update tools to latest versions (#3231)
* chore(deps): update CPE dictionary index (#3232)
* chore(deps): update tools to latest versions (#3205)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0
to 1.1.1 (#3225)
* chore(deps): bump peter-evans/create-pull-request from 7.0.1 to
7.0.2 (#3226)
* chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1
(#3229)
* feat: --enrich flag for data enrichment feature enablement
(#3182)
* Thu Sep 12 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.12.2 (no releases between 1.11.1 and this
one):
* chore: make ci-check.sh an executable file (#3220)
* chore(deps): bump github.com/opencontainers/runc from 1.1.12 to
1.1.14 (#3219)
* chore: restore ci-check.sh script (#3218)
* Add haskell binaries cataloger (#3078)
* chore(deps): update CPE dictionary index (#3206)
* chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0
(#3203)
* Add the Ocaml ecosystem (#3112)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0
to 0.20.0 (#3209)
* chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0
(#3210)
* chore(deps): bump github.com/docker/docker (#3211)
* chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1
(#3212)
* dont cleanup cache in forks (#3214)
* less verbose java logging when non-fatal issues arise (#3208)
* Slim down docker cache size (#3190)
* chore(deps): bump peter-evans/create-pull-request from 7.0.0 to
7.0.1 (#3196)
* chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0
(#3197)
* fix: haproxy classifier for versions with -dev suffix (#3180)
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to
3.3.0 (#3177)
* chore(deps): update CPE dictionary index (#3183)
* chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0
(#3184)
* chore(deps): bump peter-evans/create-pull-request from 6.1.0 to
7.0.0 (#3187)
* fix: properly decode SPDX license expressions in CycloneDX
format (#3175)
* chore(deps): bump github.com/docker/docker (#3168)
* chore(deps): bump github.com/charmbracelet/bubbletea (#3171)
* chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6
(#3173)
* fix: cycles resolving relative path parent poms with
parent-defined variables (#3170)
* fix: improve generated cpes for binaries with existing
classifiers (#3169)
* fix: add log time of task (#3105)
* fix: improve known CPEs and set NVD as source for all current
binary classifiers (#3167)
* respond to authoratative CPEs from catalogers (#3166)
* set cataloger names within package cataloger task (#3165)
* fix: use official CPE for curl binary cataloger (#3164)
* chore(deps): update tools to latest versions (#3160)
* chore(deps): update CPE dictionary index (#3161)
* chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5
(#3162)
* fix ELF package correlations (#3151)
* chore(deps): update tools to latest versions (#3144)
* feat: detect curl binaries (#3146)
* chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2
(#3155)
* chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4
(#3154)
* chore(deps): update stereoscope to
e6d086e8bef5fab4fcfbd60c9a759c4cb229decf (#3152)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0
to 0.19.0 (#3148)
* chore(deps): bump github.com/charmbracelet/lipgloss (#3147)
* chore(deps): bump github.com/anchore/stereoscope (#3153)
* fix: mysql 8.0.3x binary detection (#3142)
* chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3
(#3139)
* Tue Aug 20 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.11.1:
* fix: logging for remote network calls (#3140)
* chore(deps): update CPE dictionary index (#3135)
* chore(deps): bump github.com/charmbracelet/bubbletea (#3137)
* chore(deps): update tools to latest versions (#3121)
* chore(deps): bump github.com/docker/docker (#3123)
* chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1
(#3124)
* chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2
(#3129)
* fix: add nil check to CycloneDX toBomProperties (#3119)
* fix: read CycloneDX BOM components from metadata (#3092)
* fix: improve groupid extraction for Jenkins plugins (#2815)
* chore(deps): update CPE dictionary index (#3116)
* support .kar files (#3113)
* chore: fix some comments (#3114)
* chore: fix failing python relationship test (#3117)
* update-slack-to-discourse (#3111)
* Fri Aug 09 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.11.0:
* test: increase java purl generation test coverage (#3110)
* chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.32.0
(#3106)
* chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0
(#3107)
* chore(deps): update tools to latest versions (#3099)
* chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0
(#3101)
* chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6
(#3102)
* chore(deps): bump github.com/google/go-containerregistry
(#3103)
* chore(deps): bump golang.org/x/net from 0.27.0 to 0.28.0
(#3104)
* chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5
(#3095)
* chore(deps): update CPE dictionary index (#3094)
* chore(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0
(#3096)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.6 to
0.5.7 (#3097)
* feat: improved java maven property resolution (#2769)
* fix: use organization for package supplier when reading Java
vendor fields (#3093)
* chore(deps): update tools to latest versions (#3091)
* fix: update 'guessMainPackageNameAndVersionFromPomInfo' and
'artifactIDMatchesFilename' (#3054)
* fix: update mainModuleVersion function to always prefix `v` to
findings (#3087)
* chore: update release script to use gh from binny (#3084)
* Added the SWI Prolog (swipl) ecosystem (#3076)
* Thu Aug 01 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.10.0:
