Releases: anchore/syft
Releases · anchore/syft
v0.71.0
Changelog
v0.71.0 (2023-02-09)
Added Features
- Catalog postgres binary [Issue #1456] [PR #1536] [witchcraze]
- Improve Syft performance [Issue #1328] [PR #1510] [wagoodman]
- Export specific format versions (SPDX) [Issue #1519] [PR #1543] [kzantow]
Bug Fixes
- source: when base is set, responsePath should be absolute [PR #1542] [jedevc]
- Licenses missing in most report format [Issue #933] [PR #1540] [deitch]
- apk packages with simplified license show NOASSERTION [Issue #1529] [PR #1540] [deitch]
v0.70.0
Changelog
v0.70.0 (2023-02-03)
Added Features
- Catalog traefik binary [Issue #1460] [PR #1504] [witchcraze]
Bug Fixes
- Syft hardcodes
customattestation type [Issue #1532] [PR #1533] [Nirusu]
Security
- Prevent leaking attestation password or key path to console or SBOM contents [PR #1538] [GHSA-jp7v-3587-2956] [CVE-2023-24827]
v0.69.1
Changelog
v0.69.1 (2023-01-31)
Changes
- update golang to 1.19 [PR #1526] [bradleyjones]
- update spdx/tools-golang to v0.5.0-rc1 [PR #1503] [kzantow]
v0.69.0
Changelog
v0.69.0 (2023-01-30)
Added Features
- Allow scanning unpacked container filesystems if using Syft as a library [Issue #1359] [PR #1485] [jedevc]
Bug Fixes
- Syft convert now works properly with template output [Issue #1409] [PR #1521] [kzantow]
- Attestation with a private key [Issue #1465] [PR #1502] [spiffcs]
v0.68.1
Changelog
v0.68.1 (2023-01-25)
Bug Fixes
- Add relevant CPEs to python and busybox classifiers [PR #1517] [westonsteimel]
Additional Changes
v0.68.0
Changelog
v0.68.0 (2023-01-20)
Added Features
- Catalog memcached binary [Issue #1459] [@witchcraze]
Bug Fixes
- Relax error conditions for catalogers [PR #1492] [wagoodman]
- Always set the package ID for java packages [PR #1493] [wagoodman]
- Fix panic in APK version specifier handling [PR #1494] [luhring]
- ZERO npm dependencies discovered if any npm dependency has an array as a license [Issue #1479]
- Syft panics on APK parsing when Dependencies or Provides holds an empty string [Issue #1483]
Contributors
witchcraze
Assets 18
v0.66.2
Changelog
v0.66.2 (2023-01-17)
Bug Fixes
- update dependency golang.org/x/text [Issue #1457]
- syft is now throwing panic with version 0.66.1 [Issue #1462]
v0.66.1
v0.66.0
Changelog
v0.66.0 (2023-01-12)
Added Features
- Catalog Erlang/Elixir artifacts using "rebar" and "mix" package managers [Issue #1071] [@cpendery]
- Catalog PHP binary runtimes [Issue #1429] [@witchcraze]
- Catalog Apache HTTP binary runtimes [Issue #1440] [@witchcraze]
- Catalog redis binary runtimes [Issue #1437] [@noqcks]
- Increase the speed of cataloger stage [Issue #1353] [@Mikcl]
- Add the origin field to the output format of syftjson [PR #1327] [@asi-cider]
Bug Fixes
- A duplicate file in tar archive causes read to fail [Issue #1400] [@kzantow]
Contributors
kzantow, noqcks, and 4 other contributors
Assets 18
v0.65.0
Changelog
v0.65.0 (2023-01-04)
Added Features
- refactor basic CPE functionality to its own package [PR #1436] [kzantow]
- adding purl types for binary classifiers [Issue #1435] [noqcks]
Bug Fixes
- silence additional excessive go binary warnings [Issue #1432] [jedevc]