2023-04-03 14:24:00 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 03 12:04:58 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.76.0:
|
|
|
|
|
* feat: Add config option to allow user to select the default
|
|
|
|
|
image source location
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1699)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1697)
|
|
|
|
|
* chore(deps): update stereoscope to
|
|
|
|
|
d7551b7f46f53179922d6229709d3d1602881080 (#1693)
|
|
|
|
|
* 1577 spdxlicense generate (#1691)
|
|
|
|
|
* chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to
|
|
|
|
|
0.5.3 (#1692)
|
|
|
|
|
* feat: scan local go mod cache for licenses of golang packages
|
|
|
|
|
(#1645)
|
|
|
|
|
* chore: fix flaky license sorting (#1690)
|
|
|
|
|
* chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3
|
|
|
|
|
(#1689)
|
|
|
|
|
* fix: shell completion by adding missing usage message required
|
|
|
|
|
by spf13/cobra (#1688)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1686)
|
|
|
|
|
* chore: tweak some workflow text (#1685)
|
|
|
|
|
* Remove more side effects from application config testing
|
|
|
|
|
(#1684)
|
|
|
|
|
* Deprecate config.yaml as valid config source; Add unit
|
|
|
|
|
regression for correct config paths (#1640)
|
|
|
|
|
* chore: Update syft bootstrap tools to latest versions. (#1682)
|
|
|
|
|
* Update documentation: (#1680)
|
|
|
|
|
* chore: Update Stereoscope to
|
|
|
|
|
7928713c391e20abaede6a029f4ce37b628a4c8b (#1681)
|
|
|
|
|
* fix: reduce logging for bad dpkg lines (#1675)
|
|
|
|
|
* fix ruby classifier (#1678)
|
|
|
|
|
* feat: add shared dir for easier cleanup (#1676)
|
|
|
|
|
* chore(deps): bump github.com/google/go-containerregistry
|
|
|
|
|
(#1672)
|
|
|
|
|
* chore(deps): bump actions/setup-go from 3 to 4 (#1671)
|
|
|
|
|
* fix: move defer after error to protect panic case (#1670)
|
|
|
|
|
* feat: add argocd, helm, kustomize and kubectl binary
|
|
|
|
|
classifiers (#1663)
|
|
|
|
|
* defer closing file (#1668)
|
|
|
|
|
* fix: remove author contributing to javascript CPEs (#1669)
|
|
|
|
|
|
2023-03-13 20:42:56 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 13 19:15:25 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.75.0:
|
|
|
|
|
* fix: more python matching support (#1667)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1666)
|
|
|
|
|
* feat: add ruby classifier (#1665)
|
|
|
|
|
|
2023-03-09 21:07:34 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 09 15:31:12 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.74.1:
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1658)
|
|
|
|
|
* fix: improved Python binary detection (#1648)
|
|
|
|
|
* fix: suppress some known incorrect vendor candidates for npm
|
|
|
|
|
CPEs (#1659)
|
|
|
|
|
* fix: sanitize SPDX LicenseRefs (#1657)
|
|
|
|
|
* chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#1655)
|
|
|
|
|
* chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 (#1653)
|
|
|
|
|
* chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5
|
|
|
|
|
(#1654)
|
|
|
|
|
* chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 (#1656)
|
|
|
|
|
* fix: dotnet PURL types are invalid (#1649)
|
|
|
|
|
* feat: disable cpe vendor wildcards to reduce false positives
|
|
|
|
|
(#1647)
|
|
|
|
|
* read relative etc/apk/repositories for alpine version when no
|
|
|
|
|
OS provided (#1615)
|
|
|
|
|
|
2023-02-23 14:03:06 +01:00
|
|
|
-------------------------------------------------------------------
|
2023-03-03 09:11:58 +01:00
|
|
|
Fri Mar 03 05:40:08 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.74.0:
|
|
|
|
|
* fix: possible race condition (#1639)
|
|
|
|
|
* fix: remove APK OriginPackage cpe candidates (#1637)
|
|
|
|
|
* fix: rebar lock file decoding panic (#1628)
|
|
|
|
|
* fix: handle individual cataloger panics (#1636)
|
|
|
|
|
* fix: apk product/vendor generation for old metadata (#1635)
|
|
|
|
|
* feat: rust toolchain binary cataloger (#1601)
|
|
|
|
|
* feat: retain go package info when no module declared (#1632)
|
|
|
|
|
* fix: improved CPE-generation for several more APK packages
|
|
|
|
|
(#1631)
|
|
|
|
|