* fix: improve determinism in java archive identification (#3085)
* chore(deps): update stereoscope to
50ce3be7aa1fb8829234ae648215e7907196bfa5 (#3075)
* chore(deps): update CPE dictionary index (#3079)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to
0.5.6 (#3082)
* chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15
(#3083)
* fix: traefik classifier (#3077)
* python-cataloger: fix normalization test (#3073)
* Only match ldflag version if it matches the main module or
targets main.version (#3062)
* python cataloger: allow dots in python package names (#3070)
* python-cataloger: normalize package names (#3069)
* chore(deps): bump github.com/docker/docker (#3066)
* chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14
(#3072)
* fix: SPDX output performance with many relationships (#3053)
* better go mod detection from partial package builds (#3060)
* chore(deps): update tools to latest versions (#3061)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1
to 0.12.1 (#3040)
* chore: add debug logging for errors reading RPM files (#3051)
* chore(deps): update CPE dictionary index (#3035)
* chore(deps): bump github.com/docker/docker (#3055)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to
0.5.5 (#3056)
* chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1
(#3057)
* chore(deps): bump docker/login-action from 3.2.0 to 3.3.0
(#3058)
* chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13
(#3059)
* chore(deps): update stereoscope to
487b11e5ba2622d976acda10c605da63b4fbbb0a (#3032)
* chore(deps): update tools to latest versions (#3050)
* docs: CODE_OF_CONDUCT.md (#3046)
* fix: include CPEs with Maven groupId as vendor (#3045)
* chore(deps): bump github.com/google/go-containerregistry
(#3047)
* chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to
0.7.2 (#3048)
* chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2
(#3039)
* docs: link to contrib/dev docs in readme (#3029)
* chore: Fix apache shield in readme (#3021)
* chore(deps): update tools to latest versions (#3031)
* chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12
(#3034)
* chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0
(#3044)
* fix: stop panicking on "devel" version go stdlib (#3043)
* chore: pin fedora image for elf binary test (#3041)
* chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1
(#3023)
* chore(deps): update stereoscope to
27b66b76fc6686fcf6bde656aa09e1f0e047fec1 (#3026)
* Thu Jul 11 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.9.0:
* chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3027)
* chore(deps): bump github.com/charmbracelet/lipgloss (#3028)
* fix: stabilize cpe sorting during collection sort (#3009)
* Map the downloadLocation field for PHP Composer packages
(#3011)
* chore(deps): update stereoscope to
e46739e217969fa67cbe8834b64bb165a10a1548 (#3013)
* chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0
(#3015)
* chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0
(#3014)
* chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4
(#3017)
* chore(deps): bump github.com/google/go-containerregistry
(#3019)
* chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0
(#3020)
* chore(deps): update CPE dictionary index (#3016)
* Infer the package type from ELF package notes (#3008)
* chore(deps): update tools to latest versions (#3003)
* chore(deps): update CPE dictionary index (#3002)
* chore(deps): bump github.com/docker/docker (#3006)
* chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11
(#3004)
* chore(deps): bump github.com/saferwall/pe from 1.5.3 to 1.5.4
(#3005)
* feat: version 3 support for swift package manager of the
resolved files (#3001)
* chore(deps): bump github.com/spdx/tools-golang from 0.5.4 to
0.5.5 (#2999)
* chore(deps): bump github.com/docker/docker (#2994)
* Add detection of Erlang in Alpine linux (#2996)
* chore(deps): update tools to latest versions (#2991)
* chore(deps): update stereoscope to
753b5576fe42bc007b22108ad7911d1729957a46 (#2992)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2995)
* Tue Jun 25 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.8.0:
* chore(deps): update CPE dictionary index (#2986)
* chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1
(#2988)
* fix: handle errors reading go licenses (#2985)
* docs: update cyclone-dx documentation (#2983)
* feat: update syft to generate cyclone-dx 1.6 by default (#2978)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2982)
* chore(deps): bump peter-evans/create-pull-request from 6.0.5 to
6.1.0 (#2975)
* fix: detection of arangodb 3.12 (#2979)
* chore: enable dependabot to keep boostrap action updated
(#2976)
* chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to
2.3.1 (#2973)
* chore(deps): bump github.com/google/go-containerregistry
(#2971)
* chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
(#2972)
* Sat Jun 15 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.7.0:
* Added Features
- index known CPEs for wordpress plugins and themes [#2963
@westonsteimel]
- Consider Author field for wordpress plugins when generating
CPEs [#2946 @wagoodman]
* Bug Fixes
- improve version extraction from ldflags for pingcap TiDB
[#2962 @westonsteimel]
- Trim whitespace from wordpress values [#2945 @wagoodman]
- Issue scanning Poetry Project with Syft 1.6 and
cataloger=python-package-cataloger [#2954 #2965 @spiffcs]
- Poetry's multiple constraints seems to break the parser
[#2947 #2965 @spiffcs]
- Golang: Search remote licenses not working in a CI pipeline
when scanning Docker image [#2798 #2852 @kzantow]