You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Two new commands: bom componentcheck and project componentcheck. The first one
checks a given SBOM for special components, the second one does the same for
an existing SW360 project. Special components are components that should not be
part of license compliance checks. These are for example unit test tools like junit or pytest, linter like eslint, mocking frameworks like Moq, etc.
CaPyCLI has a list of these components (data/component_checks.json), but you
can also provide your own list. For more information please have a look at this documentation.
Improved SBOM quality for Python SBOMs
if an author of a component is known then he is added, otherwise "N/A" is added
if an author of a component is known then he is also added as supplier, otherwise "N/A" is added
the information from pyproject.toml is used as main component (if it exists)
The author of the SBOM is always CaPyCLI.
lifecycle phase information is always build
composition aggregate state is "unknown", because CaPyCLI is mostly right - nevertheless
the final check needs to be done by a human. For example to answer the question whether
a Python runtime needs to be part of the SBOM or not.
Python metadata does not provide copyright information, all copyright are set to "N/A".
📓 Documentation
New folder documentation where we want to keep all more detailed documentation
on the way CaPyCLI works.
🪲 Bugfixes
Fixed a bug in bom filter, that happened in verbose output when using a purl for filtering.