* chore: update deprecated release flag (#1629)
|
|
|
|
|
* chore(deps): bump actions/upload-artifact from 2 to 3 (#1627)
|
|
|
|
|
* feat: add support for SUPPORT_END in /etc/os-release (#1612)
|
|
|
|
|
* fix: further improvements to CPE generation for apk packages
|
|
|
|
|
(#1623)
|
|
|
|
|
* chore(deps): bump github.com/stretchr/testify from 1.8.1 to
|
|
|
|
|
1.8.2 (#1625)
|
|
|
|
|
* chore(deps): bump actions/checkout from 2 to 3 (#1626)
|
|
|
|
|
* feat: set cosign attest predicate type based on Syft output
|
|
|
|
|
type (#1598)
|
|
|
|
|
* chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4
|
|
|
|
|
(#1609)
|
|
|
|
|
* fix: correct apk purls for other distros (#1620)
|
|
|
|
|
* refactor: move apk upstream logic to apk metadata (#1619)
|
|
|
|
|
* fix: decoding null apk metadata pullDependencies (#1614)
|
|
|
|
|
* feat: haproxy binary matcher (#1591)
|
|
|
|
|
* fix: determine upstream for apk version streams (#1610)
|
|
|
|
|
* fix: improve CPE generation for curl APK (#1608)
|
|
|
|
|
* Revert "add workaround for macos github actions cache issue
|
|
|
|
|
(#1584)" (#1605)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2023-02-23 14:03:06 +01:00
|
|
|
Thu Feb 23 10:37:37 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.73.0:
|
|
|
|
|
* Update Stereoscope to fab1c9638abc2c21cd53dca1f205f37d71148ee0 (#1604)
|
|
|
|
|
* chore: fix cataloger_test (#1603)
|
|
|
|
|
* fix: merging of binary packages (#1583)
|
|
|
|
|
* fix: issue when matching format versions (#1585)
|
|
|
|
|
* chore: update syft bootstrap tools to latest versions. (#1593)
|
|
|
|
|
* feat: add perl binary classifier (#1592)
|
|
|
|
|
* Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df (#1602)
|
|
|
|
|
* Update SPDX license list to 3.20 (#1600)
|
|
|
|
|
* chore: update SPDX license list (#1599)
|
|
|
|
|
* fix cataloger selection to be more specific (#1582)
|
|
|
|
|
* add workaround for macos github actions cache issue (#1584)
|
|
|
|
|
|
2023-02-16 19:23:23 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 16 17:31:12 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.72.0:
|
|
|
|
|
* Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 (#1576)
|
|
|
|
|
* chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#1574)
|
|
|
|
|
* chore: update bug issue template (#1571)
|
|
|
|
|
* allow convert to take stdin (#1570)
|
|
|
|
|
* fix: improve CPE and upstream generation logic for Alpine packages (#1567)
|
|
|
|
|
* fix: missing APK node vulnerabilities (#1565)
|
|
|
|
|
* fix: python CPE generation for alpine (#1564)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1563)
|
|
|
|
|
|
2023-02-10 08:27:38 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 10 06:19:19 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.71.0:
|
|
|
|
|
* switch from trigger-release target to release target (#1560)
|
|
|
|
|
* Speed up cataloging by replacing globs searching with index lookups (#1510)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1549)
|
|
|
|
|
* Fix installed versions (#1556)
|
|
|
|
|
* chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 (#1558)
|
|
|
|
|
* feat: add postgresql classifier (#1536)
|
|
|
|
|
* Add release trigger (#1501)
|
|
|
|
|
* chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 (#1552)
|
|
|
|
|
* chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1551)
|
|
|
|
|
* fix: add support for licenses not found on list (#1540)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1541)
|
|
|
|
|
* feat: Allow specific versions of formats to be specified (#1543)
|
|
|
|
|
* Update Stereoscope to c49244e4d66f1ee789027ea23acc746968799c3b (#1539)
|
|
|
|
|
* source: when base is set, responsePath should be absolute (#1542)
|
|
|
|
|
|
2023-02-04 13:31:22 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Feb 04 07:45:37 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.70.0:
|
|
|
|
|
* fix: update config struct to not decode password/key (#1538)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1537)
|
|
|
|
|
* feat: add traefik classifier (#1504)
|
|
|
|
|
