v0.10.1

• Improve ENT query performance via Index
• Add ClearlyDefined to e2e test
• Fix bug for license scan on ingest

Contributors

• @robert-cronin
• @pxp928

What's Changed

• 7ee10f0 Add ClearlyDefined to e2e test (#2168)
• fa21e35 Bump anchore/sbom-action from 0.17.2 to 0.17.3 (#2199)
• 55f1c26 Bump aquasecurity/trivy-action from 0.25.0 to 0.27.0 (#2198)
• f45eb33 Bump github/codeql-action from 3.26.12 to 3.26.13 (#2197)
• cff089f update batch size on clearly defined and fix bug that when ingesting licenses (#2200)
• ac93fb2 update query to ensure index is hit for certifyLegal, occurence and hasSBOM (#2201)

v0.10.0

• Fix issues with certifier querying running into postgres parameter limit
• Fix: missing null check in certifyLegal blobstore backend
• Fix ite6 vuln attestation to use the right predicatetype
• Fix Flaky E2e Test

Contributors

• @robert-cronin
• @lumjjb
• @nathannaveen
• @pxp928

What's Changed

• 9cfc2b7 Fix Flaky E2e Test (#2189)
• 0efa268 Fix: missing null check in certifyLegal blobstore backend (#2193)
• c639eca fix issues with certifier querying running into postgres parameter limit (#2184)
• 6940fb0 fix ite6 vuln attestation to use the right predicatetype (#2191)

v0.9.1

• improve ENT query performance on Subject ID queries
• Fix broken link for ClearlyDefined in docs
• Updates to various dependencies

Contributors

• @robert-cronin
• @pxp928

What's Changed

• 6138ef1 Bump actions/cache from 4.0.2 to 4.1.0 (#2178)
• beab14d Bump aquasecurity/trivy-action from 0.24.0 to 0.25.0 (#2175)
• e2cac69 Bump github.com/aws/aws-sdk-go-v2 from 1.31.0 to 1.32.1 (#2179)
• b17182e Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.34.3 to 1.36.1 (#2169)
• 4db142d Bump github.com/nats-io/nats.go from 1.36.0 to 1.37.0 (#2172)
• 2bdf32f Bump github.com/redis/go-redis/v9 from 9.5.3 to 9.6.1 (#2170)
• 51ee212 Bump github.com/sigstore/sigstore from 1.8.8 to 1.8.9 (#2173)
• 2494810 Bump github/codeql-action from 3.26.10 to 3.26.12 (#2174)
• 4777e50 Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#2177)
• e231b30 Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#2171)
• 9194ab1 Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#2176)
• 86b56d8 Fix CD discovered license link in gql generated docs (#2183)
• 1d339f6 [ENT] add direct subject queries for verbs (#2181)

v0.9.0

• improve certifier with last-scan to allow for more efficient scanning of packages
• fix bug on license ingestion

Contributors

• @pxp928
• @mrizzi

What's Changed

• e5b1595 LicenseInputSpec: do not add 'ListVersion' with 'Inline' (#2166)
• 6d47f0c add comment on certifier when last-scan is set or not set (#2167)
• f13bed1 update certifier with specific package queries to keep state (#2163)

v0.8.9

• improve on ingestion license check
• Fix vuln CLI to allow for query via artifact/purl/uri
• Various bug fixes and improvements in parser related to licenses

Contributors

• @pxp928
• @nathannaveen
• @mrizzi
• @jeffmendoza

What's Changed

• 92d19d5 Bump github.com/arangodb/go-driver from 1.6.2 to 1.6.4 (#2160)
• e714df0 Bump github.com/aws/aws-sdk-go-v2/config from 1.27.31 to 1.27.39 (#2161)
• 553c3ad Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.63.3 (#2159)
• 56f7dbb Bump github.com/fsouza/fake-gcs-server from 1.49.3 to 1.50.0 (#2162)
• dc08264 Bump github/codeql-action from 3.26.8 to 3.26.10 (#2157)
• f5c75b7 Bump google.golang.org/api from 0.198.0 to 0.199.0 (#2158)
• 8cbb091 CycloneDX SBOM: support nested components (#2156)
• e39fb22 Search for Vulns via Artifact (#2153)
• 7f3e889 if LicenseRef is specified without an inline do not create a license node (#2164)
• 6ea218b improve on ingestion license check (#2152)

v0.8.8

• fix error handling on certifier and fix issue #2150

What's Changed

• 5ba890d fix error handling on certifier to fail on network error when graphQL server is not up but keep running when a service issue is encountered (#2151)

