Skip to content

Releases: aboutcode-org/dejacode

v5.2.0

05 Sep 14:01
@github-actions github-actions
v5.2.0
fa72cd4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.2.0 Latest
Latest

Changelog

  • Add visual indicator in hierarchy views, when an object on the far left or far right
    also belong or have a hierarchy (relationship tree). #70
  • Add search and pagination on the Product Inventory tab. #3 #112
  • Fix an issue displaying the "Delete" button in the "Edit Product Relationship"
    modal form. #128
  • Add support for PURL(s) in the "Add Package" modal.
    If the PURL type is supported by the packageurl_python library, a download URL
    will be generated for creating the package and submitting a scan. #131
  • Leverage PurlDB during the "Add Package" process.
    DejaCode will look up the PurlDB to retrieve and fetch all available data to
    create the package. #131
  • Populate the Package notice_text using "NOTICE" file content from Scan "key files". #136
  • Added 2 new license related fields on the Component and Package models:
    • declared_license_expression
    • other_license_expression
      #63
  • Added 2 properties on the Component and Package models:
    • declared_license_expression_spdx (computed from declared_license_expression)
    • other_license_expression_spdx (computed from other_license_expression)
      #63
  • Removed 2 fields: Package.declared_license and Component.concluded_license #63
  • The new license fields are automatically populated from the Package scan
    "Update packages automatically from scan".
    The new license fields are pre-filled in the Package form when using the
    "Add Package" from a PurlDB entry.
    The new license fields are pre-filled in the Component form when using the
    "Add Component from Package data".
    The license expression values provided in the form for the new field is now
    properly checked and return a validation error when incorrect. #63
  • Use the declared_license_expression_spdx value in SPDX outputs. #63
  • Add new ProductDependency model to support relating Packages in the context of a
    Product. #138
  • Add a task scheduler service to the Docker Compose stack.
    This service runs a dedicated setupcron management command to create the
    application's scheduled cron jobs.
    The scheduler is configured to run the daily vulnerabilities update task. #94
  • Add a new Vulnerability model and all the code logic to fetch and create
    Vulnerability records and assign those to Package/Component through ManyToMany
    relationships.
    A fetchvulnerabilities management command is available to fetch all the relevant
    data from VulnerableCode for a given Dataspace.
    The latest vulnerability data refresh date is displayed in the Admin dashboard in a
    new "Data updates" section in the bottom right corner.
    It is also available in the "Integration Status" page.
    The Package/Component views that display vulnerability information (icon or tab)
    are now using the data from the Vulnerability model in place of calling the
    VulnerableCode API on each request. This results into much better performances as
    we do not depend on the VulnerableCode service to render the DejaCode view anymore.
    Also, this will make Vulnerability data available in the Reporting system.
    The vulnerability icon is displayed next to the Package/Component identifier in the
    Product views: "Inventory", "Hierarchy", "Dependencies" tabs.
    The vulnerability data is available in Reporting either through the is_vulnerable
    property on Package/Component column template or going through the full
    affected_by_vulnerabilities m2m field.
    This is available in both Query and ColumnTemplate.
    The vulnerabilities are fetched each time a Package is created/modified
    (note that a purl is required on the package for the lookup).
    Also, all the Packages of a Product are updated with latest vulnerabilities from
    the VulnerableCode service following importing data in Product using:
    • Import data from Scan
    • Load Packages from SBOMs
    • Import Packages from manifests
    • Pull ScanCode.io Project data #94
  • Add a new Vulnerabilities list available from the "Tools" menu when
    enable_vulnerablecodedb_access is enabled on a Dataspace.
    This implementation focuses on ranking/sorting: Vulnerabilities can be sorted and
    filtered by severity score.
    It's also possible to sort by the count of affected packages to help prioritize. #94
  • Display warning when a "download_url" could not be determined from a PURL in
    "Add Package". #163
  • Add a Vulnerabilities tab in the Product details view. #95
  • Add a "Improve Packages from PurlDB" action in the Product details view. #45
  • Add the ability to download the CycloneDX VEX-only and SBOM+VEX combined outputs. #108

