Releases: anchore/syft
Releases · anchore/syft
v0.84.0
Changelog
v0.84.0 (2023-06-20)
Breaking Changes
- Pad artifact IDs [PR #1882] [willmurphyscode]
Additional Changes
v0.83.1
Changelog
v0.83.1 (2023-06-14)
Bug Fixes
- fix: pom properties not setting artifact id [PR #1870] [jneate]
- fix(deps): pull in platform selection fix from stereoscope [PR #1871] [anchore-actions-token-generator] - pulling in an image with a digest that does not match the platform and architecture of the host no longer fails with an error, see anchore/stereoscope#188
- symlinks within a scanned directory tree are parsed outside the tree, failing if target does not exist [Issue #1860] [PR #1861] [deitch]
v0.83.0
Changelog
v0.83.0 (2023-06-05)
Added Features
- Add new '--source-version' and '--source-name' options to set the name and version of the target being analyzed for reference in resulting syft-json format SBOMs (more formats will support these flags soon). [Issue #1399] [PR #1859] [kzantow]
- Add scope to POM properties [PR #1779] [jneate]
- Accept main.version ldflags even without vcs [PR #1855] [deitch]
Bug Fixes
- Fix directory resolver to consider CWD and root path input correctly [PR #1840] [wagoodman]
- Show all error messages if there is a failure retrieving an image with a specified scheme [Issue #1569] [PR #1801] [FrimIdan]
- v0.81.0 crashing parsing some images [Issue #1837] [PR #1839] [spiffcs]
Deprecated Features
Additional Changes
v0.82.0
Changelog
v0.82.0 (2023-05-23)
Added Features
- Improve Go main module version detection by attempting to parse available ldflags [Issue #1785] [PR #1832] [wagoodman]
Bug Fixes
- Fix a problem in the license parsing logic that may result in a panic [PR #1839]
- Return all relevant error messages if an image retrieval fails when a scheme is specified [PR #1801] [FrimIdan]
- Fix a problem with PNPM scanning where v6 lockfiles might result in duplicated packages [Issue #1762] [PR #1778] [kzantow]
v0.81.0
Changelog
v0.81.0 (2023-05-22)
Added Features
- Support cataloging R packages [Issue #730] [PR #1790] [willmurphyscode]
- Support describing license properties and SPDX expression assertions [Issue #1577] [PR #1743] [spiffcs]
- Warn if parsing a newer SBOM [PR #1810] [willmurphyscode]
Bug Fixes
- Retain cataloged SBOM relationships [PR #1509] [houdini91]
- fix: update field plurality of 8.0.0 schema before release [PR #1820] [spiffcs]
- fix: remove spurious warnings - unknown relationship type: evident-by form-lib=syft [Issue #1812] [PR #1797] [willmurphyscode]
- CycloneDX Dependencies Relationships Inverted [Issue #1815] [PR #1816] [shanealv]
- Alpine: license expression should be complete and not parsed out [Issue #1817] [PR #1819] [spiffcs]
Additional Changes
- Print package list when extra packages found [PR #1791] [willmurphyscode]
- update cosign to v2 release (different go module) [PR #1805] [bobcallaway]
v0.80.0
Changelog
v0.80.0 (2023-05-05)
Added Features
- Improve pnpm support [Issue #1535] [PR #1752] [Shanedell]
Bug Fixes
- chore: add more detail on SPDX file IDs [PR #1769] [kzantow]
- chore: do not HTML escape PackageURLs [PR #1782] [kzantow]
- RPM database not found on ostree-managed systems [Issue #1755] [PR #1756] [fpytloun]
- Unable to use syft for private azure container registry [Issue #1777]
- linux-kernel-cataloger produces thousands of version-less components. [Issue #1781] [PR #1784] [kzantow]
Deprecated Features
v0.79.0
Changelog
v0.79.0 (2023-04-21)
Added Features
- Add ALPM Metadata to CYCLONEDX and SPDX output formats [Issue #1037] [PR #1747] [Shanedell]
- consul binary classifier [Issue #1590] [PR #1738] [Shanedell]
Bug Fixes
- Syft missing direct dependencies from the gemfile.lock [Issue #1660] [PR #1749] [Shanedell]
Additional Changes
- chore: bump stereoscope to latest version [PR #1741] [westonsteimel]
v0.78.0
Changelog
v0.78.0 (2023-04-17)
Added Features
- Add Linux Kernel cataloger [PR #1694] [deitch & wagoodman]
- Support scanning license files in golang packages over the network [Issue #1056] [PR #1630] [deitch & kzantow]
- Add consul binary classifier [Issue #1590] [PR #1738] [Shanedell]
- Add annotations for evidence on package locations [PR #1723] [wagoodman]
Bug Fixes
- Decoding of the syft-json format does not handle files [Issue #1534] [PR #1698] [wagoodman]
v0.77.0
Changelog
v0.77.0 (2023-04-11)
Added Features
- feat: gradle lockfile support [PR #1719] [henrysachs]
- feat: support for java "nar" files [PR #1727] [Shanedell]
v0.76.1
Changelog
v0.76.1 (2023-04-05)
Added Features
- Capture file ownership relationships from portage ecosystem [PR #1702] [wagoodman]
- Add Nix Cataloger [Issue #462] [PR #1107] [juliosueiras] [PR #1696] [wagoodman] [flokli]