Skip to content

Release v1.5.3

Choose a tag to compare

@github-actions github-actions released this 27 Jun 00:58
0db8abe

BomLens v1.5.3

Generate a CycloneDX SBOM, an open-source notice (고지문), and a security report from your source code — or assess the open-source risk of an SBOM or firmware you receive.

Changes

Added

  • The dependency graph view was redesigned to read like a commercial graph explorer.
  • License distribution is shown as proportional bars, with the charts animating in on first render.
  • Each scan now shows how it compares to the previous run of the same project.

Changed

  • Interactive result cards lift on hover, with motion that honours the operating system's reduced-motion setting.

Fixed

  • SECURITY_ENRICH=false now reaches the post-process container, so the EPSS and CISA KEV opt-out works from the host CLI for air-gapped runs.
  • --analyze/--sbom combined with --model is now rejected instead of silently running in ANALYZE mode.
  • AI SBOM generation fails closed when the model card cannot be collected (offline, or an unknown/private model id) instead of writing an empty stub ML-BOM as a valid output.
  • Supplier SBOM analysis now produces the conformance report for well-formed SPDX Tag-Value inputs; a zero-count grep had aborted the Tag-Value checks.
  • Reopening a past scan from history no longer shows an empty run-log panel.
  • A release stays a draft until the release gate verifies it, so it is never published before its entry points are checked.

Documentation

  • Corrected the supplier-SBOM conversion note (SPDX is converted to CycloneDX 1.6; CycloneDX inputs keep their original spec version), removed the unimplemented drag-resizable columns claim from the UI reference, fixed the Node.js lock-file guidance, and added page descriptions to five navigation pages.

Installation

Desktop app (double-click, no CLI)

Download BomLens-Setup.exe (Windows) or BomLens-Setup.dmg (macOS) from the assets below. Unsigned for now; if Windows SmartScreen warns, choose "More info", then "Run anyway".

Scripts

curl -O https://raw.githubusercontent.com/sktelecom/sbom-tools/main/scripts/scan-sbom.sh
chmod +x scan-sbom.sh

Docker Image

docker pull ghcr.io/sktelecom/sbom-generator:1.5.3   # legacy alias: sbom-scanner

Documentation