Releases: anchore/syft
Releases · anchore/syft
v0.62.2
Changelog
v0.62.2 (2022-11-28)
Bug Fixes
- SPDX-json output differs between cli and golang implementation [Issue #1213]
- Python cataloging fails to remove some non-version characters from version string [Issue #1360]
- Haskell Cabal packages crash syft [Issue #1362]
- Panic case for alpm on windows has a correct error case [Issue #1094]
v0.62.1
Changelog
v0.62.1 (2022-11-21)
Bug Fixes
- fix(npm): handle aliases in package-lock.json [Issue #1314] [Mikcl]
- chore: add debug logging for decode errors [PR #1352] [kzantow]
- fix: sort relationships in SPDX output [Issue #1213] [kzantow]
v0.62.0
Changelog
v0.62.0 (2022-11-18)
Added Features
- NPM package-lock.json version 3 [Issue #1203]
Bug Fixes
- Don't replace : with - in docker SPDX namespaces [Issue #1111]
v0.61.0
Changelog
v0.61.0 (2022-11-18)
Added Features
- Add support for map fields in CycloneDX (XML and JSON) [Issue #1032]
- Dependency's MIT license not picked up when scanning package-lock.json [Issue #1113]
- Support SPDX 2.3 [Issue #1292]
- Add support for dependency relationships for alpine (apk) [PR #1063]
Bug Fixes
- Normalize alpm md5 refs [PR #1333] [wagoodman]
- APK Metadata decoding should be backwards compatible [PR #1341] [wagoodman]
- Add spdx relationship encoding for dependencies [PR #1342] [wagoodman]
- v0.3.0 SPDX SBOM Does Not Have Unique SPDXID Package IDs [Issue #923]
- Missing licenses and "skipping encoding of unsupported property: syft:metadata:goBuildSetting" [Issue #1007]
- System independent build not possible [Issue #1084]
- Dependency's MIT license not picked up when scanning package-lock.json [Issue #1113]
- No packages discovered in SIF when image source not specified [Issue #1189]
syft packagespanics on OCI archive creation [Issue #1318]- Missing metadata in syft-json artifacts crashes grype [Issue #1334]
- CPE for amazoncorretto:19.0.1-al2 is incorrect [Issue #1337]
v0.60.3
v0.60.2
v0.60.1
Changelog
v0.60.1 (2022-11-01)
Added Features
- Remove the docker installation from the release process [Issue #577]
- Include go binary h1 digests in SPDX [Issue #1261]
Bug Fixes
- A malformed Python RECORD file stops Syft processing [Issue #1012]
- Deprecated SPDX license (GFDL* and BSD-2-Clause-NetBSD) [Issue #1179]
- Update SPDX license list to 3.18 [Issue #1245]
- Versions not printed out properly from maven pom.xml [Issue #1251]
- syft attest --output cyclonedx-json incompatible with cosign [Issue #1268]
- Create SBOM file will have suffix in modules name [Issue #1275]
v0.59.0
Changelog
Added Features
- Attest support for Singularity images [Issue #1193]
- Remove upload to Anchore Enterprise [Issue #1252]
Bug Fixes
- Update requires to use list; remove field [PR #1234] [spiffcs]
- Deprecated SPDX license (GFDL* and BSD-2-Clause-NetBSD) [Issue #1179]
- SPDX JSON has external reference category of PACKAGE_MANAGER instead of PACKAGE-MANAGER [Issue #1236]
- Follow symlinks when searching for globs in all-layers scope [PR #1221] [kzantow]
v0.58.0
Changelog
Added Features
- Add support for cpp
conan.lockfiles [PR #1230] - Adding file checksum field in SPDX documents [Issue #1226]
Bug Fixes
- Excluding a directory does not work on Windows [Issue #1024]
- RPM file scan failed [Issue #1231]
v0.57.0
Changelog
Added Features
- Consistent sorting for SPDX JSON output [Issue #1213]
Bug Fixes
- Attest panic on MacOS [Issue #1210]