Releases: anthonyharrison/lib4sbom
Releases · anthonyharrison/lib4sbom
v0.8.1
v0.8.0
Updates in this release
New features
- feat: add built date support for package component
- feat: add composition date item
- feat: handle custom vulnerability attributes (fixes #56)
- feat: include OTHER external references
- feat: raise user defined exception if parsing error (fixes #59)
- feat: update license test files(fixes #52)
- feat: validate external reference categories
Fixes
-
chore: fix max line length
-
chore: linting
-
doc: Update README (fixes #54)
-
fix: Allow empty license name in CycloneDX XML
-
fix: BuiltDate should be ReleaseDate
-
fix: Checksum algorithm validation
-
fix: Ensure license list version is of format M.N
-
fix: Handle file as source of relationship (fixes #50)
-
fix: Handle multiple licenses (fixes #45)
-
fix: Handle source of vulnerability
-
fix: Handle zero length strings
-
fix: Handling non-semantic versions
-
Merge pull request #58 from raboof/allow-empty-license-name
v0.7.5
v0.7.4
Updates in this release
Fixes
- fix: add debug to CycloneDX parser
- fix: license handling
- fix: support mixed case email addresses
- fix: typo in organization
v0.7.3
v0.7.2
Updates in this release
New features
- feat: Add acknowledgement for license parsing
- feat: Add check for features introduced in CycloneDX 1.6
- feat: Additional category support for external references to support CycloneDX 1.6
- feat: Add licence acknowledgement for CycloneDX 1.6
- feat: Add remediation details
- feat: Extract component name and version for vulnerability
- feat: Get list of licenses
- feat: Handle user defined licenses
- feat: Handle user defined llicenses and preserve ids
- feat: Multiple licenses from CycloneDX files preserved by parser
- feat: Support for non SPDX licenses
- feat: Update CycloneDX licence parsing
- feat: Validate hash algorithm
Fixes
- doc: fix typo
- doc: minor doc updates
- fix: Allow non semantic version numbers
- fix: Author in metadata
- fix: Fix small typo in cyclonedx_parser.
- fix: Generation of lifecycle
- fix: Handle empty license
- fix: Handle legacy tools interface (fixes #43)
- fix: Handling of CycloneDX 1.6 specific attributes
- fix: Handling of lifecycle
- fix: Identify supplier in component
- fix: Linting
- fix: Metadata parsing of authors
- fix: Parsing of CycloneDX vulnerability
- fix: Process supplier URL
- fix: Set default vulnerability status appropriate to type
- fix: SPDX handling of user defined licenses
- fix: Supplier handling of component
- fix: Typo in attribute
- fix: Type filesAnaylzed -> filesAnalyzed
- fix: Typo in lifecycle element
- fix: Typo preventing generating correct copyright
- fix: Updated validation of SBOM
- fix: Update license types
- fix: Update service component processing
- fix: Update vulnerability handling for CycloneDX
- fix: Validate external reference category
Merge pull request #37 from nodet/typo
Merge pull request #39 from nodet/fix-copyright-text
Merge pull request #40 from georgkoester/typo-correction-set-content
Merge pull request #42 from georgkoester/multi-license-pr
v0.7.1
Updates in this release
New features
- feat: Access license text
- feat: Add lifecycle support for CycloneDX
- feat: Add spdx vulnerability support
- feat: Initial support for CycloneDX version 1.6
- feat: Update install script
Fixes
v0.7.0
Updates in this release
New features
- feat: Add debug support
- feat: Add evidence element to package
- feat: Add metadata property support
- feat: Add Security policy
- feat: Add set_cpe and set_purl methods
- feat: Extract SBOM URN
- feat: Add get_purl and get_cpe methods
- feat: Introduce support for software services generation and parsing
- feat: Linting
- feat: Linting of example scripts
- feat: Linting of test scripts
- feat: Return version of SBOM
- feat: Specify SPDX version via environment variable
- feat: Update vulnerability generation and parsing
- feat: Validate CPE vector string
Fixes
- doc: update readme for SPDX version environment variable
- fix: class SBOMPackage: add missing type declaration
- fix: Add justification validation
- fix: bom-ref optional for vulnerability
- fix: File comment missed in SPDX JSON parser
- fix: Handle CycloneDX legacy metadata tools interface
- fix: Handle missing serialnumber in CycloneDX document
- fix: License comments missing in CycloneDX
- fix: typo in checksum validation
- fix: typo in cyclonedx vulnerability generator
- fix: typo in external reference validation
- fix: typo in justification validation
- Merge pull request #30 from sah-cdo/dev/update_type_list_according_to_cyclonedx_1_5
v0.6.2
New features
- feat: Improved CycloneDX copyright text generation
- feat: Simple example of CycloneDX to SPDX file converter
- feat: Simple example of SPDX to CycloneDX file converter
Fixes
- fix: Correct CSAF status values
- fix: Ensure all file operations are utf-8
- fix: Get_files returns dictionary instead of list (fixes #29)
- fix: Handle CPE2.2 in CycloneDX (fixes #28)
- fix: Handle option bom-ref in vulnerability
- fix: Improved robustness of parser (fixes #26)
- fix: License identifier validation
- fix: Retain more component information
- fix: Retrieve vulnerability state
- fix: SPDXid contained invalid characters
- fix: Validate checksum length
v0.6.1
Updates in this release
New features
- feat: Add license type reporting
Fixes
- fix: linting
- fix: robustness of parser