Skip to content

Releases: anthonyharrison/lib4sbom

v0.3.1

14 Apr 15:04
@anthonyharrison anthonyharrison
v0.3.1
7e5a415
Compare
Choose a tag to compare
v0.3.1

Updates in this release

New features

  • Add package purpose processing
  • Check OSI Approved license
  • Check valid URL in package metadata
  • Include download location in CycloneDX SBOM
  • Include email address with supplier when parsing CycloneDX
  • Update license synonyms

Fixes

  • Update documentation
  • Allow .json files as SPDX file
  • Copyright text in tag value format
  • Ensure operators in license expression are uppercase
  • Ensure supplier and contributor names are non-zero length
  • Handle component with no version
  • Handle file creation error
  • Handle SPDX package purpose ambiquity for OPERATING-SYSTEM
  • Handling of : in version and copyright strings
  • Ignore deprecated licenses
  • Improve parsing of relationships
  • Minor updates to CycloneDX generator
  • Fix overwriting download location attribute
  • Parse package purpose
  • Refactor license matching
  • Correct storage of SBOM file component name
  • Correct type for homepage component
  • Refactor text handling for SPDX Tag value SBOMs
Assets 2
Loading

V0.3.0

27 Mar 13:51
@anthonyharrison anthonyharrison
v0.3.0
8731b31
Compare
Choose a tag to compare
V0.3.0

Updates in this release

New Features

  • Support SPDX license expressions
  • Update license synonym processing
  • Add more license synonyms
  • Update SPDX license data to 3.20

Fixes

  • Handle file as CycloneDX type
  • Handle version as optional attribute in CycloneDX document
  • Capture filetypes in SPDX JSON file
  • Fix failing test
  • Small corrections for licenses and comment handling
Assets 2
Loading

v0.2.0

07 Mar 12:11
@anthonyharrison anthonyharrison
V0.2.0
ae3bb35
Compare
Choose a tag to compare
v0.2.0

Updates in this release

New features

  • Update CycloneDX generation
  • Update SPDX Licenses to version 3.20

Fixes

  • Add licence information to file
  • Correct handling of relationships between file components
  • CycloneDX component handling
  • Default setting for relationship id
  • Handle non-semantic version strings
  • Handle SPDX PACKAGE_MANAGER as alternative to PACKAGE-MANAGER
  • Handling of package originator
  • Handling of supplier in CycloneDX
  • Improve relationship formatting
  • Minor fixes with supplier and license handling
  • Rationalise dependency generation
  • Remove all reference to XML format
  • Remove duplicated dependencies and improve supplier and licence processing
  • Remove duplicate relationships in CycloneDX
  • Remove old code
  • Report non-SPDX licenses
  • Resolve relationship generation for files
  • Tidy up SPDX Generator
  • Update handling of package descriptions
  • Update documentaion
Assets 2
Loading

V0.1.1

01 Feb 11:53
@anthonyharrison anthonyharrison
V0.1.1
fe9c779
Compare
Choose a tag to compare
V0.1.1

Bug fix handling author data in CycloneDX metadata

Assets 2
Loading

v0.1.0

30 Jan 15:42
@anthonyharrison anthonyharrison
v0.1.0
4bb6b11
Compare
Choose a tag to compare
v0.1.0

Initial release

Assets 2
Loading