v0.8.7

• Various bug fixes, additional logs and improvements

What's Changed

• dd1e897 Bump github/codeql-action from 3.26.7 to 3.26.8 (#2143)
• a5463f9 Bump google.golang.org/api from 0.192.0 to 0.198.0 (#2144)
• 0e9506b add logs to determine when certifier starts and ends (#2149)
• a0e6631 bump github.com/99designs/gqlgen from 0.17.49 to 0.17.54 (#2148)
• 3284ed3 bump github.com/aws/aws-sdk-go-v2 from 1.30.5 to 1.31.0 (#2146)
• 28515aa bump github.com/google/osv-scanner from 1.8.4 to 1.8.5 (#2145)
• 821e685 bump github.com/nats-io/nats-server/v2 from 2.10.18 to 2.10.20 (#2147)
• ce75d1f fix bugs that causes panic on query vuln on sbom uri search (#2140)

v0.8.6

• bug fixes

What's Changed

• 9dbf407 drop discovered_license from required index as it is covered by the discovered_license_hash (#2139)

Also includes all the changes from v0.8.5

• Searching for hasSBOMs via Artifacts in Vuln cli
• CDX parser captures version as an artifact for images
• ClearlyDefined certifier to the postgres/demo compose file
• Various bug fixes and improvements

v0.8.5

• Searching for hasSBOMs via Artifacts in Vuln cli
• CDX parser captures version as an artifact for images
• ClearlyDefined certifier to the postgres/demo compose file
• Various bug fixes and improvements

Contributors

• @pxp928
• @nathannaveen
• @funnelfiasco

What's Changed

• c22cf02 Add the ClearlyDefined certifier to the demo compose file (#2129)
• d4abef2 Also add the ClearlyDefined certifier to the postgres compose file (#2130)
• de3897f Bump actions/create-github-app-token from 1.10.4 to 1.11.0 (#2132)
• 2752e40 Bump github/codeql-action from 3.26.6 to 3.26.7 (#2131)
• 477b1d7 CDX parser captures version as an artifact for images (#2126)
• 430b768 Fix guacEmpty being added into the ENT DB causing errors (#2136)
• c7501e8 Searching for hasSBOMs via Artifacts in Vuln cli (#1965)
• 8c9cc5b Update CD certifier to ignore LicenseRef licenses (#2134)
• f5e60a9 create isoccur for top level package when artifact is found (#2137)

v0.8.4

• Fix SPDX SBOM ingestion with multiple purls in externalRefs array
• Add connection timeout for ENT
• Retry on network error for certifiers
• Fix Deps.dev rate limiting
• Various bug fixes and improvements

Contributors

• @pxp928
• @mrizzi
• @nathannaveen

What's Changed

• 9c7f881 [Fix] GRPC rate limit and add exponential backoff for CD (#2125)

Also includes (from v0.8.3):

• e6f20c3 Bump actions/create-github-app-token from 1.10.3 to 1.10.4 (#2116)
• 61da705 Bump actions/setup-python from 5.1.1 to 5.2.0 (#2106)
• 9768dc0 Bump docker/login-action from 2 to 3 (#2107)
• db47d0a Bump getkin/kin-openapi from v0.123.0 to v0.127.0 (#2112)
• 0c72777 Bump github.com/aws/aws-sdk-go-v2 from 1.30.4 to 1.30.5 (#2121)
• ad1f0c2 Bump github.com/aws/aws-sdk-go-v2/config from 1.27.28 to 1.27.31 (#2102)
• 7004fc4 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.59.0 to 1.61.2 (#2119)
• a37fef2 Bump github.com/fsouza/fake-gcs-server from 1.49.2 to 1.49.3 (#2104)
• 7d1e437 Bump github/codeql-action from 3.26.5 to 3.26.6 (#2105)
• fcda7d9 Bump gocloud.dev from 0.38.0 to 0.39.0 (#2118)
• 04f8655 Bump gocloud.dev/pubsub/rabbitpubsub from 0.38.0 to 0.39.0 (#2120)
• 8b7b9e2 Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#2103)
• 8fd7914 Bump google.golang.org/grpc from 1.66.0 to 1.66.1 (#2117)
• 5e29c5d Bumping cdevents/sdk-go from 0.3.2 to 0.4.1 (#2108)
• c9c6acc Fix SPDX SBOM ingestion with multiple purls in externalRefs array (#2101)
• 4c0b9a8 Include documentRef in hasSBOM client operations (#2111)
• 2508663 add connection timeout for ENT (#2115)
• 2f63622 change atlas migration to take into account ent auto migration index names (#2114)
• 2b018e2 retry on network error for certifiers (#2122)