Releases: CycloneDX/cdxgen
Release v11.2.0 - Think, Evaluate, and Improve
Thanks to continuous thought logging and GPT-powered evaluation, we have fixed several bugs to enhance precision and improve the user experience.
What's Changed
- [Documentation] Split the table in ENV.md by language/tool and sorted the keys. by @malice00 in #1649
- Convert to relative paths using postgen + goodies by @prabhu in #1652
- Auto-detect gradle composite builds by @prabhu in #1658
- npm workspace improvements by @prabhu in #1659
- [swift] Parent hierarchy and properties improvements by @prabhu in #1664
Full Changelog: v11.1.10...v11.2.0
Contributors
Assets 23
- 50.8 MB
2025-02-28T15:18:37Z - 83 Bytes
2025-02-28T15:18:37Z - 51.2 MB
2025-02-28T15:18:14Z - 41.5 MB
2025-02-28T15:21:29Z - 66 Bytes
2025-02-28T15:21:29Z - 77 Bytes
2025-02-28T15:18:14Z - 224 MB
2025-02-28T15:18:14Z - 215 MB
2025-02-28T15:18:37Z - 50.8 MB
2025-02-28T15:18:37Z - 84 Bytes
2025-02-28T15:18:37Z -
2025-02-28T14:54:05Z -
2025-02-28T14:54:05Z - Loading
Release v11.1.10
What's Changed
Other Changes
- result.stderr could be null in node.js even with non-zero error code by @prabhu in #1641
- Fix pnpm and yarn lock file detection by @konstantinas1 in #1643
New Contributors
- @konstantinas1 made their first contribution in #1643
Full Changelog: v11.1.9...v11.1.10
Contributors
Assets 23
Release v11.1.9
cdxgen can now log its thought process while generating the xBOM. cdxgenGPT can then interpret this log and advise whether the generated SBOM is accurate and complete. Below is an example for the Kafka repository:
What's Changed
Other Changes
- Refactor toml and lock file in cargo parsing using
@iarna/toml(#1592) by @Code-Agitator in #1595
New Contributors
- @Code-Agitator made their first contribution in #1595
Full Changelog: v11.1.8...v11.1.9
Contributors
Assets 23
Release v11.1.8
What's Changed
🐛 Bug Fixes
Other Changes
- cdx1 by @prabhu in #1624
- Switch to llama.cpp for gguf conversion by @prabhu in #1625
- document temperature and system prompt sensitivity by @prabhu in #1626
- cdx1 notes by @prabhu in #1627
- Sample eval questions by @prabhu in #1628
- Handle name less csproj files better by @prabhu in #1632
- Fix docker qemu bug by @prabhu in #1637
Full Changelog: v11.1.7...v11.1.8
Contributors
Assets 23
Release v11.1.7
cdxgen (>= v11.1.7) now includes a "secure mode," powered by the Node.js permission model. This "seat-belt approach" allows you to control which system resources cdxgen can access and what actions it can perform with those resources. For example, in --lifecycle pre-build mode, you can restrict cdxgen to reading only specific files, without granting permission to execute child processes. Even when executing node-based commands such as npm or atom, you can further limit the directories these external commands can read and write, as well as their permissions to execute child processes. This makes cdxgen an ideal SBOM tool when dealing with untrusted codebases (which is all software).
For further information, please refer to the permissions documentation or start using the new ghcr.io/cyclonedx/cdxgen-secure container image.
Thank you to @eran-medan and the other security researchers for helping bring this feature live.
Addresses CVE-2024-50611 and #1328. Please update at your convenience.
Full Changelog: v11.1.6...v11.1.7
Contributors
Assets 23
Release v11.1.6
- Reduce validation warnings. Fix for #1610
- golang is included in a few Python images
What's Changed
Other Changes
Full Changelog: v11.1.5...v11.1.6
Contributors
Assets 23
Release v11.1.5
Contributors
Assets 23
Release v11.1.4
Contributors
Assets 23
Release v11.1.3
Fixes a bug where automatic installations were no longer performed.
What's Changed
Other Changes
- fix: install setuptools and wheel before installing requirements by @AnsahMohammad in #1594
- Ensuring that the evidence.identity format is maintained after components are trimmed by @emcfins in #1591
- Fix version parsing in CMakeLists files by @asztalosdani in #1596
- cdxgen secure image - WIP by @prabhu in #1600
New Contributors
- @AnsahMohammad made their first contribution in #1594
- @emcfins made their first contribution in #1591
- @asztalosdani made their first contribution in #1596
Full Changelog: v11.1.2...v11.1.3
