v1.0.0

Installation

Cargo

cargo install uv-sbom

Python (PyPI)

pip install uv-sbom-bin

Pre-built Binaries

macOS (Apple Silicon):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v1.0.0/uv-sbom-aarch64-apple-darwin.tar.gz
tar xzf uv-sbom-aarch64-apple-darwin.tar.gz
sudo mv uv-sbom /usr/local/bin/

macOS (Intel):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v1.0.0/uv-sbom-x86_64-apple-darwin.tar.gz
tar xzf uv-sbom-x86_64-apple-darwin.tar.gz
sudo mv uv-sbom /usr/local/bin/

Linux (x86_64):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v1.0.0/uv-sbom-x86_64-unknown-linux-gnu.tar.gz
tar xzf uv-sbom-x86_64-unknown-linux-gnu.tar.gz
sudo mv uv-sbom /usr/local/bin/

Windows:
Download the .zip file below and extract to your desired location.

Verify Installation

uv-sbom --version

See the README for full documentation.

What's Changed

• docs: add download metric badges and update CycloneDX version reference by @Taketo-Yoda in #22
• chore: ignore .claude/saved-contexts/ by @Taketo-Yoda in #28
• chore: translate .claude documentation from Japanese to English by @Taketo-Yoda in #29
• docs: add security and privacy use case for --exclude option by @Taketo-Yoda in #30
• feat: warn when exclude patterns do not match any dependencies by @Taketo-Yoda in #31
• ci: skip CI runs for documentation-only changes by @Taketo-Yoda in #35
• docs: add security documentation and issue creation guidelines by @Taketo-Yoda in #36
• feat: add --dry-run option for configuration validation by @Taketo-Yoda in #37
• ci: remove pull_request trigger to reduce resource usage by @Taketo-Yoda in #39
• feat: add vulnerability domain models (Issue #41) by @Taketo-Yoda in #49
• feat: define VulnerabilityRepository port interface (Issue #42) by @Taketo-Yoda in #50
• feat: implement OSV API client adapter (Issue #43) by @Taketo-Yoda in #52
• feat: Update application layer DTOs for CVE check (Issue #44) by @Taketo-Yoda in #53
• feat: integrate CVE check into GenerateSbomUseCase (Issue #45) by @Taketo-Yoda in #54
• feat: Add vulnerability section to Markdown formatter (Issue #46) by @Taketo-Yoda in #55
• feat: add --check-cve CLI option and wire dependencies (Issue #47) by @Taketo-Yoda in #56
• Add pre-submission verification checklist for GitHub issues by @Taketo-Yoda in #70
• docs: add --check-cve documentation and OSV attribution (Issue #48) by @Taketo-Yoda in #71
• feat: enhance sample-project with packages covering various CVE severities (Issue #72) by @Taketo-Yoda in #73
• fix: implement severity parsing with API fallback strategy (Issue #74) by @Taketo-Yoda in #75
• feat: add progress indicator for vulnerability detail fetching (Issue #76) by @Taketo-Yoda in #78
• docs: add exit codes and network requirements sections to README by @Taketo-Yoda in #79
• refactor: split GenerateSbomUseCase::execute() into smaller methods by @Taketo-Yoda in #81
• fix: resolve CI failures from PR #81 and expand branch coverage by @Taketo-Yoda in #83
• feat: add Agent Skills for consistent development workflow enforcement by @Taketo-Yoda in #85
• feat: Make OsvClient asynchronous (#58) by @Taketo-Yoda in #87
• feat: Make PyPiLicenseRepository asynchronous (#57) by @Taketo-Yoda in #89
• feat: make GenerateSbomUseCase asynchronous by @Taketo-Yoda in #90
• docs: add skill enforcement guidelines to prevent CI failures by @Taketo-Yoda in #91
• feat(cli): add --severity-threshold and --cvss-threshold options by @Taketo-Yoda in #100
• feat(domain): add VulnerabilityChecker service for threshold evaluation by @Taketo-Yoda in #101
• feat(dev): add pre-commit hook and enforce skill usage rules by @Taketo-Yoda in #103
• chore(deps): bump actions/cache from 4 to 5 by @dependabot[bot] in #105
• chore(deps): bump actions/upload-artifact from 4 to 6 by @dependabot[bot] in #106
• feat(cli): implement new exit code system for vulnerability detection by @Taketo-Yoda in #104
• chore(deps): bump actions/checkout from 4 to 6 by @dependabot[bot] in #107
• chore(deps): bump the dependencies group with 4 updates by @dependabot[bot] in #108
• chore(deps): bump reqwest from 0.12.28 to 0.13.1 by @dependabot[bot] in #109
• chore(deps): bump indicatif from 0.17.11 to 0.18.3 by @dependabot[bot] in #110
• chore(deps): bump toml from 0.8.23 to 0.9.11+spec-1.1.0 by @dependabot[bot] in #111
• chore(deps): bump actions/setup-python from 5 to 6 by @dependabot[bot] in #112
• chore(deps): bump actions/download-artifact from 4 to 7 by @dependabot[bot] in #113
• fix: Add explicit permissions to CI workflow by @Taketo-Yoda in #114
• feat: Add Warning/Info sections to Markdown vulnerability report by @Taketo-Yoda in #115
• feat: Add CheckVulnerabilitiesUseCase with threshold support by @Taketo-Yoda in #117
• feat(skills): add branch guard to /commit and create /implement skill by @Taketo-Yoda in #120
• feat: Integrate threshold options into main application flow by @Taketo-Yoda in #121
• Add skill invocation rules to CLAUDE.md by @Taketo-Yoda in #129
• Add E2E tests for vulnerability threshold feature by @Taketo-Yoda in #130
• docs: Update documentation for vulnerability threshold feature by @Taketo-Yoda in #131
• refactor: extract tests from generate_sbom.rs into separate module by @Taketo-Yoda in #132
• refactor: implement SbomRequestBuilder pattern for cleaner API by @Taketo-Yoda in #133
• docs: add automated security scanning section to SECURITY.md by @Taketo-Yoda in #134
• refactor: migrate skill files to new directory structure with SKILL.md by @Taketo-Yoda in #136
• refactor(application): delegate vulnerability checking to CheckVulnerabilitiesUseCase by @Taketo-Yoda in #137
• feat(adapters): implement CachingPyPiLicenseRepository for license caching by @Taketo-Yoda in #139
• refactor: remove unused dead_code to comply with YAGNI principle by @Taketo-Yoda in #141
• chore: bump version to 1.0.0 for first stable release by @Taketo-Yoda in #142
• Release v1.0.0 by @Taketo-Yoda in #143

New Contributors

• @dependabot[bot] made their first contribution in #105

Full Changelog: v0.2.0...v1.0.0