0.1.0-alpha.18

Changelog

v0.1.0-alpha.18 (2024-09-20)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the historyto use UUID instead of i32 from the start.

Features

• support compressed upload (14c356c)
• allow importing complete datasets (9722fdc)
• sort importers by enabledness (7c65d51)
• implement patch for updating importer configurations (ac104b4)
• allow disabling the GraphQL endpoint, and do so by default (ea6e6ed)
• add depth to GitWalker for faster clones by limiting history (8da2fe5)
• speed up initial clones of git repos (31cc15f)
• add progress support, backed by the database (bf0a017)
• add MEM_LIMIT_MB env var to configure threshold for tests (35d1cdd)
• replace SyncAdapter with SyncIoBridge to reduce RAM usage (684154d)
• add basic progress support, first just via tracing (4d6d366)
• refactor temp file creation to reduce S3 usage (f9727a2)
• allow creating the embedded database in a different directory (b6766cb)
• improve product details to return basic sbom data (6d3a777)
• allow configuring fetch retries (d1b3ce6)
• allow setting a size limit when importing SBOMs (83dcde7)
• allow using a dedicated working dir for dumps (9cc1302)
• Add maven version comparison SQL function. (7efd883)
• add an xtask for generating a pre-loaded DB dump (59889af)
• S3 storage backend (978a2be), closes #621
• add PurlService method that can gc dead purls. (11b0ede)
• Add api to delete Vulnerabilities. (ad0f2fb), closes #563
• Add api to delete Advisories. (220863f), closes #563
• add the ability to specify a branch for importing OSV (c31462c)
• Add api to delete products (807dcb5), closes #563
• Add api to delete sboms (2e6b810), closes #563
• add rapidoc support (c5df2c5)
• add trustd subcommand to export openapi spec (0ffc786)
• new convention for organizing integration tests (f653c02)
• add import warnings to the report (b59a19b)
• use v5 uuid upsert for CPEs (1fd7470)
• add cpe creator (7c5ee80)
• ingest products from sboms (d5ec88c)
• add more data to the products API (0983ac3)
• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• prevent uploading compressed files which might exhaust the memory (9145a6e)
• ensure UUIDs are stable, and we have a stable insertion order (12ef030)
• use stable order for CPEs to prevent deadlocks on the DB (08eb107)
• store documents when ingesting a dataset (600dd36)
• allow ingesting YAML based OSV (54da44c)
• able to run pm-mode in container (bc57113)
• restore hard-coded base paths in CVE/ClearlyDefined walkers (f3a9fe9)
• restore hashes in SBOM fetch api (df89982), closes #733
• disable format detection for importers (26eda5d), closes #715
• fix performance regression, speeds things up ~10x (3af6cdf)
• prevent dumping the full CSAF document into the tracing context (f66ef06)
• importer openapi definitions (aad7e20)
• use the current working directory in the podman -v arg. (ddfdc85)
• add lifetime to avoid a storage impl clone (0822a73)
• a couple of openapi fields reverted to not being required. (2858271)
• PurlService - purl_by_purl bug (a5e07a2)
• refactor sbom dto objects to better represent data model (b551051)
• delete operations were missing from api docs. (bdd3b38)
• generate config schema and ensure they are up-to-date (6ff7e9b)
• use load_one pattern to load all organizations for mulitple products
  (537c640)
• use load_many pattern to efficiently load versions for multiple products
  (020ad82)
• make storage CLI options mutually exclusive (e03fda1), closes #631
• remove usage of FileSource and document how to use csaf walker to ingest
  local files (398ebf5)
• sbom_node FK constraints (37d396f)
• issue with duplicate packages (399645a)
• only force devmode if the embedded OIDC is requested (4bc17f3)
• add the deleteSbom api operationId. (ca3a047)
• define the schema type of the if-match headers. (c198f04), closes #580
• Add openapi operation ids (738d10b), closes #580
• increase recursion limit (3130c74)
• strum build error (4608dff)
• remove "ui" feature (7f12f71), closes #559
• remove non-normative data from advisory vulnerability (1a2714a), closes
  #543
• auto-create vulnerabilities using upsert (e516b42)
• swagger-ui for product details (b42ed10), closes #545
• swagger-ui docs for organization (c787eb3), closes #544
• ensure that descriptions are not growing with every insert (f7c4f06)
• also check for vuln-id to create all entries (0dc4583)
• apply the CPE fix also for the language (dc7c328)
• prevent the creation of duplicate CPEs (130e41f)
• use the "last_success" time for the next "since" (2456d9e)
• only add the package manager category as a name for that package (1b39eaa)
• used for both advisories and SBOMs (1d536b7)
• retrying later on change means, accepting it now (e3e9c15)
• catch cases of invalid SPDX references and report them as such (094ef8b)
• bump pg-embed to avoid github rate-limiting during tests (7e62347)
• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.17

