0.2.8

Changelog

v0.2.8 (2025-02-27)

Features

• enable multiple importer replicas to coordinate their work (ad6abd0), closes
  #1307

Fixes

• employ a cancel token to abort the long-running git clone (9e73943)
• sbom: validate CDX files during ingestion (805f671), closes #551

0.2.7

Changelog

v0.2.7 (2025-02-25)

Features

• add sbom node checksum entities (0ff50c6)

Fixes

• permission problem with containerized xtask dump (18aa037)

0.2.6

Changelog

v0.2.6 (2025-02-20)

Features

• introduct e2e tests based on hurl (009b7d9)
• add RH processing for SPDX as well (2b09639)
• add RH prod/comp relationships (82c8013)
• make max concurrent importers configurable (6acf514)
• introduce new dataset (ds4) (0a421bf)
• upgrade OTEL to 0.28 (f8ee2af)
• introduct db context in graph and put status cache there (ab602f6)

Fixes

• test_sbom_details_cyclonedx_osv set thread_stack_size (b8dc811)
• years range in ds4 not properly configured (389a7df)
• apply postgres config to compose file (ab5d523)
• use predictable ids for all entities during csaf ingestion (fd74a49)
• refactor version scheme matching logic (a652369)
• make status loading one-time event for csaf importing (329f9ee)
• improve status checking by introducing the global cache (e5b62ad)
• insert affected status for versions up to the fixed ones (a568016)

0.2.5

Changelog

v0.2.5 (2025-02-13)

Features

• introduct db context in graph and put status cache there (8dcf348)

Fixes

• use predictable ids for all entities during csaf ingestion (6a088ff)
• refactor version scheme matching logic (faa73c3)
• make status loading one-time event for csaf importing (deb247f)
• improve status checking by introducing the global cache (9eb58d2)
• insert affected status for versions up to the fixed ones (f824922)

0.2.4

Changelog

v0.2.4 (2025-02-13)

Features

• implement ingestion of SPDX and CDX external references (e66cbf3)
• add db parameter group, with current settings (dbddabb)
• Upgrade postgresql to 17 (1be139d)

0.2.3

Changelog

v0.2.3 (2025-02-10)

Features

• add custom metrics, and an initial cache size metric (110c7db)

Fixes

• typo (5ef6db4)
• deserialize relationships filter from query params (eb03a8a), closes #1232
• add index for organizations by name (ade3bc9)

0.2.2

Changelog

v0.2.2 (2025-02-04)

Features

• Gathering metrics at development time (9f2764d)
• Seeing OTEL traces at development time (27e5482)
• create AncestorOf relationship from cdx pedigree/ancestors (532a12a), closes
  #1151
• create VariantOf relationship from cdx pedigree/variants (63f9ada), closes
  #1147
• add a way to find related SBOMs by CPE (52fce44)
• allow locating by CPE (0693b5c)

Fixes

• in case of duplicate sboms, don't re-ingest content (2d7508f)
• rework the way sboms are located, by describes. (377a157)
• change describes location for cdx, adapt tests (0286f07)
• add an ai feature so that ai features are not compiled by default.
  (8735ebd), closes #1219
• re-use the same analysis service instance (1c03182)
• analysis: aggregate in way that we don't have duplicate purls/cpes
  (feb530a)
• report CPE parsing as "bad request" (efc14da)
• sbom license migration to update nulls (b048e4b)
• infinite loop when invalid file passed to Format::from_bytes (c9b7fe4)
• /api/v2/purl/{purl} now honors qualifiers, or lack thereof (a4b12cd), closes
  #1158

0.2.1

Changelog

v0.2.1 (2025-01-23)

Features

• Seeing OTEL traces at development time (6d0437c)
• create AncestorOf relationship from cdx pedigree/ancestors (6257622), closes
  #1151
• create VariantOf relationship from cdx pedigree/variants (4f844c1), closes
  #1147
• add a way to find related SBOMs by CPE (6a00ab8)
• allow locating by CPE (de50d23)

Fixes

• analysis: aggregate in way that we don't have duplicate purls/cpes
  (cb1303b)
• report CPE parsing as "bad request" (b200773)
• sbom license migration to update nulls (8e1750d)
• infinite loop when invalid file passed to Format::from_bytes (b5dfff0)
• /api/v2/purl/{purl} now honors qualifiers, or lack thereof (bc55c55), closes
  #1158

0.2.0

Changelog

v0.2.0 (2025-01-17)

⚠ BREAKING-CHANGE

• This changes the prefix of the API from/api/v1 to /api/v2 as this is the successor API of trustification (v1).

Features

• show relationships in response from /api/v1/purl/{key} (efc9394), closes
  #1131
• add some OSV examples to DS3 (0d08059)
• add two example entries fro GHSA data (e08aacb)
• create GeneratedFrom relationship from CycloneDX dependencies (88fa55c),
  closes #1131
• add average_severity to PurlStatus (4a7ae84)
• allow disabling the request logging (88c8632)
• allow start year and years filtering for osv (74fa0e6)
• reimplament vulnerability endpoint logic and api so we can retrieve purls
  for affected sboms (7c2c140)

Fixes

• improve product version range migration (ddfde89)
• urlencode purl qualifier values in the db (dc0cc84)
• use predictable ids for product related entities and additionally speed up
  csaf ingestion (80c6d09)
• optimize import of product related entities during csaf ingestion (678284e)
• improve sbom to vunerabilities correlation both in performance and accuracy
  (a98d468)

0.1.1

Changelog

v0.1.1 (2024-12-20)

Features

• allow disabling the request logging (720b939)
• allow start year and years filtering for osv (de9b8b3)
• reimplament vulnerability endpoint logic and api so we can retrieve purls
  for affected sboms (7982498)

Fixes

• urlencode purl qualifier values in the db (fcd4691)
• use predictable ids for product related entities and additionally speed up
  csaf ingestion (8a0085d)
• optimize import of product related entities during csaf ingestion (c66d1af)
• improve sbom to vunerabilities correlation both in performance and accuracy
  (2e28a33)