v0.6.0

Updates in this release

New features

• feat: introduce MLBOM processing
• feat: data driven SPDX licence version

Fixes

• fix: package id validation(fixes #25)
• test: add MLBOM samples
• test: additional test samples
• test: tidy up test samples
• doc: fix typos
• fix: XML parser for property (fixes #24)

v0.5.4

Updates in this release

Fixes

• fix: handle unknown supplier type
• fix: handling of license expressions

v0.5.3

Updates in this release

Fixes

• fix: Incorrect name for CycloneDX checksum algorithm (Fixes #23)
• fix: Linting

v0.5.2

Updates in this release

New features

• feat: Add vulnerability parser
• feat: Update examples
• feat: Update licence list to version 3.22

Fixes

• doc: Update add_document example (fixes #21)
• fix: cpe type for operating system (fixes #22)
• fix: Metadata component linking to component (fixes #20)
• fix: Typo in comments attribute
• fix: Update property name
• fix: Vulnerability attributes
• test: Additional example

v0.5.1

Updates in this release

Fixes

• fix: Crash while generating SBOM (fixes #19)

v0.5.0

Updates in this release

New features

• feat: Introduce XML parsing for CycloneDX (fixes #1)
• feat: Add CycloneDX assembly suport (fixes #13)
• feat: Add initial support for SPDX RDF and XML files
• feat: Add vulnerabilities to SBOM
• feat: User defined license handling in SPDX
• feat: Add enhanced metadata attributes
• feat: Add vulnerability object
• feat: Refactor CycloneDX generator
• feat: Allow license text to be specified with license name
• feat: Allow SPDX version to be specified for SPDX documents
• feat: Allow UUID to be user specified
• feat: Reuse metadata from parsed SBOMs
• feat: Update examples

Fixes

• bug: Handle '-' in supplier name (Fixes #14)
• doc: Update README
• fix: Ensure user defined id is valid for SPDX
• fix: Fix metadata tools field of CycloneDX
• fix: Fix organisation typo
• fix: Formatting issues with generated document
• fix: Handle deprecated tools specification in CycloneDX version 1.5
• fix: Handle missing file id
• fix: Id overwritten by name for file object
• fix: License expression handling for CycloneDX
• fix: Linting
• fix: Remove commented code
• fix: Remove debug code
• fix: SPDX handling of user defined component id
• fix: SPDX version field truncated
• fix: Supplier contains digit (fixes #17)
• fix: Tool version metadata handling (CycloneDX)
• fix: Update relationships
• fix: Update test example
• fix: validate supplier type
• Merge pull request #15 from ffontaine/fix-typo
• Merge pull request #18 from ffontaine/fix-tools
• test: Additional Cyclonedx example
• test: Add CycloneDX XML test files

v0.4.3

Updates in this release

Fixes

• fix: Handle bom-ref as optional parameter (Fixes #11)

v0.4.2

Updates in this release

Fixes

• fix: Explicit handling of Cyclonedx spec versions (Fixes #10)
• fix: incorrect handling of package type
• fix: Missing ':' in serial number (Fixes #9)

v0.4.1

Updates in this release

Fixes

• fix: Handle missing version (fixes #8)
• fix: Handle optional dependsOn in CycloneDX relationships
• fix: Incorrect version of specVersion for non 1.5 documents

v0.4.0

Updates in this release

New features

• feat: Add support for CycloneDX version 1.5 (fixes #6)
• feat: Add support for package attribution (SPDX)
• feat: Update license list to version 3.21
• feat: update version

Fixes

• doc: Update README
• fix: Additional checking of dependencies
• fix: Handle duplicate packages in CycloneDX (fixes #3)
• fix: optional license in component evidence
• fix: parsing originator in SPDX JSON file (fixes #4)
• fix: Retain deprecated ids
• fix: Linting (fixes #7)
• Merge pull request #5 from rh0dy/main