LPVS v1.5.0

Features

• Loaded scan services dynamically based on configuration properties
• Added conversion of the byte range in file to file lines

Improvements

• Changed visibility of constructor for testability

Bug Fixes

• Fixed Javadoc generation
• Fixed issues detected by Svace code analyzer
• Corrected link in quick-start-guide-and-build.md
• Resolved an issue with incorrect file separators
• Fixed one more Svace defect
• Fixed missing link to the scan results in case of hub link present

Dependency Updates

• Bumped follow-redirects from 1.15.4 to 1.15.6 in /frontend
• Bumped express from 4.18.2 to 4.19.2 in /frontend
• Bumped org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0
• Bumped softprops/action-gh-release from 0.1.14 to 2.0.4 in /.github/workflows
• Bumped docker/login-action from 3.0.0 to 3.1.0 in /.github/workflows
• Bumped actions/setup-java from 4.1.0 to 4.2.1 in /.github/workflows
• Bumped slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 in /.github/workflows
• Bumped org.kohsuke:github-api from 1.318 to 1.321
• Bumped org.projectlombok:lombok from 1.18.20 to 1.18.32
• Updated scanoss dependencies

Documentation Updates

• Fixed links in the quick-start-guide-and-build.md
• Changed version to v1.5.0

LPVS v1.4.2

Bug Fixes

• remove PR if max attempt reached (#430) #430 (m-rudyk)
• add check for empty number of files in dir before scan (#431) #431 (m-rudyk)
• Change table name to avoid name conflicts (#437) #437 (Oleg Kopysov)
• Clear the queue before adding new elements (#439) #439 (Oleg Kopysov)
• Fix for incorrect increment of the attempts number (#442) #442 (Oleg Kopysov)
• Fix incorrect log message (#445) #445 (Oleg Kopysov)
• Fix the issue with duplicated records in pull_requests table and runtime error (missing bean) (#446) #446 (Oleg Kopysov)
• Remove unnecessary try/catch section from the service (#447) #447 (Oleg Kopysov)
• modify single scan feature (#463) #463 (m-rudyk)

Documentation

• Update properties and corresponding documentation (#444) #444 (Oleg Kopysov)

Code Refactoring

• rename classes and improve application.properties (#443) #443 (Oleg Kopysov)

Builds

• deps: bump the pip group across 1 directories with 1 update (#424) #424 (dependabot[bot])
• deps: bump github/codeql-action from 3.23.2 to 3.24.3 in /.github/workflows (#432) #432 (dependabot[bot])
• deps: bump step-security/harden-runner from 2.6.0 to 2.7.0 in /.github/workflows (#414) #414 (dependabot[bot])
• deps: bump the pip group across 1 directories with 1 update (#440) #440 (dependabot[bot])
• update pom.xml (#441) #441 (o-konoval)
• deps: bump actions/setup-java from 4.0.0 to 4.1.0 in /.github/workflows (#452) #452 (dependabot[bot])
• deps: bump codecov/codecov-action from 4.0.0 to 4.1.0 in /.github/workflows (#454) #454 (dependabot[bot])
• deps: bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.2 to 4.8.3.1 (#460) #460 (dependabot[bot])
• deps: bump org.apache.maven.plugins:maven-compiler-plugin from 3.10.0 to 3.12.1 (#458) #458 (dependabot[bot])
• deps: bump com.h3xstream.findsecbugs:findsecbugs-plugin from 1.12.0 to 1.13.0 (#457) #457 (dependabot[bot])
• deps: bump org.apache.maven.plugins:maven-assembly-plugin from 3.1.0 to 3.6.0 (#456) #456 (dependabot[bot])

Continuous Integration

• Add CI workflow for check the build of docker container (#429) #429 (Taras Drozdovskyi)
• fix and update actions/checkout version (#436) #436 (Tetiana Naumenko)

Chores

• remove unused dependencies (#425) #425 (m-rudyk)
• add plugin to build executable JAR (#427) #427 (m-rudyk)
• refactor and update github action workflows (#438) #438 (Tetiana Naumenko)
• change version to 1.4.2 (#449) #449 (Oleg Kopysov)

