Releases: owasp-dep-scan/dep-scan
Release v5.1.4
What's Changed
- chore: Add a table of contents at the beginning of README.md by @cerrussell in #200
- Better logic to silence all logging from external modules by @prabhu in #201
Full Changelog: v5.1.3...v5.1.4
Release v5.1.3
Release v5.1.2
What's Changed
Full Changelog: v5.1.1...v5.1.2
Release v5.1.1
What's Changed
Full Changelog: v5.1.0...v5.1.1
Release v5.1.0
What's Changed
- BREAKING: Use vdr bom as basis for jinja reports by @heubeck in #189
- Update packages by @prabhu in #190
Full Changelog: v5.0.4...v5.1.0
Release v5.0.4
What's Changed
Full Changelog: v5.0.3...v5.0.4
Release v5.0.3
What's Changed
- Handle invalid severities. by @cerrussell in #187
- Search by purl. Also fixes #185 by @prabhu in #186
Full Changelog: v5.0.2...v5.0.3
Release v5.0.2
What's Changed
- Add concurrency settings to workflows by @cerrussell in #176
- Fixing the example workflow link for pulling image via oras cli by @saketjajoo in #178
- #140 - Option to create custom reports using Jinja by @heubeck in #177
- PoC/Writeup to enable the GUI mode for dep-scan, perhaps in the future… by @saketjajoo in #180
- Fix/issue 182 cvss regex by @cerrussell in #183
New Contributors
Full Changelog: v5.0.1...v5.0.2
Release v5.0.1
What's Changed
- Updating the README with an example to show SBOM uploading in action by @saketjajoo in #172
- Some pylint fixes. Also fixes crash with empty results by @prabhu in #173
- Update CSAF ReadMe, add missing csaf 2.0 schema. @cerrussell in e0370e2
Full Changelog: v5.0.0...v5.0.1
Release v5.0.0 - Reachability analysis for everyone
Introduction
This is an exciting major release of depscan. Powered by the latest atom and cdxgen, depscan can perform reachability analysis for languages such as Java, JavaScript/TypeScript, and Python to further triage and generate actionable results.
We have also improved the initial db download experience by utilizing nydus RAFS, which reduces the database size by over 90% from (3.1GB to less than 300MB) on support systems with the nydus-image cli!
Lastly, depscan can also generate VEX in OASIS CSAF 2.0 format using reachability as a justification.
We thank all the contributors and supporters, especially @saketjajoo, @timmyteo, and @cerrussell, who worked tirelessly for several months to make this release possible.
What's Changed
- Fixing oras link in README by @timmyteo in #154
- Enable reachability analysis by @prabhu in #160
- Enable reachability analysis by @prabhu in #162
- Feature/print part2 by @prabhu in #163
- Support for pdf reports by @prabhu in #164
- nydus tests by @prabhu in #165
- Trim CI by @prabhu in #166
- Minor fix: Converting the results from object type to dict by @saketjajoo in #168
- Adding an option to use the rafs-based VDB image by @saketjajoo in #167
- simplify explain by @prabhu in #171
- Refactor and correct reachability for CSAF, add tests. by @cerrussell in #161
- Accept the path to a bom file (in the /scan endpoint) while running dep-scan in the server mode by @saketjajoo in #169
Full Changelog: v4.3.3...v5.0.0