Skip to content

0.1.0-alpha.9

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 27 Jun 10:44
· 438 commits to main since this release
v0.1.0-alpha.9
d49c4c9

Changelog

v0.1.0-alpha.9 (2024-06-27)

Features

  • extract organization name from CVE (1065ab3)
  • add CWE for vulnerabilities (181719d)
  • implements labels using jsonb (d6b4302)
  • initial product endpoints (6112344)
  • add filtering/query to "find by sbom package" (93e3eaa), closes #438
  • search SBOMs by PURL or package id (a4ce8ec), closes #413
  • add version to sbom package (20eefb2), closes #284
  • support IS [NOT] NULL in queries (5b658cb)
  • add ability to translate queries (8c6f062)
  • more efficient detection of advisory formats (d669658), closes #257
  • Initial implementation of products (2573b01)
  • add an entry for all CSAF data (bc9e6a5)
  • update cyclonedx for support of 1.5 (9817ffa)
  • allow configuring the OIDC UI settings (f2ad362)
  • implement CVE import (f6d2cde)
  • implement OSV ingestion (0bc8a20)

Fixes

  • the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
    #434
  • allow ingesting spdx SBOMs with files (1f2145e)
  • relationship direction for "documentDescribes" (058ee24)
  • link with specific node, not any node of the SBOM (8d87482)
  • appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
  • honor transaction for requests (97510e7)
  • return only the sbom_node, not all nodes belonging to the sbom (6349e91),
    closes #414
  • provide the package describing the sbom with the summary (ea8af78)
  • enable sorting advisories by average_severity (8de5be2), closes #383
  • move graphql under /graphql only (f07f5fa)
  • count items being processed for osv and cve (a1f8d21)
  • Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
  • the the id issue for SBOMs too (a52b6f4)
  • translate the id into a hash before fetching from the storage (12c0d71)
  • use newer container to fix/workaround segfault in libgit2 (16deb09)
  • accept either domain or full URL (d601573)
  • register types, remove infinite reference (724a788)
  • reset all jobs when starting up (88ec8da), closes #355
  • use correct env-vars for storage settings (a93be47)
  • update cve to fix some parsing errors (d46683a)
  • directly pass sha256 digest, parsing it misses the perfix (feba99a)
  • client ids need to split by comma when coming from the env-var (08c1402)
  • update embedded oidc to support refresh tokens (f01dcc5)
  • push multi-arch image (d90dae0)
  • allow swaggerui to redirect (1bb1ca1)
  • ingest scores when loading CSAF docs (4719406), closes #278
Assets 16
Loading