Changelog

v0.1.0-alpha.17 (2024-09-19)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the historyto use UUID instead of i32 from the start.

Features

• support compressed upload (14c356c)
• allow importing complete datasets (9722fdc)
• sort importers by enabledness (7c65d51)
• implement patch for updating importer configurations (ac104b4)
• allow disabling the GraphQL endpoint, and do so by default (ea6e6ed)
• add depth to GitWalker for faster clones by limiting history (8da2fe5)
• speed up initial clones of git repos (31cc15f)
• add progress support, backed by the database (bf0a017)
• add MEM_LIMIT_MB env var to configure threshold for tests (35d1cdd)
• replace SyncAdapter with SyncIoBridge to reduce RAM usage (684154d)
• add basic progress support, first just via tracing (4d6d366)
• refactor temp file creation to reduce S3 usage (f9727a2)
• allow creating the embedded database in a different directory (b6766cb)
• improve product details to return basic sbom data (6d3a777)
• allow configuring fetch retries (d1b3ce6)
• allow setting a size limit when importing SBOMs (83dcde7)
• allow using a dedicated working dir for dumps (9cc1302)
• Add maven version comparison SQL function. (7efd883)
• add an xtask for generating a pre-loaded DB dump (59889af)
• S3 storage backend (978a2be), closes #621
• add PurlService method that can gc dead purls. (11b0ede)
• Add api to delete Vulnerabilities. (ad0f2fb), closes #563
• Add api to delete Advisories. (220863f), closes #563
• add the ability to specify a branch for importing OSV (c31462c)
• Add api to delete products (807dcb5), closes #563
• Add api to delete sboms (2e6b810), closes #563
• add rapidoc support (c5df2c5)
• add trustd subcommand to export openapi spec (0ffc786)
• new convention for organizing integration tests (f653c02)
• add import warnings to the report (b59a19b)
• use v5 uuid upsert for CPEs (1fd7470)
• add cpe creator (7c5ee80)
• ingest products from sboms (d5ec88c)
• add more data to the products API (0983ac3)
• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• prevent uploading compressed files which might exhaust the memory (9145a6e)
• ensure UUIDs are stable, and we have a stable insertion order (12ef030)
• use stable order for CPEs to prevent deadlocks on the DB (08eb107)
• store documents when ingesting a dataset (600dd36)
• allow ingesting YAML based OSV (54da44c)
• able to run pm-mode in container (bc57113)
• restore hard-coded base paths in CVE/ClearlyDefined walkers (f3a9fe9)
• restore hashes in SBOM fetch api (df89982), closes #733
• disable format detection for importers (26eda5d), closes #715
• fix performance regression, speeds things up ~10x (3af6cdf)
• prevent dumping the full CSAF document into the tracing context (f66ef06)
• importer openapi definitions (aad7e20)
• use the current working directory in the podman -v arg. (ddfdc85)
• add lifetime to avoid a storage impl clone (0822a73)
• a couple of openapi fields reverted to not being required. (2858271)
• PurlService - purl_by_purl bug (a5e07a2)
• refactor sbom dto objects to better represent data model (b551051)
• delete operations were missing from api docs. (bdd3b38)
• generate config schema and ensure they are up-to-date (6ff7e9b)
• use load_one pattern to load all organizations for mulitple products
  (537c640)
• use load_many pattern to efficiently load versions for multiple products
  (020ad82)
• make storage CLI options mutually exclusive (e03fda1), closes #631
• remove usage of FileSource and document how to use csaf walker to ingest
  local files (398ebf5)
• sbom_node FK constraints (37d396f)
• issue with duplicate packages (399645a)
• only force devmode if the embedded OIDC is requested (4bc17f3)
• add the deleteSbom api operationId. (ca3a047)
• define the schema type of the if-match headers. (c198f04), closes #580
• Add openapi operation ids (738d10b), closes #580
• increase recursion limit (3130c74)
• strum build error (4608dff)
• remove "ui" feature (7f12f71), closes #559
• remove non-normative data from advisory vulnerability (1a2714a), closes
  #543
• auto-create vulnerabilities using upsert (e516b42)
• swagger-ui for product details (b42ed10), closes #545
• swagger-ui docs for organization (c787eb3), closes #544
• ensure that descriptions are not growing with every insert (f7c4f06)
• also check for vuln-id to create all entries (0dc4583)
• apply the CPE fix also for the language (dc7c328)
• prevent the creation of duplicate CPEs (130e41f)
• use the "last_success" time for the next "since" (2456d9e)
• only add the package manager category as a name for that package (1b39eaa)
• used for both advisories and SBOMs (1d536b7)
• retrying later on change means, accepting it now (e3e9c15)
• catch cases of invalid SPDX references and report them as such (094ef8b)
• bump pg-embed to avoid github rate-limiting during tests (7e62347)
• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.16

