v2.9.1

2.9.1

• bom map will provide the purl from SW360 in the output BOM's components
  (due to a missing code path, PURL from input BOM was copied to mapping result instead)
• support file:// URLs for local paths in SBOMs
• Fixed a misbehavior when creating a project together with existing projectinfo.json.

v2.9.0

2.9.0

• CaPyCLI now marks components, releases and projects as created by CaPyCLI,
  i.e. it adds an additionalData entry with the key createdWith and the
  value of the CaPyCLI and version, i.e. something like CaPyCli: 2.8.1.

• Improved detection detection for NuGet packages. If the project references (runtimepack.)Microsoft.NETCore.App,
  (runtimepack.)Microsoft.WindowsDesktop.App or `(runtimepack.)Microsoft.AspNetCore.App´, then only
  these top-level packages will get added to the SBOM and not also all sub-packages.

  This will only work properly if self-contained a build for a specific rid like win-x64 has been
  done or the dotnet publish command has been used. Dependency detection if only done for Release
  builds and not for Debug builds.

  The resulting SBOM also does not contain any analyzers, build, test or mocking packages that are
  not part of the final delivery.

• New parameter --search-meta-data for getdependencies nuget to find the metadata for the components.

• drop support for Python 3.8, so we can update urllib3 to fix CVE-2025-50181 and -50182.

• Use sw360python 1.10.0.

v2.8.1

2.8.1

• bom findsources: handle the case when a call to the GitHub API returns a
  response without the ref key.

v2.8.0

2.8.0

• fix in legacy to cdx convert fix for componentId.
• documentation fixes.
• improvements in pulling package-urls from SW360.
• pyjwt update to >= 2.4.0 due to CVE-2022-29217.
• CaPyCLI now supports color console output also when running in GitLab CI.
• bom map fix: In few cases with --nocache, it added mixed matches to output
  BOM, now we assure that only the best mapping results are added.
• project createbom stores release relations (CONTAINED, SIDE_BY_SIDE etc.) as capycli:projectRelation
• project update: optimized handling of release mainline state and release relation. Now states
  provided in the SBOM are used and slowdowns/crashes introduced in 2.7.0 (#121) fixed again.
• bom createreleases does now also set/update the license information for SW360 releases.
• getdependencies python has now an improved detection for licenses.
• Dependency updates.

v2.7.0

2.7.0

• fix for bom findsources for some JavaScript SBOMs.
• bom show command also lists purl and source code download url in verbose mode.
  If one of the values is missing and --forceerror has been specified, error code 97 is returned.
• bom show command also lists license information in verbose mode, but
  only for CycloneDX 1.6 and later.
• bom validate now also uses -v and --forceerror and uses the same bom show functionality
  to check for missing purl or source code url.
• until version 2.6.0, project create always set the Project Mainline State of a project release either
  to SPECIFIC of to the value given by -pms. Now existing Project Mainline States are kept.
• project create has a new parameter --copy_from which allows to first create a copy of the given
  project and then update the releases based on the contents of the given SBOM.
• fix for bom map losing SBOM items when it tries to map to invalid SW360 releases.
• fix issue with setting external references (in bom granularity).

v2.6.0

2.6.0

• bom merge improved: the dependencies are reconstructed, i.e. all dependencies
  that existed in the SBOMs before the merge should also exist after the merge.
• bom convert improved: we can now convert from and to CycloneDX XML.
• new command bom validate to do a simple validation whether a given SBOM
  complies with the CycloneDX spec version 1.4, 1.5 or 1.6.
• bom findsources: programming language can be golang or go.
• support for the new CyCloneDX 1.6 external reference type source-distribution
  when trying to find the source code for a component.
• Dependency updates.

2.6.0.dev1

• make findsources more resilient against SW360 issues.
• project createbom now stores multiple purls in the property "purl_list" instead of
  trying to encode them in a strange way in the "purl" field.
• support CycloneDX 1.6 and Siemens Standard BOM 3.
• bom createcomponents: attachment upload is now more robust to prevent .git files being uploaded.
• granularity list extended.
• dependency updates.
• getdependencies python can now detect and ignore dev dependencies also for new versions
  of the poetry.lock file. This is done by using also the information of the pyproject.toml file.
• add documentation for SBOM filtering.

v2.5.1

2.5.1 (2024-10-16)

• fix: urls coming from granularity file are repository urls and not source code
  download urls.
• fix wrong variable to correct bom findsources.
• fix loading of SBOMs that support different kinds of licenses.
• run unit tests also for Python 3.12 and 3.13.

v2.5.0

2.5.0

• Fixed an error when creating an SBOM from a project on SW360 when this project
  contains a component with more than one package-url.
• Fixed an issues when getting invalid package-urls.
• New flag -pms or --project-mainline-state to specify which project mainline state
  should be used for releases of a new project created by project create.
• Dependency updates.

v2.4.0

2.4.0 (2024-04-22)

• CaPyCLI is more resilient when accessing SW360.
• Dependency updates:
  • idna 3.6 => 3.7 to fix a security vulnerability
  • sw360 1.4.1 -> 1.5.0 to have an improved session handling for all api requests.

v2.3.0

2.3.0 (2024-04-05)

• Have an updated granularity list.
• New feature that adds a flag force error to project prerequisites to exit the application
  with an error code in case of a failed prerequisites check.
• The flag force error is also available for project getlicenseinfo and results in an error
  code if a CLI file is missing.