Releases
v0.8.0
Clearly Defined Certifier! (Experimental)
Parse CycloneDX Legal information (#1985 )
Add vulnerability scanning on ingestion
[ENT] Implement deletion for certifyVuln, hasSBOM and hasSLSA (#1982 ).
Keyvalue PR already created (#2033 )
Update slsa parser in-toto attestation library (#1988 )
Update slsa parser to use ResourceDescriptor (#1988 )
[ENT] Fix node , improve package qualifiers query and add missing indexes to speed up query performance (#1989 , #1999 , #2020 and #2032 )
Include e2e tests for guaccollect, guacingest, and ent (#1998 )
Change isDependency to be only at the pkgVersion
Fix make all and make build (#2014 )
Contributors
What's Changed
8e8bf52 #1996 Improve package's qualifiers query (#1997 )
d55629f Add default SECURITY.md policy (#2004 )
bf65123 Adds vulnerability scanning on ingestion (#1963 )
e1465d9 Bump actions/checkout from 4.1.6 to 4.1.7 (#1972 )
681d3b7 Bump actions/create-github-app-token from 1.10.1 to 1.10.3 (#1995 )
968c0cc Bump actions/setup-go from 5.0.1 to 5.0.2 (#2025 )
3cacb78 Bump actions/setup-python from 5.1.0 to 5.1.1 (#2024 )
5b9e79d Bump anchore/sbom-action from 0.16.0 to 0.17.0 (#2023 )
c2983b5 Bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 (#1958 )
250ecb8 Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 (#1977 )
a0c0b73 Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (#2026 )
f0d7607 Bump cloud.google.com/go/storage from 1.41.0 to 1.42.0 (#1979 )
07cea77 Bump entgo.io/ent from 0.13.0 to 0.13.1 (#2005 )
57a219f Bump github.com/99designs/gqlgen from 0.17.45 to 0.17.48 (#1961 )
d81762c Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#1962 )
153f94e Bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 (#2007 )
dad65eb Bump github.com/aws/aws-sdk-go from 1.53.1 to 1.54.3 (#1968 )
8ca724a Bump github.com/aws/aws-sdk-go from 1.54.3 to 1.54.6 (#1978 )
9052a82 Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.55.0 (#2043 )
809acec Bump github.com/aws/aws-sdk-go-v2 from 1.30.1 to 1.30.3 (#2030 )
e0a7c6b Bump github.com/aws/aws-sdk-go-v2/config from 1.27.16 to 1.27.19 (#1970 )
6139d24 Bump github.com/aws/aws-sdk-go-v2/config from 1.27.19 to 1.27.23 (#1993 )
c903f1b Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.1 to 1.58.2 (#2027 )
3c0319a Bump github.com/fsouza/fake-gcs-server from 1.48.0 to 1.49.2 (#1955 )
5114c80 Bump github.com/google/osv-scanner from 1.7.2 to 1.7.4 (#1960 )
fb3d62a Bump github.com/google/osv-scanner from 1.7.4 to 1.8.2 (#2013 )
f39ad2e Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#1981 )
5d0a9bf Bump github.com/nats-io/nats-server/v2 from 2.10.16 to 2.10.17 (#2029 )
c1ddb48 Bump github.com/nats-io/nats-server/v2 from 2.10.17 to 2.10.18 (#2041 )
4fe606f Bump github.com/nats-io/nats.go from 1.34.1 to 1.36.0 (#1971 )
221a7d3 Bump github.com/pitabwire/natspubsub from 0.1.3 to 0.1.7 (#1990 )
9e41590 Bump github.com/redis/go-redis/v9 from 9.5.1 to 9.5.3 (#1954 )
5c09ea6 Bump github.com/regclient/regclient from 0.6.1 to 0.7.0 (#2042 )
cdfebf3 Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 (#1980 )
9e41523 Bump github.com/sigstore/sigstore from 1.8.4 to 1.8.6 (#1991 )
b18df2d Bump github.com/sigstore/sigstore from 1.8.6 to 1.8.7 (#2028 )
3ac1beb Bump github.com/vektah/gqlparser/v2 from 2.5.12 to 2.5.14 (#1966 )
1b1ccc5 Bump github.com/vektah/gqlparser/v2 from 2.5.14 to 2.5.16 (#1992 )
ecf9206 Bump github/codeql-action from 3.25.10 to 3.25.11 (#1994 )
b12ce21 Bump github/codeql-action from 3.25.11 to 3.25.12 (#2022 )
693a21c Bump github/codeql-action from 3.25.12 to 3.25.13 (#2045 )
f18ba93 Bump github/codeql-action from 3.25.7 to 3.25.8 (#1957 )
21e503c Bump github/codeql-action from 3.25.8 to 3.25.10 (#1973 )
8a987bd Bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#2012 )
546a17e Bump goreleaser/goreleaser-action from 5 to 6 (#1959 )
a0762a6 Clearly defined certifier (#2035 )
ff4c8af Expose certifier and deps.dev batch size and add optional latency (defaults to none) (#1967 )
7306193 Fix Google Container Registry URL typo (#1986 )
6443db6 Fix make all
and make build
(#2014 )
41970b6 Fix guacrest docker compose healthchecks (#2001 )
82e3f80 Fix the e2e (#2010 )
ee17427 Fix the shebang on the e2e script by (#2017 )
9a20f1e Fixed Guacone Query Vuln When Keyvalue is Used (#2000 )
05de293 Implememnt the proposal in guacsec/governance#8 (#1935 )
53a63ab Include e2e tests for guaccollect
, guacingest
, and ent (#1998 )
71dbe34 Move to OpenSSF mail server (#1975 )
9d51e44 Parse CycloneDX Legal information (#1985 )
8c54ef5 Remove isDependency to pkgName (#2021 )
0675b67 Speed up common CertifyVuln ent queries by adding indexes (#1999 )
2845fad Speed up isDependency query when spec depPkg has pkgID (#2020 )
2d87d8d Update slsa parser to remove deprecated structs (#1988 )
bc9361d Updated query known and slsa parser (#2018 )
6a63c22 [ENT] Implement deletion for certifyVuln, hasSBOM and hasSLSA (#1982 )
0b17411 [ENT] add indexes for common queries on ENT (#2032 )
b6754cf [ENT] add missing nodes from the node query (#1989 )
a4c36b1 add check for paginated queries for nil values in ent (#2031 )
7eccfa9 add missing csub-tls flags for guaccollect (#1951 )
0c6dc86 move timestamp up such that it is not skipped (#2046 )
0c70002 remove GetMatchFlagsFromPkgInput helper as it was not needed for isDependency (#1933 )
e2486e1 support direct connections to ent from the rest api (#1932 )
621b66f update to skip type guac purls in deps.dev (#2039 )
You can’t perform that action at this time.