* fix: don't hardcode Cosign attest type (#1533)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1531)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1530)
|
|
|
|
|
|
2023-02-02 08:05:57 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 02 06:48:23 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.69.1:
|
|
|
|
|
* chore: update spdx/tools-golang to v0.5.0-rc1 (#1503)
|
|
|
|
|
* feat: update golang to 1.19 (#1526)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1525)
|
|
|
|
|
|
2023-01-31 16:18:39 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 31 15:04:23 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.69.0:
|
|
|
|
|
* Allow scanning unpacked container filesystems (#1485)
|
|
|
|
|
* fix: allow template for syft convert (#1521)
|
|
|
|
|
* 1465 attestation with private key (#1502)
|
|
|
|
|
|
2023-01-26 07:44:04 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 26 06:37:19 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.68.1:
|
|
|
|
|
* fix: add relevant CPEs to python and busybox classifiers (#1517)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1515)
|
|
|
|
|
* chore: correct bootstrap tool script (#1514)
|
|
|
|
|
* chore(deps): bump github.com/google/go-containerregistry (#1513)
|
|
|
|
|
* Fix AssertEncoderAgainstGoldenSnapshot calls to conditionally update (#1511)
|
|
|
|
|
* chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#1505)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1506)
|
|
|
|
|
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1507)
|
|
|
|
|
* chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#1508)
|
|
|
|
|
* Bump github.com/spdx/tools-golang to v0.4.0 (#1450)
|
|
|
|
|
|
2023-01-23 07:36:18 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jan 21 07:53:06 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.68.0:
|
|
|
|
|
* Fix panic in apkdb parsing on empty "provides" values (#1494)
|
|
|
|
|
* push detailed log statements to trace-level (#1500)
|
|
|
|
|
* npm: package-lock license decoding to accept string or array (#1482)
|
|
|
|
|
* always set the package ID for java packages (#1493)
|
|
|
|
|
* fix: skip filling in empty fields in APK metadata (#1484)
|
|
|
|
|
* chore(deps): bump github.com/facebookincubator/nvdtools (#1499)
|
|
|
|
|
* chore(deps): bump github.com/jinzhu/copier from 0.3.2 to 0.3.5 (#1498)
|
|
|
|
|
* chore(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.2 (#1497)
|
|
|
|
|
* chore(deps): bump github.com/gookit/color from 1.4.2 to 1.5.2 (#1496)
|
|
|
|
|
* chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#1495)
|
|
|
|
|
* Relax error conditions for catalogers (#1492)
|
|
|
|
|
* feat: add memcached classifier (#1486)
|
|
|
|
|
* chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#1488)
|
|
|
|
|
* chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.0.2 to 4.6.0 (#1489)
|
|
|
|
|
* chore(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#1490)
|
|
|
|
|
* chore(deps): bump github.com/go-test/deep from 1.0.8 to 1.1.0 (#1491)
|
|
|
|
|
* chore(deps): bump github.com/google/go-containerregistry (#1487)
|
|
|
|
|
* chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 (#1475)
|
|
|
|
|
* chore(deps): bump github.com/adrg/xdg from 0.3.3 to 0.4.0 (#1477)
|
|
|
|
|
* chore(deps): bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 (#1476)
|
|
|
|
|
* chore(deps): bump github.com/vifraa/gopom from 0.1.0 to 0.2.1 (#1474)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 1 to 2 (#1473)
|
|
|
|
|
* chore(deps): bump actions/setup-go from 2 to 3 (#1472)
|
|
|
|
|
* Add dependabot (#1451)
|
|
|
|
|
- skip non-existent release 0.67.x
|
|
|
|
|
|
2023-01-20 11:11:15 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 20 09:56:19 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.66.2:
|
|
|
|
|
* chore: use checkout v3 with new depth (#1471)
|
|
|
|
|
* chore: use checkout v2 for tag depth (#1470)
|
|
|
|
|
* fix: nil panic in graalvm cataloger (#1468)
|
|
|
|
|
* add linter for type assertion checks (#1469)
|
|
|
|
|
* fix: bump golang.org/x/net to v0.4.0 (#1467)
|
|
|
|
|
* fix: bump golang.org/x/text to v0.3.8 (#1466)
|
|
|
|
|
* bootstrap within composite action (#1461)
|
|
|
|
|
