Swift developers deserve better tooling to make their lives simple. Accurate information about where and how a given library (both internal and external) is used, can help with prioritization and vulnerability management.
This release adds a new state-of-the-art semantic analysis engine for swift 😎. cdxgen can generate a precise semantic slice representing the application context with accurate types and fully qualified call names for a range of swift applications. The slices are then utlilized by evinse to generate "occurrences evidence" for the SBOM as shown.
We can't wait to iterate to bring you more enhancements and visibility over the coming weeks.
What's Changed
🚀 Features
Other Changes
- Use bom-ref consistently in the dependency tree by @prabhu in #1431
- Run "Upload base images" action only on main repository by @marob in #1436
- Run some GitHub action jobs only on main repository by @marob in #1438
- Graciously fail for fastlane managed swift projects by @prabhu in #1443
Full Changelog: v10.10.7...v10.11.0