Release v11.0.7

What's Changed

• Force package lock creation for stubborn projects with .npmrc by @prabhu in #1488

Full Changelog: v11.0.6...v11.0.7

Release v11.0.6

What's Changed

• Improve php tree by @prabhu in #1483
• Retain multiple SrcFile and identity evidences by @prabhu in #1484

Full Changelog: v11.0.5...v11.0.6

Release v11.0.5 - hey quarkus

cdxgen now supports the Quarkus framework with automatic detection for Maven projects—no configuration changes needed. It uses the official dependency-sbom goal but adds extra value by including phantom JARs that aren’t managed through Maven. With the research profile enabled (--profile research), cdxgen produces a highly detailed SBOM with occurrences and call stack evidence, offering better insights than the official implementation, which only tracks jar files.

cdxgenGPT is also updated to better understand the evidence information for decent reasoning performance.

What's Changed

Other Changes

• feat: quarkus maven support by @prabhu in #1480
• Improve printOccurrences function with streaming output for large SBO… by @deeshantk in #1482

New Contributors

• @deeshantk made their first contribution in #1482

Full Changelog: v11.0.4...v11.0.5

Release v11.0.4

What's Changed

Other Changes

• Expand snapshots part I by @cerrussell in #1467
• Tweaks for node.js ignore list by @prabhu in #1469
• Fix Index Boundary Error in parseCmakeLikeFile by @cerrussell in #1470
• refactor(dart): Use api /versions to avoid payload with all versions by @lsaudon in #1471
• Expand Python Snapshots by @cerrussell in #1473
• Track php per-module tree by @prabhu in #1475
• npm auto install for non-root package.json by @prabhu in #1478
• Added documentation for ML profiles in cdxgen by @satwiksps in #1477

New Contributors

• @satwiksps made their first contribution in #1477

Full Changelog: v11.0.3...v11.0.4

Release v11.0.3

What's Changed

Other Changes

• Replace toml library by @prabhu in #1468

Full Changelog: v11.0.2...v11.0.3

Release v11.0.2

What's Changed

🚀 Features

• dotnet 9 deep improvements by @prabhu in #1459

Other Changes

• update atom to get cpg 1.0.1 and the latest protobuf by @prabhu in #1462
• Safely handle components without names by @prabhu in #1464
• Update atom to get tagging and android apk improvements by @prabhu in #1465

Full Changelog: v11.0.1...v11.0.2

Release v11.0.1

Notable Features

• Official cdxgen base image updated to almalinux:10-kitten-minimal. dotnet 9 sdk is now used as default.
• All base images updated to use :v11 as the suffix. Due to a release mistake the last few cdxgen :v10 images inadvertently use cdxgen v11.0.0. Let us know if you are affected by this mistake.
• Latest dosai with support for dotnet 9 via [email protected].

What's Changed

Other Changes

• Package updates by @prabhu in #1458

Full Changelog: v11.0.0...v11.0.1

Release v11.0.0

Announcement blog on LinkedIn

Top Features

• New ML profiles (ml-tiny, ml, ml-deep) added. Pass them via the cli args --profile.
• New filter techniques (--min-confidence and --technique)

BREAKING changes

cyclonedx-maven-plugin is no longer used by default. PREFER_MAVEN_DEPS_TREE now defaults to true. Set this value to false should you prefer the cyclonedx maven plugin.

What's Changed

🚀 Features

• Automatic annotations and tagging by @prabhu in #1450
• Annotation improvements - part 2 by @prabhu in #1451
• Annotation improvements - part 5 by @prabhu in #1455
• Minimum confidence filter by @prabhu in #1457

Other Changes

• Enable CycloneDX 1.5 snapshots to be compared with 1.6. by @cerrussell in #1444
• fix: executable path in windows by @aryan-rajoria in #1441
• Annotations text for saasbom and cdxa by @prabhu in #1452
• Trim the saasbom to help all models including Gemini by @prabhu in #1454

Full Changelog: v10.11.0...v11.0.0

Release v10.11.0 - Happy swiftwali

Swift developers deserve better tooling to make their lives simple. Accurate information about where and how a given library (both internal and external) is used, can help with prioritization and vulnerability management.

This release adds a new state-of-the-art semantic analysis engine for swift 😎. cdxgen can generate a precise semantic slice representing the application context with accurate types and fully qualified call names for a range of swift applications. The slices are then utlilized by evinse to generate "occurrences evidence" for the SBOM as shown.

We can't wait to iterate to bring you more enhancements and visibility over the coming weeks.

What's Changed

🚀 Features

• Adds occurrence evidence for swift by @prabhu in #1442

Other Changes

• Use bom-ref consistently in the dependency tree by @prabhu in #1431
• Run "Upload base images" action only on main repository by @marob in #1436
• Run some GitHub action jobs only on main repository by @marob in #1438
• Graciously fail for fastlane managed swift projects by @prabhu in #1443

Full Changelog: v10.10.7...v10.11.0

v10.10.7

What's Changed

🚀 Features

• Adds support for specifying npm install args by @prabhu in #1428

Full Changelog: v10.10.6...v10.10.7