LPVS v1.4.1

Bug Fixes

• Remove packages vulnerabilities in frontend (#404) #404 (Tetiana Naumenko)
• Fix package-lock dependencies (#422) #422 (Oleg Kopysov)

Documentation

• Add guide how to use lpvs-x.y.z.jar in other project (#406) #406 (Taras Drozdovskyi)
• Reorganize README.md (#407) #407 (Taras Drozdovskyi)

Code Refactoring

• Remove unused properties from application.properties file (#419) #419 (Oleg Kopysov)
• Sync source code with external modules (#420) #420 (Oleg Kopysov)

Builds

• deps: bump follow-redirects from 1.15.2 to 1.15.4 in /frontend (#402) #402 (dependabot[bot])
• Update JDK11 to JDK17 in Dockerfile (#401) #401 (Taras Drozdovskyi)
• deps: bump actions/upload-artifact from 4.0.0 to 4.3.0 in /.github/workflows (#413) #413 (dependabot[bot])
• deps: bump docker/metadata-action from 5.2.0 to 5.5.1 in /.github/workflows (#415) #415 (dependabot[bot])
• deps: bump github/codeql-action from 3.22.12 to 3.23.2 in /.github/workflows (#417) #417 (dependabot[bot])
• deps: bump codecov/codecov-action from 3.1.4 to 4.0.0 in /.github/workflows (#416) #416 (dependabot[bot])

Continuous Integration

• Update java-kotlin for codeql analysis (#408) #408 (Taras Drozdovskyi)
• Update JDK11 to JDK17 in .github/workflows/publish-release.yml (#423) #423 (Taras Drozdovskyi)

Chores

• Switch from Spring 2.7 to 3.2 (#400) #400 (rnd4you)
• Update package version to 1.4.1 (#421) #421 (Oleg Kopysov)
• Update JDK11 to JDK17 in Fuzzer (#403) #403 (Taras Drozdovskyi)

LPVS v1.4.0

Features

• Add API for single pull request scan (#370) #370 (Oleg Kopysov)

Bug Fixes

• All actions required when publishing a release are combined into… (#371) #371 (Taras Drozdovskyi)
• Change "npm install" to "npm ci" to install fixed version packag… (#385) #385 (Taras Drozdovskyi)
• Add throw Exception in case of error in LPVSWebhookUtil class (#384) #384 (Oleg Kopysov)
• Enable scanoss dependency checking during docker container build (#388) #388 (Taras Drozdovskyi)
• Update pyopenssl version for scanoss (#396) #396 (Taras Drozdovskyi)

Documentation

• Updated links in Readme file (#368) #368 (Oleg Kopysov)
• update guide in Quick Start part of README.md file (#389) #389 (Tetiana Naumenko)
• Expand the types of commit names (#395) #395 (Taras Drozdovskyi)

Tests

• Improve LPVSDetectService branch coverage (#367) #367 (v-kerimov)

Builds

• deps: bump org.apache.maven.plugins:maven-javadoc-plugin from 3.3.1 to 3.6.3 (#383) #383 (dependabot[bot])
• deps: bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.1 (#379) #379 (dependabot[bot])
• deps: bump actions/upload-artifact from 3.1.0 to 4.0.0 in /.github/workflows (#375) #375 (dependabot[bot])
• deps: bump actions/download-artifact from 3.0.0 to 4.1.0 in /.github/workflows (#374) #374 (dependabot[bot])
• deps: bump github/codeql-action from 2.22.8 to 3.22.12 in /.github/workflows (#372) #372 (dependabot[bot])
• deps: bump certifi from 2017.4.17 to 2023.7.22 (#394) #394 (dependabot[bot])
• deps: bump urllib3 from 1.21.1 to 1.26.18 (#393) #393 (dependabot[bot])
• deps: bump cryptography from 40.0.2 to 41.0.6 (#392) #392 (dependabot[bot])
• deps: bump requests from 2.22.0 to 2.31.0 (#391) #391 (dependabot[bot])

