Release v5.1.4

What's Changed

• chore: Add a table of contents at the beginning of README.md by @cerrussell in #200
• Better logic to silence all logging from external modules by @prabhu in #201

Full Changelog: v5.1.3...v5.1.4

Release v5.1.3

What's Changed

• disable aliasing for npm by @prabhu in #197

Full Changelog: v5.1.2...v5.1.3

Release v5.1.2

What's Changed

• Fixes #192. Retain empty group for npm to perform strict search by @prabhu in #193

Full Changelog: v5.1.1...v5.1.2

Release v5.1.1

What's Changed

• Declare variables required for report by @heubeck in #191
• Added issue templates

Full Changelog: v5.1.0...v5.1.1

Release v5.1.0

What's Changed

• BREAKING: Use vdr bom as basis for jinja reports by @heubeck in #189
• Update packages by @prabhu in #190

Full Changelog: v5.0.4...v5.1.0

Release v5.0.4

What's Changed

• Trim aliasing for vendorless packages by @prabhu in #188

Full Changelog: v5.0.3...v5.0.4

Release v5.0.3

What's Changed

• Handle invalid severities. by @cerrussell in #187
• Search by purl. Also fixes #185 by @prabhu in #186

Full Changelog: v5.0.2...v5.0.3

Release v5.0.2

What's Changed

• Add concurrency settings to workflows by @cerrussell in #176
• Fixing the example workflow link for pulling image via oras cli by @saketjajoo in #178
• #140 - Option to create custom reports using Jinja by @heubeck in #177
• PoC/Writeup to enable the GUI mode for dep-scan, perhaps in the future… by @saketjajoo in #180
• Fix/issue 182 cvss regex by @cerrussell in #183

New Contributors

• @heubeck made their first contribution in #177 🎉

Full Changelog: v5.0.1...v5.0.2

Release v5.0.1

What's Changed

• Updating the README with an example to show SBOM uploading in action by @saketjajoo in #172
• Some pylint fixes. Also fixes crash with empty results by @prabhu in #173
• Update CSAF ReadMe, add missing csaf 2.0 schema. @cerrussell in e0370e2

Full Changelog: v5.0.0...v5.0.1

Release v5.0.0 - Reachability analysis for everyone

Introduction

This is an exciting major release of depscan. Powered by the latest atom and cdxgen, depscan can perform reachability analysis for languages such as Java, JavaScript/TypeScript, and Python to further triage and generate actionable results.

We have also improved the initial db download experience by utilizing nydus RAFS, which reduces the database size by over 90% from (3.1GB to less than 300MB) on support systems with the nydus-image cli!

Lastly, depscan can also generate VEX in OASIS CSAF 2.0 format using reachability as a justification.

We thank all the contributors and supporters, especially @saketjajoo, @timmyteo, and @cerrussell, who worked tirelessly for several months to make this release possible.

What's Changed

• Fixing oras link in README by @timmyteo in #154
• Enable reachability analysis by @prabhu in #160
• Enable reachability analysis by @prabhu in #162
• Feature/print part2 by @prabhu in #163
• Support for pdf reports by @prabhu in #164
• nydus tests by @prabhu in #165
• Trim CI by @prabhu in #166
• Minor fix: Converting the results from object type to dict by @saketjajoo in #168
• Adding an option to use the rafs-based VDB image by @saketjajoo in #167
• simplify explain by @prabhu in #171
• Refactor and correct reachability for CSAF, add tests. by @cerrussell in #161
• Accept the path to a bom file (in the /scan endpoint) while running dep-scan in the server mode by @saketjajoo in #169

Full Changelog: v4.3.3...v5.0.0