v0.7.5

Updates in this release

Fixes

• chore: bump version
• fix: Handle empty file
• fix: Improve handling of invalid JSON files
• fix: Naming of file comment
• fix: SPDX validation (fixes #51)

v0.7.4

Updates in this release

Fixes

• fix: add debug to CycloneDX parser
• fix: license handling
• fix: support mixed case email addresses
• fix: typo in organization

v0.7.3

Updates in this release

Fixes

• chore: bump version
• fix: SBOM spec version validation (fixes #48)
• fix: storage of uuid
• fix: Typo in checksumValue (fixes #47)

v0.7.2

Updates in this release

New features

• feat: Add acknowledgement for license parsing
• feat: Add check for features introduced in CycloneDX 1.6
• feat: Additional category support for external references to support CycloneDX 1.6
• feat: Add licence acknowledgement for CycloneDX 1.6
• feat: Add remediation details
• feat: Extract component name and version for vulnerability
• feat: Get list of licenses
• feat: Handle user defined licenses
• feat: Handle user defined llicenses and preserve ids
• feat: Multiple licenses from CycloneDX files preserved by parser
• feat: Support for non SPDX licenses
• feat: Update CycloneDX licence parsing
• feat: Validate hash algorithm

Fixes

• doc: fix typo
• doc: minor doc updates
• fix: Allow non semantic version numbers
• fix: Author in metadata
• fix: Fix small typo in cyclonedx_parser.
• fix: Generation of lifecycle
• fix: Handle empty license
• fix: Handle legacy tools interface (fixes #43)
• fix: Handling of CycloneDX 1.6 specific attributes
• fix: Handling of lifecycle
• fix: Identify supplier in component
• fix: Linting
• fix: Metadata parsing of authors
• fix: Parsing of CycloneDX vulnerability
• fix: Process supplier URL
• fix: Set default vulnerability status appropriate to type
• fix: SPDX handling of user defined licenses
• fix: Supplier handling of component
• fix: Typo in attribute
• fix: Type filesAnaylzed -> filesAnalyzed
• fix: Typo in lifecycle element
• fix: Typo preventing generating correct copyright
• fix: Updated validation of SBOM
• fix: Update license types
• fix: Update service component processing
• fix: Update vulnerability handling for CycloneDX
• fix: Validate external reference category

Merge pull request #37 from nodet/typo
Merge pull request #39 from nodet/fix-copyright-text
Merge pull request #40 from georgkoester/typo-correction-set-content
Merge pull request #42 from georgkoester/multi-license-pr

v0.7.1

Updates in this release

New features

• feat: Access license text
• feat: Add lifecycle support for CycloneDX
• feat: Add spdx vulnerability support
• feat: Initial support for CycloneDX version 1.6
• feat: Update install script

Fixes

• fix: Same name lib ignored by SPDX
• fix: SourceInfo typo in SPDX JSON parser
• Merge pull request #34 from mastersans/i33
• Merge pull request #35 from rms-sth/fix-sourceInfo

v0.7.0

Updates in this release

New features

• feat: Add debug support
• feat: Add evidence element to package
• feat: Add metadata property support
• feat: Add Security policy
• feat: Add set_cpe and set_purl methods
• feat: Extract SBOM URN
• feat: Add get_purl and get_cpe methods
• feat: Introduce support for software services generation and parsing
• feat: Linting
• feat: Linting of example scripts
• feat: Linting of test scripts
• feat: Return version of SBOM
• feat: Specify SPDX version via environment variable
• feat: Update vulnerability generation and parsing
• feat: Validate CPE vector string

Fixes

• doc: update readme for SPDX version environment variable
• fix: class SBOMPackage: add missing type declaration
• fix: Add justification validation
• fix: bom-ref optional for vulnerability
• fix: File comment missed in SPDX JSON parser
• fix: Handle CycloneDX legacy metadata tools interface
• fix: Handle missing serialnumber in CycloneDX document
• fix: License comments missing in CycloneDX
• fix: typo in checksum validation
• fix: typo in cyclonedx vulnerability generator
• fix: typo in external reference validation
• fix: typo in justification validation
• Merge pull request #30 from sah-cdo/dev/update_type_list_according_to_cyclonedx_1_5

v0.6.2

New features

• feat: Improved CycloneDX copyright text generation
• feat: Simple example of CycloneDX to SPDX file converter
• feat: Simple example of SPDX to CycloneDX file converter

Fixes

• fix: Correct CSAF status values
• fix: Ensure all file operations are utf-8
• fix: Get_files returns dictionary instead of list (fixes #29)
• fix: Handle CPE2.2 in CycloneDX (fixes #28)
• fix: Handle option bom-ref in vulnerability
• fix: Improved robustness of parser (fixes #26)
• fix: License identifier validation
• fix: Retain more component information
• fix: Retrieve vulnerability state
• fix: SPDXid contained invalid characters
• fix: Validate checksum length

v0.6.1

Updates in this release

New features

• feat: Add license type reporting

Fixes

• fix: linting
• fix: robustness of parser

v0.6.0

Updates in this release

New features

• feat: introduce MLBOM processing
• feat: data driven SPDX licence version

Fixes

• fix: package id validation(fixes #25)
• test: add MLBOM samples
• test: additional test samples
• test: tidy up test samples
• doc: fix typos
• fix: XML parser for property (fixes #24)

v0.5.4

Updates in this release

Fixes

• fix: handle unknown supplier type
• fix: handling of license expressions