* chore: revert GolangBinMetadata name and make analogous GolangModMetadata (#1458)
|
|
|
|
|
* README: update Nix installation instructions (#1455)
|
|
|
|
|
|
2023-01-13 07:27:40 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 13 06:11:18 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.66.1:
|
|
|
|
|
* fix: update graalvm cataloger to fix panic (#1454)
|
|
|
|
|
* chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 13 06:09:05 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.66.0:
|
|
|
|
|
* feat: Add the origin field to the output format of syftjson (#1327)
|
|
|
|
|
* chore: update schema (#1449)
|
|
|
|
|
* feat: prefer known CPE vendors over other candidates (#1294)
|
|
|
|
|
* fix: update attestation code to remove library dependencies and shellout for keyless flow (#1442)
|
|
|
|
|
* feat: add BeamVM Hex support (#1073)
|
|
|
|
|
* feat: add apache httpd binary classifier (#1448)
|
|
|
|
|
* chore: claim artifacthub package ownership from developer-guy (#881)
|
|
|
|
|
* Parallel package catalog processing (#1355)
|
|
|
|
|
* feat: Add php binary catalogers (#1444)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1443)
|
|
|
|
|
* fix: duplicate file in tar archive causes read to fail (#1445)
|
|
|
|
|
* Add support for GraalVM Native Image executables. (#1276)
|
|
|
|
|
* Add redis binary classifier (#1438)
|
|
|
|
|
* docs: add cataloger construction summary (#1434)
|
|
|
|
|
* chore: update bootstrap tools to latest versions. (#1428)
|
|
|
|
|
* Add alpine type to purl (#1431)
|
|
|
|
|
|
2023-01-05 15:26:28 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 05 14:00:02 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.65.0:
|
|
|
|
|
* adding purl types for binary classifiers (#1435)
|
|
|
|
|
* chore: refactor basic CPE functionality to its own package (#1436)
|
|
|
|
|
* fix: typo in os.Getwd error message (#1433)
|
|
|
|
|
* fix: additional excessive go binary warnings (#1432)
|
|
|
|
|
* docs: migrate to homebrew-core (#1427)
|
|
|
|
|
|
2022-12-17 11:48:23 +01:00
|
|
|
-------------------------------------------------------------------
|
2023-01-04 17:03:21 +01:00
|
|
|
Wed Jan 04 15:47:49 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.64.0:
|
|
|
|
|
* fix: unicode output in cyclonedx-json format (#1420)
|
|
|
|
|
* fix: excessive go binary warnings (#1424)
|
|
|
|
|
* feat: update spdx format model to produce valid spdx json documents (#1418)
|
|
|
|
|
* clean package names in python parsers (#1417)
|
|
|
|
|
* docs: update schema name to 2.3 (#1416)
|
|
|
|
|
* feat: add h1digest when scanning go.mod (#1405)
|
|
|
|
|
* feat: Add license parsing for java (#1385)
|
|
|
|
|
* fix: cyclonedx component type for binaries (#1406)
|
|
|
|
|
* fix: openjdk detection pattern (#1415)
|
|
|
|
|
* bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (#1404)
|
|
|
|
|
* Add NetBSD support. (#1412)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2022-12-17 11:48:23 +01:00
|
|
|
Fri Dec 16 12:37:58 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.63.0:
|
|
|
|
|
* feat: add catalog delete (#1377)
|
|
|
|
|
* docs: remove file classifier (#1397)
|
|
|
|
|
* chore: update latest cyclonedx library (#1390)
|
|
|
|
|
* feat: Add Java binary catalogers (#1392)
|
|
|
|
|
* chore: Update SPDX license list to 3.19 (#1389)
|
|
|
|
|
* fix: add manual vendor/product removal to fix false flags (#1070)
|
|
|
|
|
* Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (#1395)
|
|
|
|
|
* chore: fix test busybox image sha (#1393)
|
|
|
|
|
* fix: go version not properly identified in binary (#1384)
|
|
|
|
|
|
2022-12-01 07:03:27 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 01 05:41:03 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.62.3:
|
|
|
|
|
* Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (#1376)
|
|
|
|
|
* fix: Update node binary package name (#1375)
|
|
|
|
|
* feat: Generic Binary Cataloger (#1336)
|
|
|
|
|
* recover from bad parsing of golang binary (#1371)
|
|
|
|
|
* Fix parsing of apk databases with large entries (#1365)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1369)
|
|
|
|
|
|
