Skip to content

v0.8.0
Compare
Choose a tag to compare
@github-actions github-actions released this 25 Jul 18:11
· 70 commits to main since this release
v0.8.0
0c6dc86
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
  • Clearly Defined Certifier! (Experimental)
  • Parse CycloneDX Legal information (#1985)
  • Add vulnerability scanning on ingestion
  • [ENT] Implement deletion for certifyVuln, hasSBOM and hasSLSA (#1982).
    Keyvalue PR already created (#2033)
  • Update slsa parser in-toto attestation library (#1988)
  • Update slsa parser to use ResourceDescriptor (#1988)
  • [ENT] Fix node , improve package qualifiers query and add missing indexes to speed up query performance (#1989, #1999, #2020 and #2032)
  • Include e2e tests for guaccollect, guacingest, and ent (#1998)
  • Change isDependency to be only at the pkgVersion
  • Fix make all and make build (#2014)

Contributors

What's Changed

  • 8e8bf52 #1996 Improve package's qualifiers query (#1997)
  • d55629f Add default SECURITY.md policy (#2004)
  • bf65123 Adds vulnerability scanning on ingestion (#1963)
  • e1465d9 Bump actions/checkout from 4.1.6 to 4.1.7 (#1972)
  • 681d3b7 Bump actions/create-github-app-token from 1.10.1 to 1.10.3 (#1995)
  • 968c0cc Bump actions/setup-go from 5.0.1 to 5.0.2 (#2025)
  • 3cacb78 Bump actions/setup-python from 5.1.0 to 5.1.1 (#2024)
  • 5b9e79d Bump anchore/sbom-action from 0.16.0 to 0.17.0 (#2023)
  • c2983b5 Bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 (#1958)
  • 250ecb8 Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 (#1977)
  • a0c0b73 Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (#2026)
  • f0d7607 Bump cloud.google.com/go/storage from 1.41.0 to 1.42.0 (#1979)
  • 07cea77 Bump entgo.io/ent from 0.13.0 to 0.13.1 (#2005)
  • 57a219f Bump github.com/99designs/gqlgen from 0.17.45 to 0.17.48 (#1961)
  • d81762c Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#1962)
  • 153f94e Bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 (#2007)
  • dad65eb Bump github.com/aws/aws-sdk-go from 1.53.1 to 1.54.3 (#1968)
  • 8ca724a Bump github.com/aws/aws-sdk-go from 1.54.3 to 1.54.6 (#1978)
  • 9052a82 Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.55.0 (#2043)
  • 809acec Bump github.com/aws/aws-sdk-go-v2 from 1.30.1 to 1.30.3 (#2030)
  • e0a7c6b Bump github.com/aws/aws-sdk-go-v2/config from 1.27.16 to 1.27.19 (#1970)
  • 6139d24 Bump github.com/aws/aws-sdk-go-v2/config from 1.27.19 to 1.27.23 (#1993)
  • c903f1b Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.1 to 1.58.2 (#2027)
  • 3c0319a Bump github.com/fsouza/fake-gcs-server from 1.48.0 to 1.49.2 (#1955)
  • 5114c80 Bump github.com/google/osv-scanner from 1.7.2 to 1.7.4 (#1960)
  • fb3d62a Bump github.com/google/osv-scanner from 1.7.4 to 1.8.2 (#2013)
  • f39ad2e Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#1981)
  • 5d0a9bf Bump github.com/nats-io/nats-server/v2 from 2.10.16 to 2.10.17 (#2029)
  • c1ddb48 Bump github.com/nats-io/nats-server/v2 from 2.10.17 to 2.10.18 (#2041)
  • 4fe606f Bump github.com/nats-io/nats.go from 1.34.1 to 1.36.0 (#1971)
  • 221a7d3 Bump github.com/pitabwire/natspubsub from 0.1.3 to 0.1.7 (#1990)
  • 9e41590 Bump github.com/redis/go-redis/v9 from 9.5.1 to 9.5.3 (#1954)
  • 5c09ea6 Bump github.com/regclient/regclient from 0.6.1 to 0.7.0 (#2042)
  • cdfebf3 Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 (#1980)
  • 9e41523 Bump github.com/sigstore/sigstore from 1.8.4 to 1.8.6 (#1991)
  • b18df2d Bump github.com/sigstore/sigstore from 1.8.6 to 1.8.7 (#2028)
  • 3ac1beb Bump github.com/vektah/gqlparser/v2 from 2.5.12 to 2.5.14 (#1966)
  • 1b1ccc5 Bump github.com/vektah/gqlparser/v2 from 2.5.14 to 2.5.16 (#1992)
  • ecf9206 Bump github/codeql-action from 3.25.10 to 3.25.11 (#1994)
  • b12ce21 Bump github/codeql-action from 3.25.11 to 3.25.12 (#2022)
  • 693a21c Bump github/codeql-action from 3.25.12 to 3.25.13 (#2045)
  • f18ba93 Bump github/codeql-action from 3.25.7 to 3.25.8 (#1957)
  • 21e503c Bump github/codeql-action from 3.25.8 to 3.25.10 (#1973)
  • 8a987bd Bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#2012)
  • 546a17e Bump goreleaser/goreleaser-action from 5 to 6 (#1959)
  • a0762a6 Clearly defined certifier (#2035)
  • ff4c8af Expose certifier and deps.dev batch size and add optional latency (defaults to none) (#1967)
  • 7306193 Fix Google Container Registry URL typo (#1986)
  • 6443db6 Fix make all and make build (#2014)
  • 41970b6 Fix guacrest docker compose healthchecks (#2001)
  • 82e3f80 Fix the e2e (#2010)
  • ee17427 Fix the shebang on the e2e script by (#2017)
  • 9a20f1e Fixed Guacone Query Vuln When Keyvalue is Used (#2000)
  • 05de293 Implememnt the proposal in guacsec/governance#8 (#1935)
  • 53a63ab Include e2e tests for guaccollect, guacingest, and ent (#1998)
  • 71dbe34 Move to OpenSSF mail server (#1975)
  • 9d51e44 Parse CycloneDX Legal information (#1985)
  • 8c54ef5 Remove isDependency to pkgName (#2021)
  • 0675b67 Speed up common CertifyVuln ent queries by adding indexes (#1999)
  • 2845fad Speed up isDependency query when spec depPkg has pkgID (#2020)
  • 2d87d8d Update slsa parser to remove deprecated structs (#1988)
  • bc9361d Updated query known and slsa parser (#2018)
  • 6a63c22 [ENT] Implement deletion for certifyVuln, hasSBOM and hasSLSA (#1982)
  • 0b17411 [ENT] add indexes for common queries on ENT (#2032)
  • b6754cf [ENT] add missing nodes from the node query (#1989)
  • a4c36b1 add check for paginated queries for nil values in ent (#2031)
  • 7eccfa9 add missing csub-tls flags for guaccollect (#1951)
  • 0c6dc86 move timestamp up such that it is not skipped (#2046)
  • 0c70002 remove GetMatchFlagsFromPkgInput helper as it was not needed for isDependency (#1933)
  • e2486e1 support direct connections to ent from the rest api (#1932)
  • 621b66f update to skip type guac purls in deps.dev (#2039)

Contributors

nchelluri, funnelfiasco, and 8 other contributors
Assets 71
Loading