Skip to content

v0.4.0

Latest
Latest

Choose a tag to compare

View all tags
@andrew andrew released this 28 Jun 21:19
· 9 commits to main since this release
v0.4.0
ddd691e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
  • Suppress vulnerabilities that a formula's patches declare as resolved (via patches[].resolves in brew info --json=v2, Homebrew 6.0.4+); list them separately in text/JSON output, exclude them from SARIF output, and exclude them from the exit code
  • CycloneDX output: emit patched vulnerabilities with analysis.state = resolved and include formula patches as pedigree.patches on each component
  • Add --no-ignore-patches to report patched vulnerabilities as open findings
  • Fix invalid SARIF output when no vulnerabilities are found (GitHub code scanning rejected the file)

Full Changelog: v0.3.0...v0.4.0

Assets 2
Loading