diff --git a/tools/sbom-diff-and-risk/README.md b/tools/sbom-diff-and-risk/README.md index a1d3943..b150491 100644 --- a/tools/sbom-diff-and-risk/README.md +++ b/tools/sbom-diff-and-risk/README.md @@ -1,11 +1,10 @@ # sbom-diff-and-risk -v0.8.0 is the policy decision explainability release. It adds stable -machine-readable explanation fields for JSON policy findings and reviewer -documentation for interpreting local policy decisions. It keeps CLI analysis -behavior unchanged, keeps dependency analysis local and deterministic by -default, preserves the completed TestPyPI dry-run story, and keeps production -PyPI publishing intentionally deferred. +v0.9.0 is the policy JSON sidecar and consumer integration usability release. +It adds optional `--policy-json PATH` output, checked-in policy sidecar +examples, and copyable GitHub Actions consumer guidance. It keeps dependency +analysis local and deterministic by default, preserves the completed TestPyPI +dry-run story, and keeps production PyPI publishing intentionally deferred. `sbom-diff-and-risk` is a local, deterministic CLI for comparing two SBOMs or dependency manifests and producing JSON plus Markdown reports. diff --git a/tools/sbom-diff-and-risk/RELEASE_NOTES_v0.9.0.md b/tools/sbom-diff-and-risk/RELEASE_NOTES_v0.9.0.md index 3f45d38..7c80e3f 100644 --- a/tools/sbom-diff-and-risk/RELEASE_NOTES_v0.9.0.md +++ b/tools/sbom-diff-and-risk/RELEASE_NOTES_v0.9.0.md @@ -101,6 +101,6 @@ does not change this repository's GitHub Actions configuration. - No production PyPI publishing. - No production PyPI workflow. -This PR only drafts release notes. It does not bump package version, create a -tag, create a GitHub Release, publish to PyPI/TestPyPI, or change runtime -behavior. +The v0.9.0 release is prepared for the tag-gated GitHub Release workflow. It +does not publish to PyPI/TestPyPI and keeps production PyPI intentionally +deferred. diff --git a/tools/sbom-diff-and-risk/examples/sample-provenance-report.sarif b/tools/sbom-diff-and-risk/examples/sample-provenance-report.sarif index b33fdf1..50e7e40 100644 --- a/tools/sbom-diff-and-risk/examples/sample-provenance-report.sarif +++ b/tools/sbom-diff-and-risk/examples/sample-provenance-report.sarif @@ -7,8 +7,8 @@ "driver": { "name": "sbom-diff-risk", "fullName": "sbom-diff-risk", - "version": "0.8.0", - "semanticVersion": "0.8.0", + "version": "0.9.0", + "semanticVersion": "0.9.0", "rules": [ { "id": "sdr.policy_violation.provenance_required", diff --git a/tools/sbom-diff-and-risk/examples/sample-sarif.sarif b/tools/sbom-diff-and-risk/examples/sample-sarif.sarif index 8024cdf..6f30da9 100644 --- a/tools/sbom-diff-and-risk/examples/sample-sarif.sarif +++ b/tools/sbom-diff-and-risk/examples/sample-sarif.sarif @@ -7,8 +7,8 @@ "driver": { "name": "sbom-diff-risk", "fullName": "sbom-diff-risk", - "version": "0.8.0", - "semanticVersion": "0.8.0", + "version": "0.9.0", + "semanticVersion": "0.9.0", "rules": [ { "id": "sdr.major_upgrade", diff --git a/tools/sbom-diff-and-risk/examples/sample-scorecard-report.sarif b/tools/sbom-diff-and-risk/examples/sample-scorecard-report.sarif index 4c3f460..99c72e2 100644 --- a/tools/sbom-diff-and-risk/examples/sample-scorecard-report.sarif +++ b/tools/sbom-diff-and-risk/examples/sample-scorecard-report.sarif @@ -7,8 +7,8 @@ "driver": { "name": "sbom-diff-risk", "fullName": "sbom-diff-risk", - "version": "0.8.0", - "semanticVersion": "0.8.0", + "version": "0.9.0", + "semanticVersion": "0.9.0", "rules": [ { "id": "sdr.policy_violation.scorecard_below_threshold", diff --git a/tools/sbom-diff-and-risk/pyproject.toml b/tools/sbom-diff-and-risk/pyproject.toml index 4dcac7e..ba178cf 100644 --- a/tools/sbom-diff-and-risk/pyproject.toml +++ b/tools/sbom-diff-and-risk/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "sbom-diff-and-risk" -version = "0.8.0" +version = "0.9.0" description = "Deterministic SBOM diff CLI with heuristic risk reporting." readme = { file = "PYPI_DESCRIPTION.md", content-type = "text/markdown" } requires-python = ">=3.11" diff --git a/tools/sbom-diff-and-risk/src/sbom_diff_risk/__init__.py b/tools/sbom-diff-and-risk/src/sbom_diff_risk/__init__.py index 2415db0..f8bfe67 100644 --- a/tools/sbom-diff-and-risk/src/sbom_diff_risk/__init__.py +++ b/tools/sbom-diff-and-risk/src/sbom_diff_risk/__init__.py @@ -2,4 +2,4 @@ __all__ = ["__version__"] -__version__ = "0.8.0" +__version__ = "0.9.0"