07 Jun 03:57

github-actions

b5af6c7

v1.3.4

Minor Updates

Feature #390 Add an user agent to OSV API requests.

Full Changelog: v1.3.3...v1.3.4

Assets 10

17 May 05:05

github-actions

v1.3.3

dbeadde

v1.3.3

v1.3.3:

Fixes

Bug #369 Fix
requirements.txt misparsing lines that contain --hash.
Bug #237 Clarify when no
vulnerabilities are found.
Bug #354 Fix cycle in
requirements.txt causing infinite recursion.
Bug #367 Fix panic when
parsing empty lockfile.

API Features

Feature #357 Update
pkg/osv to allow overriding the http client / transport

New Contributors

@jeffmendoza made their first contribution in #357
@robotdana made their first contribution in #367
@khareyash05 made their first contribution in #368

Full Changelog: v1.3.2...v1.3.3

Contributors

robotdana, jeffmendoza, and khareyash05

Assets 10

26 Apr 04:56

github-actions

v1.3.2

c6d02d1

v1.3.2

Fixes

Bug #341 Make the reporter public to allow calling DoScan with non nil reporters.
Bug #335 Improve SBOM parsing and relaxing name requirements when explicitly scanning with --sbom.
Bug #333 Improve scanning speed for regex heavy lockfiles by caching regex compilation.
Bug #349 Improve SBOM documentation and error messages.

New Contributors

@dbtedman made their first contribution in #325

Full Changelog: v1.3.1...v1.3.2

Contributors

dbtedman

Assets 10

30 Mar 04:36

github-actions

v1.3.1

7c08000

v1.3.1

Changelog

Fixes

Bug #319 Fix segmentation fault when parsing CycloneDX without dependencies.

Full Changelog: v1.3.0...v1.3.1

Assets 10

28 Mar 03:28

github-actions

v1.3.0

cfe6d75

v1.3.0

What's Changed

Major Features:

Feature #198 GoVulnCheck integration! Try it out when scanning go code by adding the --experimental-call-analysis flag.
Feature #260 Support -r flag in requirements.txt files.
Feature #300 Make IgnoredVulns also ignore aliases.
Feature #304 OSV-Scanner now runs faster when there's multiple vulnerabilities.

Fixes

Bug #249 Support yarn locks with quoted properties.
Bug #232 Parse nested CycloneDX components correctly.
Bug #257 More specific cyclone dx parsing.
Bug #256 Avoid panic when parsing file: dependencies in pnpm lockfiles.
Bug #261 Deduplicate packages that appear multiple times in Pipenv.lock files.
Bug #267 Properly handle comparing zero versions in Maven.
Bug #279 Trim leading zeros off when comparing numerical components in Maven versions.
Bug #291 Check if PURL is valid before adding it to queries.
Bug #293 Avoid infinite loops parsing Maven poms with syntax errors
Bug #295 Set version in the source code, this allows version to be displayed in most package managers.
Bug #297 Support Pipenv develop packages without versions.

API Features

Feature #310 Improve the OSV models to allow for 3rd party use of the library.

New Contributors

@raboof made their first contribution in #253
@spencerschrock made their first contribution in #294
@calebbrown made their first contribution in #310

Full Changelog: v1.2.0...v1.3.0

Contributors

calebbrown, raboof, and spencerschrock

Assets 10

23 Feb 01:36

github-actions

v1.2.0

9647b49

v1.2.0

Major Features:

Feature #168 Support for scanning debian package status file, usually located in /var/lib/dpkg/status. Thanks @cmaritan
Feature #94 Specify what parser should be used in --lockfile.
Feature #158 Specify output format to use with the --format flag.
Feature #165 Respect .gitignore files by default when scanning.
Feature #156 Support markdown table output format. Thanks @deftdawg
Feature #59 Support conan.lock lockfiles and ecosystem Thanks @SSE4
Updated documentation! Check it out here: https://google.github.io/osv-scanner/

Minor Updates:

Feature #178 Support SPDX 2.3.
Feature #221 Support dependencyManagement section in Maven poms.
Feature #167 Make osvscanner API library public.
Feature #141 Retry OSV API calls to mitigate transient network issues. Thanks @davift
Feature #220 Vulnerability output is ordered deterministically.
Feature #179 Log number of packages scanned from SBOM.
General dependency updates