2022-11-29 09:00:28 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 28 18:06:04 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.62.2:
|
|
|
|
|
* fix: guard for locations < 1 in alpmdb parse (#1366)
|
|
|
|
|
* fix: remove cabal.project.freeze panic on last pkg (#1363)
|
|
|
|
|
* fix: requirements.txt - return unicode only letter/num for version (#1361)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1356)
|
|
|
|
|
|
2022-11-21 16:34:40 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 21 15:12:29 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.62.1:
|
|
|
|
|
* fix: sort relationships in SPDX output (#1350)
|
|
|
|
|
* chore: add debug logging for decode errors (#1352)
|
|
|
|
|
* feat(npm): handle aliases in package-lock.json (#1349)
|
|
|
|
|
|
2022-11-18 17:08:41 +01:00
|
|
|
-------------------------------------------------------------------
|
2022-11-19 14:09:54 +01:00
|
|
|
Sat Nov 19 12:04:28 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.62.0:
|
|
|
|
|
* fix: spdx java checksum correctness (#1348)
|
|
|
|
|
* feat: Add support for npm lockfile version 3 (#1206)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2022-11-18 17:08:41 +01:00
|
|
|
Fri Nov 18 15:38:51 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.61.0:
|
|
|
|
|
* 1111 clean name bug (#1347)
|
|
|
|
|
* Add spdx relationship encoding for dependencies (#1342)
|
|
|
|
|
* feat: SPDX 2.3 support (#1311)
|
|
|
|
|
* SBOM cataloger (#1029)
|
|
|
|
|
* chore: clean up linting configuration (#1343)
|
|
|
|
|
* fix: Unmarshal Syft JSON with missing metadata (#1338)
|
|
|
|
|
* fix apk decode for older data shapes (#1341)
|
|
|
|
|
* chore: add unit test for wolfi os release identification (#1340)
|
|
|
|
|
* fix: Output only valid CPEs for CycloneDX OS components (#1339)
|
|
|
|
|
* feat: Add `--name` option to override name in output (#1269)
|
|
|
|
|
* Add support for dependency relationships for alpine (apk) (#1063)
|
|
|
|
|
* normalize alpm md5 refs (#1333)
|
|
|
|
|
* Update java generic cataloger (#1329)
|
|
|
|
|
* Support encoding map types to CycloneDX properties (#1332)
|
|
|
|
|
* Update swift cataloger to generic cataloger (#1324)
|
|
|
|
|
* port rust cataloger to new generic cataloger pattern (#1323)
|
|
|
|
|
* port ruby cataloger to new generic cataloger pattern (#1322)
|
|
|
|
|
* port rpm cataloger to new generic cataloger pattern (#1321)
|
|
|
|
|
* port python cataloger to new generic cataloger pattern (#1319)
|
|
|
|
|
* Update portage cataloger to new generic cataloger (#1316)
|
|
|
|
|
* port php cataloger to new generic cataloger pattern (#1315)
|
|
|
|
|
|
2022-11-15 11:27:00 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 15 09:52:45 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.60.3:
|
|
|
|
|
* javascript cataloger: node binary: nil pointer dereference (#1313)
|
|
|
|
|
* Fix: Include version information in binary cataloger CPEs (#1310)
|
|
|
|
|
* fix: only generate PURL on empty string (#1312)
|
|
|
|
|
* add s3 credentials to release (#1309)
|
|
|
|
|
* port javascript cataloger to new generic cataloger pattern (#1308)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 15 09:44:11 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.60.2:
|
|
|
|
|
* chore: update goreleaser brew token (#1306)
|
|
|
|
|
* fix: Decode binary and unknown metadata (#1307)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 15 09:39:47 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.60.1:
|
|
|
|
|
* chore: update github token permissions for goreleaser (#1305)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 15 09:29:12 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.60.0:
|
|
|
|
|
* fix: update ci secret to use new password (#1304)
|
|
|
|
|
* fix: update secret value to use new cert cahin (#1303)
|
|
|
|
|
* fix: verbose quill release failures (#1302)
|
|
|
|
|
* fix: unterminated quoted string (#1300)
|
|
|
|
|
* fix: update Makefile to remove old signing arch (#1299)
|
|
|
|
|
* feat: add nodejs-binary package classifier (#1296)
|
|
|
|
|
* update go-rpmdb to improve parsing of installed files (#1297)
|
|
|
|
|