Chores

• delete unused table configuration (#387) #387 (m-rudyk)
• Update package version to 1.4.0 (#390) #390 (Oleg Kopysov)

LPVS v1.3.0

Features

• Enable starting scans with pull request argument (#300) #300 (v-kerimov)
• Generate html report for single scan mode (#358) #358 (m-rudyk)
• Use actions-gh-pages for publication of Javadoc (#311) #311 (Oleg Kopysov)
• Provide reproducible builds (#322) #322 (Oleg Kopysov)
• Add option to scan all files (#332) #332 (m-rudyk)

Bug Fixes

• Fix Github action step to generate Javadoc (#310) #310 (Oleg Kopysov)
• Apply security install of python package into Dockerfile (#357) #357 (Taras Drozdovskyi)
• Fixed problems with singlescan and decreased .sql files count (#353) #353 (v-kerimov)
• Fix existing javadoc comments (#363) #363 (m-rudyk)
• Fix Dockerfile for secure installation of scanoss package (#366) #366 (Taras Drozdovskyi)

Documentation

• Add code review requirements description (#303) #303 (Taras Drozdovskyi)
• Add link to the frontend readme inside the main readme (#306) #306 (Oleg Kopysov)
• Enable Javadoc generation as GitHub action (#308) #308 (Oleg Kopysov)
• Add Javadoc comments for config, exception, repository and unit (#315) #315 (Oleg Kopysov)
• Update of YAML file with newly added endpoints (#328) #328 (Oleg Kopysov)
• Updated API description in YAML (#329) #329 (Oleg Kopysov)
• Update of the issue and PR templates (#330) #330 (Oleg Kopysov)
• Update and extension of Javadocs for entities (#355) #355 (Oleg Kopysov)
• Add Javadoc comments for services (#360) #360 (Oleg Kopysov)
• Update CODEOWNERS file (#309) (Taras Drozdovskyi) #309

Tests

• Add more unit tests to improve coverage (#299) #299 (Oleg Kopysov)
• Update ClusterFuzzLite github->action (#356) #356 (Taras Drozdovskyi)

CI

• Adding automatic release generation (#364) #364 (Taras Drozdovskyi)
• Harden GitHub Actions (#312) (StepSecurity Bot) #312
• Update github->action javadoc permissions (#313) #313 (Taras Drozdovskyi)
• Add context write permission to javadoc.yml (#314) #314 (Taras Drozdovskyi)
• Specifies the version of the components used in the clusterfuzzlite (#326) #326 (Taras Drozdovskyi)
• Apply hardening mechanisms to controller endpoints (#325) #325 (Oleg Kopysov)
• Add fuzzer github->action workflow (#324) (Taras Drozdovskyi) #324

LPVS v1.2.0

What's Changed

Fixes

• Fixed LPVS documentation and added Javadoc comments to the controller. This ensures that the documentation is up-to-date and well-documented for users and contributors.

Features

• Added frontend: Introduced a new frontend interface to enhance the user experience and provide a more visually appealing interface.

• Added unit tests: Comprehensive unit tests have been included to improve the overall code quality and ensure the reliability of the software.

• Added table configuration class: A new table configuration class has been introduced to streamline the management of tables within the application.

• Added Github OAuth feature to the backend application: This new feature enhances the security and authentication mechanisms of the application, making it more robust and user-friendly.

Full Changelog: Compare v1.1.0...v1.2.0

LPVS v1.1.0

What's Changed

• Added possibility to store scan results in MySQL database
• Applied multi-stage build
• Fixed the errors of duplicate and non-existent keys
• Updated documentation

Full Changelog: https://github.com/Samsung/LPVS/commits/v1.1.0

LPVS v1.0.1

What's Changed

• [new feature] Setting LPVS properties via environment variables or via command line
• Improved code coverage by unit tests
• Updated documentation
• Fixed bugs

Full Changelog: lpvs-v1.0.0...v1.0.1

LPVS v1.0.0

What's Changed

• Available license scanners: SCANOSS
• LPVS supports GitHub review system

Full Changelog: https://github.com/Samsung/LPVS/commits/lpvs-v1.0.0