Skip to content

v32.0.0

Choose a tag to compare

View all tags
@tdruez tdruez released this 30 Nov 11:28
· 824 commits to main since this release
v32.0.0
caffcba

  • Add a new "find vulnerabilities" pipeline to lookup vulnerabilities in the
    VulnerableCode database for all project discovered packages.
    Vulnerability data is stored in the extra_data field of each package.
    More details about VulnerableCode at https://github.com/nexB/vulnerablecode/ #101

  • Add a new "inspect manifest" pipeline to resolve packages from manifest, lockfile,
    and SBOM. The resolved packages are created as discovered packages.
    Support PyPI "requirements.txt" files, SPDX document as JSON ".spdx.json",
    and AboutCode ".ABOUT" files. #284

  • Generate SBOM (Software Bill of Materials) compliant with the SPDX 2.3 specification
    as a new downloadable output. #389

  • Generate CycloneDX SBOM (Software Bill of Materials) as a new downloadable output. #389

  • Display Webhook status in the Run modal.
    The WebhookSubscription model was refined to capture delivery data. #389

  • Display the current active step of a running pipeline in the "Pipeline" section of
    the project details view, inside the run status tag. #300

  • Add proper pagination for API actions: resources, packages, dependencies, and errors.

  • Refine the fields ordering in API Serializers based on the toolkit order. #546

  • Keep the current filters state when submitting a search in list views. #541

  • Improve the performances of the project details view to load faster by deferring the
    the charts rendering. This is especially noticeable on projects with a large amount
    of codebase resources and discovered packages. #193

  • Add support for filtering by "Other" values when filtering from the charts in the
    Project details view. #526

  • CodebaseResource.for_packages now returns a list of
    DiscoveredPackage.package_uid or DiscoveredPackage.package_url if
    DiscoveredPackage.package_uid is not present. This is done to reflect the
    how scancode-toolkit's JSON output returns package_uids in the
    for_packages field for Resources.

  • Add the model DiscoveredDependency. This represents Package dependencies
    discovered in a Project. The scan_codebase and scan_packages pipelines
    have been updated to create DiscoveredDepdendency objects. The Project API has
    been updated with new fields:

    • dependency_count: The number of DiscoveredDependencies associated with the project.

    • discovered_dependencies_summary: A mapping that contains following fields:

      • total: The number of DiscoveredDependencies associated with the project.
      • is_runtime: The number of runtime dependencies.
      • is_optional: The number of optional dependencies.
      • is_resolved: The number of resolved dependencies.

    These values are also available on the Project view. #447

  • The dependencies field has been removed from the DiscoveredPackage model.

  • Create directory CodebaseResources in the rootfs pipeline. #515

  • Add ProjectErrors when the DiscoveredPackage could not be fetched using the
    provided package_uid during the assemble_package step instead of failing the whole
    pipeline. #525

  • Escape paths before using them in regular expressions in CodebaseResource.walk(). #525

  • Disable multiprocessing and threading by default on macOS ("spawn" start method). #522

Assets 2
Loading