Releases: CycloneDX/cyclonedx-gomod
v1.1.0-alpha.0
Changelog
99f0f89 add multi-platform container image build for arm64
3dda452 enable dependabot for docker images
24bd083 pin docker base image digests
Docker images
docker pull cyclonedx/cyclonedx-gomod:v1.1.0-alpha.0
docker pull cyclonedx/cyclonedx-gomod:v1
docker pull cyclonedx/cyclonedx-gomod:v1.1
v1.0.0
Changelog
Enhancements
- Introduce multi-command CLI (#42 via #45)
- Output SBOMs in v1.3 of the CycloneDX specification (#43 via
5bab19b
) - Add support for application SBOMs (#44 via #50)
- Add support for binary SBOMs (#21 via #46)
- Include applicable build constraints in application SBOMs (#29 via #59)
- Add license detection support for binary SBOMs (#51 via #52)
- Generate pseudo versions using
golang.org/x/mod
(#55 via #57) - Use license evidence for detected licenses (#40 via #49)
- Build with and test against Go 1.17 (via #54)
- Introduce improved logging (via #46)
- Add indication for which application the SBOM was generated for (#67 via #71)
- Slightly reduce threshold for license detection confidence, and log a debug message if this threshold isn't met (#79 via #80)
- Thanks TheDiveO for reporting!
Fixes
- Fix annotated tags not being recognized as versions (#56 via #57)
- Fix normalized versions interfering with hash calculation (#58 via #60)
- Fix
app
command missing dependencies whenmain
package is spread across multiple files (#75 via #78)
Breaking Changes
- The CLI now consists of multiple subcommands, thus being incompatible with the CLI in cyclonedx-gomod
v0.x
- Detected licenses (when using the
-licenses
flag) will now use thecomponents/evidence/licenses
node instead ofcomponents/licenses
. Tools that consume SBOMs and don't support CycloneDX v1.3 yet may not recognize those licenses - Version normalization has been removed (#60). As a consequence,
+incompatible
suffixes andv
prefixes (-novprefix
flag inv0.x
) are not trimmed anymore - The
-reproducible
flag has been removed (via9b45f4a
)
Dependency Updates
- Update
github.com/CycloneDX/cyclonedx-go
fromv0.3.0
tov0.4.0
(via5bab19b
) - Update
golang.org/x/mod
fromv0.4.2
tov0.5.1
(via #57 and088f0e3
) - Update
golang.org/x/crypto
fromv0.0.0-20210711020723-a769d52b0f97
tov0.0.0-20210817164053-32db794688a5
(via75ae52a
)
Building and Packaging
- Produce and publish an SBOM for each binary built when releasing (via #62)
- Builds for
windows/386
andlinux/386
have been dropped (via #62) - Use standard Go notation for architectures in release artifact names (via #62)
- e.g.
cyclonedx-gomod_1.0.0_windows_x64.zip
is nowcyclonedx-gomod_1.0.0_windows_amd64.zip
- e.g.
Commits since v1.0.0-beta.2
6276d83 feat: decrease min license detection confidence to 0.85 (#80)
b93fc5b refactor: cleanup and cosmetics (#81)
Docker images
docker pull cyclonedx/cyclonedx-gomod:v1.0.0
docker pull cyclonedx/cyclonedx-gomod:v1
docker pull cyclonedx/cyclonedx-gomod:v1.0
v1.0.0-beta.2
v1.0.0-beta.1
v1.0.0-beta.0
Changelog
0b09de5 Enable CodeQL Security Scan (#47)
ac53b42 build: update go
directive in go.mod to go 1.17
c87bbaa chore(deps): update github.com/rs/zerolog from v1.23.0 to v1.25.0
75ae52a chore(deps): update golang.org/x/crypto to v0.0.0-20210817164053-32db794688a5
088f0e3 chore(deps): update golang.org/x/mod from v0.5.0 to v0.5.1
be6a7f6 ci: cleanup ci workflow
4a9c43e ci: don't build against go 1.16 anymore
43e1e14 feat: add application name as property and update purl with subpath to application (#71)
70ea280 feat: disable colored log output when running in ci (#70)
Docker images
docker pull cyclonedx/cyclonedx-gomod:v1.0.0-beta.0
docker pull cyclonedx/cyclonedx-gomod:v1
docker pull cyclonedx/cyclonedx-gomod:v1.0
v1.0.0-alpha.4
Changelog
d44cc3f build: produce an sbom for each binary built (#62)
d577c40 fix: provide error details when resolving replacements failed
cc50b11 fix: resolve local module in app command
b04354b misc: cosmetic tweaks
5221f2a refactor: remove version normalization (#60)
Docker images
docker pull cyclonedx/cyclonedx-gomod:v1.0.0-alpha.4
docker pull cyclonedx/cyclonedx-gomod:v1
docker pull cyclonedx/cyclonedx-gomod:v1.0
v1.0.0-alpha.3
v1.0.0-alpha.2
v1.0.0-alpha.1
v1.0.0-alpha.0
Changelog
0cbc174 ci: build and test against go 1.17 (#54)
9cff325 ci: build prs to develop-v1.0.0 as well
e93ff2d feat: add license resolution support for bin
command (#52)
2b197e4 feat: generate sboms from binaries (#46)
edd71cb feat: use license evidence for detected licenses (#49)
d5e9f22 fix: ensure binary path is not a directory
404d7ee introduce multi-command cli (#45)
aee6d77 refactor: remove spdx code (#48)
2cb46a5 update cyclonedx-cli: 0.15.2 -> 0.17.0
5bab19b update cyclonedx-go: v0.3.0 -> v0.4.0
Docker images
docker pull cyclonedx/cyclonedx-gomod:v1.0.0-alpha.0
docker pull cyclonedx/cyclonedx-gomod:v1
docker pull cyclonedx/cyclonedx-gomod:v1.0