v2.2.0

2.2.0 (2024-02-20)

• getdependencies javascript can now handle package-lock.json files of version 3.
• bom findsources can do source URL discovery using sw360 lookup, perform extensive
  GitLab deep search, and adapt search strategy based on diverse programming languages.
• Have type support.

Prerelease v2.2.0.dev1

2.2.0 (2024-01-28)

• getdependencies javascript can now handle package-lock.json files of version 3.
• bom findsources can do source URL discovery using sw360 lookup, perform extensive
  GitLab deep search, and adapt search strategy based on diverse programming languages.
• Have type support.

v2.0.0

2.0.0 (2023-06-02)

This is the list of changes from version 1.9.1 to 2.0.0:

• breaking changes

  • new command bom convert to import and export SBOM in mutiple formats.
    This new command replaces bom fromCSV, bom FromFlatFist, bom FromSbom,
    bom ToHtml and bom ToSbom.
  • bom sort is discontinued, CycloneDX SBOMs are always sorted by component name.
  • The option -source of GetDependencies python is discontinued, please use
    bom downloadsources instead.
  • project show writes the output file only in plain JSON and not CycloneDX.
  • project CreateReadme requires new entries in readme_oss_config.json to be independent
    of the name Siemens
    • CompanyName
    • CompanyAddressN, N = 1..4
  • bom map now uses alphanumeric identifier for mapping instead of integer values:
    • INVALID: 0-invalid instead of 0
    • FULL_MATCH_BY_ID: 1-full-match-by-id instead of 1
    • FULL_MATCH_BY_HASH: 2-full-match-by-hash instead of 2
    • FULL_MATCH_BY_NAME_AND_VERSION: 3-full-match-by-name-and-version instead of 3
    • MATCH_BY_FILENAME: 4-good-match-by-filename instead of 4
    • MATCH_BY_NAME: 5-candidate-match-by-name instead of 5
    • SIMILAR_COMPONENT_FOUND: 6-candidate-match-similar-component instead of 6
    • NO_MATCH: 9-no-match instead of 100
  • bom map now uses alphanumeric identifier for map modes (-m) instead of integer values:
    • all instead of 0
    • found instead of 1
    • notfound instead of 2
  • dropped support for option -stage. The SW360 server instance can get specified via the -url parameter.
  • The hard coded address https://sw360.siemens.com has been removed.
    CaPyCLI reads the SW360 server address either from the environment variable SW360ServerUrl or
    via the -url parameter.
  • CaPyCLI supports an optional config file .capycli.cfg. Settings defined in the config file
    supersede settings in environment variables. Command line parameters supersede config file settings.
  • bom map will report matches by name, but different version only if -all has been specified.
    The original idea of CaPyCLI was to report as many potential matches as possible and to let the user
    decide which match to take by editing the SBOM. But it seems that many users did not read the documentation
    and the expectations were different. Therefore the default behavior has been changed.
    The original behavior of versions prior to 2.x can be enabled via the -all switch.

• Enhancements

  • Have an updated granularity list.
  • A list of frequently asked questions has been added.
  • getdependencies python now also accepts a Poetry lock file (must be poetry.lock) as input.
    Development dependencies are automatically excluded.
  • Code of conduct added.
  • Warnings about multiple purls entries when running bom map are now only shown if -v has been specified.
  • The cache functionality of bom map also supports the staging system.
  • project GetLicenseInfo can take over data from existing Readme_OSS config files.

Prerelease 2.0.0.dev8

2.0.0.dev (2023-05-19)

• breaking changes
  • new command bom convert to import and export SBOM in mutiple formats.
    This new command replaces bom fromCSV, bom FromFlatFist, bom FromSbom,
    bom ToHtml and bom ToSbom.
  • bom sort is discontinued, CycloneDX SBOMs are always sorted by component name.
  • The option -source of GetDependencies python is discontinued, please use
    bom downloadsources instead.
  • project show writes the output file only in plain JSON and not CycloneDX.
  • project CreateReadme requires new entries in readme_oss_config.json to be independent
    of the name Siemens
    • CompanyName
    • CompanyAddressN, N = 1..4
  • bom map now uses alphanumeric identifier for mapping instead of integer values:
    • INVALID: 0-invalid instead of 0
    • FULL_MATCH_BY_ID: 1-full-match-by-id instead of 1
    • FULL_MATCH_BY_HASH: 2-full-match-by-hash instead of 2
    • FULL_MATCH_BY_NAME_AND_VERSION: 3-full-match-by-name-and-version instead of 3
    • MATCH_BY_FILENAME: 4-good-match-by-filename instead of 4
    • MATCH_BY_NAME: 5-candidate-match-by-name instead of 5
    • SIMILAR_COMPONENT_FOUND: 6-candidate-match-similar-component instead of 6
    • NO_MATCH: 9-no-match instead of 100
  • dropped support for option -stage. The SW360 server instance can get specified via the -url parameter.
  • The hard coded address https://sw360.siemens.com has been removed.
    CaPyCLI reads the SW360 server address either from the environment variable SW360ServerUrl or
    via the -url parameter.
  • CaPyCLI supports an optional config file .capycli.cfg. Settings defined in the config file
    supersede settings in environment variables. Command line parameters supersede config file settings.
• The cache functionality of bom map also supports the staging system.
• project GetLicenseInfo can take over data from existing Readme_OSS config files.