Changelog

v0.1.0-alpha.16 (2024-09-13)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the historyto use UUID instead of i32 from the start.

Features

• allow importing complete datasets (9722fdc)
• sort importers by enabledness (7c65d51)
• implement patch for updating importer configurations (ac104b4)
• allow disabling the GraphQL endpoint, and do so by default (ea6e6ed)
• add depth to GitWalker for faster clones by limiting history (8da2fe5)
• speed up initial clones of git repos (31cc15f)
• add progress support, backed by the database (bf0a017)
• add MEM_LIMIT_MB env var to configure threshold for tests (35d1cdd)
• replace SyncAdapter with SyncIoBridge to reduce RAM usage (684154d)
• add basic progress support, first just via tracing (4d6d366)
• refactor temp file creation to reduce S3 usage (f9727a2)
• allow creating the embedded database in a different directory (b6766cb)
• improve product details to return basic sbom data (6d3a777)
• allow configuring fetch retries (d1b3ce6)
• allow setting a size limit when importing SBOMs (83dcde7)
• allow using a dedicated working dir for dumps (9cc1302)
• Add maven version comparison SQL function. (7efd883)
• add an xtask for generating a pre-loaded DB dump (59889af)
• S3 storage backend (978a2be), closes #621
• add PurlService method that can gc dead purls. (11b0ede)
• Add api to delete Vulnerabilities. (ad0f2fb), closes #563
• Add api to delete Advisories. (220863f), closes #563
• add the ability to specify a branch for importing OSV (c31462c)
• Add api to delete products (807dcb5), closes #563
• Add api to delete sboms (2e6b810), closes #563
• add rapidoc support (c5df2c5)
• add trustd subcommand to export openapi spec (0ffc786)
• new convention for organizing integration tests (f653c02)
• add import warnings to the report (b59a19b)
• use v5 uuid upsert for CPEs (1fd7470)
• add cpe creator (7c5ee80)
• ingest products from sboms (d5ec88c)
• add more data to the products API (0983ac3)
• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• allow ingesting YAML based OSV (54da44c)
• able to run pm-mode in container (bc57113)
• restore hard-coded base paths in CVE/ClearlyDefined walkers (f3a9fe9)
• restore hashes in SBOM fetch api (df89982), closes #733
• disable format detection for importers (26eda5d), closes #715
• fix performance regression, speeds things up ~10x (3af6cdf)
• prevent dumping the full CSAF document into the tracing context (f66ef06)
• importer openapi definitions (aad7e20)
• use the current working directory in the podman -v arg. (ddfdc85)
• add lifetime to avoid a storage impl clone (0822a73)
• a couple of openapi fields reverted to not being required. (2858271)
• PurlService - purl_by_purl bug (a5e07a2)
• refactor sbom dto objects to better represent data model (b551051)
• delete operations were missing from api docs. (bdd3b38)
• generate config schema and ensure they are up-to-date (6ff7e9b)
• use load_one pattern to load all organizations for mulitple products
  (537c640)
• use load_many pattern to efficiently load versions for multiple products
  (020ad82)
• make storage CLI options mutually exclusive (e03fda1), closes #631
• remove usage of FileSource and document how to use csaf walker to ingest
  local files (398ebf5)
• sbom_node FK constraints (37d396f)
• issue with duplicate packages (399645a)
• only force devmode if the embedded OIDC is requested (4bc17f3)
• add the deleteSbom api operationId. (ca3a047)
• define the schema type of the if-match headers. (c198f04), closes #580
• Add openapi operation ids (738d10b), closes #580
• increase recursion limit (3130c74)
• strum build error (4608dff)
• remove "ui" feature (7f12f71), closes #559
• remove non-normative data from advisory vulnerability (1a2714a), closes
  #543
• auto-create vulnerabilities using upsert (e516b42)
• swagger-ui for product details (b42ed10), closes #545
• swagger-ui docs for organization (c787eb3), closes #544
• ensure that descriptions are not growing with every insert (f7c4f06)
• also check for vuln-id to create all entries (0dc4583)
• apply the CPE fix also for the language (dc7c328)
• prevent the creation of duplicate CPEs (130e41f)
• use the "last_success" time for the next "since" (2456d9e)
• only add the package manager category as a name for that package (1b39eaa)
• used for both advisories and SBOMs (1d536b7)
• retrying later on change means, accepting it now (e3e9c15)
• catch cases of invalid SPDX references and report them as such (094ef8b)
• bump pg-embed to avoid github rate-limiting during tests (7e62347)
• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.15

