v1.3.0
Added Features
- index known CPEs for go modules [#2816 @westonsteimel]
- support multiple known CPEs in index [#2813 @westonsteimel]
- index known CPEs for PHP Composer packagist.org packages [#2804 @westonsteimel]
- index known cpes for PHP extensions [#2777 @westonsteimel]
Bug Fixes
- re-use embedded union reader if possible [#2814 @willmurphyscode]
- prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io [#2806 @westonsteimel]
- improvements to known CPE index construction [#2801 @westonsteimel]
- Syft panics when scanning OCI image that contains packaged helm chart [#2745 #2757 @willmurphyscode]
- Pom parser not resolving all dependency versions [#2776 #2781 @willmurphyscode]
- exclude known instrumentation jars from being erroneously identified [#2796 @kzantow]
- return empty string if dereferncing pom var fails [#2797 @willmurphyscode]