* docs: update attestation directions with new cosign changes
|
|
|
|
|
* fix: Continue parsing Python RECORD files when bad lines encountered (#1295)
|
|
|
|
|
* Fix #1245 Update SPDX license list to 3.18 (#1259)
|
|
|
|
|
* fix: Resolve Maven POM expressions (#1251) (#1278)
|
|
|
|
|
* port haskell cataloger to new generic cataloger pattern (#1290)
|
|
|
|
|
* port golang cataloger to new generic cataloger pattern (#1289)
|
|
|
|
|
* port deb/dpkg cataloger to new generic cataloger pattern (#1288)
|
|
|
|
|
* update cataloger tests to use pkgtest utils (#1287)
|
|
|
|
|
* port dotnet cataloger to new generic cataloger pattern (#1286)
|
|
|
|
|
* port dart cataloger to new generic cataloger pattern (#1285)
|
|
|
|
|
* port conan cataloger to new generic cataloger pattern (#1284)
|
|
|
|
|
* port apk cataloger to new generic cataloger pattern (#1283)
|
|
|
|
|
* replace signing tooling with quill (#1280)
|
|
|
|
|
* Upgrade generic cataloger (#1281)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1282)
|
|
|
|
|
* replace logger interface with anchore/go-logger (#1279)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1267)
|
|
|
|
|
* Add go binary h1 digest to SPDX (#1265)
|
|
|
|
|
* fix: move reproduction to top of issue (#1264)
|
|
|
|
|
* fix: update syftjson ID to match major schema version (#1274)
|
|
|
|
|
* Use in-toto CycloneDX predicate to be compatible with cosign (#1270)
|
|
|
|
|
* chore: handle deprecated SPDX license: StandardML-NJ (#1266)
|
|
|
|
|
|
2022-10-18 07:43:01 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 18 05:11:08 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.59.0:
|
|
|
|
|
* Fixes #1179 Deprecated SPDX license (#1263)
|
|
|
|
|
* feat: add RelationshipsBySourceOwnership to syft json output (#1248)
|
|
|
|
|
* fix: reset merged package into map; (#1258)
|
|
|
|
|
* refactor: Remove experimental Anchore Enterprise upload functionality (#1257)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1254)
|
|
|
|
|
* Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1244)
|
|
|
|
|
* fix apkdb checksum representation (#1247)
|
|
|
|
|
* feat: add identifiable field to source object (#1243)
|
|
|
|
|
* feat: attest support for Singularity images (#1201)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1239)
|
|
|
|
|
* Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (#1240)
|
|
|
|
|
* fix: Follow symlinks when searching for globs in all-layers scope (#1221)
|
|
|
|
|
* update requires to use list; remove field (#1234)
|
|
|
|
|
|
2022-09-30 07:28:16 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Sep 30 05:10:45 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.58.0:
|
|
|
|
|
* Add Conan (C/C++) conan.lock file support (#1230)
|
|
|
|
|
* add sequence diagrams and flesh out TODO notes (#1233)
|
|
|
|
|
* Do not fail if unable to parse `.rpm` file (#1232)
|
|
|
|
|
* fix: support exclude patterns on Windows (#1228)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1225)
|
|
|
|
|
* Update Stereoscope to 56552770e555d764ea72b99d3c810326b27ead4a (#1224)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1223)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1220)
|
|
|
|
|
|
2022-09-21 11:00:44 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 21 08:27:42 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.57.0:
|
|
|
|
|
* feat: catalog python files for installed-files.txt file metadata (#1217)
|
|
|
|
|
* Stabilize SPDX JSON output sorting (#1216)
|
|
|
|
|
* bug: remove chance for panic; provide default attestation path (#1214)
|
|
|
|
|
* refactor: update Makefile organization; update DEVELOPING.md instructions (#1212)
|
|
|
|
|
* refactor: replace ioutil=>io; update linter (#1211)
|
|
|
|
|
* Update bootstrap tools to latest versions. (#1204)
|
|
|
|
|
* Add gosimports (#1205)
|
|
|
|
|
* refactor: move formats from internal into syft module (#1172)
|
|
|
|
|
|
2022-09-14 07:39:04 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 13 12:42:32 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.56.0:
|
|
|
|
|
* warn on errors from RPM DB parsing (#1200)
|
|
|
|
|
* docs: improve Singularity image source docs (#1190)