Changelog

v0.1.0-alpha.15 (2024-09-05)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the historyto use UUID instead of i32 from the start.

Features

• sort importers by enabledness (7c65d51)
• implement patch for updating importer configurations (ac104b4)
• allow disabling the GraphQL endpoint, and do so by default (ea6e6ed)
• add depth to GitWalker for faster clones by limiting history (8da2fe5)
• speed up initial clones of git repos (31cc15f)
• add progress support, backed by the database (bf0a017)
• add MEM_LIMIT_MB env var to configure threshold for tests (35d1cdd)
• replace SyncAdapter with SyncIoBridge to reduce RAM usage (684154d)
• add basic progress support, first just via tracing (4d6d366)
• refactor temp file creation to reduce S3 usage (f9727a2)
• allow creating the embedded database in a different directory (b6766cb)
• improve product details to return basic sbom data (6d3a777)
• allow configuring fetch retries (d1b3ce6)
• allow setting a size limit when importing SBOMs (83dcde7)
• allow using a dedicated working dir for dumps (9cc1302)
• Add maven version comparison SQL function. (7efd883)
• add an xtask for generating a pre-loaded DB dump (59889af)
• S3 storage backend (978a2be), closes #621
• add PurlService method that can gc dead purls. (11b0ede)
• Add api to delete Vulnerabilities. (ad0f2fb), closes #563
• Add api to delete Advisories. (220863f), closes #563
• add the ability to specify a branch for importing OSV (c31462c)
• Add api to delete products (807dcb5), closes #563
• Add api to delete sboms (2e6b810), closes #563
• add rapidoc support (c5df2c5)
• add trustd subcommand to export openapi spec (0ffc786)
• new convention for organizing integration tests (f653c02)
• add import warnings to the report (b59a19b)
• use v5 uuid upsert for CPEs (1fd7470)
• add cpe creator (7c5ee80)
• ingest products from sboms (d5ec88c)
• add more data to the products API (0983ac3)
• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• restore hard-coded base paths in CVE/ClearlyDefined walkers (f3a9fe9)
• restore hashes in SBOM fetch api (df89982), closes #733
• disable format detection for importers (26eda5d), closes #715
• fix performance regression, speeds things up ~10x (3af6cdf)
• prevent dumping the full CSAF document into the tracing context (f66ef06)
• importer openapi definitions (aad7e20)
• use the current working directory in the podman -v arg. (ddfdc85)
• add lifetime to avoid a storage impl clone (0822a73)
• a couple of openapi fields reverted to not being required. (2858271)
• PurlService - purl_by_purl bug (a5e07a2)
• refactor sbom dto objects to better represent data model (b551051)
• delete operations were missing from api docs. (bdd3b38)
• generate config schema and ensure they are up-to-date (6ff7e9b)
• use load_one pattern to load all organizations for mulitple products
  (537c640)
• use load_many pattern to efficiently load versions for multiple products
  (020ad82)
• make storage CLI options mutually exclusive (e03fda1), closes #631
• remove usage of FileSource and document how to use csaf walker to ingest
  local files (398ebf5)
• sbom_node FK constraints (37d396f)
• issue with duplicate packages (399645a)
• only force devmode if the embedded OIDC is requested (4bc17f3)
• add the deleteSbom api operationId. (ca3a047)
• define the schema type of the if-match headers. (c198f04), closes #580
• Add openapi operation ids (738d10b), closes #580
• increase recursion limit (3130c74)
• strum build error (4608dff)
• remove "ui" feature (7f12f71), closes #559
• remove non-normative data from advisory vulnerability (1a2714a), closes
  #543
• auto-create vulnerabilities using upsert (e516b42)
• swagger-ui for product details (b42ed10), closes #545
• swagger-ui docs for organization (c787eb3), closes #544
• ensure that descriptions are not growing with every insert (f7c4f06)
• also check for vuln-id to create all entries (0dc4583)
• apply the CPE fix also for the language (dc7c328)
• prevent the creation of duplicate CPEs (130e41f)
• use the "last_success" time for the next "since" (2456d9e)
• only add the package manager category as a name for that package (1b39eaa)
• used for both advisories and SBOMs (1d536b7)
• retrying later on change means, accepting it now (e3e9c15)
• catch cases of invalid SPDX references and report them as such (094ef8b)
• bump pg-embed to avoid github rate-limiting during tests (7e62347)
• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.14

Changelog

v0.1.0-alpha.14 (2024-08-29)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the historyto use UUID instead of i32 from the start.

