Releases: surface-security/django-sbomrepo
v0.0.8
What's Changed
- Updates Readme, alters field ecosystem and version bump by @fpintoppb in #20
Full Changelog: v0.0.7...v0.0.8
Contributors
Assets 2
Alter filed ecosystem
Contributors
Assets 2
v0.0.6
Contributors
Assets 2
v0.0.5
What's Changed
Fixes
- Update README.md by @lemosd-ppb in #8
- Update resync_vulnerabilities handle by @lemosd-ppb in #9
- Update release version by @lemosd-ppb in #10
Miscellaneous
- Update purl version by @lemosd-ppb in #11
- Bump tqdm from 4.65.0 to 4.66.3 by @dependabot in #2
- chore: app will support django <5 not <4 by @gsilvapt in #12
- Bump requests from 2.31.0 to 2.32.2 by @dependabot in #1
- Pull changes to main for 0.0.5 release by @gsilvapt in #13
Full Changelog: v0.0.3...v0.0.5
Contributors
Assets 2
v0.0.4 - Fix Resync_vulnerabilities Bug
Release Notes: Surface Security SCA Module - Fix bug in handle resync_vulnerabilities
Surface Security SCA SBOM REPO v0.0.4 - 2024-06-14
We are excited to announce the release of Surface Security's Software Composition Analysis (SCA) v0.0.4, resolves a bug related to handle function in the reysnc_vulnerabilites script as well as minor updates in the documentation notes.
Documentation
- Detailed documentation is available at SCA Module Documentation.
- Additional information on purl and its usage can be found on PyPI.
Thank you for using Surface Security SCA Module. We look forward to your feedback and contributions to make this tool even better.
For support and queries, please reach out via our GitHub Issues.
Contributors: A special thanks to all the contributors who made this release possible.
Surface Security Team
v0.0.3 - Fix Compatibility Issues & Documentation Update
Release Notes: Surface Security SCA Module - Fix Compatibility Issues & Documentation Update
Surface Security SCA SBOM REPO v0.0.3 - 2024-06-13
We are excited to announce the release of Surface Security's Software Composition Analysis (SCA) v0.0.3, resolves compatibility issues with both python3.9 & Django3.2 as well as improved documentation notes
Documentation
- Detailed documentation is available at SCA Module Documentation.
- Additional information on purl and its usage can be found on PyPI.
Thank you for using Surface Security SCA Module. We look forward to your feedback and contributions to make this tool even better.
For support and queries, please reach out via our GitHub Issues.
Contributors: A special thanks to all the contributors who made this release possible.
Surface Security Team
v0.0.2
Release Notes: Surface Security SCA Module
Surface Security SCA SBOM REPO v0.0.1 - 2024-06-11
We are excited to announce the release of Surface Security's Software Composition Analysis (SCA) v0.0.2, changes to dynamic versioning and updated readme.
Documentation
- Detailed documentation is available at SCA Module Documentation.
- Additional information on purl and its usage can be found on PyPI.
Thank you for using Surface Security SCA Module. We look forward to your feedback and contributions to make this tool even better.
For support and queries, please reach out via our GitHub Issues.
Contributors: A special thanks to all the contributors who made this release possible.
Surface Security Team
v0.0.1
Release Notes: Surface Security SCA Module
Surface Security SCA SBOM REPO v0.0.1 - 2024-06-11
We are excited to announce the release of Surface Security's Software Composition Analysis (SCA) module, integrated within the main Surface app. This release introduces powerful capabilities for analyzing and managing software dependencies and their associated vulnerabilities. Below are the highlights of this release:
New Features
SCA Module Integration
- SBOM Repo: A standalone module for managing Software Bill of Materials (SBOM), currently using OSV.dev as the vulnerability database.
Vulnerability Database
- OSV.dev Integration: Utilizes OSV.dev's open-source vulnerability database and triage infrastructure to ensure accurate and up-to-date vulnerability information.
- Automated Triage: Automatically triages vulnerabilities and links them to exact affected package versions, providing precise and actionable information.
Dependency Management
- Package URL (purl): Uses the standardized purl format to manage and track dependencies across different programming languages and package managers.
Improvements
SBOM Processing
- Rapid Identification: By uploading an SBOM into the SBOM repo, known vulnerabilities within software dependencies are quickly identified, allowing for faster remediation.
- Vulnerability Database Sync:
resync_vulnerabilities.pycommand configured to import vulnerabilities from OSV.dev and create corresponding Vulnerability objects.
Deployment and Setup
- Docker Compose: Simplified setup process with
docker-compose.yml, which includes Django, Nginx, and Postgres configurations. - API Access: Accessible API at
http://localhostfor SBOM import and management.
How to Use
-
Setup:
- Clone the repository:
git clone https://github.com/surface-security/surface.git - Navigate to the project directory:
cd surface - Start the application using Docker Compose:
docker-compose up
- Clone the repository:
-
Importing SBOM:
- Generate an SBOM using cdxgen.
- Import the SBOM into the repo using the following curl command:
curl -F 'file=@./sbom.json' "http://localhost/sbomrepo/v1/sbom?repo=${{GIT_URL}}&branch=${{GIT_BRANCH}}&main_branch=${{branch}}"
Documentation
- Detailed documentation is available at SCA Module Documentation.
- Additional information on purl and its usage can be found on PyPI.
Thank you for using Surface Security SCA Module. We look forward to your feedback and contributions to make this tool even better.
For support and queries, please reach out via our GitHub Issues.
Contributors: A special thanks to all the contributors who made this release possible.
Surface Security Team