Releases: anchore/syft
Releases · anchore/syft
v0.64.0
Changelog
v0.64.0 (2022-12-23)
Added Features
- License parsing for Java [PR #1385]
- Integration or association of binary and package [Issue #1411]
- Include go.sum h1 digest information in checksums [Issue #1277]
Bug Fixes
- Clean package names found in python catalogers [PR #1417] [wagoodman]
- FilesAnalyzed wrong and missing SHA1 for files [Issue #1396]
- Binary executables identified as "library" type in CycloneDX [Issue #1402]
- Excessive "unable to read golang buildinfo error=not a Go executable file" warnings in versions after v0.62.1 [Issue #1403]
- Binary java detection [Issue #1410]
v0.63.0
Changelog
v0.63.0 (2022-12-12)
Added Features
- Catalog Java binary runtimes [Issue #1388]
Bug Fixes
- Syft generates too loose of cpes for python redis [Issue #1066]
- Panic in alpm cataloger [Issue #1195]
- goroutine stack exceeds 1000000000-byte limit scanning image [Issue #1368]
- Binary go detection [Issue #1382]
v0.62.3
Changelog
v0.62.3 (2022-11-30)
Added Features
- Add a generic binary cataloger [PR #1336] [kzantow]
- Add
--nameoption to override name in output [1269] [jedevc]
Bug Fixes
- Recover from bad parsing of golang binary [PR #1371] [wagoodman]
- panic: runtime error: index out of range [0] with length 0 [Issue #1094]
- Syft finds no apks for some images with apks [Issue #1354]
v0.62.2
Changelog
v0.62.2 (2022-11-28)
Bug Fixes
- SPDX-json output differs between cli and golang implementation [Issue #1213]
- Python cataloging fails to remove some non-version characters from version string [Issue #1360]
- Haskell Cabal packages crash syft [Issue #1362]
- Panic case for alpm on windows has a correct error case [Issue #1094]
v0.62.1
Changelog
v0.62.1 (2022-11-21)
Bug Fixes
- fix(npm): handle aliases in package-lock.json [Issue #1314] [Mikcl]
- chore: add debug logging for decode errors [PR #1352] [kzantow]
- fix: sort relationships in SPDX output [Issue #1213] [kzantow]
v0.62.0
Changelog
v0.62.0 (2022-11-18)
Added Features
- NPM package-lock.json version 3 [Issue #1203]
Bug Fixes
- Don't replace : with - in docker SPDX namespaces [Issue #1111]
v0.61.0
Changelog
v0.61.0 (2022-11-18)
Added Features
- Add support for map fields in CycloneDX (XML and JSON) [Issue #1032]
- Dependency's MIT license not picked up when scanning package-lock.json [Issue #1113]
- Support SPDX 2.3 [Issue #1292]
- Add support for dependency relationships for alpine (apk) [PR #1063]
Bug Fixes
- Normalize alpm md5 refs [PR #1333] [wagoodman]
- APK Metadata decoding should be backwards compatible [PR #1341] [wagoodman]
- Add spdx relationship encoding for dependencies [PR #1342] [wagoodman]
- v0.3.0 SPDX SBOM Does Not Have Unique SPDXID Package IDs [Issue #923]
- Missing licenses and "skipping encoding of unsupported property: syft:metadata:goBuildSetting" [Issue #1007]
- System independent build not possible [Issue #1084]
- Dependency's MIT license not picked up when scanning package-lock.json [Issue #1113]
- No packages discovered in SIF when image source not specified [Issue #1189]
syft packagespanics on OCI archive creation [Issue #1318]- Missing metadata in syft-json artifacts crashes grype [Issue #1334]
- CPE for amazoncorretto:19.0.1-al2 is incorrect [Issue #1337]
v0.60.3
v0.60.2
v0.60.1
Changelog
v0.60.1 (2022-11-01)
Added Features
- Remove the docker installation from the release process [Issue #577]
- Include go binary h1 digests in SPDX [Issue #1261]
Bug Fixes
- A malformed Python RECORD file stops Syft processing [Issue #1012]
- Deprecated SPDX license (GFDL* and BSD-2-Clause-NetBSD) [Issue #1179]
- Update SPDX license list to 3.18 [Issue #1245]
- Versions not printed out properly from maven pom.xml [Issue #1251]
- syft attest --output cyclonedx-json incompatible with cosign [Issue #1268]
- Create SBOM file will have suffix in modules name [Issue #1275]