v0.7.2
Updates in this release
New features
- feat: Add acknowledgement for license parsing
- feat: Add check for features introduced in CycloneDX 1.6
- feat: Additional category support for external references to support CycloneDX 1.6
- feat: Add licence acknowledgement for CycloneDX 1.6
- feat: Add remediation details
- feat: Extract component name and version for vulnerability
- feat: Get list of licenses
- feat: Handle user defined licenses
- feat: Handle user defined llicenses and preserve ids
- feat: Multiple licenses from CycloneDX files preserved by parser
- feat: Support for non SPDX licenses
- feat: Update CycloneDX licence parsing
- feat: Validate hash algorithm
Fixes
- doc: fix typo
- doc: minor doc updates
- fix: Allow non semantic version numbers
- fix: Author in metadata
- fix: Fix small typo in cyclonedx_parser.
- fix: Generation of lifecycle
- fix: Handle empty license
- fix: Handle legacy tools interface (fixes #43)
- fix: Handling of CycloneDX 1.6 specific attributes
- fix: Handling of lifecycle
- fix: Identify supplier in component
- fix: Linting
- fix: Metadata parsing of authors
- fix: Parsing of CycloneDX vulnerability
- fix: Process supplier URL
- fix: Set default vulnerability status appropriate to type
- fix: SPDX handling of user defined licenses
- fix: Supplier handling of component
- fix: Typo in attribute
- fix: Type filesAnaylzed -> filesAnalyzed
- fix: Typo in lifecycle element
- fix: Typo preventing generating correct copyright
- fix: Updated validation of SBOM
- fix: Update license types
- fix: Update service component processing
- fix: Update vulnerability handling for CycloneDX
- fix: Validate external reference category
Merge pull request #37 from nodet/typo
Merge pull request #39 from nodet/fix-copyright-text
Merge pull request #40 from georgkoester/typo-correction-set-content
Merge pull request #42 from georgkoester/multi-license-pr