Features

• speed up initial clones of git repos (31cc15f)
• add progress support, backed by the database (bf0a017)
• add MEM_LIMIT_MB env var to configure threshold for tests (35d1cdd)
• replace SyncAdapter with SyncIoBridge to reduce RAM usage (684154d)
• add basic progress support, first just via tracing (4d6d366)
• refactor temp file creation to reduce S3 usage (f9727a2)
• allow creating the embedded database in a different directory (b6766cb)
• improve product details to return basic sbom data (6d3a777)
• allow configuring fetch retries (d1b3ce6)
• allow setting a size limit when importing SBOMs (83dcde7)
• allow using a dedicated working dir for dumps (9cc1302)
• Add maven version comparison SQL function. (7efd883)
• add an xtask for generating a pre-loaded DB dump (59889af)
• S3 storage backend (978a2be), closes #621
• add PurlService method that can gc dead purls. (11b0ede)
• Add api to delete Vulnerabilities. (ad0f2fb), closes #563
• Add api to delete Advisories. (220863f), closes #563
• add the ability to specify a branch for importing OSV (c31462c)
• Add api to delete products (807dcb5), closes #563
• Add api to delete sboms (2e6b810), closes #563
• add rapidoc support (c5df2c5)
• add trustd subcommand to export openapi spec (0ffc786)
• new convention for organizing integration tests (f653c02)
• add import warnings to the report (b59a19b)
• use v5 uuid upsert for CPEs (1fd7470)
• add cpe creator (7c5ee80)
• ingest products from sboms (d5ec88c)
• add more data to the products API (0983ac3)
• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• disable format detection for importers (26eda5d), closes #715
• fix performance regression, speeds things up ~10x (3af6cdf)
• prevent dumping the full CSAF document into the tracing context (f66ef06)
• importer openapi definitions (aad7e20)
• use the current working directory in the podman -v arg. (ddfdc85)
• add lifetime to avoid a storage impl clone (0822a73)
• a couple of openapi fields reverted to not being required. (2858271)
• PurlService - purl_by_purl bug (a5e07a2)
• refactor sbom dto objects to better represent data model (b551051)
• delete operations were missing from api docs. (bdd3b38)
• generate config schema and ensure they are up-to-date (6ff7e9b)
• use load_one pattern to load all organizations for mulitple products
  (537c640)
• use load_many pattern to efficiently load versions for multiple products
  (020ad82)
• make storage CLI options mutually exclusive (e03fda1), closes #631
• remove usage of FileSource and document how to use csaf walker to ingest
  local files (398ebf5)
• sbom_node FK constraints (37d396f)
• issue with duplicate packages (399645a)
• only force devmode if the embedded OIDC is requested (4bc17f3)
• add the deleteSbom api operationId. (ca3a047)
• define the schema type of the if-match headers. (c198f04), closes #580
• Add openapi operation ids (738d10b), closes #580
• increase recursion limit (3130c74)
• strum build error (4608dff)
• remove "ui" feature (7f12f71), closes #559
• remove non-normative data from advisory vulnerability (1a2714a), closes
  #543
• auto-create vulnerabilities using upsert (e516b42)
• swagger-ui for product details (b42ed10), closes #545
• swagger-ui docs for organization (c787eb3), closes #544
• ensure that descriptions are not growing with every insert (f7c4f06)
• also check for vuln-id to create all entries (0dc4583)
• apply the CPE fix also for the language (dc7c328)
• prevent the creation of duplicate CPEs (130e41f)
