1 Release published by 1 person

• v1.19.0

  published Jan 22, 2025

19 Pull requests merged by 5 people

• feat: update licenses to including custom content when SPDX expressions are unable to be determined

  #3366 merged Jan 28, 2025

• Fix namespace value for OpenSUSE distros

  #3615 merged Jan 28, 2025

• chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6

  #3625 merged Jan 28, 2025

• chore(deps): update CPE dictionary index

  #3620 merged Jan 27, 2025

• chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1

  #3621 merged Jan 27, 2025

• chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5

  #3622 merged Jan 27, 2025

• chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4

  #3618 merged Jan 24, 2025

• chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0

  #3619 merged Jan 24, 2025

• chore(deps): update tools to latest versions

  #3607 merged Jan 23, 2025

• chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3

  #3608 merged Jan 23, 2025

• chore(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2

  #3609 merged Jan 23, 2025

• chore(deps): bump github.com/docker/docker from 27.5.0+incompatible to 27.5.1+incompatible

  #3610 merged Jan 23, 2025

• chore(deps): bump actions/setup-go from 5.0.1 to 5.3.0 in /.github/actions/bootstrap

  #3612 merged Jan 23, 2025

• chore(deps): bump actions/cache from 3.3.2 to 4.2.0 in /.github/actions/bootstrap

  #3613 merged Jan 23, 2025

• chore(ci): fix composite GitHub action path in dependabot config

  #3611 merged Jan 23, 2025

• chore(deps): update tools to latest versions

  #3602 merged Jan 22, 2025

• chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2

  #3604 merged Jan 22, 2025

• chore(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to 2.23.0

  #3605 merged Jan 22, 2025

• chore(deps): bump github.com/aquasecurity/go-pep440-version from 0.0.0-20210121094942-22b2f8951d46 to 0.0.1

  #3606 merged Jan 22, 2025

4 Issues closed by 1 person

• feat: dpkg license improvement for non SPDX licenses

  #3090 closed Jan 28, 2025

• License files which do not match an SPDX expression are erroneously handled as 'unlicensed'.

  #3412 closed Jan 28, 2025

• RPM-based PURLs sometimes have incorrect namespace (specifically OpenSUSE)

  #3534 closed Jan 28, 2025

• Some questions regarding the Syft code

  #3573 closed Jan 23, 2025

7 Issues opened by 6 people

• feat: disable license contents from being included in SBOM

  #3626 opened Jan 28, 2025

• "syft config" output swaps comments for search-indexed-archives / search-unindexed-archives

  #3624 opened Jan 28, 2025

• Incorrect purl for [email protected] results in missed CVE

  #3623 opened Jan 27, 2025

• Syft cannot scan the component information in the source code package of C/C++language

  #3617 opened Jan 24, 2025

• Syft cannot scan the component information of C # language

  #3616 opened Jan 24, 2025

• go-module-file-cataloger fails if symlinks in path

  #3614 opened Jan 23, 2025

• Add Docker to Syft OCI Images

  #3603 opened Jan 22, 2025

20 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Capture licenses for all packages

  #2861 commented on Jan 23, 2025 • 0 new comments

• `License` field in Python package metadata could be name or full text

  #2969 commented on Jan 23, 2025 • 0 new comments

• terraform modules

  #2402 commented on Jan 23, 2025 • 0 new comments

• [DOCS] Document your CycloneDX properties

  #3497 commented on Jan 23, 2025 • 0 new comments

• syft shows (devel) version for git-lfs while git-lfs version command shows 3.6.0

  #3588 commented on Jan 23, 2025 • 0 new comments

• Multiple Maven Repositories

  #3576 commented on Jan 23, 2025 • 0 new comments

• Scanning a project with many DLLs is slow

  #3455 commented on Jan 23, 2025 • 0 new comments

• wrong traefik rc versions at binary detection

  #3535 commented on Jan 23, 2025 • 0 new comments

• Conan cataloger: distinquish normal and build requirements - might be relevant for other catalogers as well (e.g. NPM)

  #3386 commented on Jan 23, 2025 • 0 new comments

• Add ability to append labels to SBOM

  #347 commented on Jan 23, 2025 • 0 new comments

• Dotnet PE binary cataloger is detecting false positives

  #3469 commented on Jan 23, 2025 • 0 new comments

• Dependency graph of BOMs generated with Syft is incomplete due to missing root node

  #3071 commented on Jan 25, 2025 • 0 new comments

• Unable to classify complex licenses

  #3527 commented on Jan 26, 2025 • 0 new comments

• Configurable package merge behavior

  #3485 commented on Jan 27, 2025 • 0 new comments

• Support for `application/vnd.oci.image.index.v1+json` manifests in root OCI layout

  #1545 commented on Jan 28, 2025 • 0 new comments

• Incorrect URL encoding of package url (purl)

  #3533 commented on Jan 28, 2025 • 0 new comments

• feat: add support for Bitnami cataloguer

  #3341 commented on Jan 27, 2025 • 0 new comments

• 3088: add full text field for licenses to default syft-json output

  #3450 commented on Jan 28, 2025 • 0 new comments

• More performant dotnet PE parser

  #3563 commented on Jan 23, 2025 • 0 new comments

• fix: fetch Dart package versions from sdk entries

  #3572 commented on Jan 22, 2025 • 0 new comments