Introduction
This is a major release. We have added support for CycloneDX 1.6 specification in preview mode. Since the specification itself is not final, there will be changes in the coming days but the implementation must be stable enough for testing purposes.
There are also a couple of BREAKING changes in purl generation logic for go and npm to make it compatible with Dependency Track and OSV.
Thanks to @Lucasljungberg, we now have good support for Cargo including dependency tree support. @scrocquesel added a few important fixes for dotnet.
What's Changed
- resolve project reference for nuget without debug mode by @scrocquesel in #941
- cdx 1.6 spec support with some goodies by @prabhu in #935
- Add dependency tree for Rust projects by @Lucasljungberg in #931
- Remove sae builds by @prabhu in #946
- Remove caxa by @prabhu in #947
- OS release info was not read for alpine by @prabhu in #955
- Cargo parent components from cargo.toml by @prabhu in #949
- Include csproj files during restore by @prabhu in #959
- Schema updates by @prabhu in #945
- Add evidence for Cargo.lock parsed components by @Lucasljungberg in #960
Full Changelog: v10.2.6...v10.3.0