Releases: owasp-dep-scan/dep-scan
Release v5.4.2
What's Changed
Full Changelog: v5.4.1...v5.4.2
Release v5.4.1
Bump cdxgen version. Also disables cdxgen banner, since depscan has its own banner ;-)
Full Changelog: v5.4.0...v5.4.1
Release v5.4.0
Depscan container image is now based on almalinux 9.4 with python 3.12, so might be a breaking change for python scans. If your project requires an older version of Java or python, use the AppThreat base-images to generate an SBOM first, and then invoke depscan with the --bom
argument.
We have also added support for malicious packages scanning.
What's Changed
Full Changelog: v5.3.5...v5.4.0
Release v5.3.5
What's Changed
Full Changelog: v5.3.4...v5.3.5
Release v5.3.4
What's Changed
Full Changelog: v5.3.3...v5.3.4
Release v5.3.3
Bump up cdxgen to 10.4.1
Full Changelog: v5.3.2...v5.3.3
Release v5.3.2
What's Changed
- Added generic cdxgen_args that can be passed as an environment variable or argument to depscan itself. by @deleterepo in #292
- Update cdxgen to bring go purl compatibility fixes by @prabhu in #297
Full Changelog: v5.3.1...v5.3.2
Release v5.3.1
Release v5.3.0
From this release, deprecated packages would always get flagged regardless of the score with risk audit. For PyPI, we look for couple of strings in the description since not every vendor follows the procedure to yank
the packages correctly.
Full Changelog: v5.2.15...v5.3.0