Releases: anthonyharrison/lib4sbom
Releases · anthonyharrison/lib4sbom
v0.5.3
v0.5.2
Updates in this release
New features
- feat: Add vulnerability parser
- feat: Update examples
- feat: Update licence list to version 3.22
Fixes
v0.5.1
v0.5.0
Updates in this release
New features
- feat: Introduce XML parsing for CycloneDX (fixes #1)
- feat: Add CycloneDX assembly suport (fixes #13)
- feat: Add initial support for SPDX RDF and XML files
- feat: Add vulnerabilities to SBOM
- feat: User defined license handling in SPDX
- feat: Add enhanced metadata attributes
- feat: Add vulnerability object
- feat: Refactor CycloneDX generator
- feat: Allow license text to be specified with license name
- feat: Allow SPDX version to be specified for SPDX documents
- feat: Allow UUID to be user specified
- feat: Reuse metadata from parsed SBOMs
- feat: Update examples
Fixes
- bug: Handle '-' in supplier name (Fixes #14)
- doc: Update README
- fix: Ensure user defined id is valid for SPDX
- fix: Fix metadata tools field of CycloneDX
- fix: Fix organisation typo
- fix: Formatting issues with generated document
- fix: Handle deprecated tools specification in CycloneDX version 1.5
- fix: Handle missing file id
- fix: Id overwritten by name for file object
- fix: License expression handling for CycloneDX
- fix: Linting
- fix: Remove commented code
- fix: Remove debug code
- fix: SPDX handling of user defined component id
- fix: SPDX version field truncated
- fix: Supplier contains digit (fixes #17)
- fix: Tool version metadata handling (CycloneDX)
- fix: Update relationships
- fix: Update test example
- fix: validate supplier type
- Merge pull request #15 from ffontaine/fix-typo
- Merge pull request #18 from ffontaine/fix-tools
- test: Additional Cyclonedx example
- test: Add CycloneDX XML test files
v0.4.3
v0.4.2
v0.4.1
v0.4.0
Updates in this release
New features
- feat: Add support for CycloneDX version 1.5 (fixes #6)
- feat: Add support for package attribution (SPDX)
- feat: Update license list to version 3.21
- feat: update version
Fixes
- doc: Update README
- fix: Additional checking of dependencies
- fix: Handle duplicate packages in CycloneDX (fixes #3)
- fix: optional license in component evidence
- fix: parsing originator in SPDX JSON file (fixes #4)
- fix: Retain deprecated ids
- fix: Linting (fixes #7)
- Merge pull request #5 from rh0dy/main
v0.3.1
Updates in this release
New features
- Add package purpose processing
- Check OSI Approved license
- Check valid URL in package metadata
- Include download location in CycloneDX SBOM
- Include email address with supplier when parsing CycloneDX
- Update license synonyms
Fixes
- Update documentation
- Allow .json files as SPDX file
- Copyright text in tag value format
- Ensure operators in license expression are uppercase
- Ensure supplier and contributor names are non-zero length
- Handle component with no version
- Handle file creation error
- Handle SPDX package purpose ambiquity for OPERATING-SYSTEM
- Handling of : in version and copyright strings
- Ignore deprecated licenses
- Improve parsing of relationships
- Minor updates to CycloneDX generator
- Fix overwriting download location attribute
- Parse package purpose
- Refactor license matching
- Correct storage of SBOM file component name
- Correct type for homepage component
- Refactor text handling for SPDX Tag value SBOMs
V0.3.0
Updates in this release
New Features
- Support SPDX license expressions
- Update license synonym processing
- Add more license synonyms
- Update SPDX license data to 3.20
Fixes
- Handle file as CycloneDX type
- Handle version as optional attribute in CycloneDX document
- Capture filetypes in SPDX JSON file
- Fix failing test
- Small corrections for licenses and comment handling