Releases: anchore/syft
Releases · anchore/syft
v0.76.0
Changelog
v0.76.0 (2023-03-31)
Added Features
- Scan local go mod licenses for golang packages [PR #1645] [deitch]
- update and clean license list generation to return more SPDXID for more inputs [PR #1691] [spiffcs]
- argocd binary classifier [Issue #1606] [PR #1663] [y12studio]
- Add config option to allow user to select the default image source location [Issue #1703] [spiffcs]
Bug Fixes
- Defer closing the opened file when using FileScheme [PR #1668] [Noxsios]
- fix: remove author contributing to javascript CPEs [PR #1669] [kzantow]
- fix: reduce logging for bad dpkg lines [PR #1675] [kzantow]
- Broken shell completion - Bash [Issue #962] [PR #1688] [DanHam]
- syft produces different output when run with sudo [Issue #1391] [PR #1693] [anchore-actions-token-generator]
- some binary ruby are not detected [Issue #1677] [PR #1678] [witchcraze]
- Documentation says that output is SPDX 2.2 [Issue #1679] [PR #1680] [vargenau]
- fix: move defer after error to protect panic case [PR #1670] [spiffcs]
Additional Changes
- Deprecate config.yaml as valid config source; Add unit regression for correct config paths [PR #1640] [AidanDelaney]
- Remove more side effects from application config testing [PR #1684] [wagoodman]
- chore: tweak some workflow text [PR #1685] [kzantow]
- chore: fix flaky license sorting [PR #1690] [kzantow]
v0.75.0
Changelog
v0.75.0 (2023-03-13)
Added Features
- Catalog ruby binary [Issue #1650] [PR #1665] [witchcraze]
Bug Fixes
v0.74.1
Changelog
v0.74.1 (2023-03-09)
Bug Fixes
- purl for apk packages missing when installed db file is not in root [Issue #1572] [PR #1615] [deitch]
- invalid package url type: dotnet [Issue #1622] [PR #1649] [kzantow]
- Go tests detecting race cataloging packages [Issue #1633] [PR #1639] [kzantow]
- Improve Python binary scanning [Issue #1643] [PR #1648] [kzantow]
- Update haproxy binary matcher [Issue #1646] [PR #1648] [kzantow]
- SPDX tag-value SBOM value format is incorrect for LicenseID [Issue #1651] [PR #1657] [kzantow]
v0.74.0
Changelog
(v0.74.0) (2023-03-02)
Added Features
- rust toolchain binary cataloger [PR #1601] [westonsteimel]
- Add support for SUPPORT_END in distro [PR #1612] [noqcks]
- Catalog haproxy binary [Issue #1512] [PR #1591] [noqcks]
- Handle cataloger panics [Issue #1624] [PR #1636] [kzantow]
- set cosign attest predicate type based on Syft output type [PR #1598] [Nirusu]
- retain go package info when no module declared [PR #1632] [westonsteimel]
Bug Fixes
- improve CPE generation for curl APK [PR #1608] [westonsteimel]
- determine upstream for apk version streams [PR #1610] [westonsteimel]
- decoding null apk metadata pullDependencies [PR #1614] [kzantow]
- correct apk purls for other distros [PR #1620] [westonsteimel]
- further improvements to CPE generation for apk packages [PR #1623] [westonsteimel]
- improved CPE-generation for several more APK packages [PR #1631] [westonsteimel]
- apk product/vendor generation for old metadata [PR #1635] [westonsteimel]
- Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards [Issue #1586] [PR #1604] [wagoodman]
- syft erlang cataloger can segfault when analyzing an erlang project containing rebar.lock with nested deps [Issue #1621] [PR #1628] [kzantow]
- Go tests detecting race cataloging packages [Issue #1633] [PR #1639] [kzantow]
v0.73.0
Changelog
v0.73.0 (2023-02-22)
Added Features
- Update SPDX license list to 3.20 [PR #1600] [vargenau]
- Catalog perl binary [Issue #1587] [PR #1592] [noqcks]
Bug Fixes
- Fix issue when matching format versions [PR #1585] [kzantow]
- Cataloger filtering cross matches wrong catalogers [Issue #1573] [PR #1582] [wagoodman]
- Python binary detected multiple times when only installed once [Issue #1579] [PR #1583] [kzantow]
- Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards [Issue #1586]
v0.72.1
Changelog
v0.72.1 (2023-02-22)
Added Features
Bug Fixes
- Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards [Issue #1586]
v0.72.0
Changelog
v0.72.0 (2023-02-16)
Added Features
Bug Fixes
- fix: python CPE generation for alpine [PR #1564] [westonsteimel]
- fix: improve CPE and upstream generation logic for Alpine packages [PR #1567] [westonsteimel]
v0.71.0
Changelog
v0.71.0 (2023-02-09)
Added Features
- Catalog postgres binary [Issue #1456] [PR #1536] [witchcraze]
- Improve Syft performance [Issue #1328] [PR #1510] [wagoodman]
- Export specific format versions (SPDX) [Issue #1519] [PR #1543] [kzantow]
Bug Fixes
- source: when base is set, responsePath should be absolute [PR #1542] [jedevc]
- Licenses missing in most report format [Issue #933] [PR #1540] [deitch]
- apk packages with simplified license show NOASSERTION [Issue #1529] [PR #1540] [deitch]
v0.70.0
Changelog
v0.70.0 (2023-02-03)
Added Features
- Catalog traefik binary [Issue #1460] [PR #1504] [witchcraze]
Bug Fixes
- Syft hardcodes
customattestation type [Issue #1532] [PR #1533] [Nirusu]
Security
- Prevent leaking attestation password or key path to console or SBOM contents [PR #1538] [GHSA-jp7v-3587-2956] [CVE-2023-24827]
v0.69.1
Changelog
v0.69.1 (2023-01-31)
Changes
- update golang to 1.19 [PR #1526] [bradleyjones]
- update spdx/tools-golang to v0.5.0-rc1 [PR #1503] [kzantow]