Skip to content

Releases: anchore/syft

v1.16.0

04 Nov 22:36
8a41d77
Compare
Choose a tag to compare

Added Features

Bug Fixes

  • add support for dependencies and purl for Native Image SBOMs [#3399 @rudsberg]
  • stop bubbling fileResolver errors from binary cataloger [#3410 @spiffcs]
  • malformed pom.xml may cause recursive loop [#3391 @kzantow]
  • syft convert: broken link in help - documentation no longer existing [#3143 #3407 @Makefolder]

(Full Changelog)

v1.15.0

28 Oct 21:18
55cc187
Compare
Choose a tag to compare

Added Features

  • Merge config files hierarchically and add support for config profiles [#3337 @kzantow]
  • Enable cargo-auditable-binary-cataloger for files/directories [#3376 @ariel-miculas]
  • Improve mariadb binary classifer to detect older versions [#3052]
  • Look for dpkg status file at additional globs [#2692 #3373 @njv299]
  • Emit relationships for Java dependencies [#3189 #3363 @kzantow]

(Full Changelog)

v1.14.2

21 Oct 17:27
e4e985b
Compare
Choose a tag to compare

Bug Fixes

Additional Changes

(Full Changelog)

v1.14.1

15 Oct 13:12
754cebe
Compare
Choose a tag to compare

Bug Fixes

(Full Changelog)

v1.14.0

07 Oct 20:48
ccbee94
Compare
Choose a tag to compare

Added Features

Bug Fixes

  • performance: instantiate license check scanner to prevent memory leak [#3290 @govrin]
  • Parse package.json with non-standard fields in 'author' section [#3300 @nuada]
  • make failed CPE validation correctly return error [#2762 @willmurphyscode]
  • Improve subpath to mount matching [#3269 @cdupuis]

Additional Changes

(Full Changelog)

v1.13.0

24 Sep 13:35
01de99b
Compare
Choose a tag to compare

Added Features

Bug Fixes

  • OpenJDK CPEs [#2422 #3217 @wagoodman]
  • SBOM generated from poetry lock file contains no license information on any dependencies [#3204]
  • Scanning a folder with a jar archive with no metadata creates a SPDX package without versionInfo (Non-NTIA compliant) [#2039 #3257 @wagoodman]
  • Using replace in a go.mod creates a SPDX package without versionInfo (Non-NTIA compliant) [#2038 #3257 @wagoodman]
  • Command make add-snippet can fail in some cases [#3249]

(Full Changelog)

v1.12.2

11 Sep 14:20
fcd5ec9
Compare
Choose a tag to compare

Added Features

Bug Fixes

  • Fix improper decoding of SPDX license expressions in the CycloneDX format [#3175 @NyanKiyoshi]
  • improve generated cpes for binaries with existing classifiers [#3169 @westonsteimel]
  • improve known CPEs and set NVD as source for all current binary classifiers [#3167 @westonsteimel]
  • Respond to authoratative CPEs from catalogers [#3166 @wagoodman]
  • Set cataloger names within package cataloger task [#3165 @wagoodman]
  • use official CPE for curl binary cataloger [#3164 @westonsteimel]
  • Fix ELF package correlations [#3151 @wagoodman]
  • no space left and Could not retrieve mirrorlist in test [#3181 #3190 @wagoodman]
  • Multiple versions of libssl3 and libcrypto3 present in SBOM while only one version is installed [#3195]
  • CycloneDX convertion into Syft improperly handles SPDX licenses [#3172]
  • Syft Cause stack overflow [goroutine stack exceeds 1000000000-byte limit] [#3163 #3170 @kzantow]
  • Mysql binary detection version incorrect for 8.0.x [#3141 #3142 @kzantow]

Additional Changes

(Full Changelog)

v1.11.1

20 Aug 16:32
95b4a88
Compare
Choose a tag to compare

Bug Fixes

(Full Changelog)

v1.11.0

09 Aug 18:00
19cc664
Compare
Choose a tag to compare

Added Features

Bug Fixes

Additional Changes

  • rather than have a hard max recursive depth - syft should detect parent pom cycles [#2284 #2769 @GijsCalis]
  • increase java purl generation test coverage [#3110 @westonsteimel]
  • Updated PackageSupplier to type Organization for JAR files [#3093 @harippriyas]
  • Ensure accurate java main artifact name retrieval for multi-JARs and refine fallback approach [#3054 @dor-hayun]

(Full Changelog)

v1.10.0

30 Jul 16:20
a4b5dcd
Compare
Choose a tag to compare

Added Features

Bug Fixes

Additional Changes

  • add debug logging for errors reading RPM files [#3051 @kzantow]

(Full Changelog)