What's Changed

  • Add visual indicator when an object also have tree in hierarchy view #70 by @tdruez in #126
  • Implement pagination in tab_inventory #3 by @tdruez in #24
  • Set the proper permission for the "Inventory" tab #128 by @tdruez in #134
  • Add support for PURLs in create_package_from_url #131 by @tdruez in #133
  • Populate the Package notice_text from Scan "key files" #136 by @tdruez in #137
  • Store additional license fields #63 by @tdruez in #130
  • Use the declared_license_expression_spdx value in SPDX output #63 by @tdruez in #140
  • Refactor BaseService to take a dataspace in place of user #94 by @tdruez in #142
  • Refine the action triggering the test CI by @tdruez in #143
  • Replace all linter and validation libraries by ruff by @tdruez in #150
  • Put the virtualenv into a .venv directory instead of the project root by @tdruez in #151
  • Upgrade packageurl-python to latest 0.15.6 by @tdruez in #154
  • Add Dependency model and view #138 by @tdruez in #147
  • Update .dockerignore with latest venv changes by @tdruez in #159
  • Enhance the Package search logic #160 by @tdruez in #161
  • Base implementation of a Vulnerability models #94 by @tdruez in #148
  • Migrate repository URL references to aboutcode-org by @tdruez in #169
  • Display warning when a "download_url" could not be determined from a … by @tdruez in #170
  • Add global Vulnerability list #95 by @tdruez in #171
  • Fix an issue with vulnerability m2m when copying a package/component … by @tdruez in #172
  • Add a Vulnerabilities tab in the Product details view #95 by @tdruez in #173
  • 45 improve from purldb by @tdruez in #135
  • Add the ability to download the VEX output #108 by @tdruez in #174
  • Move the vulnerabilities related code to its own module #95 by @tdruez in #177
  • Release 5.2.0 by @tdruez in #178

Full Changelog: v5.1.0...v5.2.0

Contributors

tdruez
Assets 4
Loading

v5.1.0

27 May 12:34
@github-actions github-actions
v5.1.0
43b6213
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.1.0

What's Changed

  • Improve the "Install ScanCode.io" docs #34 by @tdruez in #37
  • Lookup in PurlDB by purl in Add Package by @tdruez in #47
  • Dark theme mode by @tdruez in #49
  • Download Product comparison as XLSX #7 by @tdruez in #51
  • Improve the presentation of "multi-values" in DejaCode Reports #10 by @tdruez in #52
  • Remove the need to define SITE_URL by @tdruez in #53
  • Replace Celery by RQ for async job queue #6 by @tdruez in #56
  • Upgrade to Python 3.12 by @tdruez in #57
  • Add a "Load Packages from SBOMs" Product action in the REST API #59 by @tdruez in #62
  • Upgrade to Django 5.0.x #50 by @tdruez in #58
  • Add a link to the VulnerableCode app in the Vulnerability tab #4 by @tdruez in #69
  • Add support to import packages from manifest #65 by @tdruez in #67
  • Use correct Makefile target name #75 by @pombredanne in #77
  • Add a DEJACODE_SUPPORT_EMAIL setting by @tdruez in #80
  • Add REST API endpoint to download ABOUT files and SPDX document #60 by @tdruez in #82
  • Upgrade the cyclonedx_python_lib for spec 1.6 support by @tdruez in #79
  • Show the individual PURL fields in the Package details view #83 by @tdruez in #85
  • Fix the logout link of the admin app #89 by @tdruez in #90
  • Display full commit in the version displayed in the UI #88 by @tdruez in #91
  • Change the on_delete value of the homepage_layout FK by @tdruez in #93
  • Refine the product comparison logic for Packages #113 by @tdruez in #114
  • Refactor the implementation of Keywords on forms #48 by @tdruez in #54
  • Display Product inventory count on the Product list view #81 by @tdruez in #116
  • Add multi-selection using shift key in the table list views by @tdruez in #117
  • Always display the full Package URL including "pkg:" prefix #115 by @tdruez in #118
  • Add a new AboutCode tab in Package details view #42 by @tdruez in #119
  • Enhance Package Import to support modifications #84 by @tdruez in #120
  • Display the full Package URL including qualifiers and subpath #115 by @tdruez in #123
  • Add replace_existing_version field on the AddToProduct form #12 by @tdruez in #124
  • Release 5.1 by @tdruez in #125

New Contributors

Full Changelog: v5.0.1...v5.1.0

Contributors

tdruez and pombredanne
Assets 4
Loading

v5.0.1

18 Jan 16:30
@github-actions github-actions
v5.0.1
83b5a4a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.0.1

What's Changed

  • Improve the stability of the "Check for new Package versions" #17 by @tdruez in #23
  • Improve the support for SourgeForge download URLs #26 by @tdruez in #29
  • Improve documentation for integrations setup #31 by @tdruez in #32
  • Release 5.0.1 by @tdruez in #33

Full Changelog: v5.0.0...v5.0.1

Contributors

tdruez
Assets 2
Loading

v5.0.0

14 Dec 05:45
@tdruez tdruez
v5.0.0
05a3a25
Compare
Choose a tag to compare
v5.0.0

Initial open source release.

Assets 2
Loading