Release v5.4.2

What's Changed

• Fix for generic packages false positives by @prabhu in #322

Full Changelog: v5.4.1...v5.4.2

Release v5.4.1

Bump cdxgen version. Also disables cdxgen banner, since depscan has its own banner ;-)

Full Changelog: v5.4.0...v5.4.1

Release v5.4.0

Depscan container image is now based on almalinux 9.4 with python 3.12, so might be a breaking change for python scans. If your project requires an older version of Java or python, use the AppThreat base-images to generate an SBOM first, and then invoke depscan with the --bom argument.

We have also added support for malicious packages scanning.

What's Changed

• Feature/default risk audit by @prabhu in #311

Full Changelog: v5.3.5...v5.4.0

Release v5.3.5

What's Changed

• Update vdb. Fix version was missing for certain packages for osv by @prabhu in #306

Full Changelog: v5.3.4...v5.3.5

Release v5.3.4

What's Changed

• depscan was reporting redis:redis for pypi:redis by @prabhu in #302

Full Changelog: v5.3.3...v5.3.4

Release v5.3.3

Bump up cdxgen to 10.4.1

Full Changelog: v5.3.2...v5.3.3

Release v5.3.2

What's Changed

• Added generic cdxgen_args that can be passed as an environment variable or argument to depscan itself. by @deleterepo in #292
• Update cdxgen to bring go purl compatibility fixes by @prabhu in #297

Full Changelog: v5.3.1...v5.3.2

Release v5.3.1

What's Changed

• Adhoc FP and FN fixes by @prabhu in #289

Full Changelog: v5.3.0...v5.3.1

Release v5.3.0

From this release, deprecated packages would always get flagged regardless of the score with risk audit. For PyPI, we look for couple of strings in the description since not every vendor follows the procedure to yank the packages correctly.

Full Changelog: v5.2.15...v5.3.0

Release v5.2.15

What's Changed

• Fixes #281 by @prabhu in #283

Full Changelog: v5.2.14...v5.2.15