• use the "last_success" time for the next "since" (2456d9e)
• only add the package manager category as a name for that package (1b39eaa)
• used for both advisories and SBOMs (1d536b7)
• retrying later on change means, accepting it now (e3e9c15)
• catch cases of invalid SPDX references and report them as such (094ef8b)
• bump pg-embed to avoid github rate-limiting during tests (7e62347)
• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.13

Changelog

v0.1.0-alpha.13 (2024-08-08)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the historyto use UUID instead of i32 from the start.

Features

• allow configuring fetch retries (d1b3ce6)
• allow setting a size limit when importing SBOMs (83dcde7)
• allow using a dedicated working dir for dumps (9cc1302)
• Add maven version comparison SQL function. (7efd883)
• add an xtask for generating a pre-loaded DB dump (59889af)
• S3 storage backend (978a2be), closes #621
• add PurlService method that can gc dead purls. (11b0ede)
• Add api to delete Vulnerabilities. (ad0f2fb), closes #563
• Add api to delete Advisories. (220863f), closes #563
• add the ability to specify a branch for importing OSV (c31462c)
• Add api to delete products (807dcb5), closes #563
• Add api to delete sboms (2e6b810), closes #563
• add rapidoc support (c5df2c5)
• add trustd subcommand to export openapi spec (0ffc786)
• new convention for organizing integration tests (f653c02)
• add import warnings to the report (b59a19b)
• use v5 uuid upsert for CPEs (1fd7470)
• add cpe creator (7c5ee80)
• ingest products from sboms (d5ec88c)
• add more data to the products API (0983ac3)
• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• delete operations were missing from api docs. (bdd3b38)
• generate config schema and ensure they are up-to-date (6ff7e9b)
• use load_one pattern to load all organizations for mulitple products
  (537c640)
• use load_many pattern to efficiently load versions for multiple products
  (020ad82)
• make storage CLI options mutually exclusive (e03fda1), closes #631
• remove usage of FileSource and document how to use csaf walker to ingest
  local files (398ebf5)
• sbom_node FK constraints (37d396f)
• issue with duplicate packages (399645a)
• only force devmode if the embedded OIDC is requested (4bc17f3)
• add the deleteSbom api operationId. (ca3a047)
• define the schema type of the if-match headers. (c198f04), closes #580
• Add openapi operation ids (738d10b), closes #580
• increase recursion limit (3130c74)
• strum build error (4608dff)
• remove "ui" feature (7f12f71), closes #559
• remove non-normative data from advisory vulnerability (1a2714a), closes
  #543
• auto-create vulnerabilities using upsert (e516b42)
• swagger-ui for product details (b42ed10), closes #545
• swagger-ui docs for organization (c787eb3), closes #544
• ensure that descriptions are not growing with every insert (f7c4f06)
• also check for vuln-id to create all entries (0dc4583)
• apply the CPE fix also for the language (dc7c328)
• prevent the creation of duplicate CPEs (130e41f)
• use the "last_success" time for the next "since" (2456d9e)
• only add the package manager category as a name for that package (1b39eaa)
• used for both advisories and SBOMs (1d536b7)
• retrying later on change means, accepting it now (e3e9c15)
• catch cases of invalid SPDX references and report them as such (094ef8b)
• bump pg-embed to avoid github rate-limiting during tests (7e62347)
• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.12

