We're ready to greet the new year with this holiday update. This release focuses on general improvements and tweaks to make cdxgen more useful for both users and AI bots. cdxgen can now reliably track all package manifests where a given component was found—especially helpful for vulnerability management and patching in large monorepos and multi-module projects. We’ve also improved dependency tree accuracy so bots like cdxgenGPT can better understand and reason about the underlying architecture.
Quality is a top priority. xBOM accuracy—particularly precision and recall—remains a constant topic that keeps us on our toes. Thanks to a generous sponsorship, we have added more snapshot testing for a number of languages and package manager ecosystems, and trained cdxgenGPT to serve as a good xBOM reviewer. We will soon use both automated testing and machine learning to continuously evaluate and improve BOM quality.
Please update to this version at your convenience. Happy Holidays!
Screenshots
cdxgenGPT training and assessment prompts
Rate my SBOM
Review of a syft SBOM
What's Changed
🚀 Features
🐛 Bug Fixes
📚 Documentation
Other Changes
- #1486 fix: use getGoPkgComponent in parseGosumData by @CaMoPeZzz in #1487
- Support image generation and parsing github url by @prabhu in #1497
- Fixes #1498. Don't remove await by @prabhu in #1509
- TypeError: project.modules.module.map is not a function by @readonlyuser1 in #1504
- fix:GH-1502 name root from package json by @ivanasabi in #1503
- #291 feat: vcs url for gopkg by @CaMoPeZzz in #1505
- Fix docker extract bugs by @prabhu in #1513
- asvs 5.0 - Beta by @prabhu in #1460
New Contributors
- @CaMoPeZzz made their first contribution in #1487
- @readonlyuser1 made their first contribution in #1504
- @ivanasabi made their first contribution in #1503
Full Changelog: v11.0.7...v11.0.8