Skip to content

v1.1.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 06 Feb 10:29
· 482 commits to develop since this release
v1.1.0
e56e1e8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Installation

Cargo

cargo install uv-sbom

Python (PyPI)

pip install uv-sbom-bin

Pre-built Binaries

macOS (Apple Silicon):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v1.1.0/uv-sbom-aarch64-apple-darwin.tar.gz
tar xzf uv-sbom-aarch64-apple-darwin.tar.gz
sudo mv uv-sbom /usr/local/bin/

macOS (Intel):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v1.1.0/uv-sbom-x86_64-apple-darwin.tar.gz
tar xzf uv-sbom-x86_64-apple-darwin.tar.gz
sudo mv uv-sbom /usr/local/bin/

Linux (x86_64):

curl -LO https://github.com/Taketo-Yoda/uv-sbom/releases/download/v1.1.0/uv-sbom-x86_64-unknown-linux-gnu.tar.gz
tar xzf uv-sbom-x86_64-unknown-linux-gnu.tar.gz
sudo mv uv-sbom /usr/local/bin/

Windows:
Download the .zip file below and extract to your desired location.

Verify Installation

uv-sbom --version

See the README for full documentation.

What's Changed

  • docs: fix incorrect exit code documentation in Common Error Scenarios by @Taketo-Yoda in #145
  • refactor(error): use thiserror crate for SbomError type by @Taketo-Yoda in #146
  • refactor(security): consolidate file read error handling by @Taketo-Yoda in #147
  • refactor(domain): Add semantic methods to VulnerabilityCheckResult by @Taketo-Yoda in #155
  • refactor(domain): add severity sorting to VulnerabilityChecker by @Taketo-Yoda in #156
  • refactor(adapter): simplify MarkdownFormatter using domain semantic methods by @Taketo-Yoda in #157
  • refactor(application): add SbomReadModel and core view structs by @Taketo-Yoda in #168
  • refactor(application): add DependencyView and VulnerabilityView structs by @Taketo-Yoda in #169
  • refactor(application): add SbomReadModelBuilder for metadata and components by @Taketo-Yoda in #170
  • refactor(read-model): Implement SbomReadModelBuilder for dependencies and vulnerabilities by @Taketo-Yoda in #171
  • refactor(ports): Add format_v2 method to SbomFormatter trait by @Taketo-Yoda in #172
  • refactor(adapters): implement format_v2 in CycloneDxFormatter by @Taketo-Yoda in #173
  • refactor(adapters): implement format_v2 in MarkdownFormatter by @Taketo-Yoda in #174
  • refactor(adapters): implement vulnerability rendering in MarkdownFormatter format_v2 by @Taketo-Yoda in #175
  • refactor(application): use SbomReadModelBuilder and format_v2 in main formatting pipeline by @Taketo-Yoda in #176
  • refactor(formatter): remove legacy format methods and rename format_v2 to format by @Taketo-Yoda in #177
  • refactor(read-model): remove unnecessary #[allow(dead_code)] from read model types by @Taketo-Yoda in #179
  • Add PyPI hyperlinks to package names in Markdown output by @Taketo-Yoda in #182
  • Add --verify-links flag for PyPI URL validation in Markdown output by @Taketo-Yoda in #183
  • Add hyperlinks to vulnerability IDs in Markdown output by @Taketo-Yoda in #185
  • feat(config): add config file data structures and YAML parsing by @Taketo-Yoda in #192
  • feat(cli): add --config and --ignore-cve options with merge logic by @Taketo-Yoda in #193
  • chore(deps): bump thiserror from 1.0.69 to 2.0.17 by @dependabot[bot] in #196
  • chore(deps): bump the dependencies group with 2 updates by @dependabot[bot] in #195
  • feat(domain): integrate CVE ignore list into vulnerability checking by @Taketo-Yoda in #197
  • Add AGENTS.md for codebase context optimization by @Taketo-Yoda in #198
  • fix(deps): replace vulnerable serde_yml with serde_yaml_ng by @Taketo-Yoda in #199
  • test(e2e): add E2E tests for config file and CVE ignore functionality by @Taketo-Yoda in #200
  • docs: add --verify-links documentation to README by @Taketo-Yoda in #201
  • docs: add config file and CVE ignore documentation to README by @Taketo-Yoda in #202
  • feat(cli): add --init option to generate config file template by @Taketo-Yoda in #204
  • Add sample config with ignore_cves to examples/sample-project by @Taketo-Yoda in #205
  • feat(skills): add /dependabot skill for security alert handling by @Taketo-Yoda in #208
  • chore(deps): bump bytes from 1.11.0 to 1.11.1 by @dependabot[bot] in #209
  • docs: enhance documentation for PyPI and README synchronization by @Taketo-Yoda in #212
  • fix(sbom): preserve dependency classification when root project is excluded by @Taketo-Yoda in #213
  • feat(skills): add /release skill for standardized release workflow by @Taketo-Yoda in #216
  • chore(release): prepare v1.1.0 by @Taketo-Yoda in #217
  • Release v1.1.0 by @Taketo-Yoda in #218

Full Changelog: v1.0.0...v1.1.0

Contributors

dependabot and Taketo-Yoda
Assets 6
Loading