Changelog

v0.1.0-alpha.12 (2024-07-23)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the historyto use UUID instead of i32 from the start.

Features

• Add api to delete sboms (2e6b810), closes #563
• add rapidoc support (c5df2c5)
• add trustd subcommand to export openapi spec (0ffc786)
• new convention for organizing integration tests (f653c02)
• add import warnings to the report (b59a19b)
• use v5 uuid upsert for CPEs (1fd7470)
• add cpe creator (7c5ee80)
• ingest products from sboms (d5ec88c)
• add more data to the products API (0983ac3)
• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• add the deleteSbom api operationId. (ca3a047)
• define the schema type of the if-match headers. (c198f04), closes #580
• Add openapi operation ids (738d10b), closes #580
• increase recursion limit (3130c74)
• strum build error (4608dff)
• remove "ui" feature (7f12f71), closes #559
• remove non-normative data from advisory vulnerability (1a2714a), closes
  #543
• auto-create vulnerabilities using upsert (e516b42)
• swagger-ui for product details (b42ed10), closes #545
• swagger-ui docs for organization (c787eb3), closes #544
• ensure that descriptions are not growing with every insert (f7c4f06)
• also check for vuln-id to create all entries (0dc4583)
• apply the CPE fix also for the language (dc7c328)
• prevent the creation of duplicate CPEs (130e41f)
• use the "last_success" time for the next "since" (2456d9e)
• only add the package manager category as a name for that package (1b39eaa)
• used for both advisories and SBOMs (1d536b7)
• retrying later on change means, accepting it now (e3e9c15)
• catch cases of invalid SPDX references and report them as such (094ef8b)
• bump pg-embed to avoid github rate-limiting during tests (7e62347)
• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.11

Changelog

v0.1.0-alpha.11 (2024-07-12)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the historyto use UUID instead of i32 from the start.

Features

• add import warnings to the report (b59a19b)
• use v5 uuid upsert for CPEs (1fd7470)
• add cpe creator (7c5ee80)
• ingest products from sboms (d5ec88c)
• add more data to the products API (0983ac3)
• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• ensure that descriptions are not growing with every insert (f7c4f06)
• also check for vuln-id to create all entries (0dc4583)
• apply the CPE fix also for the language (dc7c328)
• prevent the creation of duplicate CPEs (130e41f)
• use the "last_success" time for the next "since" (2456d9e)
• only add the package manager category as a name for that package (1b39eaa)
• used for both advisories and SBOMs (1d536b7)
• retrying later on change means, accepting it now (e3e9c15)
• catch cases of invalid SPDX references and report them as such (094ef8b)
• bump pg-embed to avoid github rate-limiting during tests (7e62347)
• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.10

Changelog

v0.1.0-alpha.10 (2024-07-04)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the history to use UUID instead of i32 from the start.

Features

• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.9

Changelog

v0.1.0-alpha.9 (2024-06-27)

Features

• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278