1 Release published by 1 person

• v0.16.0

  published Apr 24, 2025

20 Pull requests merged by 5 people

• chore: create a new release

  #1066 merged Apr 24, 2025

• chore: add support for Git tag aliases in vuln GHA check

  #1065 merged Apr 23, 2025

• chore(deps): bump actions/download-artifact from 4.1.7 to 4.2.1

  #1054 merged Apr 23, 2025

• refactor: log the SLSA summary in verbose mode only

  #1063 merged Apr 23, 2025

• chore(deps): bump github/codeql-action from 3.28.10 to 3.28.15

  #1048 merged Apr 23, 2025

• feat: detect vulnerable GitHub Actions

  #1021 merged Apr 23, 2025

• chore: disable latest purl finding for test

  #1062 merged Apr 22, 2025

• chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0

  #1058 merged Apr 17, 2025

• feat: check PyPI registry when deps.dev fails to find a source repository

  #982 merged Apr 15, 2025

• chore(deps): bump actions/upload-artifact from 4.3.3 to 4.6.2

  #1024 merged Apr 10, 2025

• chore(deps): bump actions/download-artifact from 4.1.7 to 4.2.1

  #1025 merged Apr 10, 2025

• chore: improve the PR template

  #1051 merged Apr 10, 2025

• chore: check for None type in error output

  #1049 merged Apr 10, 2025

• fix: fix incorrect skip result evaluation causing false positives in PyPI malware reporting"

  #1031 merged Apr 9, 2025

• chore: merge changes to main

  #1046 merged Apr 8, 2025

• build: change the release and staging branching model

  #1042 merged Apr 8, 2025

• chore: add bug and feature issue templates

  #1040 merged Apr 8, 2025

• chore: add pull_request_template.md

  #1041 merged Apr 7, 2025

• refactor: log relative paths for file

  #1032 merged Apr 3, 2025

• test(ci): update [email protected] to [email protected]

  #1038 merged Apr 3, 2025

13 Pull requests opened by 5 people

• chore(deps): bump cuelang.org/go from 0.12.0 to 0.12.1

  #1043 opened Apr 7, 2025

• chore(deps): bump cuelang.org/go from 0.12.0 to 0.12.1

  #1047 opened Apr 8, 2025

• chore(deps): bump actions/setup-java from 4.4.0 to 4.7.1

  #1055 opened Apr 14, 2025

• build: add support for ARM architecture

  #1056 opened Apr 15, 2025

• feat(security): Add package name typosquatting detection

  #1059 opened Apr 21, 2025

• chore(deps): update packaging requirement from <25.0.0,>=24.0 to >=24.0,<26.0.0

  #1060 opened Apr 21, 2025

• feat: add pypi attestation discovery

  #1067 opened Apr 24, 2025

• chore(deps): update cyclonedx-bom requirement from <5.0.0,>=4.0.0 to >=4.0.0,<7.0.0

  #1068 opened Apr 28, 2025

• chore(deps): update cyclonedx-python-lib[validation] requirement from <8.0.0,>=7.3.4 to >=7.3.4,<11.0.0

  #1069 opened Apr 28, 2025

• chore(deps): bump actions/download-artifact from 4.2.1 to 4.3.0

  #1070 opened Apr 28, 2025

• chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16

  #1071 opened Apr 28, 2025

• chore(deps): bump actions/setup-python from 5.4.0 to 5.6.0

  #1072 opened Apr 28, 2025

• build: add built-from-source semgrep dependency

  #1073 opened May 1, 2025

6 Issues closed by 2 people

• Add caching of discovered repositories

  #431 closed Apr 30, 2025

• Improve the commit finding approach

  #537 closed Apr 30, 2025

• Integration test dependency unexpected value

  #1061 closed Apr 22, 2025

• deps.dev does not find some PyPI package github links

  #980 closed Apr 15, 2025

• Improve provenance verifier error handling

  #1045 closed Apr 10, 2025

• pypi malware reporting false positives due to incorrect skip result evaluation

  #1027 closed Apr 9, 2025

4 Issues opened by 3 people

• Tutorial on integrating Macaron with CI/CD pipelines using GitHub Actions and GitLab CI/CD.

  #1053 opened Apr 14, 2025

• Error and Skip Handling in Heuristic Malware Analysis

  #1052 opened Apr 14, 2025

• Create ARM-compatible wheel file for Macaron python package

  #1050 opened Apr 8, 2025

• Add a new sub-command to dump useful information from the database

  #1039 opened Apr 4, 2025

5 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• chore: store provenance asset info

  #975 commented on Apr 27, 2025 • 1 new comment

• chore(deps): bump actions/checkout from 4.2.0 to 4.2.2

  #909 commented on Apr 24, 2025 • 0 new comments

• refactor: improve experimental source code pattern analysis of pypi packages

  #965 commented on Apr 17, 2025 • 0 new comments

• feat: add GitHub attestation discovery

  #1020 commented on May 1, 2025 • 0 new comments

• chore(deps): update pre-commit requirement from <4.2.0,>=4.0.0 to >=4.0.0,<4.3.0

  #1022 commented on Apr 24, 2025 • 0 new comments