Releases: guacsec/guac
Releases · guacsec/guac
v0.11.2
v0.11.1
- Improve batch query to only return latest timestamped values for CertVuln and CertLegal
What's Changed
- f97320f Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2239)
- 1d632d4 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2242)
- 898894e Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2245)
- 094a31a Bump github.com/fsouza/fake-gcs-server from 1.50.0 to 1.50.2 (#2236)
- 48b1993 Bump github.com/getkin/kin-openapi from 0.127.0 to 0.128.0 (#2235)
- 35fd61c Bump github.com/klauspost/compress from 1.17.9 to 1.17.11 (#2237)
- 814bd26 Bump github/codeql-action from 3.26.13 to 3.27.0 (#2234)
- 68dfc47 Bump gocloud.dev/pubsub/rabbitpubsub from 0.39.0 to 0.40.0 (#2238)
- c571087 SPDX 'GENERATED_FROM' and 'GENERATES' management (#2249)
- 6fa0562 improve batch query (#2246)
v0.11.0
- Add batch querying for isDependency, CertifyVuln and CertifyLegal via Package Version ID
What's Changed
- 10b6b4d Add IsDependency batch querying (#2221)
- 6642687 Add vulnerability and License batch querying (#2218)
- c5d0a1f Bump actions/cache from 4.1.1 to 4.1.2 (#2228)
- 1756f10 Bump actions/checkout from 4.1.7 to 4.2.2 (#2227)
- bf89fc8 Bump actions/setup-go from 5.0.2 to 5.1.0 (#2224)
- c12ece6 Bump actions/setup-python from 5.2.0 to 5.3.0 (#2226)
- fdc22cc Bump actions/upload-artifact from 4.1.0 to 4.4.3 (#2225)
- d9bed92 Bump github.com/aws/aws-sdk-go-v2 from 1.32.1 to 1.32.2 (#2232)
- b09eca2 Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.5 (#2230)
- cd11a04 Bump golang.org/x/time from 0.6.0 to 0.7.0 (#2231)
- d0bc03a Bump google.golang.org/api from 0.199.0 to 0.203.0 (#2229)
- 265ce1d [StepSecurity] Apply security best practices (#2223)
v0.10.2
- Change hasSBOMList to add filter based on client usage
- add http handler to display version string
- update vuln attestation to (opiniatedly) follow intoto/vulns v0.1 spec
Contributors
What's Changed
- 1a04f13 Bump actions/cache from 4.1.0 to 4.1.1 (#2196)
- 26663ea Bump anchore/sbom-action from 0.17.3 to 0.17.5 (#2208)
- 0e5cbe0 Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 (#2209)
- 7bebe65 Bump cloud.google.com/go/storage from 1.43.0 to 1.45.0 (#2211)
- 706f6d7 Bump github.com/99designs/gqlgen from 0.17.54 to 0.17.55 (#2213)
- 30e28d4 Bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 (#2214)
- 0b30860 Bump github.com/google/osv-scanner from 1.8.5 to 1.9.0 (#2210)
- 516bbda Bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.18 (#2212)
- 95ebb06 add vulnerability ID index on certifyVuln (#2203)
- 8e84bbe change hasSBOMList to add filter based on client usage (#2205)
- 0b6f4a9 fix #2206 add http handler to display version string (#2207)
- ff4744b update vuln attestation to (opiniatedly) follow intoto/vulns v0.1 spec (#2194)
Contributors
nitram509, lumjjb, and pxp928
Assets 71
v0.10.1
- Improve ENT query performance via Index
- Add ClearlyDefined to e2e test
- Fix bug for license scan on ingest
Contributors
What's Changed
- 7ee10f0 Add ClearlyDefined to e2e test (#2168)
- fa21e35 Bump anchore/sbom-action from 0.17.2 to 0.17.3 (#2199)
- 55f1c26 Bump aquasecurity/trivy-action from 0.25.0 to 0.27.0 (#2198)
- f45eb33 Bump github/codeql-action from 3.26.12 to 3.26.13 (#2197)
- cff089f update batch size on clearly defined and fix bug that when ingesting licenses (#2200)
- ac93fb2 update query to ensure index is hit for certifyLegal, occurence and hasSBOM (#2201)
Contributors
robert-cronin and pxp928
Assets 71
v0.10.0
- Fix issues with certifier querying running into postgres parameter limit
- Fix: missing null check in certifyLegal blobstore backend
- Fix ite6 vuln attestation to use the right predicatetype
- Fix Flaky E2e Test
Contributors
What's Changed
Contributors
lumjjb, robert-cronin, and 2 other contributors
Assets 71
v0.9.1
- improve ENT query performance on Subject ID queries
- Fix broken link for ClearlyDefined in docs
- Updates to various dependencies
Contributors
What's Changed
- 6138ef1 Bump actions/cache from 4.0.2 to 4.1.0 (#2178)
- beab14d Bump aquasecurity/trivy-action from 0.24.0 to 0.25.0 (#2175)
- e2cac69 Bump github.com/aws/aws-sdk-go-v2 from 1.31.0 to 1.32.1 (#2179)
- b17182e Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.34.3 to 1.36.1 (#2169)
- 4db142d Bump github.com/nats-io/nats.go from 1.36.0 to 1.37.0 (#2172)
- 2bdf32f Bump github.com/redis/go-redis/v9 from 9.5.3 to 9.6.1 (#2170)
- 51ee212 Bump github.com/sigstore/sigstore from 1.8.8 to 1.8.9 (#2173)
- 2494810 Bump github/codeql-action from 3.26.10 to 3.26.12 (#2174)
- 4777e50 Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#2177)
- e231b30 Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#2171)
- 9194ab1 Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#2176)
- 86b56d8 Fix CD discovered license link in gql generated docs (#2183)
- 1d339f6 [ENT] add direct subject queries for verbs (#2181)
Contributors
robert-cronin and pxp928
Assets 71
v0.9.0
- improve certifier with
last-scanto allow for more efficient scanning of packages - fix bug on license ingestion
Contributors
What's Changed
Contributors
mrizzi and pxp928
Assets 71
v0.8.9
- improve on ingestion license check
- Fix vuln CLI to allow for query via artifact/purl/uri
- Various bug fixes and improvements in parser related to licenses
Contributors
What's Changed
- 92d19d5 Bump github.com/arangodb/go-driver from 1.6.2 to 1.6.4 (#2160)
- e714df0 Bump github.com/aws/aws-sdk-go-v2/config from 1.27.31 to 1.27.39 (#2161)
- 553c3ad Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.63.3 (#2159)
- 56f7dbb Bump github.com/fsouza/fake-gcs-server from 1.49.3 to 1.50.0 (#2162)
- dc08264 Bump github/codeql-action from 3.26.8 to 3.26.10 (#2157)
- f5c75b7 Bump google.golang.org/api from 0.198.0 to 0.199.0 (#2158)
- 8cbb091 CycloneDX SBOM: support nested components (#2156)
- e39fb22 Search for Vulns via Artifact (#2153)
- 7f3e889 if LicenseRef is specified without an inline do not create a license node (#2164)
- 6ea218b improve on ingestion license check (#2152)
Contributors
jeffmendoza, mrizzi, and 2 other contributors