Skip to content

0.1.0-alpha.10

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 04 Jul 08:32
· 397 commits to main since this release
v0.1.0-alpha.10
36ea1b0

Changelog

v0.1.0-alpha.10 (2024-07-04)

⚠ BREAKING-CHANGE

  • Breaks the migrations as this PR rewrites the history to use UUID instead of i32 from the start.

Features

  • allow canceling import runs (7c53e9e)
  • add sha384 and sha512 to the SBOM and advisory (bf67cdc)
  • add GIN index for labels (3319040)
  • add more labels to imported documents, allow user defined labels (87b6a6e)
  • return description as well (63a0edd)
  • allow setting labels during upload (34d2c06)
  • return labels when fetching sboms or advisories (dd54b9f)
  • implement setting labels for SBOMs (cf59c85)
  • implement setting labels for advisories (22741d5)
  • enable backslash to escape operators in filter expressions (5e66c77), closes
    #434
  • extract organization name from CVE (1065ab3)
  • add CWE for vulnerabilities (181719d)
  • implements labels using jsonb (d6b4302)
  • initial product endpoints (6112344)
  • add filtering/query to "find by sbom package" (93e3eaa), closes #438
  • search SBOMs by PURL or package id (a4ce8ec), closes #413
  • add version to sbom package (20eefb2), closes #284
  • support IS [NOT] NULL in queries (5b658cb)
  • add ability to translate queries (8c6f062)
  • more efficient detection of advisory formats (d669658), closes #257
  • Initial implementation of products (2573b01)
  • add an entry for all CSAF data (bc9e6a5)
  • update cyclonedx for support of 1.5 (9817ffa)
  • allow configuring the OIDC UI settings (f2ad362)
  • implement CVE import (f6d2cde)
  • implement OSV ingestion (0bc8a20)

Fixes

  • clean up a few openapi issues around labels (94a47eb)
  • this file actually belongs to migration 230 (29a52a0)
  • the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
    #434
  • allow ingesting spdx SBOMs with files (1f2145e)
  • relationship direction for "documentDescribes" (058ee24)
  • link with specific node, not any node of the SBOM (8d87482)
  • appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
  • honor transaction for requests (97510e7)
  • return only the sbom_node, not all nodes belonging to the sbom (6349e91),
    closes #414
  • provide the package describing the sbom with the summary (ea8af78)
  • enable sorting advisories by average_severity (8de5be2), closes #383
  • move graphql under /graphql only (f07f5fa)
  • count items being processed for osv and cve (a1f8d21)
  • Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
  • the the id issue for SBOMs too (a52b6f4)
  • translate the id into a hash before fetching from the storage (12c0d71)
  • use newer container to fix/workaround segfault in libgit2 (16deb09)
  • accept either domain or full URL (d601573)
  • register types, remove infinite reference (724a788)
  • reset all jobs when starting up (88ec8da), closes #355
  • use correct env-vars for storage settings (a93be47)
  • update cve to fix some parsing errors (d46683a)
  • directly pass sha256 digest, parsing it misses the perfix (feba99a)
  • client ids need to split by comma when coming from the env-var (08c1402)
  • update embedded oidc to support refresh tokens (f01dcc5)
  • push multi-arch image (d90dae0)
  • allow swaggerui to redirect (1bb1ca1)
  • ingest scores when loading CSAF docs (4719406), closes #278
Assets 16
Loading