|
|
|
|
|
* Add RPM file scanning support (#1188)
|
|
|
|
|
* Normalize syft-json output (#1194)
|
|
|
|
|
* Revert "External sources configuration (#1158)" (#1191)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1186)
|
|
|
|
|
* Fix RPM DB license handling (#1184)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1182)
|
|
|
|
|
|
2022-09-07 08:11:09 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:42:57 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.55.0:
|
|
|
|
|
* update stereoscope to latest (#1181)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1180)
|
|
|
|
|
* Bug fix for 1095 - syft conversion option error (#1177)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1176)
|
|
|
|
|
* enhance development support on macOS ARM (#1163)
|
|
|
|
|
* Capture if a node module is private (#1161)
|
|
|
|
|
* Find version numbers from jars with different naming conventions (#1174)
|
|
|
|
|
* Update syft bootstrap tools to latest versions. (#1171)
|
|
|
|
|
* Fix update-bootstrap-tools workflow (#1170)
|
|
|
|
|
* workflow to create automated PRs to update bootstrap tools (#1167)
|
|
|
|
|
* feat: add support for licenses in package-lock json v2 (#1164)
|
|
|
|
|
* External sources configuration (#1158)
|
|
|
|
|
* feat: add support for pnpm (#1166)
|
|
|
|
|
* Prevent symlinks causing duplicate package-file relationships (#1168)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:38:56 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.54.0:
|
|
|
|
|
* Associate node package licenses from node_modules (#1152)
|
|
|
|
|
* Give the contributing guide a substantial rework (#1155)
|
|
|
|
|
* fix: extract file ids correctly for spdx-json (#1156)
|
|
|
|
|
* metadata decoding should be optional (#1154)
|
|
|
|
|
* Update Stereoscope to 84004345484edb881f1cc1d841115da8abda06c3 (#1151)
|
|
|
|
|
* Add modularitylabel metadata to RPM type records generated by syft (#1148)
|
|
|
|
|
* Update Stereoscope to 1c79d5c84abcc54466417fcc17c844a4875888a1 (#1149)
|
|
|
|
|
* retraction for mispublished versions (#1147)
|
|
|
|
|
* cataloger configuration is respected regardless of source (#1142)
|
|
|
|
|
* Update README.md (#1146)
|
|
|
|
|
* bump cosign to v1.10.1 (#1144)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:35:58 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.53.4:
|
|
|
|
|
* Update stereoscope to get rid of the replace directive (#1140)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:33:24 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.53.3:
|
|
|
|
|
* Correct squashfs import and fix incorrect bouncer configuration (#1138)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:31:12 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.53.2:
|
|
|
|
|
* Overwrite deprecated SPDX licenses automatically (#1009)
|
|
|
|
|
* disable release for docker assets (#1137)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:29:04 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.53.1:
|
|
|
|
|
* improve docker release bootstrap (#1136)
|
|
|
|
|
* Singularity Image Support (#974)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:25:20 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.53.0:
|
|
|
|
|
* remove docker login from keychain (#1135)
|
|
|
|
|
* remove ENV checks from siging script (#1134)
|
|
|
|
|
* remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133)
|
|
|
|
|
* remove prefixed v from tag to match release (#1131)
|
|
|
|
|
* rollback actions-setup-docker to earlier version (#1130)
|
|
|
|
|
* Bump go-rustaudit to support rustaudit 0.2.0 (#1127)
|
|
|
|
|
* bump bouncer to v0.4.0 (#1125)
|
|
|
|
|
* Added ppc64le supported to the syft:debug image (#1124)
|
|
|
|
|
* add a cataloger for binaries built with rust-audit (#1116)
|
|
|
|
|
* bump goreleaser to v1.10.3 (#1123)
|
|
|
|
|
* bump golangci-lint to v1.47.2 (#1122)
|
|
|
|
|
* bump cosign in bootstrap-tools to v1.10.0 (#1121)
|
|
|
|
|
* Added s390x support (#1117)
|
|
|
|
|
* Delete pr_action.yaml (#1120)
|
|
|
|
|
* fix: use generic instead of not generating purl (#1119)
|
|
|
|
|
* bump cosign to v1.10.0 (#1114)
|
|
|
|
|
|
