This release brings evinse support for Scala and the next generation of SaaSBOM. Our LinkedIn announcement blog has more details.
Evinse for Scala
cdxgen v11.2.x features an innovative hybrid semantic analysis engine (based on both source code and TASTy files) for Scala 3 codebases. cdxgen supports both Scala 2 and 3 projects for basic SBOM generation. However, for Scala versions 3.3 to 3.6.4, it can produce highly detailed SBOMs enriched with occurrence data and SaaSBOM evidence.
The semantic analysis performed by cdxgen (with atom) is precise and state-of-the-art. Here are a few examples:
Automatic expansion of wildcard imports entirely with static analysis
Our analyzer exactly knows the full type names of the modules and its Package URLs, even when the codebase uses dynamic imports and aliasing.
Occurrence evidences for scala
Services evidence for scala
SaaSBOM Enhancements
Version 11.2.x introduces the next generation of the SaaSBOM generator, featuring enhanced granularity in endpoint detection, specifically the tracking of precise HTTP methods (GET, POST, PUT, DELETE, etc.) utilized by the application in its interactions with services and clients.
Let’s look at an example:
scope ":account_id", as: "account", constraints: { account_id: /\d+/ } do resources :articles endThis single line of Ruby code would result in the following 7 routes!
url_pattern='/account_id/articles', method='GET'
url_pattern='/account_id/articles/new', method='GET'
url_pattern='/account_id/articles', method='POST'
url_pattern='/account_id/articles/{id}', method='GET'
url_pattern='/account_id/articles/{id}/edit', method='GET'
url_pattern='/account_id/articles/{id}', method='PUT'
url_pattern='/account_id/articles/{id}', method='DELETE'
Users of cdxgen require no knowledge of programming languages, frameworks, or SDKs. The tool handles tasks like setting up build tools and compilation automatically. If user intervention is required, the tool will provide clear troubleshooting tips in plain English.
We support the following languages with SaaSBOM v2.
- Java
- JavaScript
- TypeScript
- Python
- Ruby
- Scala
In v1 mode, we support additional languages such as PHP and C/C++.
Generating SaaSBOMs has also become much easier. We’ve added a new dedicated command called “saasbom”.
npm install -g @cyclonedx/cdxgen
saasbom -t languageWhat's Changed
Other Changes
- Include hashes for oci file components by @prabhu in #1689
- fix exit code when submitting a bom by @winren9 in #1691
- Set 'quarkus.dependency.sbom.schema-version' if spec version defined by @marcelstoer in #1694
- chore: fix exports by @marco-ippolito in #1696
- Track executables with setuid and setgid flags by @prabhu in #1707
- Use pnpm to find the global node_modules path by @prabhu in #1713
New Contributors
Full Changelog: v11.2.2...v11.2.3