2022-07-22 12:59:27 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 21 15:12:29 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.52.0:
|
|
|
|
|
* Update sigstore/rekor dependency (#1112)
|
|
|
|
|
* Added ppc64le support (#1099)
|
|
|
|
|
* patch-distroless-ghcr (#1110)
|
|
|
|
|
* add distroless debug image to published release (#1106)
|
|
|
|
|
* update help formatting (#1105)
|
|
|
|
|
* feat: implement haskell support (#1096)
|
|
|
|
|
* Add the -r argument for gnu xargs (#1103)
|
|
|
|
|
* fix: -o output option to include formats (#1102)
|
|
|
|
|
* moves go-rpmdb to latest; libc => v1.16.7 (#1098)
|
|
|
|
|
|
2022-07-16 21:23:30 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jul 16 19:00:04 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.51.0:
|
|
|
|
|
* feat: add support for cocoapods (Swift/Objective-C) (#1081)
|
|
|
|
|
* Fix package url for Go modules with no / (#1092)
|
|
|
|
|
* Update Stereoscope to 777471f38c5b2f15c19d6cffe093ce6392d8040c (#1090)
|
|
|
|
|
* feat: output attestation to file (#1087)
|
|
|
|
|
* Update Stereoscope to cfbd966e5a8d11d73cd17adc8b8ab8468a086f1e (#1089)
|
|
|
|
|
* Add portage support for Gentoo Linux (#1076)
|
|
|
|
|
* Add PR action back to workflow with new token (#1086)
|
|
|
|
|
|
2022-07-07 13:13:11 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 06 18:12:23 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.50.0:
|
|
|
|
|
* feat: add new login cmd (#1068)
|
|
|
|
|
* update AltRpmDbGlob with comment and context (#1085)
|
|
|
|
|
* feat: add support for conan packages (C/C++) (#1083)
|
|
|
|
|
* add golang main module and pseudo-version (#916)
|
|
|
|
|
* fix: add glob to filter list to ensure rpm metadata files are matched… (#1079)
|
|
|
|
|
* remove pr automation until service account creation (#1080)
|
|
|
|
|
* fix: purl generation for pom.xml (#1078)
|
|
|
|
|
* Update Stereoscope to 5bd627c0f9ce7facbd63ed1f0cf894d97021aa5e (#1072)
|
|
|
|
|
* fix: add new languages found in cpes (#1069)
|
|
|
|
|
* fix: add php catalogers to all catalogers (#1065)
|
|
|
|
|
* feat: add use-all-catalogers flag (#1050)
|
|
|
|
|
|
2022-06-27 15:38:08 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 27 13:20:51 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.49.0:
|
|
|
|
|
* Updates parsing of `yarn.lock` to use `resolved` URLs that are pulled from yarn and npm registries (#926)
|
|
|
|
|
* remove OSS Meetup message (#1057)
|
|
|
|
|
* add pom.xml cataloger (#1055)
|
|
|
|
|
* Add support for CBL-Mariner distroless images (#1045)
|
|
|
|
|
* Add catalogers configuration (#1038)
|
|
|
|
|
* add template output (#1051)
|
|
|
|
|
|
2022-06-22 13:20:47 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 22 08:47:26 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.48.1:
|
|
|
|
|
* update stereoscope to latest version (#1052)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 22 08:34:13 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.48.0:
|
|
|
|
|
* update zip_read_closer to incorporate zip64 support (#1041)
|
|
|
|
|
* Add pacman (alpm) parser support (#943)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 22 08:23:30 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.47.0:
|
|
|
|
|
* Update of README.md (#1027)
|
|
|
|
|
* bump cosign to v1.9.0 to resolve reporting of GHSA-66x3-6cw3-v5gj (#1025)
|
|
|
|
|
* add workflows to test new project automation (#1023)
|
|
|
|
|
* improve LanguageByName and add unit tests (#1034)
|
|
|
|
|
* Read Description from dpkg status files (#996)
|
|
|
|
|
* Add announcement for Anchore OSS Virtual Meetup (#1033)
|
|
|
|
|
* add main module field to go bin metadata (#1026)
|
|
|
|
|
* Add filters to package cataloger (#1021)
|
|
|
|
|
* change draft to false for release process (#1016)
|
|
|
|
|
* Support RPM distros with newer RPM db formats (#1018)
|
|
|
|
|
* fix: add component list to prevent cyclone-dx panic (#1015)
|
|
|
|
|
|
2022-06-15 13:29:17 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 6 19:43:54 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
|
|
|
|
|
|
|
|
|
|
- first version of package syft at version 0.46.3
|
